With SPMC at el3 enabled on rdn2cfg2 configuration BL31 needs more
memory region to accommodate increased xlat table size.
Increase the size by 16K.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ib235fe35d53a9b85a5ce0a29f2ec4cc3bd85ded9
Arm has made the strategic decision to deprecate the TC1 platform.
Consequently, software development and the creation of fast models
for the TC1 platform have been officially discontinued.
The TC1 platform, now considered obsolete, has been succeeded by
the TC2 platform. It's noteworthy that the TC2 platform is already
integrated and supported in both TF-A and CI repositories.
Change-Id: Ia196a5fc975b4dbf3c913333daf595199968d95d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
A number of features are marked experimental in the build system through
makefiles but there wasn't an explicit document to list them.
Added a dedicated experimental build options section and moved
existing experimental build option descriptions in this section.
Restoring the change from [1] removing the experimental flag on the EL3
SPMC (this has been lost in rebasing a later change).
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24713
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2c458c6857c347114b265404e8b9ede9ac588463
As part of the release process, revisit the list of maintainers to
keep it updated.
Change-Id: Ifdbbe0d0dd1c8db3e5fbc84affcceb6d3c7716d4
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
This change updates the model versions that we claim to be testing with
to reflect what the reality in the CI.
Change-Id: Ieb44f3f21cd0ba7149d47f7688698831c9eab487
Signed-off-by: Chris Kay <chris.kay@arm.com>
We have to handle wide selection of cpu cores in one TF-A binary:
- v8.0: a53, a57, a72
- v8.2: a55, a76, n1
- v8.4: v1
- v9.0: a710, n2
And then we have QEMU's hybrid: 'max' which has everything QEMU can
emulate.
TF-A for QEMU platforms was built for v8.5 architecture. But turned out
that 'max' has v8.7 flag now (HCX) which we need to have. And this
enabled set of mandatory features which made TF-A not-bootable on
v8.0/8.2 cpus.
So I decided to follow Arm FVP way and do build for v8.0 with set of
feature flags enabled. This way we have bare minimum to make v8.0 cpus
boot. And then all features from newer cores are enabled with runtime
check which makes them boot.
Tested with BSA/SBSA ACS and Debian Linux 6.5 kernel.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Ib87bdab992536c65ce0747ce1520682eafc18d39
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Arm Confidential Compute Architecture (Arm CCA) support, underpinned by
Arm Realm Management Extension (RME) support, brings in a few important
software and hardware architectural changes in TF-A, which warrants a
new security analysis of the code base. Results of this analysis are
captured in a new threat model document, provided in this patch.
The main changes introduced in TF-A to support Arm CCA / RME are:
- Presence of a new threat agent: realm world clients.
- Availability of Arm CCA Hardware Enforced Security (HES) to support
measured boot and trusted boot.
- Configuration of the Granule Protection Tables (GPT) for
inter-world memory protection.
This is only an initial version of the threat model and we expect to
enrich it in the future.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5
The usage of this macro hinders the accuracy of code coverage
data. Lines of code calling this macro always appear as covered because
the test condition within it always gets executed; however, the branch
is not necessarily taken. Consequently, we lose branch coverage
information on these error code paths.
Besides, it is debatable whether such a simple macro really improves
code readability or on the contrary obfuscates the code...
For these reasons, this patch inlines the macro code everywhere it was
called.
It also adds some error messages in all these places to help narrowing
down authentication failures. These messages only get displayed and
compiled into the binaries when building TF-A with 'LOG_VERBOSE' level
of verbosity. We use the same message string everywhere in order to
limit the memory footprint increase for 'LOG_VERBOSE' builds.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I461078bb8c6fd6811d2cbefbe3614e17e83796f2
TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.
Fill this gap by:
- Updating the data flow diagrams. Data may flow from the UART into
TF-A (and not only the other way around).
- Documenting the threats inherent to reading untrusted data from a
UART.
Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
CryptoCell-712 and CryptoCell-713 drivers have been deprecated. Remove
their usage on Nuvoton npcm845x platform (maintainers confirmed that
this removal is fine with them).
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I0e3f3431558aaea1e0f2740e7088cdc155d06af2
Both qemu and qemu-sbsa use xlat tables v2 already (activated by including it
in common/common.mk) so there is no need to include compat headers.
Change-Id: I353a6f77f5916862e54b883a9adbba027ac81359
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Addressed the SPMC_AT_EL3 condition by using '#if' instead of
'#if defined'. This change is warranted because the SPMC_AT_EL3
option is always defined.
Change-Id: I76d9b8d502f452c58bc0040745d642cbe11dc8eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
* changes:
feat(sgi): increase sp memmap size
feat(build): include plat header in fdt build
feat(docs): save BL32 image base and size in entry point info
feat(arm): save BL32 image base and size in entry point info
The EL3 SPMC is known to be deployed into end products and properly
tested since its introduction into TF-A v2.7.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I96bb897cfefef20c33cfc39627b10746dce5485c
With FF-A enabled on SP at SEL0 enabled, SPMC at EL3 needs more entries
to map newly added regions(SP, Rx/Tx buffer and Manifest).
Increase the PLAT_SP_IMAGE_MMAP_REGIONS to 14 and MAX_XLAT_TABLES to 9.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I96fd291db8eb178f7aa73b5a9e38cfc67c66fa91
Include platform headers in DT build to enable build time configuration
of number of execution context supported by the platform.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I5b9ffc9865f198a1f802fcb5e0950a5fabb48727
There is no platform function to retrieve the info in the generic code.
Populate the BL32 image base, size and max limit in arg2, arg3 and arg4.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I35527fb41829102083b488a5150c0c707c5ede15
There is no platform function to retrieve the info in the generic code.
Populate the BL32 image base, size and max limit in arg2, arg3 and arg4.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Id41cedd790ca1713787e5516fb84666d1ccb0b03
Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL2. Platforms without NS-EL2 in use
must enable this flag.
BREAKING CHANGE: Initialisation code for handoff from EL3 to NS-EL1
disabled by default. Platforms which do that need to enable this macro
going forward
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I61431cc4f7e2feb568d472828e5fd79cc73e51f5
Update the compiler-rt source files to the tip of llvm-project [1].
[1] https://github.com/llvm/llvm-project/commit/ab97b89d03a7
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia72b25423896a530bf5bb68ff067184b2314e2be
Nishant Sharma
Sandrine Bailleux
Manish Pandey
Bipin Ravi
Manish V Badarkhe
Juan Pablo Conde
Olivier Deprez
Chris Kay
Marcin Juszkiewicz
Harrison Mutai
Joanna Farley
Govindraj Raja
Arvind Ram Prakash