Based on the prototype modification of the event_log_measure_and_record
function in the previous patch, platform metadata was passed as an
argument.
Change-Id: I9d8316914c046f47cdc6875b16649479e82087aa
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Based on the prototype modification of the event_log_measure_and_record
function in the previous patch, platform metadata was passed as an
argument.
Change-Id: I4b98b6a035abb28c000344f2dbeb3996c69eee61
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Based on the prototype modification of the event_log_measure_and_record
function in the previous patch, platform metadata was passed as an
argument.
Change-Id: Id1bf59c243c483d7e32152f094c693e95d29fe2b
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the event log driver's function to accept metadata as an
argument, to remove the platform function usage from the event log
driver to make it a standalone driver.
Change-Id: I512cf693d51dc3c0b9d2c1bfde4f89414e273049
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Setting 2MB shared memory and following 64MB secure memory.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Ia992d21f205d305a6fff92fc11435634ce7c9d21
Timing CFG 0 and Timing CFG 4 are ddr controller registers that
have been affected by 1d phy training during cold boot. They are
needed to be stored and restored along with phy training values.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I29c55256e74456515aaeb098e2e0e3475697a466
we need to apply the value of CDD write to write for the write to
read CDD delay calculations. Since the current implementation always
provide a negative value of CDDwr so a value of zero was selected.
Signed-off-by: Maninder Singh <maninder.singh_1@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I6829997d2ea6ba6cddaaab8332b82b8c66752d7e
Remove errata a008850 from ls1028a and ls1088a, it should
only be feasible for ls1020a, ls1043a and ls1046a.
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: I8ab84158a2ed6bb15b16d10f8796c3e86fc560a5
Update SPM threat model for possible threats, from malicious
endpoints, related to interrupt management. The mitigations
are based on the guidance provided in FF-A v1.1 EAC0 spec.
Change-Id: Ib9e26e3f1c60fe3a2734a67de1dcf1cea4883d38
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add details on how to run QEMU in OpenCI, and what tests are currently
supported.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I291e4eb64a58c766519ff7dcac4841ae75c3934e
Revise the UART baud rate and clock for general platform build,
SIMIC build and EMU build.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I62fefe7b96d5124e75d2810b4fbc1640422b1353
Cortex-X3 erratum 2615812 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1, and is still open. The workaround is to disable
the use of the Full Retention power mode in the core (setting
WFI_RET_CTRL and WFE_RET_CTRL in CORTEX_X3_IMP_CPUPWRCTLR_EL1 to 0b000).
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Change-Id: I5ad66df3e18fc85a6b23f6662239494ee001d82f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Increases BL2 size to have room to enable security features (like
measurement and TPM).
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Change-Id: Iba5e8923e2e154315499e9bfce2e0aff0ccc8f95
This patch documents the actions taken by Hafnium SPMC in response
to non-secure and secure interrupts.
Change-Id: I97687f188ca97aeb255e3e5b55d44ddf5d66b6e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch documents the support for partition runtime models, call
chains and schedule modes in Hafnium SPMC.
Change-Id: I91d5718bb2c21d475499e402f6f27076930336cb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If90a18ee8d6a6858d58f0687f31ea62b69399e04
The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.
Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963
Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.
This patch adds the virtual environment mention and clarifies wording.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea447fb59dc471a502454650c8548192d93ba879
Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie0570481f42aeb293e885ca936e0765f6cb299a8
sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.
This excludes the most common virtual environment directories from the
build to prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieeb14cfc5730d21c986611feb0ed379c58dfcae2
Commit 337ff4f1dd enabled SVE/SME for
qemu platform. Let do the same for qemu-sbsa one too.
With this change I can boot Debian 'bookworm' installed using Max cpu.
Info from referenced commit:
Starting with QEMU v3.1.0 (Dec 2018), QEMU's TCG emulation engine supports
the SVE architecture extension. In QEMU v7.1.0 (Aug 2022) it also gained
SME support.
As it stands today, running TF-A under QEMU with "-cpu max" makes Linux
hang, because SME and SVE accesses trap to EL3, but are never handled
there. This is because the Linux kernel sees the SVE or SME feature bits,
and assumes firmware has enabled the feature for lower exception levels.
This requirement is described in the Linux kernel booting protocol.
Enable those features in the TF-A build, so that BL31 does the proper
EL3 setup to make the feature usable in non-secure world.
We check the actual feature bits before accessing SVE or SME registers,
so this is safe even for older QEMU version or when not running with
-cpu max. As SVE and SME are AArch64 features only, do not enable them
when building for AArch32.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I9ea1f91e6b801218d944e8a7d798d5ae568ed59a
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3
S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494
Since commit 94b2f94bd6 ("feat(libfdt): upgrade libfdt source files"),
8-byte alignment of the FDT address is enforced to follow the DT
standard.
Rockchip implementation of params_early_setup loads the FDT address as
passed by the bootloader into a buffer. This buffer is currently made of
uint8_t which means it is not 8-byte aligned and might result in
fdt_open_into failing.
Instead, let's make this buffer uint64_t to make it 8-byte aligned.
Cc: Quentin Schulz <foss+tf-a@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Change-Id: Ifcf0e0cf4000e3661d76d3c3a2fe3921f7fe44b9
We don't need CONDITIONAL_CMO for aarch32 so let's remove it.
Signed-off-by: Okash Khawawja <okash@google.com>
Change-Id: I256959d7005df21a850ff7791c8188ea01f5c53b
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.
Change-Id: I9724b63e01b3497daaedb9365c7d6a494aac9561
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Manish V Badarkhe
Jiafei Pan
Maninder Singh
Manish Pandey
Madhukar Pappireddy
Harrison Mutai
Sandrine Bailleux
Sieu Mun Tang
Joanna Farley
Olivier Deprez
Leo Yan
laurenw-arm
J-Alves
Boyan Karatotev
Marcin Juszkiewicz
HariBabu Gattem
Quentin Schulz
Okash Khawaja
Yann Gautier
Lionel Debieve