* changes:
feat(ti): synchronize access to secure proxy threads
refactor(ti): remove inline directive from ti_sci and sec_proxy drivers
refactor(ti): refactor ti_sci_{setup,do}_xfer to allow zero size response
feat(ti): add sub and patch version number support
The fvp build includes a very large number of cpus so that it can run on
a wide range of models. One config (HW_ASSISTED_COHERENCY=1
CTX_INCLUDE_AARCH32_REGS=0) includes an unusually large number of cpus.
Well, the list is quite arbitrary and incomplete. As we're currently out
of BL31 space on the fvp, remove all that are not routinely run in the
CI to buy us some time.
Also use the opportunity to reorder the list into something searchable.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8c6cad41327451edf0d3a0e92c43d6c72c254aac
* changes:
build(trp): sort sections by alignment by default
build(tsp): sort sections by alignment by default
build(sp-min): sort sections by alignment by default
build(bl31): sort sections by alignment by default
build(bl2u): sort sections by alignment by default
build(bl2): sort sections by alignment by default
Host must only set UICCMD if HCS.UCRDY is set to 1.
At present, SW polls for UCRDY only before sending DME_GET.
Generalise this behaviour for DME_SET, DME_LINKSTARTUP,
DME_HIBERNATE_EXIT by moving polling logic inside ufshc_send_uic_cmd.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: Iece777f803a660fdd144a073834c221e889371a6
Some parts of the documentation referring to Poetry provides incorrect
build instructions and has some minor formatting errors. Reformat the
bits that require formatting, and fix the build instructions. These
were originally part of the patch stack that added Poetry support but
were accidentally reverted prior to merge.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I336d3a7bbe99f75262430ae436f8ebc2cb050d2c
At the moment we only support FEAT_DIT to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_DIT=2), by splitting
is_armv8_4_dit_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed).
We use ENABLE_DIT in two occassions in assembly code, where we just set
the DIT bit in the DIT system register.
Protect those two cases by reading the CPU ID register when ENABLE_DIT
is set to 2.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I506d352f18e23c60db8cdf08edb449f60adbe098
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Click is used in parts of the CI scripts (see run_config/fvp-linux.tc
for instance), add it back as part of a new dependency group. Future
dependencies that are required only in CI should be added to the
``ci`` dependency group.
Change-Id: I5da7fea703495dd4006d86334626f126a850bb10
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
If RAS Extension is not implemented esb instruction executes as a NOP.
No need to have a check for RAS presence in the code.
Also, The handler is related to a synchronous exceptions which
implicitly is part of BL31 image only, so remove that check too.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If4264504cba9f0642b7b9c581ae66cd4deace32b
PLAT_SP_PRI is used by SPM_MM and it is assigned same value as RAS
priority. Which is not allowed by exception handling framework and
causes build failure if both SPM_MM and RAS is enabled.
To fix this problem assign SP a different priority than RAS.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iff64ac547f0966c0d94ac7c3ab0eb1e3151fb314
* changes:
refactor(auth)!: unify REGISTER_CRYPTO_LIB
refactor(auth): replace plat_convert_pk
docs(auth): add auth_decrypt in CM chapter
feat(auth): compare platform and certificate ROTPK for authentication
docs(auth): add 'calc_hash' function's details in CM
We plan to deprecate the CryptoCell-712 and CryptoCell-713 drivers in
TF-A release v2.9 and eventually remove the code from the tree in
release 3.0.
The only upstream platforms which use these drivers today are the Arm
Ltd developpment platforms, such as Juno.
Write this information down into the "Release Processes" document.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ib064292733a271ecbff0dde315911017e2c4da7e
There is missing comma in copyright line. It is better to have all
Copyrights align to the same style that's why fix it.
Change-Id: Ifc04b474e1a172a7243b073d944007cf17d76e87
Signed-off-by: Michal Simek <michal.simek@amd.com>
Having a dedicated section for deprecated interfaces, and another one
for deprecated drivers, sounds cleaner.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Iaf65e9f4dabff89b9e86c17062656edd8c344016
Our process documentation already mentions that if a platform is no
longer maintained, it is best to deprecate it to keep the project's
source tree clean and healthy.
The same argument stands for drivers or library interfaces so extend
this policy to those.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ieb235d6a1fb089343e0e1e3e5f36067552f2f8f0
Clarify that downstream platforms generally do not affect code
deprecation / removal decisions.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I44b979c4e67ee03537852769e96544e19137bda3
Have only one definition for REGISTER_CRYPTO_LIB macro, with all the
possible fields. Worst case adds 4 u64 to crypto_lib_desc.
While at it, correct some MISRA violations:
MC3R1.R12.1: (advisory) The precedence of operators within expressions
should be made explicit.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81
Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6
The call to REGISTER_CRYPTO_LIB requires auth_decrypt function to be
provided. Add its prototype and update REGISTER_CRYPTO_LIB call.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Id1f2a54867ffe5dec36e0bf22490d01858891585
Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.
Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.
Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the Crypto Module section to detail the 'calc_hash'
function.
Change-Id: I04a24abba150745e4eba6273bdb7cf12b66bfebc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management framework for Python. The two main upsides
of using poetry instead of the traditional requirements.txt are
maintainability and reproducibility.
Poetry provides a proper lock file for pinning dependencies, similar to
npm for JavaScript. This allows for separate environments (i.e. docs,
tools) to be created efficiently, and in a reproducible manner, wherever
the project is deployed. Having dependencies pinned in this manner is a
boon as a security focused project. An additional upside is that we will
receive security updates for dependencies via GitHub's Dependabot.
Change-Id: I5a3c2003769b878a464c8feac0f789e5ecf8d56c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measurements are just stored into a TCG-compatible event
log buffer in secure memory.
In light of the fact that Event Log measurements are taken by BL1 and
BL2, we need to trust these components to store genuine measurements,
and the Generic Threat Model always mitigates against attacks on these
components, therefore, there is no explicit document for the Measured
Boot threat model at this time is needed.
Change-Id: I41b037b2f5956d327b53cd834345e5aefdcfb5ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
morello_plat_info is defined identically in multiple files, definition
is moved to a header file to avoid duplication.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: I607354902c55f5c31f0732de9db60604b82aef97
Joanna Farley
Madhukar Pappireddy
Boyan Karatotev
Sandrine Bailleux
Manish Pandey
Rohit Ner
Harrison Mutai
Andre Przywara
Manish V Badarkhe
Bipin Ravi
Michal Simek
Chris Kay
Yann Gautier
Yann Gautier
Mark Dykes
Werner Lewis