Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.
This patch adds the virtual environment mention and clarifies wording.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea447fb59dc471a502454650c8548192d93ba879
Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie0570481f42aeb293e885ca936e0765f6cb299a8
sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.
This excludes the most common virtual environment directories from the
build to prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieeb14cfc5730d21c986611feb0ed379c58dfcae2
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3
S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superseded by the TC1 and TC2 platforms,
which are already supported in TF-A and CI repositories.
Change-Id: I0269816a6ee733f732669027eae4e14cd60b6084
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
As part of release process revisit list of maintainers to keep
it updated.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I63b87265a6bff00ad05d8b3b7cad694cdf48e9ea
Couple for urls under section: `5.6. Use of built-in C and libc
data types` from docs has broken urls since the new arm procedure
call doc is moved to be part of `ARM-software/abi-aa`.
Change-Id: Ied184ed56c8335d4cbc687e56962439091a18e42
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Cortex-A77 erratum 2743100 is a Cat B erratum that applies to revisions
r0p0, r1p0, r1p1, and is still open. The workaround is to insert a dsb
before the isb in the power down sequence.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8e49a2dac8611f31ace249a17ae7a90cd60e742a
When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.
Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.
This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I172e999e4acd0f872c24056e647cc947ee54b193
Add documentation to build and run TF-A with RMM,
Linux kernel and TFTF Realm Payload.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I951b41a144aabe0fec16eb933d7f005a65f06fb2
We used to have a dedicated page for deprecated platforms information.
This document contained 2 pieces of information:
a) the process for deprecating a platform port;
b) the list of deprecated platforms to this day.
I think it makes more sense to move b) to the platforms ports landing
page, such that it is more visible.
This also has the nice effect to move the 'Deprecated platforms' title
as the last entry of the 'Platform ports' table of contents, like so:
- Platform ports
- 1. Allwinner ARMv8 SoCs
- 2. Arm Development Platforms
...
- 39. Broadcom Stingray
- Deprecated platforms
instead of it being lost in the middle of supported platform ports.
Regarding a), this gets moved under the "Processes & Policies" section.
More specifically, it gets clubbed with the existing platform
compatibility policy. The combined document gets renamed into a
"Platforms Ports Policy" document.
Change-Id: I6e9ce2abc68b8a8ac88e7bd5f21749c14c9a2af6
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Changing Makalu reference to the public name Cortex-A715. Also, added
a note on use of SB instruction for all CPUs supporting ENABLE_FEAT_SB.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I98bd36c684fa7ae79bd4e8e641fd73404435c202
The link to the Developer Certificate of Origin was mistakenly removed
in a patch some time ago. This change re-adds it.
Change-Id: Ia8aed055cb449cdf4c1aaeac9b81ca15099e73f5
Signed-off-by: Chris Kay <chris.kay@arm.com>
panic() and do_panic() are widely used helper functions called when
encountering a critical failure that cannot be recovered from.
Document them in porting guide. Also, remove panic() documentation
from PSCI guide(where it is unused anyways).
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ib0965cce56c03d0de5ac0d05d5714a6942793ede
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
- Remove mentions of Arm SGM-775 and MediaTek MT6795 platforms.
Both platform ports were deleted from TF-A source tree in the
last release (v2.7).
- Remove mention of Arm Morello platform, as it now has a dedicated
documentation page accessible from the table of contents
(see docs/plat/arm/morello/).
Change-Id: Ie3acdddab81f5589bb36114a8a766200f5b08ad4
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If58eb201d8fa792c16325c85c26056e9b409b750
SMCCCv1.3 introduces the SVE hint bit added to the SMC FID (bit 16)
denoting that the world issuing an SMC doesn't expect the callee to
preserve the SVE state (FFR, predicates, Zn vector bits greater than
127). Update the generic SMC handler to copy the SVE hint bit state
to SMC flags and mask out the bit by default for the services called
by the standard dispatcher. It is permitted by the SMCCC standard to
ignore the bit as long as the SVE state is preserved. In any case a
callee must preserve the NEON state (FPCR/FPSR, Vn 128b vectors)
whichever the SVE hint bit state.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2b163ed83dc311b8f81f96b23c942829ae9fa1b5
Add Muhammad Arsath K F in qti maintainer
Signed-off-by: Muhammad Arsath K F <quic_mkf@quicinc.com>
Change-Id: I71e6cc72b3c658730abe5255977f3b93dd7e4563
This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20
Signed-off-by: Chris Kay <chris.kay@arm.com>
Cortex-A76 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885749/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ie2cd73bd91417d30b5633d80b2fbee32944bc2de
Neoverse N1 erratum 2743102 is a Cat B erratum that applies to
all revisions <=r4p1 and is still open. The workaround is to
insert a dsb before the isb in the power down sequence.
SDEN documentation:
https://developer.arm.com/documentation/SDEN885747/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I81a8793c1a118764df3ac97b67f5e088f56f6a20
Added action in response to Non-secure interrupt attribute to the
partition manifest.
Change-Id: I1d4f85e58b2f1fea7230dffc6a4361f7fd65be15
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Update supported models list according to changes for v2.8 release in
ci/tf-a-ci-scripts repository
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ica7e062db77237220bcd861837f392496db1653a
Cortex-A710 erratum 2291219 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I7d3a97dfac0c433c0be386c1f3d2f2e895a3f691
Cortex-X3 erratum 2313909 is a Cat B erratum that applies to revisions
r0p0 and r1p0, and is fixed in r1p1. The workaround is to set
CPUACTLR2_EL1[36] to 1 before the power down sequence that sets
CORE_PWRDN_EN. This allows the cpu to retry the power down and prevents
the deadlock. TF-A never clears this bit even if it wakes up from the
wfi in the sequence since it is not expected to do anything but retry to
power down after and the bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I5935b4bcd1e6712477c0d6eab2acc96d7964a35d
Neoverse-N2 erratum 2326639 is a Cat B erratum that applies to revision
r0p0 and is fixed in r0p1. The workaround is to set CPUACTLR2_EL1[36] to
1 before the power down sequence that sets CORE_PWRDN_EN. This allows
the cpu to retry the power down and prevents the deadlock. TF-A never
clears this bit even if it wakes up from the wfi in the sequence since
it is not expected to do anything but retry to power down after and the
bit is cleared on reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1982442/latest/
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I9a325c5b9b498798e5efd5c79a4a6d5bed97c619
Platforms which implement pwr_domain_pwr_down_wfi differ substantially
in behaviour. However, different cpus require similar sequences to power
down. This patch tightens the behaviour of these platforms to end on a
wfi loop after performing platform power down. This is required so that
platforms behave more consistently on power down, in cases where the wfi
can fall through.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie29bd3a5e654780bacb4e07a6d123ac6d2467c1f
Threat model for EL3 SPMC.
The mitigations are based on the guidance
provided in FF-A v1.1 EAC0 spec.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I7f4c9370b6eefe6d1a7d1afac27e8b3a7b476072
Add documentation how to build EL3 SPMC,
briefly describes all FF-A interfaces,
SP boot flow, SP Manifest, Power Management,
Boot Info Protocol, Runtime model and state
transition and Interrupt Handling.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I630df1d50a4621b344a09e462563eacc90109de4
The Cortex-X3 cpu port was developed before its public release when it
was known as Makalu ELP. Now that it's released we can use the official
product name.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iebb90cf2f77330ed848a3d61c5f6928942189c5a
Arm has decided to deprecate the sgi575 and rdn1edge platforms.
The development of software and fast models for these platforms
has been discontinued. rdn1edge platform has been superseded by the
rdn2 platform, which is already supported in TF-A and CI work is
underway for this platform.
Change-Id: If2228fb73549b244c3a5b0e5746617b3f24fe771
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add a section into documentation listing the support for High Assurance
Boot (HABv4), note on the DRAM mapping, and reference to the external
documentation.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Change-Id: Iaca97f4ac2595e35de2664a880394519f96eca07
In anticpation of the next Trusted Firmware release update the to newest
2.x Mbed TLS library [1].
Note that the Mbed TLS project published version 3.x some time ago.
However, as this is a major release with API breakages, upgrading to
this one might require some more involved changes in TF-A, which we are
not ready to do. We shall upgrade to Mbed TLS 3.x after the v2.8 release
of TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/tree/v2.28.1
Change-Id: I7594ad062a693d2ecc3b1705e944dce2c3c43bb2
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
Code owners have been added for the Arm(R) Ethos(TM)-N NPU driver.
Change-Id: I0bda0d95151cdff5cd3a793c6c0e9ef6a9a5f50b
Signed-off-by: Mikael Olsson <mikael.olsson@arm.com>
Conceptually the DT is a hardware description, as such it's independent
from the instruction set that a DT client uses. So having separate DTs
for aarch32 and aarch64 does not make sense and is not needed.
Probably due to historic reasons (a Linux bug fixed in 2016 with Linux
commit ba6dea4f7ced, in Linux v4.8) the CPU reg property was using a
different size between aarch64 and aarch32, even though the size of it
is solely governed by the parent's #address-cells property.
Consolidate this to be always 2, and always use two cells to describe
the CPU's MPIDR register.
This removes the last difference of the -aarch32 versions of the FVP
DT files, so just remove all of them. The respective versions without
that suffix can now be used with AArch32 DT clients as well.
Also remove the respective part in the documentation.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I45d3a2cbba8e04595a741e1cf41900377952673e
Reinstate the workaround introduced in commit
9bbc03a6e0. The cited change to the SDEN
could not be found and there are no known problems with the workaround.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iec9938f173e7565024aca798f224df339de90806
Documented steps to run DRTM implementation.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I30dd8c1088a54a8906389c2584d922862610dae0
Boyan Karatotev
J-Alves
Okash Khawaja
Yann Gautier
Lionel Debieve
Nicolas Toromanoff
Juan Pablo Conde
Bipin Ravi
Manish V Badarkhe
Manish Pandey
Govindraj Raja
Shruti Gupta
Sandrine Bailleux
Chris Kay
Jayanth Dodderi Chidanand
Olivier Deprez
Muhammad Arsath K F
Pali Rohár
Madhukar Pappireddy
laurenw-arm
Andrey Zhizhikin
Daniel Boulby
Mikael Olsson
Akram Ahmad
Andre Przywara
Tamas Ban