Right now, the delegated attestation module is not used in TF-A. This
means it's not even getting built and so the CI system cannot detect
build regressions.
Eventually, delegated attestation will be involved in a new runtime
service exposed by BL31 to lower exception levels. We are not there
yet but let's already include it into BL31 image, so we get build
coverage and static analysis on the code. Note that we make sure to
cover both PLAT_RSS_NOT_SUPPORTED=0 and PLAT_RSS_NOT_SUPPORTED=1
configurations.
Delegated attestation is currently made dependent on measured boot
support. This dependency is not at the source code level (attestation
code does not invoke any measured boot interfaces) but it is rather a
logical dependency: attestation without boot measurements is not very
useful...
For now, this is good enough for our purpose but the conditions under
which the attestation code is included might change in the future.
Change-Id: I616715c3dd0418a1bbf1019df3ff9acd8461e705
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
EL3 is configured to trap accesses to SME registers (via
CPTR_EL3.ESM=0). To allow SME instructions, this needs to be temporarily
disabled before changing system registers. If the PE delays the effects
of writes to system registers then accessing the SME registers will trap
without an isb. This patch adds the isb to restore functionality.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I8ee5ecaec978dde2525631daa682a182ad8f7f04
TF-A is reporting that above two erratum are missing to be enabled that's
why enable them by default.
For futher information please refer to
https://developer.arm.com/documentation/epm012079/11/
where
859971 is "Speculative instruction prefetch to Execute-never (XN) memory
could cause deadlock or data integrity issue" and
1319367 is "Speculative AT instruction using out-of-context translation
regime could cause subsequent request to generate an incorrect
translation".
Change-Id: I408706713a169e53db63ac5657751b0b003e646d
Signed-off-by: Michal Simek <michal.simek@amd.com>
The pwr_domain_pwr_down_wfi entry is overridden by a newer
implementation. This removes the last reference to
rpi3_pwr_domain_pwr_down_wfi. Remove both as they are not needed
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie65c40935cd1ed3c673ffdc9aa72064f5ab4032e
Recent GCC versions now do array-bounds checking which fails for
sys_sleep_flag_sram because the struct is larger than the 8-bytes
size that (void *) is
This variable is only used in one place as the struct,
so it can be defined with the struct type.
Resolves:
plat/rockchip/px30/drivers/pmu/pmu.c: In function 'rockchip_soc_sys_pwr_dm_suspend':
plat/rockchip/px30/drivers/pmu/pmu.c:977:23: error: array subscript 'struct psram_data_t[0]' is partly outside array bounds of 'void[8]' [-Werror=array-bounds]
977 | psram_boot_cfg->pm_flag &= ~PM_WARM_BOOT_BIT;
Change-Id: Ifbe42d11d0c7875f6cb23dc0b7ffb3f3f90c55a8
Signed-off-by: Scott Parlane <scott@parlanenz.com>
When spi_id_max is 5119, the expression `(spi_id_max - 4096U + 1U >> 5)`
evaluates to 32 leading to undefined behavior when using it to left
shift 1. Fix this undefined behavior.
Reported-by coverity scan:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/RMB4U7COL6IONZWEGF2FWXOQ6FPDIT4U/
```
large_shift: In expression 1 << (spi_id_max - 4096U + 1U >> 5), left
shifting by more than 31 bits has undefined behavior. The shift
amount, spi_id_max - 4096U + 1U >> 5, is as much as 32.
```
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I5e77a78b81a6d0367875e7ea432a82b6ba0e587c
The arm,vexpress,config-bus DT binding restricts the possible (sub)node
names.
Adjust the current node names, to drop the unneeded address specifier,
and make the node names binding compliant.
Change-Id: Ic48c6969268c960ce92c8ec3a756ed1d89e61b08
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
When firmware implements idle states via PSCI, the value of the DT
entry-method property must be "psci", not "arm,psci".
Fix this to make the CPU description binding compliant.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Icd1bf704d177368af9b7aab545f47e580791b8cc
The arm,armv7-timer-mem DT binding documentation demands that the
#size-cells property should be <1> only.
Adjust the value to be <1> and drop the now needless leading 0 in the
frame's reg property. Convert to #address-cell = <1> on the way.
Also adjust the interrupts property to use the proper GIC macros.
Change-Id: Ia2224663b1e6aaa7cf94af777473641de6a840d2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The existing DT files for the base FVP model are having some issues,
that lead to warnings reported by the device tree compiler.
Those (and many other issues around (updated) DT binding compliance)
were fixed in the Linux kernel tree, so let's sync those files back into
TF-A.
We cannot copy the files "as is" for now, since we rely on certain custom
properties to be added (max-pwr-lvl in the PSCI node, SDEI nodes, etc).
Merge in the changed parts of the Linux kernel DT (from Linux v6.0-rc1),
and rework the base file to allow including the motherboard.dtsi
unchanged. This should make any future update less painful.
As this also affects the FVP VE boards (Cortex-A7 and Cortex-A5), since
they share the motherboard include file, fix them up as well.
Change-Id: I4f74d05e5583747f8849e32f246f74aeec7a9c60
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GICv2 and GICv3 version of the FVP DT files are unnecessarily split,
as the common part of the peripherals is the same: it's literally just
the interrupt controller node that is different.
Since the GICv3 versions now use a generic DT include file (without any
GIC node), let's reuse that for the GICv2 versions of the FVP as well.
We just add a separate fvp-base-gicv2.dtsi file which describes the
GICv2 interrupt controller. Also shorten the compatible string, since
the GICv2 binding documentation does not allow the current combination.
This allows to remove the mostly redundant nodes from the GICv2 .dts
file.
Change-Id: I9018031bb611fb00ca7dbefc1bff7d40c3f05819
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The GICv2 and GICv3 version of the FVP DT files are unnecessarily split,
as the common part of the peripherals is the same: it's literally just
the interrupt controller node that is different.
To facilitate a unification, refactor the DT include files to explicitly
include a snippet with just the GICv3 description, and a generic base DT
file for the rest. This generic file can then be reused by the GICv2
versions later.
Since we can only have a /memreserve/ entry *before* any DT nodes, move
that line to each file, to allow including the GIC DT file separately.
Change-Id: I9ff357d3fe0ce46e280c30131aeae97a99631512
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Conceptually the DT is a hardware description, as such it's independent
from the instruction set that a DT client uses. So having separate DTs
for aarch32 and aarch64 does not make sense and is not needed.
Probably due to historic reasons (a Linux bug fixed in 2016 with Linux
commit ba6dea4f7ced, in Linux v4.8) the CPU reg property was using a
different size between aarch64 and aarch32, even though the size of it
is solely governed by the parent's #address-cells property.
Consolidate this to be always 2, and always use two cells to describe
the CPU's MPIDR register.
This removes the last difference of the -aarch32 versions of the FVP
DT files, so just remove all of them. The respective versions without
that suffix can now be used with AArch32 DT clients as well.
Also remove the respective part in the documentation.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I45d3a2cbba8e04595a741e1cf41900377952673e
For no real reason we were shipping two separate DT include files for the
base FVP motherboard peripherals, one for aarch32, one for aarch64.
There is no difference in the hardware description when using a
different instruction set, and the diff between the two files was about
a missing interrupt map for the 64-bit DT files.
Consolidate the situation by just using a single motherboard .dtsi file,
which relies on an interrupt map by the including files.
Provide that map in the two files where it was missing before, and
change the filenames to let all users include the same file now.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: I19b77ecc8da9b4bfbd61d02f910b9ab05dbf92e9
The DT files for the Cortex-A5 and Cortex-A7 FVP models include the
shared rtsm_ve-motherboard.dtsi file, which we need to sync with the
upstream Linux version soon.
To prepare for its changed structure there, adjust the top-level
#address-cells and #size-cells properties to be compatible with the
expectations of the Linux version.
Also extend the interrupt map to cover all peripherals listed in the
motherboard file, and use the proper GIC macros to make them more
readable on the way.
Change-Id: I7d1493f1a200e8350530f912833f9ffcc5f94b21
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
The PSCI DT nodes used for the various fvp-base model variants provide
explicit function IDs, as required for the pre-v0.2 PSCI specification.
This prevents them from being used from both AArch32 and AArch64 DT
clients, and using this version of the PSCI spec is long deprecated
anyway.
Remove the old compatible string and the function properties, to
force clients to use the standard function IDs as described in the PSCI
spec. sys_poweroff and sys_reset were never standardised or used anyway.
There should be no client software around that cannot deal with PSCI
v0.2.
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Change-Id: Ie87deb9898eae79b7307c15bcefcd4b311d4dc22
Fix a syntax error in the delegated attestation service code.
Unfortunately, this build failure was not caught by the CI system
because right now lib/psa/delegated_attestation.c file is not getting
pulled in by any upstream platform. This will be addressed in a
separate patch.
Change-Id: Idb84f62aabc5008396213023fc40547097925860
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Currently building TF-A for the FVP with RME enabled requires a
toolchain that understands the -march=armv8.6-a command line option,
even though we actually don't need any ARMv8.6 features from the
compiler.
Relax the requirement to use ARMv8.5, since this is what's the GCC
shipped with Ubuntu 20.04 understands. This is in line what the current
RMM implementation uses as well.
Change-Id: I3806dcff90319a87f003fe2c86b7cdcdebd625e4
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Reinstate the workaround introduced in commit
9bbc03a6e0. The cited change to the SDEN
could not be found and there are no known problems with the workaround.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iec9938f173e7565024aca798f224df339de90806
Correct the domain setting for DSP. It should be 6.
BUG=b:249954378
TEST=audio is functional.
Change-Id: Ie79aa0dad3d2b1ef5de0f2acc51ded13b6f085ac
Signed-off-by: Tinghan Shen <tinghan.shen@mediatek.com>
This change updates our Node.js dependencies to their latest minor/patch
versions, but not necessarily to their latest major versions.
Change-Id: I59b093675134c679b7a834f3da6acf830f596c67
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `.nvmrc` file specifies the version of Node.js that the repository's
Node.js-based tooling has been designed to be compatible with.
Users of NVM may want to run `nvm use` to install this version
automatically.
Change-Id: Ied90c51d8d1e5b43f2ca4de08a58bc782d9ae4e6
Signed-off-by: Chris Kay <chris.kay@arm.com>
* changes:
fix(psa): extend measured boot logging
fix(rss): determine the size of sw_type in RSS mboot metadata
fix(psa): align with original API in tf-m-extras
fix(rss): clear the message buffer
feat(tc): enable RSS backend based measured boot
feat(tc): increase maximum BL1/BL2/BL31 sizes
Add basic CPU library code to support the Hunter ELP CPU in TF-A.
Hunter-ELP adds v9.2 architecture support and is derived from
Makalu-ELP. As such, the library code is adapted from the
Makalu-ELP support library.
Change-Id: I7e93b9af6b1f0bc4d08c3cf5caf071d2cbdbc89f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Print all the params of
rss_measured_boot_extend_measurement() to
the console to check parameter healthiness.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I072fe5fef72c67e615ab64e06a9e1f6add5e9cfc
The attestation key derivation and platform attestation token
creation functionality is provided by the Delegated Attestation
partition in RSS.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2d8c0e6589d11e7c81c698adf75ee2a993e3a0c6
Platform must define the maximum size of the message
over MHU.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I91a6c132c946f4465178910b8ea83544f562e837
Without setting the correct size of sw_type the metadata won't
be propagated to RSS through rss_measured_boot_extend_measurement()
API.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I4066d4762689c96ac2ac8e8b8db5d2b1f108b550
Adding PLAT_* prefix to indicate that the
platform needs to provide this definition.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I0bd02be405fd8b1e625bd2b82647ebb2b58265fc
The measured boot API is available in the tf-m-extras
repo:
partitions/measured_boot/interface/src/measured_boot_api.c
This change make the API behavior align with
the original implementation.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ie4af38b859f942b2ef090e92da64d75811b5b49b
Define the RSS_COMMS_PAYLOAD_MAX_SIZE macro. Its value is platform
specific and gives the largest message size which are exchanged
on the TC2 platform between RSS and AP.
Change-Id: Id831c282dc9a39755b82befead1a81767e217215
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Clear the MHU message buffer to remove assets from memory.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I730e7b044eaf0bf517532a12146e4f542949544e
Measurements taken during boot are stored in RSS.
These measurements are included in the platform
attestation token.
Change-Id: Iac3356f813fb417315681c718839319832a76191
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Delegated attestation is a service provided by RSS to:
- Derive a delegated attestation key: Realm Attestation Key
- Query the platform attestation token
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3edf09fcbef24bca7c8a000ffac8c1ab64dfb812
Sandrine Bailleux
Boyan Karatotev
Joanna Farley
Michal Simek
Madhukar Pappireddy
Manish Pandey
Olivier Deprez
Scott Parlane
Manish V Badarkhe
Vijayenthiran Subramaniam
Bipin Ravi
Andre Przywara
Tinghan Shen
Chris Kay
Harrison Mutai
Tamas Ban
David Vincze