The deprecation was tagged "Next release after 2.8". Now there is a 2.9
planned, directly use this version.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I0727eebc4a3800dafafc4166b0c2c40a12c90b4b
Update SPM threat model for possible threats, from malicious
endpoints, related to interrupt management. The mitigations
are based on the guidance provided in FF-A v1.1 EAC0 spec.
Change-Id: Ib9e26e3f1c60fe3a2734a67de1dcf1cea4883d38
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add details on how to run QEMU in OpenCI, and what tests are currently
supported.
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Change-Id: I291e4eb64a58c766519ff7dcac4841ae75c3934e
Revise the UART baud rate and clock for general platform build,
SIMIC build and EMU build.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I62fefe7b96d5124e75d2810b4fbc1640422b1353
This patch documents the actions taken by Hafnium SPMC in response
to non-secure and secure interrupts.
Change-Id: I97687f188ca97aeb255e3e5b55d44ddf5d66b6e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch documents the support for partition runtime models, call
chains and schedule modes in Hafnium SPMC.
Change-Id: I91d5718bb2c21d475499e402f6f27076930336cb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If90a18ee8d6a6858d58f0687f31ea62b69399e04
The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.
Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963
Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.
This patch adds the virtual environment mention and clarifies wording.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea447fb59dc471a502454650c8548192d93ba879
Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie0570481f42aeb293e885ca936e0765f6cb299a8
sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.
This excludes the most common virtual environment directories from the
build to prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieeb14cfc5730d21c986611feb0ed379c58dfcae2
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3
S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494
Since commit 94b2f94bd6 ("feat(libfdt): upgrade libfdt source files"),
8-byte alignment of the FDT address is enforced to follow the DT
standard.
Rockchip implementation of params_early_setup loads the FDT address as
passed by the bootloader into a buffer. This buffer is currently made of
uint8_t which means it is not 8-byte aligned and might result in
fdt_open_into failing.
Instead, let's make this buffer uint64_t to make it 8-byte aligned.
Cc: Quentin Schulz <foss+tf-a@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Change-Id: Ifcf0e0cf4000e3661d76d3c3a2fe3921f7fe44b9
We don't need CONDITIONAL_CMO for aarch32 so let's remove it.
Signed-off-by: Okash Khawawja <okash@google.com>
Change-Id: I256959d7005df21a850ff7791c8188ea01f5c53b
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.
Change-Id: I9724b63e01b3497daaedb9365c7d6a494aac9561
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add cert_create and fiptool specific files to add the platform
addons to the generic tools.
Change-Id: Ifa600241cdf32b495cc65edccddab47c3796b77d
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove the secure status for PKA and SAES entries.
The peripherals are used in BL2 at EL3, context will
remain secure only.
Change-Id: I79d95bc55a9afd27f295249936d7bc332c777f5e
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the stm32mp1 CoT description file. Include the TRUSTED_BOARD_BOOT
entry in the platform device tree file.
Add the missing public root key reference for stm32mp15 and the
encryption key reference for stm32mp13.
Change-Id: I0ae2454979a3df6dd3e4361510317742e8fbc109
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.
Change-Id: Id6120d0e5041e8f2d3866e5710876ec96b6d0216
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the decryption support for STM32MP1 binaries.
Decryption is limited to the BL32 loaded images.
Limitation: STM32MP15 doesn't support the feature.
Change-Id: I96800bac7b22109f8471eb2953fc0dc269fc4fd1
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.
Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the new definition field for authentication used in header V2
on STM32MP13.
Change-Id: Id8f0c2584ca9b74b0d21d82c9a98d286500548c4
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove old library access from ROM library that is no more
used.
Change-Id: I9b91f1efd6ff9d311b69ca36f60474f01268c221
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
disable_auth is defined as uint32_t and must be displayed
as an unsigned int.
lib/fconf/fconf_tbbr_getter.c:
In function ‘fconf_populate_tbbr_dyn_config’:
include/common/debug.h:46:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 3 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
46 | #define LOG_MARKER_WARNING "\x1e" /* 30 */
| ^~~~~~
include/common/debug.h:77:32: note:
in expansion of macro ‘LOG_MARKER_WARNING’
77 | # define WARN(...) tf_log(LOG_MARKER_WARNING __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:47:17: note:
in expansion of macro ‘WARN’
47 | WARN("Invalid value for `%s` cell %d\n",
| ^~~~
include/common/debug.h:48:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 5 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
48 | #define LOG_MARKER_VERBOSE "\x32" /* 50 */
| ^~~~~~
include/common/debug.h:58:32: note:
in definition of macro ‘no_tf_log’
58 | tf_log(fmt, ##__VA_ARGS__); \
| ^~~
include/common/debug.h:91:35: note:
in expansion of macro ‘LOG_MARKER_VERBOSE’
91 | # define VERBOSE(...)
| no_tf_log(LOG_MARKER_VERBOSE __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:74:9: note:
in expansion of macro ‘VERBOSE’
74 | VERBOSE("%s%s%s %d\n","FCONF: `tbbr.", "disable_auth",
| ^~~~~~~
cc1: all warnings being treated as errors
Change-Id: I0164ddfe511406cc1a8d014a368ef3e3c5f8cd27
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Public key brainpool ECDSA DER certificate are 92 byte long.
OID for brainpool curve are 1 byte bigger than the one for NIST curve.
Change-Id: Ifad51da3c576d555da9fc519d2df3d9a0e6ed91b
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Yann Gautier
Manish Pandey
Madhukar Pappireddy
Harrison Mutai
Sandrine Bailleux
Sieu Mun Tang
Joanna Farley
Olivier Deprez
laurenw-arm
J-Alves
Manish V Badarkhe
Boyan Karatotev
HariBabu Gattem
Quentin Schulz
Okash Khawaja
Lionel Debieve
Nicolas Toromanoff