Cortex-X3 erratum 2615812 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1, and is still open. The workaround is to disable
the use of the Full Retention power mode in the core (setting
WFI_RET_CTRL and WFE_RET_CTRL in CORTEX_X3_IMP_CPUPWRCTLR_EL1 to 0b000).
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Change-Id: I5ad66df3e18fc85a6b23f6662239494ee001d82f
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Increases BL2 size to have room to enable security features (like
measurement and TPM).
Signed-off-by: Leo Yan <leo.yan@linaro.org>
Change-Id: Iba5e8923e2e154315499e9bfce2e0aff0ccc8f95
This patch documents the actions taken by Hafnium SPMC in response
to non-secure and secure interrupts.
Change-Id: I97687f188ca97aeb255e3e5b55d44ddf5d66b6e0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
This patch documents the support for partition runtime models, call
chains and schedule modes in Hafnium SPMC.
Change-Id: I91d5718bb2c21d475499e402f6f27076930336cb
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: If90a18ee8d6a6858d58f0687f31ea62b69399e04
The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.
Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I02e88f8c279db6d8eda68f634e8473c02b733963
Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.
This patch adds the virtual environment mention and clarifies wording.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Iea447fb59dc471a502454650c8548192d93ba879
Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ie0570481f42aeb293e885ca936e0765f6cb299a8
sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.
This excludes the most common virtual environment directories from the
build to prevent this.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ieeb14cfc5730d21c986611feb0ed379c58dfcae2
Commit 337ff4f1dd6604738d79fd3fa275ae74d74256b2 enabled SVE/SME for
qemu platform. Let do the same for qemu-sbsa one too.
With this change I can boot Debian 'bookworm' installed using Max cpu.
Info from referenced commit:
Starting with QEMU v3.1.0 (Dec 2018), QEMU's TCG emulation engine supports
the SVE architecture extension. In QEMU v7.1.0 (Aug 2022) it also gained
SME support.
As it stands today, running TF-A under QEMU with "-cpu max" makes Linux
hang, because SME and SVE accesses trap to EL3, but are never handled
there. This is because the Linux kernel sees the SVE or SME feature bits,
and assumes firmware has enabled the feature for lower exception levels.
This requirement is described in the Linux kernel booting protocol.
Enable those features in the TF-A build, so that BL31 does the proper
EL3 setup to make the feature usable in non-secure world.
We check the actual feature bits before accessing SVE or SME registers,
so this is safe even for older QEMU version or when not running with
-cpu max. As SVE and SME are AArch64 features only, do not enable them
when building for AArch32.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I9ea1f91e6b801218d944e8a7d798d5ae568ed59a
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: Ibb135ed938e9d92332668fa5caf274cf61b822d3
S-EL0 partitions already support indirect messaging and notifications
so add that to supported features.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I08e04593653ba38a2b82395f6f2d3ca7b212d494
Since commit 94b2f94bd632 ("feat(libfdt): upgrade libfdt source files"),
8-byte alignment of the FDT address is enforced to follow the DT
standard.
Rockchip implementation of params_early_setup loads the FDT address as
passed by the bootloader into a buffer. This buffer is currently made of
uint8_t which means it is not 8-byte aligned and might result in
fdt_open_into failing.
Instead, let's make this buffer uint64_t to make it 8-byte aligned.
Cc: Quentin Schulz <foss+tf-a@0leil.net>
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Change-Id: Ifcf0e0cf4000e3661d76d3c3a2fe3921f7fe44b9
We don't need CONDITIONAL_CMO for aarch32 so let's remove it.
Signed-off-by: Okash Khawawja <okash@google.com>
Change-Id: I256959d7005df21a850ff7791c8188ea01f5c53b
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I721376bf3726520d0d5b0df0f33f98ce92257287
The code managing legacy boot (without FIP) that was under
STM32MP_USE_STM32IMAGE flag is remove.
Change-Id: I04452453ed84567b0de39e900594a81526562259
Signed-off-by: Yann Gautier <yann.gautier@st.com>
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.
Change-Id: I9724b63e01b3497daaedb9365c7d6a494aac9561
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add cert_create and fiptool specific files to add the platform
addons to the generic tools.
Change-Id: Ifa600241cdf32b495cc65edccddab47c3796b77d
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove the secure status for PKA and SAES entries.
The peripherals are used in BL2 at EL3, context will
remain secure only.
Change-Id: I79d95bc55a9afd27f295249936d7bc332c777f5e
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the stm32mp1 CoT description file. Include the TRUSTED_BOARD_BOOT
entry in the platform device tree file.
Add the missing public root key reference for stm32mp15 and the
encryption key reference for stm32mp13.
Change-Id: I0ae2454979a3df6dd3e4361510317742e8fbc109
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add a security check to enforce the usage of TRUSTED_BOARD_BOOT
on closed device. It will guarantee the secure bootchain.
Change-Id: Id6120d0e5041e8f2d3866e5710876ec96b6d0216
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the decryption support for STM32MP1 binaries.
Decryption is limited to the BL32 loaded images.
Limitation: STM32MP15 doesn't support the feature.
Change-Id: I96800bac7b22109f8471eb2953fc0dc269fc4fd1
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.
Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Add the new definition field for authentication used in header V2
on STM32MP13.
Change-Id: Id8f0c2584ca9b74b0d21d82c9a98d286500548c4
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove old library access from ROM library that is no more
used.
Change-Id: I9b91f1efd6ff9d311b69ca36f60474f01268c221
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Remove deprecated authentication mode to use the FIP authentication
based on TBBR requirements. It will use the new crypto library.
Change-Id: I95c7baa64ba42c370ae136f59781f2a7a4c7f507
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
disable_auth is defined as uint32_t and must be displayed
as an unsigned int.
lib/fconf/fconf_tbbr_getter.c:
In function ‘fconf_populate_tbbr_dyn_config’:
include/common/debug.h:46:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 3 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
46 | #define LOG_MARKER_WARNING "\x1e" /* 30 */
| ^~~~~~
include/common/debug.h:77:32: note:
in expansion of macro ‘LOG_MARKER_WARNING’
77 | # define WARN(...) tf_log(LOG_MARKER_WARNING __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:47:17: note:
in expansion of macro ‘WARN’
47 | WARN("Invalid value for `%s` cell %d\n",
| ^~~~
include/common/debug.h:48:41: error:
format ‘%d’ expects argument of type ‘int’, but argument 5 has
type ‘uint32_t’ {aka ‘unsigned int’} [-Werror=format=]
48 | #define LOG_MARKER_VERBOSE "\x32" /* 50 */
| ^~~~~~
include/common/debug.h:58:32: note:
in definition of macro ‘no_tf_log’
58 | tf_log(fmt, ##__VA_ARGS__); \
| ^~~
include/common/debug.h:91:35: note:
in expansion of macro ‘LOG_MARKER_VERBOSE’
91 | # define VERBOSE(...)
| no_tf_log(LOG_MARKER_VERBOSE __VA_ARGS__)
| ^~~~~~~~~~~~~~~~~~
lib/fconf/fconf_tbbr_getter.c:74:9: note:
in expansion of macro ‘VERBOSE’
74 | VERBOSE("%s%s%s %d\n","FCONF: `tbbr.", "disable_auth",
| ^~~~~~~
cc1: all warnings being treated as errors
Change-Id: I0164ddfe511406cc1a8d014a368ef3e3c5f8cd27
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Public key brainpool ECDSA DER certificate are 92 byte long.
OID for brainpool curve are 1 byte bigger than the one for NIST curve.
Change-Id: Ifad51da3c576d555da9fc519d2df3d9a0e6ed91b
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Updated cert_tool to be able to select brainpool P256r/t1
or NIST prim256v1 curve for certificates signature.
Change-Id: I6e800144697069ea83660053b8ba6e21c229243a
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
* changes:
fix(mt8188): add mmap entry for CPU idle SRAM
fix(mt8188): refine gic init flow after system resume
fix(mt8186): fix the DRAM voltage after the system resumes
feat(mt8188): add audio support
refactor(mt8195): use ptp3 common drivers
feat(mt8188): add support for PTP3
feat(mt8188): enable MTK_PUBEVENT_ENABLE
This patch discards all the used entropy bits from the global memory
pool after being delivered to the requester (lower exception levels) by
overwriting them with zeroes.
It effectively implements the requirement, as part of TRNG FW interface
listed at DEN0098 (section 1.2).
https://developer.arm.com/documentation/den0098/latest
Change-Id: I447cbccc1a8ad972418a3569c99f010189d4b2f6
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
