Introduce a functionality for saving/restoring boot auth status
and partition used for booting (FSBL partition on which the boot
was successful).
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Change-Id: I4d7f153b70dfc49dad8c1c3fa71111a350caf1ee
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Change-Id: If26f3c83b6ccc8bc60e75c3e582ab20817d047aa
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
No need to keep all PU domains on as the full power domain driver
support has been added.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: Iec22dcabbbfe3f38b915104a437d396d7b1bb2d8
Add PLL power down override & bypass support when
system enter DSM mode.
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Change-Id: I50cd6b82151961ab849f58714a8c307d3f7f4166
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I85ac7aaf6a172c4ee529736113ed40fe66835fd7
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I4fdb45a91ac1ba6f912d6130813f5215c7e28c8b
Add braces to correct MISRA C2012 15.6 warning:
The body of an iteration-statement or a selection-statement shall be a
compound-statement.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: If26f3732d31df11bf389a16298ec9e9d8a4a2279
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ida58f14d7f0f326b580ae24b98d6b9f592d2d711
Increase the size of bl31 image by 52K to accomodate increased size of
xlat table.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Ic3a8d8be1104adf48d22aa829e2197f710b6b666
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4313cf025f4c9e9feffebca2d35b259f5bafce69
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.
strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}
Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I4119f899a273ccbf8259e0d711d3a25501c7ec64
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324
Add the TPM event log node to the SPMC manifest such that the TF-A
measured boot infrastructure fills the properties with event log address
for components measured by BL2 at boot time.
For a SPMC there is a particular interest with SP measurements.
In the particular case of Hafnium SPMC, the tpm event log node is not
yet consumed, but the intent is later to pass this information to an
attestation SP.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Ic30b553d979532c5dad9ed6d419367595be5485e
Add page table translation entry for secure uart so that logs from
secure partition can be routed via the same.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I3416d114bcee13824a7d0861ee54fb799e154897
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I417f5d16457b602c94da4c74b4d88bba03da7462
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
Signed-off-by: Rohit Mathew <rohit.mathew@arm.com>
Change-Id: I1ab17a3f02c8180b63be24e9266f7129beee819f
According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 EV_NO_ACTION Event
Types), all EV_NO_ACTION events shall set TCG_PCR_EVENT2.digests to all
0x00's for each allocated Hash algorithm.
Right now, this is not enforced. Only part of the buffer is zeroed due
to the wrong macro being used for the size of the buffer in the clearing
operation (TPM_ALG_ID instead of TCG_DIGEST_SIZE). This could confuse
a TPM event log parser.
Also, add an assertion to ensure that the Event Log size is large enough
before writing the Event Log header.
Change-Id: I6d4bc3fb28fd10c227e33c8c7bb4a40b08c3fd5e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update advisory document following Spectre-BHB mitigation support for
additional CPUs.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I4492397f18882f514beff4da06afe973acecf1f0
Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I489392133435436a16edced1d810bc5204ba608f
Pull in MbedTLS support for sha512 when greater than sha256 is required
based on refactoring for hash algorithm selection for Measured Boot.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: Ib0ca5ecdee7906b41a0e1060339d43ce7a018d31
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I4ddf06ebdc3835beb4d1b6c7bab5a257ffc5c71a
Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230
Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557
Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the verbosity level. As a result, when the verbosity level is set
lower than INFO (typically in release mode), only the digests are
printed, which look weird and out of context.
Change-Id: I0220977c35dcb636f1510d8a7a0a9e3d92548bdc
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
BL2 base address updated to provide enough space for BL31 in
Trusted SRAM when building with BL2_AT_EL3 and ENABLE_PIE options.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ieaba00d841648add855feb99b7923a4b0cccfb08
Removed GICR_CTLR_DPG0_MASK definition from platform GIC header file
as Arm GICv3 header file added its definition.
Change-Id: Ieec43aeef96b9b6c8a7f955a8d145be6e4b183c5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
