* changes:
chore(cpus): rearrange the errata and cve order in Neoverse-N2
chore(cpus): rearrange cve in order in Cortex-X1
chore(cpus): fix cve order in Neoverse-V1
chore(cpus): fix cve order in Cortex-X2
chore(cpus): fix cve order in Cortex-A78C
chore(cpus): fix cve order in Cortex-A78_AE
chore(cpus): fix cve order in Cortex-A78
chore(cpus): fix cve order in Cortex-A77
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Cortex-X4.
Change-Id: Ic304c2f68e7d0b96bbb30760696b7bceabe1ae2d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE-2024-5660 in order based on the year and index
for Cortex-X3.
Change-Id: I2a4baebe0c3133528c089d999bdffa8c992f4989
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch rearranges CVE-2024-5660 in order based on
the year and index for Neoverse-V2.
Change-Id: I092a93ef3299fd733abae9c462c019f94d881413
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Neoverse N2.
Change-Id: Ieb4a8ab0030ea4e83efdef86a0ff1e2990b3e0dd
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's
in ascending order based on the year and index for Neoverse-V3.
Change-Id: I108eb2896e24c135d56e5096289766d777b48b48
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the
CVE's in ascending order based on the year and index
for CPU Cortex-A710.
Change-Id: Ie7c2b77879f8fa5abb77204678e09cc759b10278
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch rearranges CVE-2024-5660 in ascending order based on
the year and index for Cortex X1.
Change-Id: I0c4206e38f09b1f88ee95e8ce69d7e13b8a9bb2d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This patch rearranges CVE-2024-5660 apply order in Neoverse-V1.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ice0b1c6efa913f88522fb33182b9cdc0e7723988
This patch rearranges CVE-2024-5660, erratum 2313941
and 3701772 apply order in Cortex-X2.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ie74d7232a14f3cdd14c4d0ffb1ee91b537c491ea
This patch rearranges CVE-2024-5660 apply order in Cortex-A78C.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I326be1da279bd34df8667f7e957fb4a2c6913ab9
This patch rearranges CVE-2024-5660 apply order in Cortex-A78_AE.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Idfb076b798a840847c00066bd062ee919369272f
This patch rearranges CVE-2024-5660 apply order in Cortex-A78.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: If80a0f95f82dbf69100a2687b06db2373a9e9832
This patch rearranges CVE-2024-5660 apply order in Cortex-A77.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I41d76268ce2248bfd3600bbf6b89d16b6bdce8f0
Previously we have used enclosed the Errata ordering check
within the FEATURE_DETECTION flag as this flag is only
used for development purpose and it also enforces
ordering by causing a panic when the assert fails.
A simple warning message would suffice and hence this
patch removes the assert.
The erratum and cve ordering check is planned to be implemented
in static check at which point the warning will be taken out as well.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I0ffc40361985281163970ea5bc81ca0269b16442
When mcusys is off, rdist_ctx will save the rdist data of the last core.
In the case of the last core plug off, the data of other cores will be
inconsistent with the data in rdist_ctx.
Therefore, each core needs to use a dedicated context.
Signed-off-by: Runyang Chen <runyang.chen@mediatek.com>
Change-Id: Ic9501f4da219cf906c0e348982be3f550c3ba30b
Linux needs bootargs with or without RME. Have them always on.
Change-Id: I4e7f582862ba9a0a96c0d6de10d021eed51740d6
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Refactor `arm_sp_min_early_platform_setup` to accept generic
`u_register_r` values to support receiving firmware handoff boot
arguments in common code. This has the added benefit of simplifying the
interface into common early platform setup.
Change-Id: Idfc3d41f94f2bf3a3a0c7ca39f6b9b0013836e3a
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Commit fe488c3796 added an override to
force `CTX_INCLUDE_SVE_REGS` to 0 when `SPD == spmd` and
`SPMD_SPM_AT_SEL2 == 1`.
Since there is an architectural dependency between FP and SVE registers,
`CTX_INCLUDE_FPREGS` must also be overridden to 0 when
CTX_INCLUDE_SVE_REGS is 0.
Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com>
Change-Id: I1cd834241a2d5a5368ac532a348d8729a701bbcd
The bit is already implicitly zero so no functional change. Adding it
helps fully describe how we expect FEAT_TRF to behave.
Change-Id: If7a7881e2b50188222ce46265b432d658a664c75
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The code is never referenced, the build flag is never defined and some
of the #defines are missing. Remove.
Change-Id: I44caae52f9b7503363ac553fd1187bbf6c951438
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Implement safer version of 'strnlen' function
to handle NULL terminated strings with additional
bound checking and secure version of string copy function
to support better security and avoid destination
buffer overflow.
Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Add an implementation of the plat_rmmd_mecid_key_update() callback, that
updates the MEC keys associated with a MECID. Leave it empty for now,
since QEMU doesn't yet implement an MPE (Memory Protection Engine).
Change-Id: I2746f6024f28e4fd487726de9e43e14d8cad57a0
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
Add the discrete TPM to the TCG event log section of the measured boot
threat model. Include the example of a physical vurnerability that can
be used to compromise a dTPM.
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I2c06edf5e9031adc970c24426a8ae52b06efb614
-documentation for Discrete TPM drivers.
-documentation for a proof of concept on rpi3;
Measured Boot using Discrete TPM.
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: If8e7c14a1c0b9776af872104aceeff21a13bd821
BL2 requires the ability to access the TCG Event Log during
Measured Boot. Currently the Platform hangs since the Event Log
is not exposed to BL2's mmap. Define a RPI3_BL1_RW region to be
added to the BL2 Image, if Measured Boot is enabled.
Change-Id: Ic236a80e73ea342b4590cfb65bafbb8ffac17085
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
In BL1 and BL2 add support for the use of an Infineon Optiga SLB 9670
TPM2.0.
The platform utilizes the gpio_spi.c driver to bit-bang gpio pins in
order to send commands and receive responses to/from the TPM.
In BL1 & BL2:
-utilize TPM commands to initialize the gpio pins for "spi"
communication, and extend image hashes to the TPM's PCR 0,
at the end of the measured boot phase for the bootloader,
the TPM locality is released.
-Bl1 executes a tpm_startup command in order to flush the TPM.
Change-Id: I2f2fa28f60a262a0aa25a674c72a9904b3cf4d8a
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
add the Infineon Optiga SLB9670 TPM2.0 GPIO SPI
configuration data, as well as chip reset and the
GPIO SPI bitbang driver initialization. This code
supports use with the rpi3 platform, with availibility
to add configuration parameters for other platforms
Change-Id: Ibdffb28fa0b3b5a18dff2ba5d4ea305633740763
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Add tpm2 drivers to tf-a with adequate framework
-implement a fifo spi interface that works
with discrete tpm chip.
-implement tpm command layer interfaces that are used
to initialize, start and make measurements and
close the interface.
-tpm drivers are built using their own make file
to allow for ease in porting across platforms,
and across different interfaces.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: Ie1a189f45c80f26f4dea16c3bd71b1503709e0ea
When using a tpm breakout board with rpi3, we elected to bit-bang
gpio pins to emulate a spi interface, this implementation required a
driver to interface with the platform specific pins and emulate spi
functionality. The generic driver provides the ability to pass in a
gpio_spi_data structure that contains the necessary gpio pins in
order to simulate spi operations (get_access, start, stop, xfer).
Change-Id: I88919e8a294c05e0cabb8224e35ae5c1ba5f2413
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
At the end of BL2 measured boot, write the address
and size of the TCG Event Log to NT_FW_CONFIG so
that the log can be consumed later by BL33.
-add dynamic configuration helpers for the fdt
-write the eventlog address and size to the fdt
Change-Id: I099dd9cc96d740ae13cb8b8e8c6b9f2e6c02accc
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Add Measured Boot support using the Event Log backend for the rpi3
platform.
-Implement measured boot infrastructure in BL1 & BL2, including
the init, measure image, and finish phases.
-Pass the eventlog addr and size from BL1 to BL2 using the
image entry point args.
-dump the eventlog after measuring BL2, and after all images are
measured in BL2.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
Change-Id: I7c040c4a2d001a933fefb0b16f0fdf2a43a11be9
Rename VERSAL2_CONSOLE build argument to CONSOLE to
keep it aligned with generic build arguments.
Change-Id: I0f4967aa262f0300d8f76f6638030a1839901234
Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
Cortex-A510 erratum 2971420 applies to revisions r0p1, r0p2, r0p3,
r1p0, r1p1, r1p2 and r1p3, and is still open.
Under some conditions, data might be corrupted if Trace Buffer
Extension (TRBE) is enabled. The workaround is to disable trace
collection via TRBE by programming MDCR_EL3.NSTB[1] to the opposite
value of SCR_EL3.NS on a security state switch. Since we only enable
TRBE for non-secure world, the workaround is to disable TRBE by
setting the NSTB field to 00 so accesses are trapped to EL3 and
secure state owns the buffer.
SDEN: https://developer.arm.com/documentation/SDEN-1873361/latest/
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ia77051f6b64c726a8c50596c78f220d323ab7d97
