* changes:
fix(xilinx): add console_flush() before shutdown
fix(xilinx): fix sending sgi to linux
feat(xilinx): add new state to identify cpu power down
feat(xilinx): request cpu power down from reset
feat(xilinx): power down all cores on receiving cpu pwrdwn req
feat(xilinx): add handler for power down req sgi irq
feat(xilinx): add wrapper to handle cpu power down req
fix(versal-net): use arm common GIC handlers
fix(xilinx): rename macros to align with ARM
Software supply chain attacks aim to inject malicious code into a
software product. There are several ways a malicious code can be
injected into a software product (open-source project).
These include:
- Malicious code commits
- Malicious dependencies
- Malicious toolchains
This document provides analysis of software supply chain attack
threats for the TF-A project
Change-Id: I03545d65a38dc372f3868a16c725b7378640a771
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Added a threat model for PSA firmware update as well as TBBR FWU aka
firmware recovery.
Change-Id: I2396e13144076d7294f61f6817e1a8646225c6c2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Update CoT binding documentation to add the signing-key property
as optional in root-certificates and add rot_keys node
Change-Id: I1d1fbc0394275520cfa43213d5b7006e51990fdd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Added an assumption in generic threat model that platform's hardware
conforms the Platform Security Requirements specification.
Change-Id: I753287feec1cd459edfd3d1c103e0e701827cc05
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
On receiving CPU power down callback, TF-A raises SGI interrupt to all active
cores to power down each active cores. Add handler for this SGI IRQ.
By default TF-A uses SGI 6 for CPU power down request. This can be
configurable through CPU_PWRDWN_SGI build flag.
e.g., If user wants to use SGI 7 instead of SGI 6 then provide build
flag CPU_PWRDWN_SGI=7
Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
Change-Id: Id0df32187d1de3f0af4486eb4d4930cb3ab01dbd
This patch provides a reporting functionality to display the memory
consumed by the context in each security state and for each exception
level. Flag PLATFORM_REPORT_CTX_MEM_USE enables or disables this
feature.
Change-Id: I1515366bf87561dcedf2b3206be167804df681d4
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
New build option CTX_INCLUDE_MPAM_REGS is added to select
if the firmware needs to save the MPAM EL2 registers during world
switches. This option is currently disabled as MPAM is only
enabled for NS world.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ie2e5e184cdb65f7e1a98d8fe81590253fd859679
tf.org-wide documents have been migrated away from
developer.trustedfirmware.org, because the latter will be
decomissioned at some point in the future. These documents are now
hosted in a new 'tf_docs' repository hosted on Github [1] and can be
easily browsed through a new ReadTheDocs website at [2].
Update all relevant links in TF-A documentation to refer to [2].
[1] https://github.com/TrustedFirmware/tf_docs
[2] https://trusted-firmware-docs.readthedocs.io/
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ib9d39c36250a05754fe5e46cb6f3044ecb776534
Cortex X3 erratum 2743088 is a Cat B erratum that applies to all
revisions <= r1p1 and is fixed in r1p2. The workaround is to add a DSB
instruction before the ISB of the powerdown code sequence specified in
the TRM.
SDEN documentation: https://developer.arm.com/documentation/2055130
Change-Id: I2c8577e3ca0781af8b1c3912e577d3bd77f92709
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add information about Versal platform for ERRATA_ABI_SUPPORT and
provide the build commands.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I8466ea446814f888ae56f5cbb7bbdc06099d54f8
Cortex-A520 erratum 2858100 is a Cat B erratum that applies to
all revisions <=r0p1 and is still open. The workaround is to
set bit[29] of CPUACTLR_EL1.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2444153/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I5a07163f919352583b03328abd5659bf7b268677
Cortex-A520 erratum is a Cat B erratum that applies
to revisions r0p0 and r0p1 and is still open.
The workaround is to set CPUACTLR_EL1[38] to 1.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2444153/latest
Change-Id: Idb6f32f680ee1378a57c2d2f809ea847fffe5910
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X2 erratum 2778471 is a Cat B erratum that applies
to revisions r0p1, r1p0, r2p0 and r2p1 and is still open.
The workaround is to set CPUACTLR3_EL1[47] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775100/latest
Change-Id: Ia95f0e276482283bf50e06c58c2bc5faab3f62c6
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-A710 erratum 2778471 is a Cat B erratum that applies
to revisions r0p1, r1p0, r2p0 and r2p1 and is still open.
The workaround is to set CPUACTLR3_EL1[47] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1775101/latest
Change-Id: Id3bb4a2673e41ff237682e46784d37752daf2f83
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Neoverse V2 erratum 2618597 is a Cat B erratum that applies to
all revisions <= r0p1 and is fixed in r0p2. The workaround is to
disable the use of the Full Retention power mode in the core (setting
WFI_RET_CTRL and WFE_RET_CTRL in IMP_CPUPWRCTLR_EL1 to 0b000).
SDEN can be found here:
https://developer.arm.com/documentation/SDEN-2332927/latest
Change-Id: I23a81275d1e40cae39e6897093d6cdd3e11c08ea
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
verify_hash should be placed before calc_hash
align with crypto_mod.h
Change-Id: I536125502d83bb732cf70fbe516d5fe009dc95fe
Signed-off-by: zhiyang.shi <zhiyang.shi@cixtech.com>
Added changelog for v2.10 release.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: Id06263047fcc1ec60e82f85cd09e2e4bc95830f5
This patch enables support for the gcc compiler option "-mharden-sls",
the default is not to use this option. Setting HARDEN_SLS=1 sets
"-mharden-sls=all" that enables all hardening against straight line
speculation.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I59f5963c22431571f5aebe7e0c5642b32362f4c9
Neoverse V2 erratum 2662553 is a Cat B erratum that applies to all
revisions <= r0p1 and is fixed in r0p2.
The workaround is to set L2 TQ size statically to it's full size.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2332927/latest
Change-Id: I3bc43e7299c17db8a6771a547515ffb2a172fa0f
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
This reverts commit 0abbfab320.
Reason for revert: Changelog was based on rc0 tag but we got few more patches after that which were not captured.
Change-Id: I9829f2b6dc09f0bd5c538845cbae051f6e4c8a75
Cortex-A78C erratum 2743232 is a Cat B erratum that applies
to revisions r0p1 and r0p2 and is still open.
The workaround is to set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN-2004089/latest
Change-Id: Ic62579c2dd69b7a8cbbeaa936f45b2cc9436439a
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Neoverse V1 erratum 2348377 is a Cat B erratum that applies to
all revisions <= r1p1 and is fixed in r1p2. The workaround is to
set CPUACTLR5_EL1[61] to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-1401781/latest
Change-Id: Ica402494f78811c85e56a262e1f60b09915168fe
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Cortex-X3 erratum 2779509 is a Cat B erratum that applies to
all revisions <= r1p1 and is fixed in r1p2. The workaround is
to set chicken bit CPUACTLR3_EL1[47], this might have a small
impact on power and has negligible impact on performance.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: Id92dbae6f1f313b133ffaa018fbf9c078da55d75
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Arm has made the strategic decision to deprecate the TC1 platform.
Consequently, software development and the creation of fast models
for the TC1 platform have been officially discontinued.
The TC1 platform, now considered obsolete, has been succeeded by
the TC2 platform. It's noteworthy that the TC2 platform is already
integrated and supported in both TF-A and CI repositories.
Change-Id: Ia196a5fc975b4dbf3c913333daf595199968d95d
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
A number of features are marked experimental in the build system through
makefiles but there wasn't an explicit document to list them.
Added a dedicated experimental build options section and moved
existing experimental build option descriptions in this section.
Restoring the change from [1] removing the experimental flag on the EL3
SPMC (this has been lost in rebasing a later change).
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24713
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2c458c6857c347114b265404e8b9ede9ac588463
As part of the release process, revisit the list of maintainers to
keep it updated.
Change-Id: Ifdbbe0d0dd1c8db3e5fbc84affcceb6d3c7716d4
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
