Change the MCKPROT control management. Now, the MCU subsystem
is done in the BL32 using the dedicated clock function.
If using OP-TEE, you will need the corresponding commit [1].
This should be integrated in OP-TEE tag 4.2.0.
[1] e07f9212d5 plat-stm32mp1: shared_resource: disable MCKPROT if
not needed
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I59f90ace750aa93f674389f881e2fe14ad334a72
Add a new function to control the MCU subsystem
security state.
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Change-Id: I070eec06fc93a1214227f25a6a4f1c40c66c86b0
Incorporate a timing side-channel attack into the TF-A generic
threat model. There is no software mitigation measures in TF-A
against this specific type of attack.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I10e53f8ed85a6da32de4fa6a210805f950018102
Recommend OP-TEE as the default BL32 for STMicroelectronics platforms.
SP_MIN is no more supported in STMicroelectronics software [1].
It will then no more receive new features, but should still remain
as it is in the TF-A code.
[1]: https://wiki.st.com/stm32mpu/wiki/STM32_MPU_OpenSTLinux_release_note_-_v5.0.0#TF-A
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic49338dbba3fdcebcb1e477e6a1dbde32783482b
Due to embedded SRAM used to load BL2 and BL31 or BL32 has a limited
size, only one storage device or serial device flag should be selected
in TF-A build command line for ST platforms.
This is in line with STMicroelectionics recommendation [1] about those
compilation flags.
[1]: https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_BL2#Build_command_details
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6f6ab17d45d00289989a606d15c143e5710c64ce
Change list.entry_count to unsigned int to align with header.list_num,
removing the need for casting.
Change-Id: Id4259d9e841c8d34fe23fb74a7c627f2a643cbf2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.
Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
FEAT_RME is OPTIONAL in an Armv9.2 implementation,
so set ARM_ARCH_MAJOR := 9 and ARM_ARCH_MINOR := 2
when TF-A is built with 'ENABLE_RME = 1'.
Change-Id: Ibcdb23bd057983eb846eed0b0da8c4d72ed696ae
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
To be inline with CSU_SA_REG and CSU_HPCONTROL_REG.
Change-Id: Ia7332096312df41a8cf994d58fad76a99493dd02
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I248ef8dd67f1de7e528c3da456311bb138b77540
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Iedf3d67481dc35d56aa7b291749b999a56d6e85e
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This restricts and locks all security relevant peripherals to only be
changeable by the secure world. Otherwise the normal world can simply
change the access settings and defeat all security measures put in
place.
Change-Id: I484a2c8164e58b68256d829470e00d5ec473e266
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
This sets and locks all peripheral type-1 masters, except CAAM, access
as non-secure, so that they can't access secure world resources from the
normal world.
The CAAM itself is TrustZone aware and handles memory access between the
normal world and the secure world on its own. Pinning it as non-secure
access results in bus aborts if the secure memory region is protected by
the TZASC380.
Change-Id: Idba4d8a491ccce0491489c61e73545baab1889c4
Signed-off-by: Stefan Kerkmann <s.kerkmann@pengutronix.de>
Cortex-A715 erratum 2561034 mitigation needs to be applied
during reset. This patch fixes the current macro usage from runtime
to reset for both start and end macros.
Change-Id: I4f115bbb27c57f16cada2a7eb314af8380f93cb4
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(Statistical Profiling Extension) is enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is enabled, ENABLE_SPE_FOR_NS=1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
The Raspberry Pi 5 is a single-board computer based on BCM2712 that
contains four Arm Cortex-A76 cores.
This change introduces minimal BL31 support with PSCI that has been
validated to boot Linux and a private EDK2 build.
It's a drop-in replacement for the custom TF-A armstub now included in
the EEPROM images.
Change-Id: Id72a0370f54e71ac97c3daa1bacedacb7dec148f
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
RPi 5 has newer Armv8.2 cores where the MT bit is set to indicate that
the lowest affinity level represents a thread, but there is only one
thread per core.
To deal with this, simply right shift MPIDR by one affinity level to get
the cluster and core IDs back into Aff1 and Aff0 as expected.
Change-Id: I2bafba38f82fd9a6ef6f2fdf2c089b754279a6de
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
Detection of the UART in use and GPIO code only apply to RPi 3 and 4.
RPi 5 has a dedicated PL011 debug port.
Change-Id: Iddf8aea01278e2b79b4e7c476740f1add8c419f0
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
In preparation for RPi 5 support, which will reuse most of the RPi 4
logic except for DTB patching.
Change-Id: I6f6ef96933711a1798757a3389adae1b8ee3de6c
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header
The current SPSR updation code as part of the SDEI interrupt handler
code is outdated. This patch replaces the legacy code with a call to
an up-to-date create_spsr()
Change-Id: I1f5fdd41dd14f4b09601310fe881fa3783d7f505
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Commitizen is currently generating errors due to ES Module/CommonJS
incompatibilities described by the following GitHub issue:
https://github.com/conventional-changelog/commitlint/issues/3842
This change implements the temporary workaround described by the issue.
Change-Id: Idb74a3366bf046a0c9bac83380de904c5c059087
Signed-off-by: Chris Kay <chris.kay@arm.com>
Husky v8 adds the `husky init` subcommand, and v9 changes how it handles
hooks. We no longer need the Husky preamble in our hooks, so update to
the new `init` subcommand and remove the preambles.
Change-Id: I18ea1bbaedbb4213cc04c21413d75c9757ff7986
Signed-off-by: Chris Kay <chris.kay@arm.com>
This patch resolves the MISRA issues reported in mailing list.
It addresses the following MISRA Rules violations - Rule 15.7 and
Rule 2.4.
* As per Rule 15.7, All if.. else if constructs should be terminated
with an else statement and hence the conditional block
has been changed to switch..case. Updated get_el_str() to include
all EL cases.
* As per Rule 2.4, A project should not contain unused tag declarations,
hence intr_type_desc tag is removed.
* bl31_lib_init is only used in translation unit and hence it's
declaration is removed from bl31.h and the definition is made static to
maintain visibility.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: Ica1d3041566baf51befcad5fd3714189117ba193
Currently the EL2 part of the context structure (el2_sysregs_t), is
mostly feature dependent.
For instance, CTX_HCRX_EL2 is only needed when FEAT_HCX
(ENABLE_FEAT_HCX=1) is set, but the entry is unconditionally added
in the EL2 context structure and thereby consuming memory even in
build configurations where FEAT_HCX is disabled.
Henceforth, all such context entries should be coupled/tied with
their respective feature enables and be optimized away when unused.
This would reduce the context memory allocation for platforms, that
dont enable/support all the architectural features at once.
Further, converting the assembly context-offset entries into
a c structure relies on garbage collection of the linker
removing unreferenced structures from memory, as well as aiding
in readability and future maintenance.
Change-Id: I0cf49498ee3033cb6f3ee3810331121b26627783
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
populate_next_bl_params_config already configures the register values
to be passed to BL33 and puts the HW_CONFIG address in r1. Therefore,
we do not need to override r0 here and should instead use r1 in BL33.
Change-Id: I00b425301957b5b0510416e1fa1f3599c0359bfc
Signed-off-by: Jackson Cooper-Driver <jackson.cooper-driver@arm.com>
MHUv3 and MHUv2 drivers can now be selected at build time by using
PLAT_MHU_VERSION.
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: I24f9e05f7969ed3be8f3261fdfed881a4ad18ba4
RSS comm driver interfaces with MHUv3 driver through specific
API calls. Add APIs to support the interface.
Signed-off-by: Aziz IDOMAR <aziz.idomar@arm.com>
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: I815d43ca548d3640fceb4c91fe3bbeec31687210
MHUv3 reworks parts of MHUv2 and introduces MHU extensions. There are
currently 3 extensions:
* Doorbell extension: which works like MHUv2
* FIFO extension: which uses a buffer for faster inband data transfer
* Fastchannel extension: for fast data transfer
Add MHUv3 driver with support for Doorbell extension for both postbox
sender MHUs and mailbox receiver MHUs.
Signed-off-by: Aziz IDOMAR <aziz.idomar@arm.com>
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Shriram K <shriram.k@arm.com>
Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Signed-off-by: Joel Goddard <joel.goddard@arm.com>
Change-Id: Icf49df56f1159f4c9830e0ffcda5b3a4bea8d2fd
