Add a check in pre-commit hook to check the
- copyright header is present for the authors organisation.
- the copyright year for the copyright header is updated.
The author email id is parsed to get the organization. Depending upon
the parsed info, the copyright header for the organization is checked
if its present in the file(s) or not.
If the copyright header is present in the file(s) then the copyright
year is checked.
If the copyright header is not present or the copyright year in the
header is not updated it is highlighted to the author
which the user then needs to incorporate in the change accordingly.
To enable this check, the case statement in
.husky/pre-commit.copyright needs to be modified to add the domain
from the email id and corresponding copyright header of the
organisation.
Change-Id: I4dedb68248b3dae997d887dd380155fe326d071d
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
* changes:
feat(arm): add COT_DESC_IN_DTB option for CCA CoT
feat(fvp): add CCA CoT in DTB support
docs(arm): update TBBR CoT dtsi file name in doc
feat(dt-bindings): introduce CCA CoT, rename TBBR
Added a threat model for PSA firmware update as well as TBBR FWU aka
firmware recovery.
Change-Id: I2396e13144076d7294f61f6817e1a8646225c6c2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add support for BL2 to get the CCA chain of trust description
through the Firmware Configuration Framework (FCONF). This makes
it possible to export the part of the CCA chain of trust enforced
by BL2 in BL2's configuration file (TB_FW_CONFIG DTB file). BL2
will parse it when setting up the platform.
This feature can be enabled through the COT_DESC_IN_DTB=1 option.
The default behaviour (COT_DESC_IN_DTB=0) remains to hard-code
the CCA CoT into BL2 image.
Change-Id: Iec4f623d5e42b7c166beeb3ad6b35d918969f7e2
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Adding support for CCA CoT in DTB. This makes it possible for BL2
to retrieve its chain of trust description from a configuration file
in DTB format. With this, the CoT description may be updated without
rebuilding BL2 image. This feature can be enabled by building BL2
with COT_DESC_IN_DTB=1 and COT=cca. The default behaviour remains to
embed the CoT description into BL2 image.
Change-Id: I5912aad5ae529281a93a76e6b8f4b89d867445fe
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Add CCA CoT DTB and rename generic CoT DTB to TBBR CoT DTB
This allows CCA platforms to get their chain of trust description
from a configuration file, rather than hard-coding it into the
firmware itself.
Change-Id: I114788a5d21b9a8d625239cfb71b442d204e3654
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Update CoT binding documentation to add the signing-key property
as optional in root-certificates and add rot_keys node
Change-Id: I1d1fbc0394275520cfa43213d5b7006e51990fdd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Add handling for FF-A 1.2 FFA_MSG_SEND_DIR_REQ2 interface.
Handler validates security states of sender/receiver pairs
and forwards the call to other world if necessary.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I02a60362d8d9a50fcc0b6a84753cba274ba5eb1b
Until now we have only supported describing chain of trusts through the
CoT DTB with a single ROTPK so the signing key for root certificates was
implicit. Therefore signing key was not a supported property in the
root certificates node.
Now we want to extend that to describe CoTs with mulitiple roots of
trust so we need a way to specify for each root certificate with which
ROTPK it should be verified. For that, we reuse the 'signing-key'
property already in use for the non-root certificates, but we make it
optional for root certificates in single-RoT CoTs and for root
certificates signed with the default ROTPK in multi-RoT CoTs.
Change-Id: I41eb6579e8f1d01eaf10480fe5e224d2eed9c736
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
No part of the build system uses the `NM` variable, which is usually
used to dump symbol tables from compiled images. This change removes all
declarations of it.
Change-Id: I796ff365e6a7f97d21678f1c8cf8b59bfbb1ae9c
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `gcc-ar` wrapper exists to make it easier to support LTO on some
versions of GCC. The two commands are compatible, accepting exactly the
same arguments, so this change moves us to `gcc-ar` to ensure that we
are configuring LTO correctly.
Change-Id: I24a4cfaad29d35b09f847299081f83ca9b41aa8a
Signed-off-by: Chris Kay <chris.kay@arm.com>
This flag is currently not included when linking with BFD via GCC.
Without it, builds can fail when linking via GCC.
Change-Id: Id37e05f6fb4eea4620861eb1bc8668c41f21ba20
Signed-off-by: Chris Kay <chris.kay@arm.com>
The ROM library is the only component in the repository that compiles
assembly files using the assembler directly. This change migrates it to
the C compiler instead, like the rest of the project.
Change-Id: I6c50660eeb9be2ca8dcb0e626c37c197466b0fa1
Signed-off-by: Chris Kay <chris.kay@arm.com>
We're a bit inconsistent about which tool we use to preprocess source
files; in some places we use `$(CC) -E` whilst in others we use `cpp`.
This change forces all invocations of the C preprocessor to use the
first scheme, which ensures that the preprocessor behaves the same way
as the C compiler used when compiling C source files.
Change-Id: Iede2f25ff86ea8b43d7a523e32648058d5023832
Signed-off-by: Chris Kay <chris.kay@arm.com>
The `rzg_layout_create` and `rcar_layout_create` tools have a rule to
build object files from C files, but it depends on object files in the
parent directory when it should depend on object files in the current
directory. Consequently, the rule is not triggering and the implicit C
compilation rule is executed instead. This rule works, so I have
replaced the broken rule with exactly the same command as what the
implicit rule is executing and fixed the dependency.
Change-Id: Ib8d640361adff8c4d660738dda230e5536bec629
Signed-off-by: Chris Kay <chris.kay@arm.com>
When PIE is enabled, it can be handy to display the .rela.dyn section.
Add RELA in the list of symbols parsed, to display this section in
memory map.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic40da54ce6fb6e281fb1a6627e9b8830993cfb2c
Ad the board ID OTP node for the STM32MP257F-EV1 board.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I394b27f50a8f45c919a1e907e03572b25d958ae4
Add the BSEC node in STM32MP25 device tree file, with the OTP fuses
that will be used by TF-A.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1ffdbd17829f4adf7b113ae0bec7547a6d1b4bac
Without #include <plat/common/platform.h>, we have the following warning
with sparse:
plat/st/stm32mp2/bl2_plat_setup.c:15:6: warning: symbol
'bl2_el3_early_platform_setup' was not declared. Should it be static?
plat/st/stm32mp2/bl2_plat_setup.c:23:6: warning: symbol
'bl2_platform_setup' was not declared. Should it be static?
plat/st/stm32mp2/bl2_plat_setup.c:27:6: warning: symbol
'bl2_el3_plat_arch_setup' was not declared. Should it be static?
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I18f9265c1eef1f8e8e0eac3d6c37a959e5c9e8b6
When STM32MP2 boots on Cortex-M33, the Cortex-A35 do no more have access
to BSEC peripheral. New static inline stm32_otp_* wrappers are added,
which just redirect to BSEC functions.
While at it remove a useless bsec.h include.
Change-Id: Ie0f917c02e48acf456634f455dae41805bf6adbf
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
The shadowing of the OTP is done in BL2.
As for BL32 on AARCH32 systems, stm32_get_otp_value_from_idx()
should also use bsec_read_otp() in BL31.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ib406cfc154339e6d3cde3c925bc6e9416d77b689
The function stm32mp_is_closed_device() is replaced with
stm32mp_check_closed_device(), which return an uint32_t, either
STM32MP_CHIP_SEC_OPEN or STM32MP_CHIP_SEC_CLOSED.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Ie0790cdc36c4b6522083bc1f0e7c38e8061e6adf
In order to ease the introduction of a new BSEC3 driver for STM32MP25,
the BSEC2 driver is reworked. Unused functions are removed. The
bsec_base global variable is removed in favor of the macro BSEC_BASE.
A rework is also done around function checking the state of BSEC.
Change-Id: I1ad76cb67333ab9a8fa1d65db34d74a712bf1190
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
This is something commonly asked by Linux kernel DT maintainers [1].
The mentioned doc is not upstreamed, but may be checked with dtbs_check.
While at it align some nodes with Linux or OP-TEE.
[1] https://lore.kernel.org/linux-arm-kernel/20231125184422.12315-1-krzysztof.kozlowski@linaro.org/
Change-Id: I63e983c2a00eda3cd8b81c66c0cd1a97cf8249b7
Signed-off-by: Yann Gautier <yann.gautier@st.com>
When building BL1 with SEPARATE_CODE_AND_RODATA=0, symbol names
__RO_{START|END}__ are ignored by memory map dump script.
Fix it by including the symbol in regular expression.
While at it, update the copyright year to current.
Change-Id: Iafeab75c5711429ea0b744510caf27dd8784a29a
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Cortex-A78C erratum 2683027 is a cat B erratum that applies to
revisions r0p1 - r0p2 and is still open. The workaround is to
execute a specific code sequence in EL3 during reset.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN-2004089/latest
Change-Id: I2bf9e675f48b62b4cd203100f7df40f4846aafa8
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cortex-X3 erratum 2266875 is a Cat B erratum that applies to
all revisions <= r1p0 and is fixed in r1p1. The workaround is to
set CPUACTLR_EL1[22]=1 which will cause the CFP instruction to
invalidate all branch predictor resources regardless of context.
SDEN Documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I9c610777e222f57f520d223bb03fc5ad05af1077
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Cortex-X3 erratum 2302506 is a cat B erratum that applies to
revisions r0p0-r1p1 and is fixed in r1p2. The workaround is to
set bit[0] of CPUACTLR2 which will force PLDW/PFRM ST to behave
like PLD/PRFM LD and not cause invalidation to other PE caches.
There might be a small performance degradation to this workaround
for certain workloads that share data.
SDEN can be found here:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I048b830867915b88afa36582c6da05734a56d22a
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Enable handoff to BL31 and BL32 using transfer list.
Encode TL_TAG_OPTEE_PAGABLE_PART as transfer entry.
Fallback to default handoff args when transfer list is disabled or
fails to archieve args from transfer entries.
Refactor handoff from BL2 to BL33.
Minor fixes of comment style.
Change-Id: I55d92ca7f5c4727bacc9725a7216c0ac70d16aec
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Enable handoff to OP-TEE using transfer list.
Create transfer list when loading OP-TEE image via non-secure SMC call.
Fallback to default handoff args when transfer list is disabled or
transfer list signature does not exist.
Change-Id: I94bb5b7fdfbb8829016a9d5d9ef5aff993d7cc99
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Silence warning from sp_mk_generator that 'is not' operator
is not meant for integers. This replaces the referred instance
with '!='.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d31ad65466dbeafebbfc929e506c3e290913aca
* changes:
feat(stm32mp2): put back core 1 in wfi after debugger's halt
feat(stm32mp2): add plat_my_core_pos
fix(stm32mp2): correct early/crash console init
Add support for FFA_CONSOLE_LOG in EL3 SPMC,
Disallow forwarding FFA_CONSOLE_LOG across worlds.
Add support for FFA_CONSOLE_LOG in FFA_FEATURES.
Input parameters:
w0/x0 - FFA_CONSOLE_LOG_32/64
w1/x1 - Character count
w2/x2-w7/x7 - 24 or 48 characters depending upon whether a SMC32 or
SMC64 FID was used.
Output parameters in case of success:
w0/x0 - FFA_SUCCESS
Output parameters in case of error:
w0/x0 - FFA_ERROR
w2/x2 - NOT_SUPPORTED: ABI is not implemented
INVALID_PARAMETERS: Parameters are incorrectly encoded
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I004c043729e77d1b9aa396c42d25c73d9268169a
