Add pkcs11 engine support which allows using keys that are securely
stored on a HSM or TPM. To use this feature the user has to supply
an RFC 7512 compliant PKCS11 URI to a key instead of a file as an
argument to one of the key options. This change is fully backwards
compatible.
This change makes use of the openssl engine API which is deprecated
since openssl 3.0 and will most likely be removed in version 4. So
pkcs11 support will have to be updated to the openssl provider API
in the near future.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: If96725988ca62c5613ec59123943bf15922f5d1f
key->key and k will point to the same if PEM_read_PrivateKey
(pem_read_bio_key_decoder) succeeds. There is no need for the temporary
'k' pointer here.
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: I219c49d331eb6dd7200b49b75d47fd66da3d82dd
Commit(f5211420b refactor(cpufeat): refactor arch feature build
options) accidentally added nested virtualization support to mandatory
8.4 features move this to optional 8.4 features list.
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Change-Id: I3eb84ea489b6a5cc419359bc056aaadcced0ad0e
RME patch series shown that we can build larger BL1 than we can run:
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v2.9(debug):v2.9.0-736-g08548888a
NOTICE: BL1: Built : 12:10:39, Sep 18 2023
INFO: BL1: RAM 0x3ffee000 - 0x3fffb000
INFO: BL1: Loading BL2
WARNING: Firmware Image Package header check failed.
RME pushed debug build BL1 over 0x8000 in size.
This exposed an error where FIP_BASE (supposed to be at BL1_SIZE offset
from start of flash) was actually 0x8000 and not 0x12000.
Make sure we have space for BL1 by deriving FIP_BASE from it.
Note: this is a breaking change for edk2 FD image generation, which had
similarly hardcoded a 0x8000 offset. These images must be updated in
lock-step.
Change-Id: I8a1a85e82319945a4412c424467d818d5b6e4ecd
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Express memory size with size_t type in structures.
Retrieve value as uint32_t from device tree and then cast it to size_t.
Combined with uintptr_t use, it ensures a generic algorithm whatever
the platform architecture, notably within systematic tests. Adapt also
their prototypes.
Move memory size print outside stm32mp_ddr_check_size() to adapt it to
related platform.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: Ic6e1a62d7a5e23cef49909a658098c800e7dae3f
if ops->send_cmd in mmc_send_cmd returns a non-zero value, r_data
(resp_data in mmc_device_state) is never populated, so the while
condition in mmc_device_state would end up reading the uninitialized
resp_data buffer
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: I72d752867c537d49e111e6d149c3cca122f7dc9f
Add support to qemu "neoverse-n2" cpu for "qemu" platform.
This one has 2^48 address space so will be used by both systems.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I9f0fa23a4934d9464379495225e08adc121325b4
Current build infra defaults all cpufeats in defaults.mk and some
mandatory features are enabled in arch_features.mk and optional
arch features are enabled in platform specific makefile.
This fragmentation is sometime confusing to figure out which feature
is tied to which ARCH_MAJOR.ARCH_MINOR.
So, consolidating and grouping them for tracking and enabling makes
more sense. With this change we consolidate all ARCH feature handling
within arch_features.mk and disable all optional features that need
to be enabled to platform makefile.
This is an ongoing series of effort to consolidate and going forward
platform makefile should just specify ARCH_MAJOR and ARCH MINOR and
all mandatory feature should be selected based on arch_features.mk
any optional feature needed by the platform support can be enabled
by platform makefile.
It also makes it easier for platform ports to look upto arch_features.mk
and enable any optional feature that platform may need which are
supported from TF-A.
Change-Id: I18764008856d81414256b6cbabdfa42a16b8040d
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This reverts commit 9cf7f355ce.
Above mentioned commit was writing to cluster power required bit of
CLUSTERPWRDN register, which provides an advisory status to the power
controller.
Bit definition indication:
0 : Cluster power is not required when all cores are powered down
1 : Cluster power is required even when all cores are powered down
RESET value of this bit is 0
The current implementation in TF-A just programs this bit to 0 when
cluster power down is done but it never sets it to 1. Which actully
does not change any behaviour as the value of this bit always remains 0.
Ideally this bit has to be set to 1 when a core powers up (as RESET
value is 0) and set it to 0 for any core power down except if its last
man standing, in that case we need to ensure the target power level
from OS is cluster then we can do set it to 0.
There also are some investigation needs to be done to find that whether
we need a explicit message to power controller for turning cluster OFF
or it will happen automatically.
Considering this needs a bit of analysis as well as a platform to test
it on, revert the changes which impact the programming during cluster
power down and just keep register defnition.
Change-Id: I4c4ebedae7ca9cd081fb1e0605b9d906d77614d9
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
flush dcache region for dtb so that dtb cache entries are first written
to disk and are invalidated afterwards to avoid presence of any stale
dtb related entry in the dcache.
Change-Id: Ide0ed58f799b35b690ed790c7498ecdc334e02f5
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
mmap dtb region before usage and unmap it after usage.
overall size(text,data,bss) of dtb gets reduced by
16 bytes in normal flow and 80 bytes in ddr flow.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: I411deff57ab141fc2978a2e916aec2d988cb8f9c
The XLAT and MMAP table entries are increased as a part of this
patch: 12fe591 , but this is causing failures for some builds,
so conditionally increased the XLAT and MMAP table entries
Change-Id: I31e8c811bebc767d7187e045a35c9db0eef13ae0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Add support to "cortex-a55" cpu for "qemu" ('virt') platform.
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Change-Id: I2693892be735eda91494b767322935ddb63c9f48
crypto_mod_verify_signature() expects a pointer to the full pk.
In case of stm32mp1 crypto_verify_signature() will call
get_plain_pk_from_asn1() on the converted pk which fails.
Fixes: f1e693a775
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: Ia9bdaa10e1b09f9758e5fa608a063b5212c428c3
Add support to qemu "cortex-a710" cpu for "qemu" platform.
CPU is supported by qemu/virt only as qemu/sbsa-ref memory starts at
2^40 which is limit for Cortex-A710.
Switched 'qemu' platform to be built as armv8.5 to cover features of
new cpu core.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: I035790eac41b2caf7f13167e53f48c16f0827754
BL31 image has grown with feature addition over time. In particular the
RESET_TO_BL2 + ENABLE_PIE + DEBUG combination of options lead to BL31
image overlap head of BL2 image. In this configuration BL2 is meant to
stay resident as PE reset occurs from BL2. Apply changes similar to [1]
such that BL2 start address is pushed forward and leaves more room for
BL31 end of image.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/15486/9/include/plat/arm/common/arm_def.h#530
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I027e23780fb77ca9fe81aa47231da649c7a030ee
MULTI_CONSOLE_API have been removed long time ago by commit 5b6ebeec9c
("Remove MULTI_CONSOLE_API flag and references to it") that's why remove
references in platform.mk files and also in one rst which is not valid
anymore.
Change-Id: I45f8e7db0a14ce63de62509100d8159b7aca2657
Signed-off-by: Michal Simek <michal.simek@amd.com>
Update TF-A documentation to recommend using the latest and greatest
release of mbedTLS library to this date, i.e. version 3.4.1. The
upgrade was successfully tested by the OpenCI running all existing
test configs, in particular trusted boot and measured boot related
ones.
The reason for this upgrade is simply to obey TF-A's guideline to
always use up-to-date security libraries. mbedTLS 3.4.1 release
notes [1] do not list any changes that should affect TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ifc31c2fc825a2fc9ca318ea8baadd51b670e7a4e
* changes:
fix(fvp): increase the maximum size of Event Log
fix(fvp): increase maximum MMAP and XLAT entries count
fix(arm): add Event Log area behind Trustzone Controller
fix(tbbr): unrecognised 'tos-fw-key-cert' option
To be able to boot, STM32MPU platforms require the BL2 binary (together
with its DT) to be preceded with an STM32 header. Add the required
files and macro to properly generate this header.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I675de2c5cb733fe9d9e9baf76a941741a06dfac8
Three packages exist for stm32mp25 dies. As ball-out is different
between them, this patch covers those differences by introducing
dedicated pinctrl dtsi files. Each dtsi pinctrl package file
describes the package ball-out through gpio-ranges.
Available packages are:
STM32MP25xAI: 18*18/FCBGA 172 ios
STM32MP25xAK: 14*14/FCBGA 144 ios
STM32MP25xAL: 10*10/TFBGA 144 ios
It includes also the common file used for pin groups definition.
Signed-off-by: Alexandre Torgue <alexandre.torgue@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I8500ccccb7a96748f36ffc80edc91da8595f4da8
STM32MP25 family is composed of 4 SoCs defined as following:
-STM32MP251: common part composed of 1*Cortex-A35, common peripherals
like SDMMC, UART, SPI, I2C, PCIe, USB3, parallel and DSI display,
1*ETH ...
-STM32MP253: STM32MP251 + 1*Cortex-A35 (dual CPU), a second ETH,
CAN-FD and LVDS display.
-STM32MP255: STM32MP253 + GPU/AI and video encode/decode.
-STM32MP257: STM32MP255 + ETH TSN switch (2+1 ports).
A second diversity layer exists for security features/ A35 frequency:
-STM32MP25xY, "Y" gives information:
-Y = A means A35@1.2GHz + no cryp IP and no secure boot.
-Y = C means A35@1.2GHz + cryp IP and secure boot.
-Y = D means A35@1.5GHz + no cryp IP and no secure boot.
-Y = F means A35@1.5GHz + cryp IP and secure boot.
Change-Id: Icd1351e20b862675d257dede55df190a90acbd59
Signed-off-by: Alexandre Torgue <alexandre.torgue@foss.st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Use UART driver and fill helpers for crash console.
Add early console setup in bl2_el3_early_platform_setup().
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ifb39554214dec05dafe4e306f8754e1454cdab61
Add a header file listing the registers of Reset and Clock Control
peripheral.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Icc90132d5782eba7e343868b932a399c1d47c18a
It is an adaptation for AARCH64 of the already existing AARCH32 driver.
Change-Id: Ifabf716a6bd188d2249650a34bbec1a602bcb017
Signed-off-by: Yann Gautier <yann.gautier@st.com>
