Move platform.mk inclusion in top level Makefile to permit a platform
specifying BRANCH_PROTECTION option.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I1f662f82cd949eedfdbb61b9f66de15c46fb3106
By default, the ECDSA Brainpool regular and ECDSA Brainpool twisted
algorithms support 256-bit sized keys. Not defining this leads to
an error indicating that '256' is not a valid key size for ECDSA
Brainpool. KEY_SIZES matrix must have a value in its table to avoid
problems when KEY_SIZE is defined.
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Change-Id: I34886659315f59a9582dcee1d92d0e24d4a4138e
The hashing algorithm for the rotpk is now HASH_ALG,
not always sha-256. The public development keys are
no longer in the repository and are now generated at
run-time, updates the documentation to reflect this.
Change-Id: Ic336f7aca858e9b6a1af6d6e6dc5f4aa428da179
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Implements mitigation for CVE-2024-5660 that affects Cortex-X4
revisions r0p0, r0p1, r0p2.
The workaround is to disable the hardware page aggregation at
EL3 by setting CPUECTLR_EL1[46] = 1'b1.
Public Documentation:
https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660
Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
This patch enables support of FEAT_FPMR by enabling access
to FPMR register. It achieves it by setting the EnFPM bit of
SCR_EL3. This feature is currently enabled for NS world only.
Reference:
https://developer.arm.com/documentation/109697/2024_09/
Feature-descriptions/The-Armv9-5-architecture-extension?lang=en
Change-Id: I580c409b9b22f8ead0737502280fb9093a3d5dd2
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Cortex-X4 erratum 2923935 is a Cat B erratum that applies
to all revisions <= r0p1 and is fixed in r0p2.
The workaround is to set CPUACTLR4_EL1[11:10] to 0b11.
SDEN documentation:
https://developer.arm.com/documentation/SDEN-2432808/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I9207802ad479919a7f77c1271019fa2479e076ee
Commit b65dfe40a removed the documentation for this flag in error. Put
it back.
Change-Id: I61a352553a010385997c47116b53d2fbe939ccd4
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
This new update to the LTS branch of MbedTLS provides
the fix for a buffer underrun vulnerability. TF-A does
not use the previously vulnerable functions
`mbedtls_pk_write_key_der` or `mbedtls_pk_write_key_pem`.
Full patch notes to this MbedTLS update can be found at
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2.
Change-Id: Ibc4a8712c92019648fe0e75390cd3540d86b735d
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Add descriptions for the various parameters for each
function.
Add more description to the example implementation.
Change-Id: I4b7a1ff38914d061e499c1b67e762a484688ee05
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
According to Platform Initialization (PI) Specification [1] and
discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via HOB list to initialise
StandaloneMm properly.
And this HOB lists could be delivered via
- SPM_MM: Transfer List according to the firmware handoff spec[3]
- FF-A v1.1 >= : FF-A boot protocol.
This patch introduces a TF-A HOB creation library and
some of definitions which StandaloneMm requires to boot.
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/FirmwareHandoff/firmware_handoff [3]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I5e0838adce487110206998a8b79bc3adca922cec
According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
IOW, TF-A should pass boot information via PHIT Hob to initialize
StandaloneMm properly.
This patch modifies Hob creation code from edk2 codebase
so that TF-A could create Hob information properly to boot StandaloneMm
Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I5e427b620d8006b118b266370bd08d4b0ff56a83
Update the boot sequence in the RD-1 AE documentation
to include BL32 (OP-TEE).
Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Change-Id: I25fdc114bb71d3ad7e1bb2d845f758d6af037e3d
added a note to specify that tc2 has been deprecated
Change-Id: I7ab69a2560e0e56379f4e144d41da20671c1ca9d
Signed-off-by: Icen Zeyada <Icen.Zeyada2@arm.com>
Generated this change-log using below command:
npm run release -- --skip.commit --skip.tag --release-as 2.12.0
Change-Id: Idb74f6a31bf2691e7666e2738030d6f0e2b8c519
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Update the documentation to reflect the various FVP models
used in the OpenCI environment.
Change-Id: I6144ab7c41d3776421164125d07371dadc9252b5
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Bump `dtc`, `clang` and `sphinx` to reconcile our minimum requirements
with the versions used in CI.
Change-Id: Ia848b4bdd93dc833ea03eda5b002561468042f52
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This small change removes the footnote from Poetry that it is only used
for building documentation, as it is now used for some of the Python
tooling in the repository from the build system.
Additionally, add a link to the official installation guide for Poetry.
Change-Id: Ie36b7ecd8066cbf2a14a1085d84fa9bd9c4409ba
Signed-off-by: Chris Kay <chris.kay@arm.com>
* This patch adds some details on the EL3/Root-Context
and its related interfaces.
* Additionally it updates the existing details on the
interfaces, related to various CPU context entries which
have been improvised recently.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I81a992fe09feca4dc3d579a48e54a4763425e052
Armv8.6 introduced the FEAT_LS64 extension, which provides a 64 *byte*
store instruction. A related instruction is ST64BV0, which will replace
the lowest 32 bits of the data with a value taken from the ACCDATA_EL1
system register (so that EL0 cannot alter them).
Using that ST64BV0 instruction and accessing the ACCDATA_EL1 system
register is guarded by two SCR_EL3 bits, which we should set to avoid a
trap into EL3, when lower ELs use one of those.
Add the required bits and pieces to make this feature usable:
- Add the ENABLE_FEAT_LS64_ACCDATA build option (defaulting to 0).
- Add the CPUID and SCR_EL3 bit definitions associated with FEAT_LS64.
- Add a feature check to check for the existing four variants of the
LS64 feature and detect future extensions.
- Add code to save and restore the ACCDATA_EL1 register on
secure/non-secure context switches.
- Enable the feature with runtime detection for FVP and Arm FPGA.
Please note that the *basic* FEAT_LS64 feature does not feature any trap
bits, it's only the addition of the ACCDATA_EL1 system register that
adds these traps and the SCR_EL3 bits.
Change-Id: Ie3e2ca2d9c4fbbd45c0cc6089accbb825579138a
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Add documentation for the feature where EL3 can be used to sign realm
attestation token requests using RMM_EL3_TOKEN_SIGN command.
This patch also adds documentation for the RMM_EL3_FEATURES features
command that can be used to discover support for features such as
RMM_EL3_TOKEN_SIGN.
Change-Id: Iab5a157761ed17931210c3702f813198fc9c4b3a
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
Add CCA Measured Boot and DPE measured boot backends to
the threat model.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I234a2400d00fea606c5312ebddf94e2624463ff8
Restructure Measured Boot threat model for more description and clarity:
- Add what critical assets are to be protected.
- Mention other attributes and the possible attacks.
- Rephrase the section that describes the Measured Boot backends.
Change-Id: I6577a56184992bf16f4aa1b773d1636781cbb049
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
This patch includes
- Fix the indent.
- LD argument is no longer needed. Remove LD parameter from the build
command.
Change-Id: I615704cf6f4b6fd9e37c047b18c40f00652e269d
Signed-off-by: Yidi Lin <yidilin@chromium.org>
This patch disables trapping to EL3 when the FEAT_D128
specific registers are accessed by setting the SCR_EL3.D128En bit.
If FEAT_D128 is implemented, then FEAT_SYSREG128 is implemented.
With FEAT_SYSREG128 certain system registers are treated as 128-bit,
so we should be context saving and restoring 128-bits instead of 64-bit
when FEAT_D128 is enabled.
FEAT_SYSREG128 adds support for MRRS and MSRR instruction which
helps us to read write to 128-bit system register.
Refer to Arm Architecture Manual for further details.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Change-Id: I1a53db5eac29e56c8fbdcd4961ede3abfcb2411a
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Remove all instances of macros CTX_INCLUDE_MTE_REGS and FEAT_MTE
since these have been deprecated in v2.11
Change-Id: I7838a865755326f03668e43768140929a2d9e418
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>