This patch introduces the 'pwr_domain_off_early' hook for
platforms wanting to perform housekeeping steps before the
PSCI framework starts the CPU power off sequence. Platforms
might also want to use ths opportunity to ensure that the
CPU off sequence can proceed.
The PSCI framework expects a return code of PSCI_E_DENIED,
if the platform wants to halt the CPU off sequence.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I6980e84fc4d6cb80537a178d0d3d26fb28a13853
At the moment we only support FEAT_DIT to be either unconditionally
compiled in, or to be not supported at all.
Add support for runtime detection (ENABLE_DIT=2), by splitting
is_armv8_4_dit_present() into an ID register reading function and a
second function to report the support status. That function considers
both build time settings and runtime information (if needed).
We use ENABLE_DIT in two occassions in assembly code, where we just set
the DIT bit in the DIT system register.
Protect those two cases by reading the CPU ID register when ENABLE_DIT
is set to 2.
Change the FVP platform default to the now supported dynamic
option (=2), so the right decision can be made by the code at runtime.
Change-Id: I506d352f18e23c60db8cdf08edb449f60adbe098
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Click is used in parts of the CI scripts (see run_config/fvp-linux.tc
for instance), add it back as part of a new dependency group. Future
dependencies that are required only in CI should be added to the
``ci`` dependency group.
Change-Id: I5da7fea703495dd4006d86334626f126a850bb10
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
If RAS Extension is not implemented esb instruction executes as a NOP.
No need to have a check for RAS presence in the code.
Also, The handler is related to a synchronous exceptions which
implicitly is part of BL31 image only, so remove that check too.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: If4264504cba9f0642b7b9c581ae66cd4deace32b
PLAT_SP_PRI is used by SPM_MM and it is assigned same value as RAS
priority. Which is not allowed by exception handling framework and
causes build failure if both SPM_MM and RAS is enabled.
To fix this problem assign SP a different priority than RAS.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iff64ac547f0966c0d94ac7c3ab0eb1e3151fb314
* changes:
refactor(auth)!: unify REGISTER_CRYPTO_LIB
refactor(auth): replace plat_convert_pk
docs(auth): add auth_decrypt in CM chapter
feat(auth): compare platform and certificate ROTPK for authentication
docs(auth): add 'calc_hash' function's details in CM
Clarify that downstream platforms generally do not affect code
deprecation / removal decisions.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I44b979c4e67ee03537852769e96544e19137bda3
Have only one definition for REGISTER_CRYPTO_LIB macro, with all the
possible fields. Worst case adds 4 u64 to crypto_lib_desc.
While at it, correct some MISRA violations:
MC3R1.R12.1: (advisory) The precedence of operators within expressions
should be made explicit.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81
Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6
The call to REGISTER_CRYPTO_LIB requires auth_decrypt function to be
provided. Add its prototype and update REGISTER_CRYPTO_LIB call.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Id1f2a54867ffe5dec36e0bf22490d01858891585
Compared the full ROTPK with the ROTPK obtained from the certificate
when the platform supports full ROTPK instead of hash of ROTPK.
Additionally, changed the code to verify the ROTPK before relying on
it for signature verification.
Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated the Crypto Module section to detail the 'calc_hash'
function.
Change-Id: I04a24abba150745e4eba6273bdb7cf12b66bfebc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
New python dependencies are introduced by the memory mapping script.
Rather than add another `requirements.txt` utilise poetry. This is a
proper dependency management framework for Python. The two main upsides
of using poetry instead of the traditional requirements.txt are
maintainability and reproducibility.
Poetry provides a proper lock file for pinning dependencies, similar to
npm for JavaScript. This allows for separate environments (i.e. docs,
tools) to be created efficiently, and in a reproducible manner, wherever
the project is deployed. Having dependencies pinned in this manner is a
boon as a security focused project. An additional upside is that we will
receive security updates for dependencies via GitHub's Dependabot.
Change-Id: I5a3c2003769b878a464c8feac0f789e5ecf8d56c
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measurements are just stored into a TCG-compatible event
log buffer in secure memory.
In light of the fact that Event Log measurements are taken by BL1 and
BL2, we need to trust these components to store genuine measurements,
and the Generic Threat Model always mitigates against attacks on these
components, therefore, there is no explicit document for the Measured
Boot threat model at this time is needed.
Change-Id: I41b037b2f5956d327b53cd834345e5aefdcfb5ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
morello_plat_info is defined identically in multiple files, definition
is moved to a header file to avoid duplication.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Change-Id: I607354902c55f5c31f0732de9db60604b82aef97
Adds a conditional check in the `prepare-commit-msg` commit hook that
reads the `tf-a.disableCommitizen` Git configuration option, and
does not execute Commitizen if it is found.
To skip Commitizen, run:
git config tf-a.disableCommitizen true
Change-Id: Ic8967f6f42bf3555df09b57096044fb99438d4d4
Signed-off-by: Chris Kay <chris.kay@arm.com>
Updated the code to get and set the 'tpm_event_log_max_size' property
in the event_log.dtsi.
In this change, the maximum Event Log buffer size allocated by BL1 is
passed to BL2, rather than both relying on the maximum Event Log buffer
size macro.
Change-Id: I7aa6256390872171e362b6f166f3f7335aa6e425
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This was omitted from the patch adding the feature.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: Ie7f2b63434a70320178be74fc3f165618aca8392
Arm v9.4 introduces support for Guarded Control Stack, providing
mitigations against some forms of RPO attacks and an efficient mechanism
for obtaining the current call stack without requiring a full stack
unwind. Enable access to this feature for EL2 and below, context
switching the newly added EL2 registers as appropriate.
Change the FVP platform to default to handling this as a dynamic option
so the right decision can be made by the code at runtime.
Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I691aa7c22e3547bb3abe98d96993baf18c5f0e7b
These include directives were missing from both `uuid.h` files.
Change-Id: I875dfda3e0985728277b72f0e7597dde5cf9d304
Signed-off-by: Chris Kay <chris.kay@arm.com>
Needed for TQMa8Xx on MBa8Xx. With this changes it is
possible to build:
$ make PLAT=imx8qx IMX_DEBUG_UART=1 DEBUG_CONSOLE=1 bl31
Signed-off-by: Markus Niebel <Markus.Niebel@tq-group.com>
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Change-Id: If380845b254f30fe919ebb33c86130597c4b8ad3
Remove unused PLAT_NUM_POWER_DOMAINS macro. Macro is referenced by
docs/design/psci-pd-tree.rst but it is not used in any calculation
that's why it is better to remove it.
Change-Id: I33f26cda6a4404061af5598ea4c751f64127e50a
Signed-off-by: Michal Simek <michal.simek@amd.com>
Switch to v2 version to add support for dynamic mapping which is not
supported in v1. It can be used for run time DT mapping.
Change-Id: I3f27591caf944dc758cc45ee870b9b5b3ff0a18d
Signed-off-by: Michal Simek <michal.simek@amd.com>
The commit a6f340fe58 ("Introduce the new BL handover interface")
extended handoff to 4 registers instead of 2. Arguments arg0-3 are
not used by platform code but in future they can be used for it.
But it doesn't make sense to checking their unused value.
Change-Id: I151e4b1574465409424453c054d937487086b79a
Signed-off-by: Michal Simek <michal.simek@amd.com>
The commit 6bb49c876c ("style(hooks): adds Arm copyright style fix")
is enforcing proper case for ARM. That's why fix it in plat/xilinx to
make sure that pre-commit.copyright won't be touching platform specific
files.
Change-Id: I49c66e18d46ed871a6aa128c9b2a403d0cf83416
Signed-off-by: Michal Simek <michal.simek@amd.com>
