A number of features are marked experimental in the build system through
makefiles but there wasn't an explicit document to list them.
Added a dedicated experimental build options section and moved
existing experimental build option descriptions in this section.
Restoring the change from [1] removing the experimental flag on the EL3
SPMC (this has been lost in rebasing a later change).
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/24713
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2c458c6857c347114b265404e8b9ede9ac588463
Currently MediaTek platform code does not support the bl32 image.
Remove bl32 support from Makefile to prevent the build failure when
NEED_BL32 build flag is enabled.
Change-Id: Id8d5663ea5c537390f8ff3ccb427a3a63266545e
Signed-off-by: Hsin-Hsiung Wang <hsin-hsiung.wang@mediatek.com>
As part of the release process, revisit the list of maintainers to
keep it updated.
Change-Id: Ifdbbe0d0dd1c8db3e5fbc84affcceb6d3c7716d4
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
This change updates the model versions that we claim to be testing with
to reflect what the reality in the CI.
Change-Id: Ieb44f3f21cd0ba7149d47f7688698831c9eab487
Signed-off-by: Chris Kay <chris.kay@arm.com>
We have to handle wide selection of cpu cores in one TF-A binary:
- v8.0: a53, a57, a72
- v8.2: a55, a76, n1
- v8.4: v1
- v9.0: a710, n2
And then we have QEMU's hybrid: 'max' which has everything QEMU can
emulate.
TF-A for QEMU platforms was built for v8.5 architecture. But turned out
that 'max' has v8.7 flag now (HCX) which we need to have. And this
enabled set of mandatory features which made TF-A not-bootable on
v8.0/8.2 cpus.
So I decided to follow Arm FVP way and do build for v8.0 with set of
feature flags enabled. This way we have bare minimum to make v8.0 cpus
boot. And then all features from newer cores are enabled with runtime
check which makes them boot.
Tested with BSA/SBSA ACS and Debian Linux 6.5 kernel.
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Change-Id: Ib87bdab992536c65ce0747ce1520682eafc18d39
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Arm Confidential Compute Architecture (Arm CCA) support, underpinned by
Arm Realm Management Extension (RME) support, brings in a few important
software and hardware architectural changes in TF-A, which warrants a
new security analysis of the code base. Results of this analysis are
captured in a new threat model document, provided in this patch.
The main changes introduced in TF-A to support Arm CCA / RME are:
- Presence of a new threat agent: realm world clients.
- Availability of Arm CCA Hardware Enforced Security (HES) to support
measured boot and trusted boot.
- Configuration of the Granule Protection Tables (GPT) for
inter-world memory protection.
This is only an initial version of the threat model and we expect to
enrich it in the future.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Iab84dc724df694511508f90dc76b6d469c4cccd5
Removed RSS usage from the Base AEM FVP platform, as it wasn't
functional on this platform. The Base AEM FVP platform lacks
support for RSS.
Instead, the TC2 platform with RSS is available for actual RSS
interface implementation and testing.
Change-Id: I8f68157319399ab526f9e851b26dba903db5c2e7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Removed the PLAT_RSS_NOT_SUPPORTED build option, which was initially
introduced for building the Base AEM FVP platform platform with RSS.
However, we now have a well-defined TC2 platform with RSS, making it
unnecessary to keep this flag.
Note -
Theoretically this is a breaking change. Other platforms could be
using the PLAT_RSS_NOT_SUPPORTED build option. Among upstream platforms,
only the Base AEM FVP uses it right now but we don't know about
downstream platforms.
Change-Id: I931905a4c6ac1ebe3895ab6e0287d0fa07721707
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The usage of this macro hinders the accuracy of code coverage
data. Lines of code calling this macro always appear as covered because
the test condition within it always gets executed; however, the branch
is not necessarily taken. Consequently, we lose branch coverage
information on these error code paths.
Besides, it is debatable whether such a simple macro really improves
code readability or on the contrary obfuscates the code...
For these reasons, this patch inlines the macro code everywhere it was
called.
It also adds some error messages in all these places to help narrowing
down authentication failures. These messages only get displayed and
compiled into the binaries when building TF-A with 'LOG_VERBOSE' level
of verbosity. We use the same message string everywhere in order to
limit the memory footprint increase for 'LOG_VERBOSE' builds.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I461078bb8c6fd6811d2cbefbe3614e17e83796f2
TF-A supports reading input data from UART interfaces. This opens up
an attack vector for arbitrary data to be injected into TF-A, which is
not covered in the threat model right now.
Fill this gap by:
- Updating the data flow diagrams. Data may flow from the UART into
TF-A (and not only the other way around).
- Documenting the threats inherent to reading untrusted data from a
UART.
Change-Id: I508da5d2f7ad5d20717b958d76ab9337c5eca50f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Refactor the return types to ensure code correctness and compliance
for DT console.
Change-Id: I11dc3afbe168a78ddc03427df3f5f8d10fe40d40
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
With this change, the 'is_valid_dtb()' function has been added,
which checks for the presence of the FDT header, FDT open, and the
'/configurations' property in the DTB. This property is only available
in FIT images. If the property is present, a warning message is
printed, and the code skips reading console information from the
FIT image. Memory mapping is not necessary because it is called in
the early setup function to collect UART information from the DTB.
Change-Id: I91335a180e7ece2cc0ec9fac4026556c48dd8cc8
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Introduce two new functions: 'is_valid_image()' and 'is_fit_image()'
to enhance the functionality of the system. 'is_valid_image()' will
verify the presence of the FDT header and ensure that the FDT is
open. Meanwhile, 'is_fit_image()' will be responsible for detecting
FIT images. When TF-A is built with a DTB address during compilation
and later executed from DDR memory, TF-A will dynamically reserve a
memory location in the DTB during runtime.
This approach is effective when a raw DTB is present at the specified
address location. With this change, the "is_fit_image()" function
has been introduced to verify the existence of the "/configurations"
property within the DTB.
The presence of this property is exclusive to FIT images. In case
the property is found, a warning message is displayed, and memory
space reservation for its address space in DDR is not performed by
TF-A. However, if the property is not present, TF-A continues its
usual procedure of updating the raw DTB.
Additionally, dynamic mapping has been refactored and separated into
distinct functions: "add_mmap_dynamic_region ()" and
"remove_dynamic_mmap()". This separation enhances compatibility
and maintains better code organization.
Change-Id: I9cd3f09863b44483445e58c802dee34d58dfe2e9
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Read QSPI bank buffer data in bytes to avoid
inter-bank read failures.
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Change-Id: If768d7cdd362694df3f3c86c959afad01a523f21
CryptoCell-712 and CryptoCell-713 drivers have been deprecated. Remove
their usage on Nuvoton npcm845x platform (maintainers confirmed that
this removal is fine with them).
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I0e3f3431558aaea1e0f2740e7088cdc155d06af2
Both qemu and qemu-sbsa use xlat tables v2 already (activated by including it
in common/common.mk) so there is no need to include compat headers.
Change-Id: I353a6f77f5916862e54b883a9adbba027ac81359
Signed-off-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Addressed the SPMC_AT_EL3 condition by using '#if' instead of
'#if defined'. This change is warranted because the SPMC_AT_EL3
option is always defined.
Change-Id: I76d9b8d502f452c58bc0040745d642cbe11dc8eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
* changes:
feat(sgi): increase sp memmap size
feat(build): include plat header in fdt build
feat(docs): save BL32 image base and size in entry point info
feat(arm): save BL32 image base and size in entry point info
The EL3 SPMC is known to be deployed into end products and properly
tested since its introduction into TF-A v2.7.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I96bb897cfefef20c33cfc39627b10746dce5485c
With FF-A enabled on SP at SEL0 enabled, SPMC at EL3 needs more entries
to map newly added regions(SP, Rx/Tx buffer and Manifest).
Increase the PLAT_SP_IMAGE_MMAP_REGIONS to 14 and MAX_XLAT_TABLES to 9.
Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I96fd291db8eb178f7aa73b5a9e38cfc67c66fa91
Include platform headers in DT build to enable build time configuration
of number of execution context supported by the platform.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I5b9ffc9865f198a1f802fcb5e0950a5fabb48727
There is no platform function to retrieve the info in the generic code.
Populate the BL32 image base, size and max limit in arg2, arg3 and arg4.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I35527fb41829102083b488a5150c0c707c5ede15
There is no platform function to retrieve the info in the generic code.
Populate the BL32 image base, size and max limit in arg2, arg3 and arg4.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: Id41cedd790ca1713787e5516fb84666d1ccb0b03
Introducing INIT_UNUSED_NS_EL2 macro which guards the code that
disables the unused EL2 when a platform hands off from EL3
to NS-EL1 instead of NS-EL2. Platforms without NS-EL2 in use
must enable this flag.
BREAKING CHANGE: Initialisation code for handoff from EL3 to NS-EL1
disabled by default. Platforms which do that need to enable this macro
going forward
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I61431cc4f7e2feb568d472828e5fd79cc73e51f5
Update the compiler-rt source files to the tip of llvm-project [1].
[1] https://github.com/llvm/llvm-project/commit/ab97b89d03a7
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ia72b25423896a530bf5bb68ff067184b2314e2be
Update the zlib source files to the latest tagged version 1.3 [1].
[1] https://github.com/madler/zlib/tree/v1.3
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I1eba5671efab75699e68fc2f2aa9400d0f5aba7d
As part of TF-A 2.9.0 release, libfdt version was updated to its last
tagged version (1.7.0) with commit 058e017e5. This commit has only
updated the source files of libfdt but did not update header files.
This patch updates the libfdt header files in include/lib/libfdt to
the tagged version v1.7.0
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I09a0f51435b343c3e1cac45075fe7d28cbcae867
