CryptoCell-712 and CryptoCell-713 drivers have been deprecated since
TF-A v2.9 and their removal was announced for TF-A v2.10 release.
See [1].
As the release is approaching, this patch deletes these drivers' code as
well as all references to them in the documentation and Arm platforms
code (Nuvoton platform is taken care in a subsequent patch). Associated
build options (ARM_CRYPTOCELL_INTEG and PLAT_CRYPTOCELL_BASE) have also
been removed and thus will have no effect if defined.
This is a breaking change for downstream platforms which use these
drivers.
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/about/release-information.html#removal-of-deprecated-drivers
Note that TF-A v3.0 release later got renumbered into v2.10.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Idabbc9115f6732ac1a0e52b273d3380677a39813
* changes:
docs: mark PSA_CRYPTO as an experimental feature
feat(fvp): increase BL1 RW area for PSA_CRYPTO implementation
feat(mbedtls-psa): mbedTLS PSA Crypto with ECDSA
Current interface 'partition_init' accepts parameter image_id
and returns no value. But the entire partition driver is build
only to parse and handle GPT partitions, so add new interface
gpt_partition_init which would return failure to platform code
if it fails to parse the image.
Change-Id: Iaf574d2ad01a15d0723c1475290c31dc4a078835
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Convert all warn messages to verbose messages. As most warning are
needed during debug only and and won't increase the binary size by
default.
Change-Id: Icc5d5157f13507ccbc34675c20357117cad98255
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Currently we just use primary GPT header which is located in second
entry after MBR header, but if this block is corrupted or CRC
mismatch occurs we could try to use the backup GPT header located at
LBAn and GPT entries following this from LBA-33.
Add suitable warning messages before returning any errors to identify
the cause of issue.
Change-Id: I0018ae9eafbacb683a18784d2c8bd917c70f50e1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
GPT header is located in first LBA after MBR entry and mbr header has
details of beginning of first entry, so use mbr header entry first_lba
data to locate GPT header rather than GPT_HEADER_OFFSET.
GPT header size is available in gpt_header, so use that
rather than using DEFAULT_GPT_HEADER_SIZE.
The location of GPT entries is available once we parse gpt_header
and is available as partitiona_lba use that to load gpt_entries rather
than GPT_ENTRY_OFFSET.
Change-Id: I3c11f8cc9d4b0b1778a37fe342fb845ea4a4eff1
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
The ECDSA algorithm signature verification in the PSA differs
from the RSA algorithm in its handling of data formats. In the
case of RSA, an encoded ASN1.0 buffer is passed to the PSA API,
which then decodes the buffer. However, for ECDSA, the PSA API
expects a raw format.
To accomodate this requirement, introduce several static APIs
that allows to retrieve -
1. ECDSA public key data pointer along with its size, and also,
the ECC family in PSA format from the public key.
2. R and S pair of the ECDSA signature along with its size
Change-Id: Icc7d5659aeb3d5c1ab63c3a12c001e68b11a3a86
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
The Draak board ID is 7, Eagle is 3, update them to match
HW documentation. Drop the U suffix from Ebisu board ID.
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Change-Id: Idd191614a6f1f8dbbc13b8e0bc1f089090f9d20b
Use KEY_SIZE 384 to enable ECDSA P384 key support by
setting MBEDTLS_ECP_DP_SECP384R1_ENABLED.
Selected by setting KEY_ALG=ecdsa and KEY_SIZE=384.
Change-Id: I382f34fc4da98f166a2aada5d16fdf44632b47f5
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
The ability to read a character from the console constitutes an attack
vector into TF-A, as it gives attackers a means to inject arbitrary
data into TF-A. It is dangerous to keep that feature enabled if not
strictly necessary, especially in production firmware builds.
Thus, we need a way to disable this feature. Moreover, when it is
disabled, all related code should be eliminated from the firmware
binaries, such that no remnant/dead getc() code remains in memory,
which could otherwise be used as a gadget as part of a bigger security
attack.
This patch disables getc() feature by default. For legitimate getc()
use cases [1], it can be explicitly enabled by building TF-A with
ENABLE_CONSOLE_GETC=1.
The following changes are introduced when getc() is disabled:
- The multi-console framework no longer provides the console_getc()
function.
- If the console driver selected by the platform attempts to register
a getc() callback into the multi-console framework then TF-A will
now fail to build.
If registered through the assembly function finish_console_register():
- On AArch64, you'll get:
Error: undefined symbol CONSOLE_T_GETC used as an immediate value.
- On AArch32, you'll get:
Error: internal_relocation (type: OFFSET_IMM) not fixed up
If registered through the C function console_register(), this requires
populating a struct console with a getc field, which will trigger:
error: 'console_t' {aka 'struct console'} has no member named 'getc'
- All console drivers which previously registered a getc() callback
have been modified to do so only when ENABLE_CONSOLE_GETC=1.
[1] Example of such use cases would be:
- Firmware recovery: retrieving a golden BL2 image over the console in
order to repair a broken firmware on a bricked board.
- Factory CLI tool: Drive some soak tests through the console.
Discussed on TF-A mailing list here:
https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.org/thread/YS7F6RCNTWBTEOBLAXIRTXWIOYINVRW7/
Change-Id: Icb412304cd23dbdd7662df7cf8992267b7975cc5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Acked-by: Baruch Siach <baruch@tkos.co.il>
A PSA crypto API is used for signature verification, namely
psa_verify_message, which calculates the signature and verify it
for the given signed message.
Note, this functionality is as of now tested for RSA based Key
algorithm, subsequent patches will provide the signature verification
support for all the key algorithms available in TF-A (provided by KEY_ALG
build option).
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I16214e3cac6a7af445530a6dbd66cfc6ceedcfc6
A PSA crypto API is used for hash verification, namely
'psa_hash_compute', which internally calculates hash of the given
data payload.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ic90e43e68b836ee2add4b868663cfca2340c8108
A PSA crypto API is used for hash verification, namely
psa_hash_verify, which internally calculates and verifies the hash
of the given data payload.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ib48aa6b74b59aea6036333ff00f6ca566b910e60
Initialised Mbedtls PSA cryto during Crypto init using
function call 'psa_crypto_init'.
MbedTLS currently requires a Random Number Generator (RNG) once
PSA Crypto support is enabled. However, TF-A itself doesn't engage
in cryptographic operations that demand randomness. Consequently,
we simulate the presence of an external TRNG (through the configuration
option 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) while, in reality, we offer
a dummy implementation of mbedtls_psa_external_get_random() that always
returns an error.
Change-Id: Ife6d03909c0e6081438d2b2519ef500e5dcdb88f
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
An ad-hoc MbedTLS PSA crypto driver is registered by compiling
a new driver file, namely mbedtls_psa_crypto.c when PSA_CRYPTO=1.
As of now, this file is the same as mbedtls_crypto.c, but subsequent
patches will update crypto functions in this file to trigger
PSA crypto APIs.
Change-Id: I404c347990661d87dcf5d0501d238e36914ec3ee
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This is a preparatory patch to provide MbedTLS PSA Crypto
API support, with below changes -
1. Added a build macro PSA_CRYPTO to enable the MbedTLS PSA
Crypto API support in the subsequent patches.
2. Compile necessary PSA crypto files from MbedTLS source code
when PSA_CRYPTO=1.
Also, marked PSA_CRYPTO as an experimental feature.
Change-Id: I45188f56c5c98b169b2e21e365150b1825c6c450
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
* changes:
fix(st): enable RTC clock before accessing nv counter
fix(st-crypto): use GENMASK_32 to define PKA registers masks
fix(st): update comment on encryption key
fix(st): allow crypto lib compilation in aarch64
fix(st-uart): allow 64 bit compilation
fix(st): reduce MMC block_buffer
fix(stm32mp13-fdts): cosmetic fixes in PLL nodes
fix(st): update dt_get_ddr_size() type
fix(nand): reset the SLC NAND
fix(st-crypto): do not read RNG data if it's not ready
Remove the dcc_console_init() function. The initialization function
is not being used and serves no purpose.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I056d09e153998d686d3b95ad39c563f797184c18
When compiling the driver in aarch64, and with LOG_LEVEL_VERBOSE, there
is a compilation error on the message displaying the version of the
peripheral. The masks are making the variable unsigned long, whereas
we want to display an unsigned int. As the registers are 32-bit,
we should use GENMASK_32 instead of GENMASK.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I002dd5ad901f68a9480f758eaaa4428f969813c1
Add unregistration function for the JTAG DCC (Debug Communication
Channel) console.
The unregistration function flushes DCC buffer before unregistering
the dcc console to make sure that no output char is pending.
Since console_flush() flushes chars for all registered consoles on
the platform, which is not required in this case, dcc_console_flush()
is being called instead.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I6f15a07c6ee947dc0e7aa8fb069227618080e611
The reset command should be the first command sent to the SLC NAND.
Resetting the SLC NAND should not be done only if NAND_ONFI_DETECT
is enabled.
Change-Id: If225a1b1a7e04181cc5839e282c435c5c8958bd7
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
Having RNG_SR_DRDY bit in RNG_SR register does not mean that there are 4
RNG words ready to be read. Add a check on RNG_SR_DRDY between each word
reading.
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Change-Id: I46af7ca6c0ddbe19540b248365a5016b15b9a707
The JTAG DCC (Debug Communication Channel) console is primary used
for debugging that's why make no sense not to setup it up as crash
console too.
Change-Id: I16e5d83f8da721657b1a10609494f835b87e5578
Signed-off-by: Michal Simek <michal.simek@amd.com>
The generic interrupt controller identifies an interrupt based on its
type whereas the GIC uses the notion of groups to identify an
interrupt.
Currently, they are used interchangeably in GICv3 driver. It did not
cause any functional issues since the matching type and group had the
same value for corresponding macros. This patch makes the necessary
fixes.
The generic interrupt controller APIs, such as
plat_ic_set_interrupt_type map interrupt type to interrupt group
supported by the GICv3 IP. Similarly, other generic interrupt
controller APIs map interrupt group to interrupt type as needed.
This patch also changes the name of the helper functions to use group
rather than type for handling interrupts.
Change-Id: Ie2d88a3260c71e4ab9c8baacde24cc21e551de3d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
The generic interrupt controller identifies an interrupt based on its
type whereas the GIC uses the notion of groups to identify an
interrupt.
This patch changes the name of the helper functions to use group
rather than type for handling interrupts. No functional change in this
patch.
Change-Id: If13ec65cc6c87c2da73a3d54b033f02635ff924a
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Express memory size with size_t type in structures.
Retrieve value as uint32_t from device tree and then cast it to size_t.
Combined with uintptr_t use, it ensures a generic algorithm whatever
the platform architecture, notably within systematic tests. Adapt also
their prototypes.
Move memory size print outside stm32mp_ddr_check_size() to adapt it to
related platform.
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Change-Id: Ic6e1a62d7a5e23cef49909a658098c800e7dae3f
slot ranges from 0 to 31, left shifting 1 by slot is undefined when slot
is 31
Change-Id: I0c2e6d278ff593cee07736627cd87692f45e2da9
Signed-off-by: Anand Saminathan <anans@google.com>
if ops->send_cmd in mmc_send_cmd returns a non-zero value, r_data
(resp_data in mmc_device_state) is never populated, so the while
condition in mmc_device_state would end up reading the uninitialized
resp_data buffer
Signed-off-by: Anand Saminathan <anans@google.com>
Change-Id: I72d752867c537d49e111e6d149c3cca122f7dc9f
crypto_mod_verify_signature() expects a pointer to the full pk.
In case of stm32mp1 crypto_verify_signature() will call
get_plain_pk_from_asn1() on the converted pk which fails.
Fixes: f1e693a775
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Change-Id: Ia9bdaa10e1b09f9758e5fa608a063b5212c428c3
It is an adaptation for AARCH64 of the already existing AARCH32 driver.
Change-Id: Ifabf716a6bd188d2249650a34bbec1a602bcb017
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Rename PLAT_NB_FIXED_REGS to PLAT_NB_FIXED_REGUS.
This avoids confusion with regulators and registers.
Signed-off-by: Pascal Paillet <p.paillet@st.com>
Change-Id: Idb2de7204fe978ffcdd729e6cbe453e85fd089b5
Those specific SDMMC definitions are only used in stm32_sdmmc2.c driver.
Move them there.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: Iac7e505e9421aa7630bee8ce6fc2277b98581995
The function fdt_get_rcc_secure_state() is only used in BL32.
Put it under flag to avoid compilation errors.
Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: If57c65bef0b1a3f7349527720f94fde26edbb73c
A new local function is created to set STGEN counter value,
that will deal with __aarch64__ flag. And the function
stm32mp_stgen_get_counter is adapted for __aarch64__.
Change-Id: I53c21ad11ba5085611a028790e1decbe5994ae50
Signed-off-by: Yann Gautier <yann.gautier@st.com>
The implementation of code changes manages the transmit FIFO (TxFIFO)
in the UART driver. The added code snippet includes a sequence of
instructions that ensures efficient handling of data transmission
and synchronization with the host software.
The code first checks the TxFIFO empty flag to determine whether
there is data available for transmission. If the TxFIFO is not empty,
the code waits until it becomes empty, ensuring that the transmit
operation is synchronized with the availability of data.
Subsequently, the code monitors the transmit operation's activity
status. It waits until the transmit operation becomes inactive,
indicating the completion of the previous transmission.
This synchronization step ensures that new data can be added to the
TxFIFO without causing any loss of transmission time.
Update console_flush() function, the function waits for the
Transmitter FIFO to empty and checks the transmitter's active state.
If the transmitter is in an active state, it means it is currently
shifting out a character.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I9d6c05bdfb9270924b40bf1f6ecb5fe541a2242e
Remove blanket assumption of empty data segment area to avoid
issues while writing descriptors.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: If6ff0426c44c949af1065082ed8a23ed936b5f3e
Pass "start_idx" to plat_scmi_clock_rates_array.
This parameter is required to obtain the rate table
a second time.
Signed-off-by: XiaoDong Huang <derrick.huang@rock-chips.com>
Change-Id: I97c6751e7d34c839ced8f22bddc39fb534978cc4
Changes have been made in NPU firmware version 13 around error handling
which require some different register values to be set in AUXCTLR and
SYSCTRL1.
SiP service version number has been bumped up to 15 to reflect these
changes.
Change-Id: I6cda0048dc75df2150f7a0fe25f12ba6bf119ced
Signed-off-by: Rob Hughes <robert.hughes@arm.com>
