Our build system extensively uses syntax and tools that are not natively
supported by Windows shells (i.e., CMD.exe and Powershell). This
dependency necessitates a UNIX-compatible build environment. This commit
updates the prerequisites section in our documentation to reflect this.
Change-Id: Ia7e02d7a335e6c88bbaa0394650f1313cdfd6e40
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
This change adds documentation for the console_list and
console_info structures added to the RMM Boot Manifest v0.3.
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Change-Id: I3a4f9a4f1d34259bc69c0ab497cbfbc268d7a994
Currently both FEAT_MTE and FEAT_MTE_PERM aren't used for enabling
of any feature bits in EL3. So remove both FEAT handling.
All mte regs that are currently context saved/restored are needed
only when FEAT_MTE2 is enabled, so move to usage of FEAT_MTE2 and
remove FEAT_MTE usage.
BREAKING CHANGE: Any platform or downstream code trying to use
SCR_EL3.ATA bit(26) will see failures as this is now moved to be
used only with FEAT_MTE2 with
commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2
Change-Id: Id01e154156571f7792135639e17dc5c8d0e17cf8
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Rename Neoverse Poseidon to Neoverse V3, make changes
to related build flags, macros, file names etc.
Change-Id: I9e40ba8f80b7390703d543787e6cd2ab6301e891
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
* changes:
feat(rpi): add Raspberry Pi 5 support
fix(rpi): consider MT when calculating core index from MPIDR
refactor(rpi): move register definitions out of rpi_hw.h
refactor(rpi): add platform macro for the crash UART base address
refactor(rpi): split out console registration logic
refactor(rpi): move more platform-specific code into common
Cortex-A720 erratum 2926083 is a Cat B erratum that is present
in revisions r0p0, r0p1 and is fixed in r0p2. The errata is only
present when SPE (Statistical Profiling Extension) is implemented
and enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is "implemented and enabled".
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Change-Id: I30182c3893416af65b55fca9a913cb4512430434
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Cortex-A720 erratum 2940794 is a Cat B erratum that is present
in revision r0p0, r0p1 and is fixed in r0p2.
The workaround is to set bit[37] of the CPUACTLR2_EL1 to 1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2439421/latest
Change-Id: I1488802e0ec7c16349c9633bb45de4d0e1faa9ad
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
Incorporate a timing side-channel attack into the TF-A generic
threat model. There is no software mitigation measures in TF-A
against this specific type of attack.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I10e53f8ed85a6da32de4fa6a210805f950018102
Recommend OP-TEE as the default BL32 for STMicroelectronics platforms.
SP_MIN is no more supported in STMicroelectronics software [1].
It will then no more receive new features, but should still remain
as it is in the TF-A code.
[1]: https://wiki.st.com/stm32mpu/wiki/STM32_MPU_OpenSTLinux_release_note_-_v5.0.0#TF-A
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: Ic49338dbba3fdcebcb1e477e6a1dbde32783482b
Due to embedded SRAM used to load BL2 and BL31 or BL32 has a limited
size, only one storage device or serial device flag should be selected
in TF-A build command line for ST platforms.
This is in line with STMicroelectionics recommendation [1] about those
compilation flags.
[1]: https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_BL2#Build_command_details
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I6f6ab17d45d00289989a606d15c143e5710c64ce
Deprecation notice was sent to the community and no objection was
raised, so removing mbedtls 2.x support.
Change-Id: Id3eb98b55692df98aabe6a7c5a5ec910222c8abd
Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Cortex-A715 erratum 2413290 is a Cat B erratum that is present
only in revision r1p0 and is fixed in r1p1. The errata is only
present when SPE(Statistical Profiling Extension) is enabled.
The workaround is to set bits[58:57] of the CPUACTLR_EL1 to 'b11
when SPE is enabled, ENABLE_SPE_FOR_NS=1.
SDEN documentation:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: Iaeb258c8b0a92e93d70b7dad6ba59d1056aeb135
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
The Raspberry Pi 5 is a single-board computer based on BCM2712 that
contains four Arm Cortex-A76 cores.
This change introduces minimal BL31 support with PSCI that has been
validated to boot Linux and a private EDK2 build.
It's a drop-in replacement for the custom TF-A armstub now included in
the EEPROM images.
Change-Id: Id72a0370f54e71ac97c3daa1bacedacb7dec148f
Signed-off-by: Mario Bălănică <mariobalanica02@gmail.com>
* changes:
feat(tc): group components into certificates
feat(dice): add cert_id argument to dpe_derive_context()
refactor(sds): modify log level for region validity
feat(tc): add dummy TRNG support to be able to boot pVMs
feat(tc): get the parent component provided DPE context_handle
feat(tc): share DPE context handle with child component
feat(tc): add DPE context handle node to device tree
feat(tc): add DPE backend to the measured boot framework
feat(auth): add explicit entries for key OIDs
feat(dice): add DPE driver to measured boot
feat(dice): add client API for DICE Protection Environment
feat(dice): add QCBOR library as a dependency of DPE
feat(dice): add typedefs from the Open DICE repo
docs(changelog): add 'dice' scope
refactor(tc): align image identifier string macros
refactor(fvp): align image identifier string macros
refactor(imx8m): align image identifier string macros
refactor(qemu): align image identifier string macros
fix(measured-boot): add missing image identifier string
refactor(measured-boot): move metadata size macros to a common header
refactor(measured-boot): move image identifier strings to a common header
Cortex-A715 erratum 2344187 is a Cat B erratum that applies to r0p0,
r1p0 and is fixed in r1p1. The workaround is to set GCR_EL1.RRND to
0b1, and apply an implementation specific patch sequence.
SDEN: https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I78ea39a91254765c964bff89f771af33b23f29c1
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Cortex-X4 erratum 2701112 is cat B erratum that applies to
revision r0p0 and is fixed in r0p1. This erratum affects
system configurations that do not use an Arm interconnect IP.
The workaround for this erratum is not implemented in EL3.
The erratum can be enabled/disabled on a platform level.
The flag is used when the errata ABI feature is enabled and can
assist the Kernel in the process of mitigation of the erratum.
SDEN Documentation:
https://developer.arm.com/documentation/SDEN2432808/latest
Change-Id: I8ede1ee75b0ea1658369a0646d8af91d44a8759b
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
GIC600 erratum 2384374 is a Category B erratum. Part 1 is fixed
in this patch, and the Part 1 failure mode is described as
'If the packet to be sent is a SET packet, then a higher priority SET
may not be sent when it should be until an unblocking event occurs.'
This is handled by calling gicv3_apply_errata_wa_2384374() in the
ehf_deactivate_priority() path, so that when EHF restores the priority
to the original priority, the interrupt packet buffered
in the GIC can be sent.
gicv3_apply_errata_wa_2384374() is the workaround for
the Part 2 of erratum 2384374 which flush packets from the GIC buffer
and is being used in this patch.
SDEN can be found here:
https://developer.arm.com/documentation/sden892601/latest/
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I4bb6dcf86c94125cbc574e0dc5119abe43e84731
Cortex-A715 erratum 2331818 is a cat B erratum that applies to
revisions r0p0 and r1p0 and is fixed in r1p1. The workaround is to
set bit[20] of CPUACTLR2_EL1. Setting this bit is expected to have
a negligible performance impact.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: If3b1ed78b145ab6515cdd41135314350ed556381
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
Cortex-A715 erratum 2420947 is a cat B erratum that applies only
to revision r1p0 and is fixed in r1p1. The workaround is to set
bit[33] of CPUACTLR2_EL1. This will prevent store and store-release
to merge inside the write buffer, and it is not expected to have
much performance impacts.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I01a71b878cd958e742ff8357f8cdfbfc5625de47
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
The client platform relies on the DICE attestation
scheme. RSS provides the DICE Protection Environment
(DPE) service. TF-A measured boot framework supports
multiple backends. A given platform always enables
the corresponding backend which is required by the
attestation scheme.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Idc3360d0d7216e4859e99b5db3d377407e0aeee5
DPE commands are CBOR encoded. QCBOR library is used
in TF-A for CBOR encoding.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ifd01e1e6e1477cf991e765b97c446684fc6ef9b9
The DPE implementation in RSS is aligned with the
Open Profile for DICE specification:
https://pigweed.googlesource.com/open-dice/
Type definitions are needed to specify the input
values for the DPE service. Instead of mandating to
clone the entire open-dice repo, the following file
is copied from the repository:
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/include/dice/dice.h
Git SHA of the source version: cf549422e3
This is external code, with Apache 2.0 license, therefore
the license.rst is updated accordingly and a copy of this
license is also added.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ie84b8483034819d1143fe0ec812e66514ac7d4cb
Erratum ID 2701951 is an erratum that could affect platforms that
do not use an Arm interconnect IP. This was originally added to the list
of Cortex-A715 in the errata ABI files.
Fixed this by adding it to the Cortex-X3 list.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Change-Id: I6ffaf4360a4a2d0a23c253a2326c178e010c8e45
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Add myself as co-maintainer for SynQuacer platform,
as I'm currently working on it.
Change-Id: I149830bf7f635f72df808214e8fd23730fde7212
Signed-off-by: Masahisa Kojima <kojima.masahisa@socionext.com>
* changes:
style(fwu): change the metadata fields to align with specification
style(partition): use GUID values for GPT partition fields
feat(st): add logic to boot the platform from an alternate bank
feat(st): add a function to clear the FWU trial state counter
feat(fwu): add a function to obtain an alternate FWU bank to boot
feat(fwu): add some sanity checks for the FWU metadata
feat(fwu): modify the check for getting the FWU bank's state
feat(st): get the state of the active bank directly
feat(fwu): add a config flag for including image info in the FWU metadata
feat(fwu): migrate FWU metadata structure to version 2
feat(fwu): document the config flag for including image info in the FWU metadata
feat(fwu): update the URL links for the FWU specification
* changes:
refactor(sgi): replace references to "SGI"/"sgi" for neoverse_rd
refactor(sgi): rename "CSS_SGI"" macro prefixes to "NRD"
refactor(sgi): move apis and types to "nrd" prefix
refactor(sgi): replace build-option prefix to "NRD"
refactor(sgi): move neoverse_rd out of css
refactor(sgi): move from "sgi" to "neoverse_rd"
feat(sgi): remove unused SGI_PLAT build-option
fix(sgi): align to misra rule for braces
feat(rde1edge): remove support for RD-E1-Edge
fix(rdn2): populate TOS_CONFIG only when SPMC_AT_EL3 is enabled
fix(board): update spi_id max for sgi multichip platforms
Cortex-A715 erratum 2429384 is a cat B erratum that applies to
revision r1p0 and is fixed in r1p1. The workaround is to set
bit[27] of CPUACTLR2_EL1. There is no workaround for revision
r0p0.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2148827/latest
Change-Id: I3cdb1b71567542174759f6946e9c81f77d0d993d
Signed-off-by: Bipin Ravi <biprav01@u203721.austin.arm.com>
* changes:
docs(maintainers): add the maintainers for imx8ulp
docs(imx8ulp): add imx8ulp platform
fix(imx8ulp): increase the mmap region num
feat(imx8ulp): adjust the dram mapped region
feat(imx8ulp): ddrc switch auto low power and software interface
feat(imx8ulp): add some delay before cmc1 access
feat(imx8ulp): add a flag check for the ddr status
fix(imx8ulp): add sw workaround for csi/hotplug test hang
feat(imx8ulp): adjust the voltage when sys dvfs enabled
feat(imx8ulp): enable the DDR frequency scaling support
fix(imx8ulp): fix suspend/resume issue when DBD owner is s400 only
feat(imx8ulp): update XRDC for ELE to access DDR with CA35 DID
feat(imx8ulp): add memory region policy
feat(imx8ulp): protect TEE region for secure access only
feat(imx8ulp): add trusty support
feat(imx8ulp): add OPTEE support
feat(imx8ulp): update the upower config for power optimization
feat(imx8ulp): allow RTD to reset APD through MU
feat(imx8ulp): not power off LPAV PD when LPAV owner is RTD
feat(imx8ulp): add system power off support
feat(imx8ulp): add APD power down mode(PD) support in system suspend
feat(imx8ulp): add the basic support for idle & system suspned
feat(imx8ulp): enable 512KB cache after resume on imx8ulp
feat(imx8ulp): add the initial XRDC support
feat(imx8ulp): allocated caam did for the non secure world
feat(imx8ulp): add i.MX8ULP basic support
build(changelog): add new scopes for nxp imx8ulp platform
feat(scmi): add scmi sensor support
The version 2 of the FWU metadata structure is designed such that the
information on the updatable images can be omitted from the metadata
structure. Add a config flag, PSA_FWU_METADATA_FW_STORE_DESC, which is
used to select whether the metadata structure has this information
included or not. It's value is set to 1 by default.
Change-Id: Id6c99455db768edd59b0a316051432a900d30076
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Update the links for accessing the FWU Multi Bank update specification
to point to the latest revision of the specification.
Change-Id: I25f35556a94ca81ca0a7463aebfcbc2d84595e8f
Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
