Update TF-A documentation to recommend using the latest and greatest
release of mbedTLS library to this date, i.e. version 3.4.1. The
upgrade was successfully tested by the OpenCI running all existing
test configs, in particular trusted boot and measured boot related
ones.
The reason for this upgrade is simply to obey TF-A's guideline to
always use up-to-date security libraries. mbedTLS 3.4.1 release
notes [1] do not list any changes that should affect TF-A.
[1] https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Ifc31c2fc825a2fc9ca318ea8baadd51b670e7a4e
* changes:
fix(fvp): increase the maximum size of Event Log
fix(fvp): increase maximum MMAP and XLAT entries count
fix(arm): add Event Log area behind Trustzone Controller
fix(tbbr): unrecognised 'tos-fw-key-cert' option
When ENABLE_RUNTIME_INSTRUMENTATION flag is set timestamps are captured
and output to the fvp console at various boot stages using the PMF
library (which are based on aarch timers).
Timestamps are captured at entry and exit points for Bl1, Bl2
and, Bl3 respectively.
Change-Id: I7c0c502e5dbf73d711700b2fe0085ca3eb9346d2
Signed-off-by: Thaddeus Serna <Thaddeus.Gonzalez-Serna@arm.com>
Cortex-X3 erratum 2742421 is a Cat B erratum that applies to
all revisions <= r1p1 and is fixed in r1p2. The workaround is to
set CPUACTLR5_EL1[56:55] to 2'b01.
SDEN documentation:
https://developer.arm.com/documentation/2055130/latest
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Change-Id: Idadd323e419739fe909b9b68ea2dbe857846666b
Fixed internal links refrenced inside tfa/docs.
Followed https://www.sphinx-doc.org/en/master/usage/restructuredtext/roles.html#ref-role
for instrustion on how to link sections within other documents.
Signed-off-by: Thaddeus Serna <thaddeus.gonzalez-serna@arm.com>
Change-Id: I8e7c090d98951b1e3d393ab5b1d6bcdaa1865c6f
To make room for all image measurements using the
RME+SPM+TBB+MEASURED_BOOT test configuration, the Event Log's maximum
size has been significantly increased.
Change-Id: I0b9948dab893e14677bca0afa07167648a6c2729
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Maximum entries for MMAP and XLAT have been increased in order to
support the configuration SPM+RME, along with MEASURED_BOOT and
TRUSTED_BOARD_BOOT.
Change-Id: Ic0a0aefecb49d7ccc71357c4bd94e7bd2e5f57c4
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
To allow the SPD to access the Event Log on RME systems with
TrustZone Controller, the Event Log region needs to be configured
into the TZC. This change will enable read-write access of this
region from the secure world, which is currently denied.
Change-Id: I0c32977386f3d7c22f310b2b9404d48e8e6cac29
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
CCA CoT uses 'core-swd-cert' for signing all secure software, so when
using cert_create tool to generate its certificate, it throws an
error: "tools/cert_create/cert_create: unrecognized option
'--tos-fw-key-cert'".
The issue has not been seen so far since "SPM+RME+TBB+Measured-Boot"
combination is not tested in CI/local-setup. It is now resolved by
guarding usage of '--tos-fw-key-cert' for non-CCA CoTs.
Change-Id: I5e61d851a71c251920171cf410cbd0129e0e0aad
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Adds a dummy implementation of the plat_mboot_measure_key() function in
BL1 for QEMU platform.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I5923aad962a5e34d657cf49c177e68ed2ea93291
When BL31 software is sending data through a communication channel,
there's a chance that the final portion of the data could become
disrupted, if another software (BL32/RMM) starts setting up the
channel at the same time. To solve this issue, make sure to flush the
console data from BL31, before initializing BL32/RMM. This makes sure
that the communication stays reliable.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: Icb8003e068b0b93bc4672e05f69001d9694a175c
The implementation of code changes manages the transmit FIFO (TxFIFO)
in the UART driver. The added code snippet includes a sequence of
instructions that ensures efficient handling of data transmission
and synchronization with the host software.
The code first checks the TxFIFO empty flag to determine whether
there is data available for transmission. If the TxFIFO is not empty,
the code waits until it becomes empty, ensuring that the transmit
operation is synchronized with the availability of data.
Subsequently, the code monitors the transmit operation's activity
status. It waits until the transmit operation becomes inactive,
indicating the completion of the previous transmission.
This synchronization step ensures that new data can be added to the
TxFIFO without causing any loss of transmission time.
Update console_flush() function, the function waits for the
Transmitter FIFO to empty and checks the transmitter's active state.
If the transmitter is in an active state, it means it is currently
shifting out a character.
Signed-off-by: Prasad Kummari <prasad.kummari@amd.com>
Change-Id: I9d6c05bdfb9270924b40bf1f6ecb5fe541a2242e
The commit f123b91fdd ("fix(versal): fix BLXX memory
limits for user defined values") and commit a80da3899a
("fix(versal-net): fix BLXX memory limits for user defined
values") fixed issue regarding linker alignment section.
But removing -1 logic is not reflected in plat_fdt() memory
reservation code.
That's why remove +1 from prepare_dtb() not to generate a reserved
memory node with bigger size which ends up with reserving more
space than actually requested by a full featured bootloader or OS.
Change-Id: I0a646cee7d5a55157a6eb1b672c2edbe89e6a57f
Signed-off-by: Michal Simek <michal.simek@amd.com>
Bump the certifi package to a later version following an advisory [1]
affecting versions >= 2015.4.28, < 2023.7.22.
[1] https://github.com/advisories/GHSA-xqr8-7jwr-rhp7
Change-Id: Ida6ff7f0b1228728474de8695dca42303de2b305
Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
move the gpc reg offset, bit define & macro to a separate header
file for code reuse.
This fixes suspend to mem on i.MX8M Plus too, since the register
layout is different there.
Change-Id: Ibec60c3a68ffa8c378de5334577a7b0e463ca875
Signed-off-by: Jacky Bai <ping.bai@nxp.com>
Signed-off-by: Marek Vasut <marex@denx.de> # Upgrade to latest, update commit message
Similar to the FVP and QEMU, the Arm FPGA systems come with different
CPU cores, and gain new features over time.
Add a list of ARMv9.2 features that require TF-A enablement to be usable
from non-secure world. Their existence will be detected at runtime, so
supporting all those features is not required for using the build.
This fixes the Linux kernel booting on a ARMv9.2 FPGA core.
Change-Id: Ie93c32b13ce4f9968081bf38296cd45edad0a928
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Memory reservation in dtb will be done only when TF-A runs from
ddr and dtb load address is provided.
Otherwise prepare_dtb will simply return.
Empty definition of prepare_dtb is removed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Ie8a3ec51d60a7389831cfe6a112f722777930623
In absence of definition, PLAT_OCM_BASE is always 0
and IS_TFA_IN_OCM(x) always returns true irrespective
of address passed to it. Reasoning is as mentioned in
Refer section 4.2.3 in
https://gcc.gnu.org/onlinedocs/gcc-3.0.2/cpp_4.html
Due to this,functionality for reservation of TF-A DDR memory in
dtb is never executed.
Signed-off-by: Amit Nagal <amit.nagal@amd.com>
Change-Id: Iafb6b7c6aec29bba22f8f7a8395f9caf97548157
Update the memory layout for both BL31 and BL32 FW based on
the 1GB DRAM space of the AST2700 EVB.
Minor:
- Use SZ_xx macro to define size for better readability
Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Change-Id: I6d8285bd675321f615bb67cdd27bb4b6cb4c8b16
The generic threat model used to list threats in no particular order.
Reorganize threats so that they are grouped by mitigating entity. For
example, threats mitigated by the boot firmware (i.e. BL1 and BL2) are
now clubbed together, ditto for those mitigated by the runtime EL3
firmware. Note that some generic threats apply to all firmware images
so these get grouped in their own section as well.
The motivations for this refactoring are the following:
- Clarify the scope of the threats.
In particular, as the boot firmware is typically transient, threats
applying to those images can only be exploited during a short
period of time before the runtime firmware starts.
A note has been added to this effect.
- Helping developers implement mitigations in the right place.
- Some vendors have their own solution for booting their device and
only leverage the runtime firmware from the TF-A project. Thus,
they are not interested in the threat model of TF-A's boot
firmware. Isolating the latter in a specific section helps them
focus on what is important for them.
To avoid unnecessary churn, the threats ids have been kept the same.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: Id8616fd0e4b37cd400b1ad3372beb3455234d4dc
The fact that RME is out of the generic threat model's scope is just
another assumption we make about the target of evaluation so mention
it there.
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Change-Id: I839ec5427f36b085148338030e8b1b85191d4245
Neoverse N2 erratum 2009478 is a Cat B erratum that applies to
revision r0p0 and is fixed in r0p1. The workaround is to clear
the ED bit for all core error records before setting the PWRDN_EN
bit in CPUPWRCTLR_EL1 to request a power down.
SDEN documentation:
https://developer.arm.com/documentation/SDEN1982442/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ic5ef58c9e795b90026af1d2b09edc0eea3ceee51
To avoid duplicate symbol errors when compiling bootloader images which
pull in the same source file multiple times, sort source files before
generating bootloader image build rules in order to remove duplicates.
Change-Id: I03a60d9f752f8fe85f17ec14e265fd4a6223de32
Signed-off-by: Chris Kay <chris.kay@arm.com>
Similarly to the earlier patch enabling BL-specific additions to include
directories, preprocessor definitions and toolchain flags, this change
allows platforms to add options common to all images.
This is required because some platforms inject dependencies via the
`<platform_def.h>` header, and we don't currently have a clean way to
model that in build system code.
Change-Id: Ib0b38f9236cba6f56745cb3c756dfc81547da8bd
Signed-off-by: Chris Kay <chris.kay@arm.com>
