Boyan Karatotev [Wed, 7 Dec 2022 10:26:48 +0000 (10:26 +0000)]
docs: describe the new warning levels
When -Wextra was added, the warning levels changed their meaning. Add a
description in the build option section and leave the security hardening
section as mostly a pointer to it.
Boyan Karatotev [Mon, 21 Nov 2022 14:49:05 +0000 (14:49 +0000)]
build: add -Wunused-const-variable=2 to W=2
TF-A is quite strict with warnings and redundant code. This flag
furthers this so it would be useful to have it. Add it to W=2 as it sets
off a few platforms which require a somewhat involved fix.
Boyan Karatotev [Mon, 21 Nov 2022 14:16:43 +0000 (14:16 +0000)]
build: include -Wextra in generic builds
TF-A is more strict with compiler warnings in comparison to other
projects (notably Linux) for security and -Wextra enables a lot of
desirable warnings. This patch enables -Wextra by default (from W=1
previously) and reorganises the warning levels so that they can useful
when enabled and not just a build failure. This will help us move
towards fixing the warnings that are too many to fix at once and
enabling all W={1, 2} warnings.
The warning levels get new meanings:
* W=1: warnings we want the generic build to include but are too time
consuming to fix at the moment. They re-enable warnings taken out for
generic builds.
* W=2: warnings we want the generic build to include but cannot be
enabled due to external libraries.
* W=3: warnings that are informative but not necessary and generally too
verbose and frequently ignored.
Quality expectations for new contributions mean that generally they
should have no warnings up to W=2. To allow code to be developed with
them in mind, -Werror is disabled when W=x is set. This way enabling
warnings will not just fail the build due to technicalities we have and
contributors will be able to actually see if they get any.
Boyan Karatotev [Tue, 22 Nov 2022 12:01:09 +0000 (12:01 +0000)]
docs(porting-guide): update a reference
The BL31 part has been there forever and the PSCI reference is neither
at section 3.3 or directly below. Update this to locate the section more
easily.
Boyan Karatotev [Tue, 22 Nov 2022 14:09:36 +0000 (14:09 +0000)]
fix(st-usb): replace redundant checks with asserts
Returning enum usb_status in an enum usb_action function is wrong as
they have different meanings. However, usb_dwc2_ep0_out_start() and
usb_dwc2_activate_setup() only return USBD_OK so we will never get to
there. Replace these checks with asserts in case the code changes in
future.
This also silences a warning when compiling with -Wextra.
Boyan Karatotev [Tue, 22 Nov 2022 14:05:18 +0000 (14:05 +0000)]
fix(brcm): add braces around bodies of conditionals
On release builds EMMC_TRACE doesn't expand to anything. Some
conditionals with no braces end up with empty bodies. This produces a
warning when compiling with -Werror=empty-body (enabled by -Wextra).
Since TF-A coding guidelines require braces to comply with MISRA
guidelines anyway, add them in the whole file.
Boyan Karatotev [Tue, 22 Nov 2022 12:24:10 +0000 (12:24 +0000)]
fix(renesas): align incompatible function pointers
secure_boot_api_f is defined to take uint32_t, uint32_t, and void *
parameters. However rom_secure_boot_api_f is defined to take uint32_t *,
uint32_t *, void *. These are incompatible and cause a warning when
compiling with -Wextra. Align the rom definition to the more generic
definition from where it's called.
Boyan Karatotev [Tue, 22 Nov 2022 12:13:44 +0000 (12:13 +0000)]
fix(zynqmp): remove redundant api_version check
The api_version is checked in pm_setup() and an error is returned. The
smc handlers will not be registered on error so doing the check again is
redundant. This also silences a warning when compiling with -Wextra.
Boyan Karatotev [Fri, 18 Nov 2022 14:17:17 +0000 (14:17 +0000)]
fix: unify fallthrough annotations
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
David Vincze [Fri, 4 Nov 2022 17:28:12 +0000 (18:28 +0100)]
fix(rss): remove null-terminator from RSS metadata
Remove the null-terminator of the string-like data items
from the RSS measurement's metadata. The 'version' and
'sw_type' items have an associated length value which
should not include a null-terminator when storing the
measurement.
Change-Id: Ia91ace2fff8b6f75686dd2e1862475268300bbdb Signed-off-by: David Vincze <david.vincze@arm.com>
Incorrect number of FPGA pinmux registers was copied from handoff data.
This caused pinmux_emac0_usefpga register to always be zero meaning
"EMAC0 uses HPS IO Pins" even if handoff data for this register was one
meaning "EMAC0 uses the FPGA Inteface".
Update SPM threat model for possible threats, from malicious
endpoints, related to interrupt management. The mitigations
are based on the guidance provided in FF-A v1.1 EAC0 spec.
Harrison Mutai [Fri, 11 Nov 2022 14:09:55 +0000 (14:09 +0000)]
fix(cpus): workaround for Cortex-X3 erratum 2615812
Cortex-X3 erratum 2615812 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r1p1, and is still open. The workaround is to disable
the use of the Full Retention power mode in the core (setting
WFI_RET_CTRL and WFE_RET_CTRL in CORTEX_X3_IMP_CPUPWRCTLR_EL1 to 0b000).
SDEN can be found here:
https://developer.arm.com/documentation/SDEN2055130/latest
Change-Id: I5ad66df3e18fc85a6b23f6662239494ee001d82f Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Merge changes If90a18ee,I02e88f8c,Iea447fb5,Ie0570481,Ieeb14cfc into integration
* changes:
docs: add top level section numbering
docs(build): clarify getting started section
docs(build): clarify docs building instructions
fix(docs): prevent a sphinx warning
fix(docs): prevent a virtual environment from failing a build
Boyan Karatotev [Thu, 27 Oct 2022 14:12:36 +0000 (15:12 +0100)]
docs: add top level section numbering
Top level sections are not numbered. Adding numbers makes referring to
sections easier. For example the Maintainers page changes from
"about/3.1" to simply "1.3.1".
Boyan Karatotev [Thu, 27 Oct 2022 13:47:18 +0000 (14:47 +0100)]
docs(build): clarify getting started section
The Getting started section is very difficult to follow. Building the
fip comes before building the files it needs, the BL33 requirement is
given in a somewhat hand wavy way, and the Arm Developer website
download provides a lot of targets and the guide is not clear which ones
are needed on download.
Swapping the initial build and supporting tools sections makes the flow
more natural and the supporting tools section then becomes clear.
Explicitly mentioning the GCC targets avoids confusion for people less
familiar with the project (eg. new starters).
Boyan Karatotev [Thu, 27 Oct 2022 12:55:12 +0000 (13:55 +0100)]
docs(build): clarify docs building instructions
Using virtual environments with pip is a generally recommended good
practice but the docs do not acknowledge it. As a result fresh installs
might fail builds due to missing $PATH entries. The Prerequisites
section is also a bit verbose which is difficult to read.
This patch adds the virtual environment mention and clarifies wording.
Boyan Karatotev [Thu, 27 Oct 2022 10:56:40 +0000 (11:56 +0100)]
fix(docs): prevent a sphinx warning
Some newer versions of sphinx (tried on v5.3) will warn about language
being None which will fail the build. Change it to the default (en) to
prevent this.
Boyan Karatotev [Thu, 27 Oct 2022 10:28:23 +0000 (11:28 +0100)]
fix(docs): prevent a virtual environment from failing a build
sphinx-build is passed a blanket "." to build all docs. However, if a
virtual environment is placed within the docs directory, sphinx will try
to build it which will fail due to some weird files it has.
This excludes the most common virtual environment directories from the
build to prevent this.
Boyan Karatotev [Tue, 15 Nov 2022 17:39:22 +0000 (17:39 +0000)]
fix(docs): unify referenced Ubuntu versions
Documentation is inconsistent when referring to Ubuntu versioning.
Change this to a single reference that is consistent with the stated
version for TF-A tests.
The change was tested with a full build on a clean install of Ubuntu 20.04.
Quentin Schulz [Mon, 14 Nov 2022 16:40:33 +0000 (17:40 +0100)]
fix(rockchip): align fdt buffer on 8 bytes
Since commit 94b2f94bd632 ("feat(libfdt): upgrade libfdt source files"),
8-byte alignment of the FDT address is enforced to follow the DT
standard.
Rockchip implementation of params_early_setup loads the FDT address as
passed by the bootloader into a buffer. This buffer is currently made of
uint8_t which means it is not 8-byte aligned and might result in
fdt_open_into failing.
Instead, let's make this buffer uint64_t to make it 8-byte aligned.
Okash Khawaja [Mon, 14 Nov 2022 12:50:30 +0000 (12:50 +0000)]
fix(cpus): update doc and check for plat_can_cmo
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Manish Pandey [Mon, 14 Nov 2022 13:11:55 +0000 (14:11 +0100)]
Merge changes from topic "stm32mp1-trusted-boot" into integration
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
Lionel Debieve [Mon, 14 Nov 2022 10:05:09 +0000 (11:05 +0100)]
fix(build): ensure that the correct rule is called for tools
In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.
Lionel Debieve [Thu, 6 Oct 2022 06:51:32 +0000 (08:51 +0200)]
feat(stm32mp1-fdts): add CoT and fuse references for authentication
Add the stm32mp1 CoT description file. Include the TRUSTED_BOARD_BOOT
entry in the platform device tree file.
Add the missing public root key reference for stm32mp15 and the
encryption key reference for stm32mp13.
Lionel Debieve [Wed, 5 Oct 2022 14:47:03 +0000 (16:47 +0200)]
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.
Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
feat(auth): allow to verify PublicKey with platform format PK
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Manish Pandey [Mon, 14 Nov 2022 10:17:27 +0000 (11:17 +0100)]
Merge changes I5838964f,Id752c1cc,Idd42d5a2,Iff4680cd,I2b1801a7, ... into integration
* changes:
fix(mt8188): add mmap entry for CPU idle SRAM
fix(mt8188): refine gic init flow after system resume
fix(mt8186): fix the DRAM voltage after the system resumes
feat(mt8188): add audio support
refactor(mt8195): use ptp3 common drivers
feat(mt8188): add support for PTP3
feat(mt8188): enable MTK_PUBEVENT_ENABLE
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
feat(st-crypto): update HASH for new hardware version used in STM32MP13
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Liju-Clr Chen [Fri, 11 Nov 2022 01:51:51 +0000 (09:51 +0800)]
fix(mt8188): add mmap entry for CPU idle SRAM
CPU PM driver accesses CPU idle SRAM during the system suspend
process. The region of CPU idle SRAM needs to be added as mmap entry.
Otherwise, the execption would occur.
BUG=b:244215539
TEST=Test of suspend resume passes.
James Liao [Fri, 23 Sep 2022 08:37:59 +0000 (16:37 +0800)]
fix(mt8188): refine gic init flow after system resume
Call gicv3_distif_init() instead of mt_gic_init() in
armv8_2_mcusys_pwr_on_common(). This is to prevent
gicv3_rdistif_init() and gicv3_cpuif_enable() from being called twice
in the power-on flow. gicv3_rdistif_init() and gicv3_cpuif_enable()
are called in later armv8_2_cpu_pwr_on_common().
Allen-KH Cheng [Tue, 8 Nov 2022 10:40:27 +0000 (18:40 +0800)]
fix(mt8186): fix the DRAM voltage after the system resumes
The DRAM power supply must sustain at 0.8V after the system resumes.
Otherwise, unexpected errors would occur. Therefore, we update the
DRAM voltage to 0.8v in PMIC voltage wrap table.
For MT8188, MTK_AUDIO_SMC_OP_DOMAIN_SIDEBANDS is required for normal
mode switch.
- Add audio common code and chip specific code.
- Add new id (MTK_SIP_AUDIO_CONTROL) to mtk_sip_def.h.
- Enable for MT8188.
Juan Pablo Conde [Tue, 25 Oct 2022 23:41:02 +0000 (19:41 -0400)]
refactor(security): add OpenSSL 1.x compatibility
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
projects / arm-tf.git / log