* changes:
feat(synquacer): add FWU Multi Bank Update support
feat(synquacer): add TBBR support
feat(synquacer): add BL2 support
refactor(synquacer): move common source files
Jassi Brar [Mon, 23 May 2022 18:16:01 +0000 (13:16 -0500)]
feat(synquacer): add FWU Multi Bank Update support
Add FWU Multi Bank Update support. This reads the platform metadata
and update the FIP base address so that BL2 can load correct BL3X
based on the boot index.
Define the MBEDTLS_CHECK_RETURN_WARNING macro in mbedTLS configuration
file to get compile-time warnings for mbedTLS functions we call and do
not check the return value of. Right now, this does not flag anything
but it could help catching bugs in the future.
This was a new feature introduced in mbed TLS 2.28.0 release.
Manish Pandey [Fri, 24 Jun 2022 10:44:06 +0000 (12:44 +0200)]
Merge changes from topic "lw/cca_cot" into integration
* changes:
feat(arm): retrieve the right ROTPK for cca
feat(arm): add support for cca CoT
feat(arm): provide some swd rotpk files
build(tbbr): drive cert_create changes for cca CoT
refactor(arm): add cca CoT certificates to fconf
feat(fiptool): add cca, core_swd, plat cert in FIP
feat(cert_create): define the cca chain of trust
feat(cca): introduce new "cca" chain of trust
build(changelog): add new scope for CCA
refactor(fvp): increase bl2 size when bl31 in DRAM
Yann Gautier [Mon, 20 Jun 2022 09:43:17 +0000 (11:43 +0200)]
feat(stm32mp1): optionally use paged OP-TEE
STM32MP13 can encrypt the DDR. OP-TEE is then fully in DDR, and there
is no need for paged image on STM32MP13. The management of the paged
OP-TEE is made conditional, and will be kept only for STM32MP15.
Yann Gautier [Mon, 20 Jun 2022 09:24:22 +0000 (11:24 +0200)]
feat(optee): check paged_image_info
For OP-TEE without pager, the paged image may not be present in OP-TEE
header. We could then pass NULL for paged_image_info to the function
parse_optee_header(). It avoids creating a useless struct for that
non existing image. But we should then avoid assigning header_ep args
that depend on paged_image_info.
Yann Gautier [Tue, 21 Jun 2022 13:12:27 +0000 (15:12 +0200)]
fix(st-clock): correctly check ready bit
The function clk_oscillator_wait_ready() was wrongly checking the set
bit and not the ready bit. Correct that by using osc_data->gate_rdy_id
when calling _clk_stm32_gate_wait_ready().
Nishant Sharma [Tue, 30 Nov 2021 09:31:48 +0000 (09:31 +0000)]
feat(plat/arm/sgi): read isolated cpu mpid list from sds
Add support to read the list of isolated CPUs from SDS and publish this
list via the non-trusted firmware configuration file for the next stages
of boot software to use.
Isolated CPUs are those that are not to be used on the platform for
various reasons. The isolated CPU list is an array of MPID values of the
CPUs that have to be isolated.
Manish Pandey [Tue, 21 Jun 2022 12:11:47 +0000 (14:11 +0200)]
Merge changes from topic "mb/gic600-errata" into integration
* changes:
refactor(arm): update BL2 base address
refactor(nxp): use DPG0 mask from Arm GICv3 header
fix(gic600): implement workaround to forward highest priority interrupt
Nishant Sharma [Tue, 30 Nov 2021 09:38:46 +0000 (09:38 +0000)]
feat(board/rdn2): add a new 'isolated-cpu-list' property
Add a new property named 'isolated-cpu-list' to list the CPUs that are
to be isolated and not used by the platform. The data represented by
this property is formatted as below.
strutct isolated_cpu_mpid_list {
uint64_t count;
uint64_t mpid_list[MAX Number of PE];
}
Also, the property is pre-initialized to 0 to reserve space for the
property in the dtb. The data for this property is read from SDS and
updated during boot. The number of entries in this list is equal to the
maximum number of PEs present on the platform.
Manish Pandey [Tue, 21 Jun 2022 10:42:08 +0000 (12:42 +0200)]
Merge changes from topic "uart_segregation_v2" into integration
* changes:
feat(sgi): add page table translation entry for secure uart
feat(sgi): route TF-A logs via secure uart
feat(sgi): deviate from arm css common uart related definitions
Firmware buffer has already been mapped when loading 1D firmware,
so the same buffer address will be re-mapped when loading 2D
firmware. Move the buffer mapping to be out of load_fw().
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: Idb29d504bc482a1e7ca58bc51bec09ffe6068324
Rohit Mathew [Mon, 13 Dec 2021 15:40:25 +0000 (15:40 +0000)]
feat(sgi): route TF-A logs via secure uart
Route the boot, runtime and crash stage logs via secure UART port
instead of the existing use of non-secure UART. This aligns with the
security state the PE is in when logs are put out. In addition to this,
this allows consolidation of the UART related macros across all the
variants of the Neoverse reference design platforms.
Rohit Mathew [Mon, 13 Dec 2021 13:50:15 +0000 (13:50 +0000)]
feat(sgi): deviate from arm css common uart related definitions
The Neoverse reference design platforms will migrate to use different
set of secure and non-secure UART ports. This implies that the board
specific macros defined in the common Arm platform code will no longer
be usable for Neoverse reference design platforms.
In preparation for migrating to a different set of UART ports, add a
Neoverse reference design platform specific copy of the board
definitions. The value of these definitions will be changed in
subsequent patches.
fix(measured-boot): clear the entire digest array of Startup Locality event
According to TCG PC Client Platform Firmware Profile Specification
(Section 10.2.2, TCG_PCR_EVENT2 Structure, and 10.4.5 EV_NO_ACTION Event
Types), all EV_NO_ACTION events shall set TCG_PCR_EVENT2.digests to all
0x00's for each allocated Hash algorithm.
Right now, this is not enforced. Only part of the buffer is zeroed due
to the wrong macro being used for the size of the buffer in the clearing
operation (TPM_ALG_ID instead of TCG_DIGEST_SIZE). This could confuse
a TPM event log parser.
Also, add an assertion to ensure that the Event Log size is large enough
before writing the Event Log header.
Change-Id: I6d4bc3fb28fd10c227e33c8c7bb4a40b08c3fd5e Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
laurenw-arm [Tue, 31 May 2022 21:39:09 +0000 (16:39 -0500)]
refactor(measured-boot): mb algorithm selection
With RSS now introduced, we have 2 Measured Boot backends. Both backends
can be used in the same firmware build with potentially different hash
algorithms, so now there can be more than one hash algorithm in a build.
Therefore the logic for selecting the measured boot hash algorithm needs
to be updated and the coordination of algorithm selection added. This is
done by:
- Adding MBOOT_EL_HASH_ALG for Event Log to define the hash algorithm
to replace TPM_HASH_ALG, removing reference to TPM.
- Adding MBOOT_RSS_HASH_ALG for RSS to define the hash algorithm to
replace TPM_HASH_ALG.
- Coordinating MBOOT_EL_HASH_ALG and MBOOT_RSS_HASH_ALG to define the
Measured Boot configuration macros through defining
TF_MBEDTLS_MBOOT_USE_SHA512 to pull in SHA-512 support if either
backend requires a stronger algorithm than SHA-256.
Bipin Ravi [Wed, 8 Jun 2022 20:27:00 +0000 (15:27 -0500)]
fix(errata): workaround for Cortex-A77 erratum 2356587
Cortex-A77 erratum 2356587 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I243cfd587bca06ffd2a7be5bce28f8d2c5e68230
Bipin Ravi [Tue, 14 Jun 2022 22:09:23 +0000 (17:09 -0500)]
fix(errata): workaround for Neoverse-V1 erratum 2372203
Neoverse-V1 erratum 2372203 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[40] of
CPUACTLR2_EL1 to disable folding of demand requests into older
prefetches with L2 miss requests outstanding.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ice8c2e5a0152972a35219c8245a2e07e646d0557
fix(measured-boot): fix verbosity level of RSS digests traces
Most traces displayed by log_measurement() use the INFO verbosity
level. Only the digests are unconditionally printed, regardless of
the verbosity level. As a result, when the verbosity level is set
lower than INFO (typically in release mode), only the digests are
printed, which look weird and out of context.
fix(gic600): implement workaround to forward highest priority interrupt
If the interrupt being targeted is released from the CPU before the
CLEAR command is sent to the CPU then a subsequent SET command may not
be delivered in a finite time. To workaround this, issue an unblocking
event by toggling GICR_CTLR.DPG* bits after clearing the cpu group
enable (EnableGrp* bits of GIC CPU interface register)
This fix is implemented as per the errata 2384374-part 2 workaround
mentioned here:
https://developer.arm.com/documentation/sden892601/latest/
Change-Id: I13926ceeb7740fa4c05cc5b43170e7ce49598f70 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Michal Simek [Wed, 15 Jun 2022 12:19:56 +0000 (14:19 +0200)]
fix(zynqmp): move bl31 with DEBUG=1 back to OCM
By default placing bl31 to addrexx 0x1000 is not good. Because this
location is used by U-Boot SPL. That's why move TF-A back to OCM where it
should be placed. BL31_BASE address exactly matches which requested address
for U-BOOT SPL boot flow.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Change-Id: I608c1b88baffec538c6ae528f057820e34971c4c
The cca chain of trust involves 3 root-of-trust public keys:
- The CCA components ROTPK.
- The platform owner ROTPK (PROTPK).
- The secure world ROTPK (SWD_ROTPK).
Use the cookie argument as a key ID for plat_get_rotpk_info() to return
the appropriate one.
When using the new cca chain of trust, a new root of trust key is needed
to authenticate the images belonging to the secure world. Provide a
development one to deploy this on Arm platforms.
This chain of trust is targeted at Arm CCA solutions and defines 3
independent signing domains:
1) CCA signing domain. The Arm CCA Security Model (Arm DEN-0096.A.a) [1]
refers to the CCA signing domain as the provider of CCA components
running on the CCA platform. The CCA signing domain might be independent
from other signing domains providing other firmware blobs.
The CCA platform is a collective term used to identify all hardware and
firmware components involved in delivering the CCA security guarantee.
Hence, all hardware and firmware components on a CCA enabled system that
a Realm is required to trust.
In the context of TF-A, this corresponds to BL1, BL2, BL31, RMM and
associated configuration files.
The CCA signing domain is rooted in the Silicon ROTPK, just as in the
TBBR CoT.
2) Non-CCA Secure World signing domain. This includes SPMC (and
associated configuration file) as the expected BL32 image as well as
SiP-owned secure partitions. It is rooted in a new SiP-owned key called
Secure World ROTPK, or SWD_ROTPK for short.
3) Platform owner signing domain. This includes BL33 (and associated
configuration file) and the platform owner's secure partitions. It is
rooted in the Platform ROTPK, or PROTPK.
Bipin Ravi [Wed, 8 Jun 2022 21:28:46 +0000 (16:28 -0500)]
fix(errata): workaround for Neoverse-V1 erratum 2294912
Neoverse-V1 erratum 2294912 is a cat B erratum that applies to revisions
r0p0 - r1p1 and is still open. The workaround is to set bit[0] of
CPUACTLR2_EL1 to force PLDW/PFRM ST to behave like PLD/PRFM LD and not
cause invalidations to other PE caches.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401781/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: Ia7afb4c42fe66b36fdf38a7d4281a0d168f68354
refactor(context mgmt): refactor EL2 context save and restore functions
This patch splits the el2_sysregs_context_save/restore functions
into multiple functions based on features. This will allow us to
selectively save and restore EL2 context registers based on
features enabled for a particular configuration.
For now feature build flags are used to decide which registers
to save and restore. The long term plan is to dynamically check
for features that are enabled and then save/restore registers
accordingly. Splitting el2_sysregs_context_save/restore functions
into smaller assembly functions makes that task easier. For more
information please take a look at:
https://trustedfirmware-a.readthedocs.io/en/latest/design_documents/context_mgmt_rework.html
Replay-protected memory block access is enabled by writing 0x3
to PARTITION_ACCESS (bit[2:0]). Instead the driver is using the
first boot partition, which does not provide any playback protection.
Additionally, it unconditionally activates the first boot partition,
potentially breaking boot for SoCs that consult boot partitions,
require boot ack or downgrading to an old bootloader if the first
partition happens to be the inactive one.
Also, neither enabling or disabling the RPMB observes the
PARTITION_SWITCH_TIME. As there are no in-tree users for these
functions, drop them for now until a properly functional implementation
is added. That one will likely share most code with the existing boot
partition switch, which doesn't suffer from the described issues.
Change-Id: Ia4a3f738f60a0dbcc33782f868cfbb1e1c5b664a Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Merge changes from topic "stm32mp-emmc-boot-fip" into integration
* changes:
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
refactor(mmc): replace magic value with new PART_CFG_BOOT_PARTITION_NO_ACCESS
refactor(mmc): export user/boot partition switch functions
Yann Gautier [Fri, 11 Mar 2022 13:18:13 +0000 (14:18 +0100)]
feat(st): search pinctrl node by compatible
Instead of searching pinctrl node with its name, search with its
compatible. This will be necessary before pin-controller name changes
to pinctrl due to kernel yaml changes.
feat(trbe): add trbe under feature detection mechanism
This change adds "FEAT_TRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, containing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_TRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
feat(brbe): add brbe under feature detection mechanism
This change adds "FEAT_BRBE" to be part of feature detection mechanism.
Previously feature enablement flags were of boolean type, possessing
either 0 or 1. With the introduction of feature detection procedure
we now support three states for feature enablement build flags(0 to 2).
Accordingly, "ENABLE_BRBE_FOR_NS" flag is now modified from boolean
to numeric type to align with the feature detection.
Ahmad Fatoum [Thu, 19 May 2022 05:42:33 +0000 (07:42 +0200)]
feat(stm32mp1): extend STM32MP_EMMC_BOOT support to FIP format
STM32MP_EMMC_BOOT allowed placing SSBL into the eMMC boot
partition along with FSBL. This allows atomic update of both
FSBL and SSBL at the same time. Previously, this was only
possible for the FSBL, as the eMMC layout expected by TF-A
had a single SSBL GPT partition in the eMMC user area.
TEE binaries remained in dedicated GPT partitions whether
STM32MP_EMMC_BOOT was on or off.
The new FIP format collects SSBL and TEE partitions into
a single binary placed into a GPT partition.
Extend STM32MP_EMMC_BOOT, so eMMC-booted TF-A first uses
a FIP image placed at offset 256K into the active eMMC boot
partition. If no FIP magic is detected at that offset or if
STM32MP_EMMC_BOOT is disabled, the GPT on the eMMC user area
will be consulted as before.
This allows power fail-safe update of all firmware using the
built-in eMMC boot selector mechanism, provided it fits into
the boot partition - SZ_256K. SZ_256K was chosen because it's
the same offset used with the legacy format and because it's
the size of the on-chip SRAM, where the STM32MP15x BootROM
loads TF-A into. As such, TF-A may not exceed this size limit
for existing SoCs.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Id7bec45652b3a289ca632d38d4b51316c5efdf8d
At the moment, mmc_boot_part_read_blocks() takes care to switch
to the boot partition before transfer and back afterwards.
This can introduce large overhead when reading small chunks.
Give consumers of the API more control by exporting
mmc_part_switch_current_boot() and mmc_part_switch_user().
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
Change-Id: Ib641f188071bb8e0196f4af495ec9ad4a292284f
Yann Gautier [Wed, 1 Jun 2022 16:17:43 +0000 (18:17 +0200)]
build(changelog): add stm32mp13 and stm32mp15 scopes
The STM32MP1 series includes STM32MP13 and STM32MP15. As some features
may be dedicated to one SoC variant, add the 2 entries in the scopes
list.
While at it, correct the title for STM32MP1.
Ahmad Fatoum [Thu, 2 Jun 2022 04:28:31 +0000 (06:28 +0200)]
fix(stm32mp1): fdts: stm32mp1: align DDR regulators with new driver
With recent changes, TF-A now panics on MC-1, Avenger96 and Odyssey:
NOTICE: CPU: STM32MP157C?? Rev.B
NOTICE: Model: Linux Automation MC-1 board
ERROR: regul ldo3: max value 750 is invalid
PANIC at PC : 0x2ffeebb7
as the driver takes great offense at the content of the device
tree. The parts in question were copy-pasted from ST DTs, but
those ST DTs were fixed by commit 67d95409baae
("refactor(stm32mp1-fdts): update regulator description").
Fix the breakage by transplanting the same changes into all
remaining STM32MP1 DTs.
Change was boot-tested on MC-1, but only build tested for the
other two.
Olivier Deprez [Thu, 12 May 2022 16:17:05 +0000 (18:17 +0200)]
docs(spm): update FF-A manifest binding
- Add security state attribute to memory and device regions.
- Rename device region reg attribution to base-address aligned with
memory regions.
- Add pages-count field to device regions.
- Refresh interrupt attributes description in device regions.
docs(threat-model): broaden the scope of threat #05
- Cite crash reports as an example of sensitive
information. Previously, it might have sounded like this was the
focus of the threat.
- Warn about logging high-precision timing information, as well as
conditionally logging (potentially nonsensitive) information
depending on sensitive information.
docs(threat-model): emphasize whether mitigations are implemented
For each threat, we now separate:
- how to mitigate against it;
- whether TF-A currently implements these mitigations.
A new "Mitigations implemented?" box is added to each threat to
provide the implementation status. For threats that are partially
mitigated from platform code, the original text is improved to make
these expectations clearer. The hope is that platform integrators will
have an easier time identifying what they need to carefully implement
in order to follow the security recommendations from the threat model.
projects / arm-tf.git / log