Quentin Schulz [Mon, 14 Nov 2022 16:40:33 +0000 (17:40 +0100)]
fix(rockchip): align fdt buffer on 8 bytes
Since commit 94b2f94bd632 ("feat(libfdt): upgrade libfdt source files"),
8-byte alignment of the FDT address is enforced to follow the DT
standard.
Rockchip implementation of params_early_setup loads the FDT address as
passed by the bootloader into a buffer. This buffer is currently made of
uint8_t which means it is not 8-byte aligned and might result in
fdt_open_into failing.
Instead, let's make this buffer uint64_t to make it 8-byte aligned.
Okash Khawaja [Mon, 14 Nov 2022 12:50:30 +0000 (12:50 +0000)]
fix(cpus): update doc and check for plat_can_cmo
plat_can_cmo must not clobber x1 but the doc doesn't mention that. This
patch updates the doc to mention x1. It also adds check for plat_can_cmo
to `dcsw_op_louis` which was missed out in original patch.
Manish Pandey [Mon, 14 Nov 2022 13:11:55 +0000 (14:11 +0100)]
Merge changes from topic "stm32mp1-trusted-boot" into integration
* changes:
docs(st): update documentation for TRUSTED_BOARD_BOOT
fix(build): ensure that the correct rule is called for tools
feat(stm32mp1): add the platform specific build for tools
fix(stm32mp13-fdts): remove secure status
feat(stm32mp1-fdts): add CoT and fuse references for authentication
feat(stm32mp1): add a check on TRUSTED_BOARD_BOOT with secure chip
feat(stm32mp1): add the decryption support
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
feat(stm32mp1): update ROM code API for header v2 management
feat(stm32mp1): remove unused function from boot API
refactor(stm32mp1): remove authentication using STM32 image mode
fix(fconf): fix type error displaying disable_auth
feat(tbbr): increase PK_DER_LEN size
fix(auth): correct sign-compare warning
feat(auth): allow to verify PublicKey with platform format PK
feat(cert-create): update for ECDSA brainpoolP256r/t1 support
feat(stm32mp1): add RNG initialization in BL2 for STM32MP13
feat(st-crypto): remove BL32 HASH driver usage
feat(stm32mp1): add a stm32mp crypto library
feat(st-crypto): add STM32 RNG driver
feat(st-crypto): add AES decrypt/auth by SAES IP
feat(st-crypto): add ECDSA signature check with PKA
feat(st-crypto): update HASH for new hardware version used in STM32MP13
Lionel Debieve [Mon, 14 Nov 2022 10:05:09 +0000 (11:05 +0100)]
fix(build): ensure that the correct rule is called for tools
In case of platform specific usage for both fiptool or certtool,
we need to ensure that the Makefile will use the correct rule
to generate the binary. Add the explicit call to the "all" rule.
Lionel Debieve [Thu, 6 Oct 2022 06:51:32 +0000 (08:51 +0200)]
feat(stm32mp1-fdts): add CoT and fuse references for authentication
Add the stm32mp1 CoT description file. Include the TRUSTED_BOARD_BOOT
entry in the platform device tree file.
Add the missing public root key reference for stm32mp15 and the
encryption key reference for stm32mp13.
Lionel Debieve [Wed, 5 Oct 2022 14:47:03 +0000 (16:47 +0200)]
feat(stm32mp1): add the TRUSTED_BOARD_BOOT support
Add the support of the TRUSTED_BOARD_BOOT to authenticate the loaded
FIP using platform CoT management.
It adds TBB platform definition, redefining the standard image ID in
order to decrease requested size in BL2 binary.
Authentication will use mbedTLS library for parsing certificate
configured with a platform configuration.
Change-Id: I9da66b915c5e9e9293fccfce92bef2434da1e430 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Correct the warning due to comparison between signed and
unsigned variable.
drivers/auth/mbedtls/mbedtls_x509_parser.c: In function 'get_ext':
drivers/auth/mbedtls/mbedtls_x509_parser.c:120:30:
error: comparison of integer expressions of different
signedness: 'int' and 'size_t' {aka 'unsigned int'}
[-Werror=sign-compare]
120 | if ((oid_len == strlen(oid_str)) && !strcmp(oid, oid_str)) {
| ^~
Change-Id: Ic12527f5f92a34e925bee3047c168eacf5e99d8a Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
feat(auth): allow to verify PublicKey with platform format PK
In some platform the digest of the public key saved in the OTP is not
the digest of the exact same public key buffer needed to check the
signature. Typically, platform checks signature using the DER ROTPK
whereas some others add some related information. Add a new platform
weak function to transform the public key buffer used by
verify_signature to a platform specific public key.
Mark this new weak function as deprecated as it will be replaced
by another framework implementation.
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Manish Pandey [Mon, 14 Nov 2022 10:17:27 +0000 (11:17 +0100)]
Merge changes I5838964f,Id752c1cc,Idd42d5a2,Iff4680cd,I2b1801a7, ... into integration
* changes:
fix(mt8188): add mmap entry for CPU idle SRAM
fix(mt8188): refine gic init flow after system resume
fix(mt8186): fix the DRAM voltage after the system resumes
feat(mt8188): add audio support
refactor(mt8195): use ptp3 common drivers
feat(mt8188): add support for PTP3
feat(mt8188): enable MTK_PUBEVENT_ENABLE
Add code to be able to use STMicroelectronics SAES IP. This driver
can manage many AES algorithms (CBC, ECB, CCM, GCM). It will be used
by the authenticated decryption framework (AES-GCM only).
Change-Id: Ibd4030719fb12877dcecd5d2c395d13b4b15c260 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
feat(st-crypto): update HASH for new hardware version used in STM32MP13
Introduce new flag to manage hardware version.
STM32MP15 currently uses the HASH_V2 and STM32MP13 uses the HASH_V4.
For STM32_HASH_V4: remove MD5 algorithm (no more supported) and
add SHA384 and SHA512.
For STM32_HASH_V2: no change.
Change-Id: I3a9ae9e38249a2421c657232cb0877004d04dae1 Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com> Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Liju-Clr Chen [Fri, 11 Nov 2022 01:51:51 +0000 (09:51 +0800)]
fix(mt8188): add mmap entry for CPU idle SRAM
CPU PM driver accesses CPU idle SRAM during the system suspend
process. The region of CPU idle SRAM needs to be added as mmap entry.
Otherwise, the execption would occur.
BUG=b:244215539
TEST=Test of suspend resume passes.
James Liao [Fri, 23 Sep 2022 08:37:59 +0000 (16:37 +0800)]
fix(mt8188): refine gic init flow after system resume
Call gicv3_distif_init() instead of mt_gic_init() in
armv8_2_mcusys_pwr_on_common(). This is to prevent
gicv3_rdistif_init() and gicv3_cpuif_enable() from being called twice
in the power-on flow. gicv3_rdistif_init() and gicv3_cpuif_enable()
are called in later armv8_2_cpu_pwr_on_common().
Allen-KH Cheng [Tue, 8 Nov 2022 10:40:27 +0000 (18:40 +0800)]
fix(mt8186): fix the DRAM voltage after the system resumes
The DRAM power supply must sustain at 0.8V after the system resumes.
Otherwise, unexpected errors would occur. Therefore, we update the
DRAM voltage to 0.8v in PMIC voltage wrap table.
For MT8188, MTK_AUDIO_SMC_OP_DOMAIN_SIDEBANDS is required for normal
mode switch.
- Add audio common code and chip specific code.
- Add new id (MTK_SIP_AUDIO_CONTROL) to mtk_sip_def.h.
- Enable for MT8188.
Juan Pablo Conde [Tue, 25 Oct 2022 23:41:02 +0000 (19:41 -0400)]
refactor(security): add OpenSSL 1.x compatibility
When updated to work with OpenSSL 3.0, the host tools lost their
compatibility with previous versions (1.x) of OpenSSL. This is
mainly due to the fact that 1.x APIs became deprecated in 3.0 and
therefore their use cause compiling errors. In addition, updating
for a newer version of OpenSSL meant improving the stability
against security threats. However, although version 1.1.1 is
now deprecated, it still receives security updates, so it would
not imply major security issues to keep compatibility with it too.
This patch adds backwards compatibility with OpenSSL 1.x versions
by adding back 1.x API code. It defines a macro USING_OPENSSL3,
which will select the appropriate OpenSSL API version depending on
the OpenSSL library path chosen (which is determined by the
already-existing OPENSSL_DIR variable).
In addition, cleanup items were packed in functions and moved to
the proper modules in order to make the code more maintainable and
legible.
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I8deceb5e419edc73277792861882404790ccd33c
Boyan Karatotev [Wed, 26 Oct 2022 14:10:39 +0000 (15:10 +0100)]
fix(pmu): add sensible default for MDCR_EL2
When TF-A is set to save and restore EL2 registers it initially zeroes
all of them so that it does not leak any information. However,
MDCR_EL2.HPMN of 0 is poorly defined when FEAT_HPMN0 is not implemented.
Set it to its hardware reset value so that lower ELs don't inherit a
wrong value.
Arm has decided to deprecate the TC0 platform. The development of
software and fast models for TC0 platform has been discontinued.
TC0 platform has been superseded by the TC1 and TC2 platforms,
which are already supported in TF-A and CI repositories.
Change-Id: I0269816a6ee733f732669027eae4e14cd60b6084 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Govindraj Raja [Thu, 10 Nov 2022 15:27:35 +0000 (15:27 +0000)]
chore(docs): fix broken url references to arm procedure call
Couple for urls under section: `5.6. Use of built-in C and libc
data types` from docs has broken urls since the new arm procedure
call doc is moved to be part of `ARM-software/abi-aa`.
Change-Id: Ied184ed56c8335d4cbc687e56962439091a18e42 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Boyan Karatotev [Tue, 1 Nov 2022 11:22:12 +0000 (11:22 +0000)]
fix(cpus): workaround for Cortex-A77 erratum 2743100
Cortex-A77 erratum 2743100 is a Cat B erratum that applies to revisions
r0p0, r1p0, r1p1, and is still open. The workaround is to insert a dsb
before the isb in the power down sequence.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1152370/latest
Okash Khawaja [Fri, 4 Nov 2022 12:38:01 +0000 (12:38 +0000)]
feat(cpus): make cache ops conditional
When a core is in debug recovery mode its caches are not invalidated
upon reset, so the L1 and L2 cache contents from before reset are
observable after reset. Similarly, debug recovery mode of DynamIQ
cluster ensures that contents of the shared L3 cache are also not
invalidated upon transition to On mode.
Booting cores in debug recovery mode means booting with caches disabled
and preserving the caches until a point where software can dump the
caches and retrieve their contents. TF-A however unconditionally cleans
and invalidates caches at multiple points during boot. This can lead to
memory corruption as well as loss of cache contents to be used for
debugging.
This patch fixes this by calling a platform hook before performing CMOs
in helper routines in cache_helpers.S. The platform hook plat_can_cmo is
an assembly routine which must not clobber x2 and x3, and avoid using
stack. The whole checking is conditional upon `CONDITIONAL_CMO` which
can be set at compile time.
instead of it being lost in the middle of supported platform ports.
Regarding a), this gets moved under the "Processes & Policies" section.
More specifically, it gets clubbed with the existing platform
compatibility policy. The combined document gets renamed into a
"Platforms Ports Policy" document.
Manish Pandey [Wed, 2 Nov 2022 16:30:09 +0000 (16:30 +0000)]
docs: document do_panic() and panic() helper functions
panic() and do_panic() are widely used helper functions called when
encountering a critical failure that cannot be recovered from.
Document them in porting guide. Also, remove panic() documentation
from PSCI guide(where it is unused anyways).
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
- Remove mentions of Arm SGM-775 and MediaTek MT6795 platforms.
Both platform ports were deleted from TF-A source tree in the
last release (v2.7).
- Remove mention of Arm Morello platform, as it now has a dedicated
documentation page accessible from the table of contents
(see docs/plat/arm/morello/).
Manish Pandey [Mon, 10 Oct 2022 10:43:08 +0000 (11:43 +0100)]
fix(ras): restrict RAS support for NS world
Current RAS framework in TF-A only supports handling errors originating
from NS world but the HANDLE_EA_EL3_FIRST flag configures it for all
lower Els. To make the current design of RAS explicit, rename this macro
to HANDLE_EA_EL3_FIRST_NS and set EA bit in scr_el3 only when
switching to NS world.
Note: I am unaware of any platform which traps errors originating in
Secure world to EL3, if there is any such platform then it need to
be explicitly implemented in TF-A
Manish Pandey [Tue, 1 Nov 2022 16:16:55 +0000 (16:16 +0000)]
fix(debug): decouple "get_el_str()" from backtrace
get_el_str() was implemented under ENABLE_BACKTRACE macro but being
used at generic places too, this causes multiple definition of this
function.
Remove duplicate definition of this function and move it out of
backtrace scope. Also, this patch fixes a small bug where in default
case S-EL1 is returned which ideally should be EL1, as there is no
notion of security state in EL string.
Olivier Deprez [Tue, 11 Oct 2022 13:38:27 +0000 (15:38 +0200)]
feat: pass SMCCCv1.3 SVE hint bit to dispatchers
SMCCCv1.3 introduces the SVE hint bit added to the SMC FID (bit 16)
denoting that the world issuing an SMC doesn't expect the callee to
preserve the SVE state (FFR, predicates, Zn vector bits greater than
127). Update the generic SMC handler to copy the SVE hint bit state
to SMC flags and mask out the bit by default for the services called
by the standard dispatcher. It is permitted by the SMCCC standard to
ignore the bit as long as the SVE state is preserved. In any case a
callee must preserve the NEON state (FPCR/FPSR, Vn 128b vectors)
whichever the SVE hint bit state.
Manish Pandey [Tue, 11 Oct 2022 16:28:14 +0000 (17:28 +0100)]
fix(bl31): harden check in delegate_async_ea
Following hardening done around ESR_EL3 register usage
- Panic if exception is anyting other than SError
- AET bit is only valid if DFSC is 0x11, move DFSC check before AET.
Marc Bonnici [Tue, 18 Oct 2022 13:03:13 +0000 (14:03 +0100)]
fix(el3-spmc): check descriptor size for overflow
Ensure that the provided descriptor size used when reserving space
for a memory descriptor does not overflow to prevent scope for
memory corruption. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: If06985c4de9a88ff82ce60d10e346da948ed383f
Marc Bonnici [Tue, 18 Oct 2022 12:50:04 +0000 (13:50 +0100)]
fix(el3-spmc): fix detection of overlapping memory regions
The current logic does not cover all scenarios of overlapping
memory regions. Update the implementation to verify non-overlapping
regions instead. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I16c53d081e4455bc0e28399d28a1b27b1a9eb49c
Marc Bonnici [Tue, 18 Oct 2022 12:39:48 +0000 (13:39 +0100)]
fix(el3-spmc): fix incomplete reclaim validation
Ensure that the full memory transaction descriptor has been transmitted
before a request to reclaim the memory transaction is permitted.
This prevents any potential accesses to the incomplete descriptor.
Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I33e993c6b754632051e899ab20edd19b18b6cf65
This change updates the version of the Node Version Manager suggested by
the prerequisites documentation. The NVM installation command line hint
has been replaced with the snippet provided by NVM's user guide, and the
second line now automatically installs a version of Node.js compatible
with TF-A's repository scripts.
Change-Id: I6ef5e504118238716ceb45a52083450c424c5d20 Signed-off-by: Chris Kay <chris.kay@arm.com>
Olivier Deprez [Fri, 4 Nov 2022 09:47:54 +0000 (10:47 +0100)]
Merge changes from topic "hikey960-el3-spmc" into integration
* changes:
feat(hikey960): read serial number from UFS
feat(hikey960): add a FF-A logical partition
feat(hikey960): add memory sharing hooks for SPMC_AT_EL3
feat(hikey960): add plat-defines for SPMC_AT_EL3
feat(hikey960): define a datastore for SPMC_AT_EL3
feat(hikey960): add SP manifest for SPMC_AT_EL3
feat(hikey960): increase secure workspace to 64MB
feat(hikey960): upgrade to xlat_tables_v2
projects / arm-tf.git / log