Commits · 24902fae2427399901be96a594da0420a0c82a7e · adam.huang / Arm Trusted Firmware

09 Mar, 2020 10 commits

Tegra210: update the PMC blacklisted registers · 24902fae

kalyani chidambaram authored Jun 19, 2018



Update the list to include PMC registers that the NS world cannot
access even with smc calls.

Change-Id: I588179b56ebc0c29200b55e6d61535fd3a7a3b7e
Signed-off-by: kalyani chidambaram <kalyanic@nvidia.com>

24902fae

Tegra: disable CPUACTLR access from lower exception levels · b1481cff

Varun Wadekar authored Jun 07, 2018



This patch resets the macros to update the CPUACTLR_ELx to make
them generic for all exception levels.

Change-Id: I33e9b860efb543934b654a2f5d775135df7f1aa6
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

b1481cff

cpus: denver: fixup register used to store return address · e6c0da15

Kalyani Chidambaram authored Oct 08, 2018



The denver_enable_dco and denver_disable_dco use register X3 to store
the return address. But X3 gets over-written by other functions,
downstream.

This patch stores the return address to X18 instead, to fix this
anomaly.

Change-Id: Ic40bfc1d9abaa7b90348843b9ecd09521bb4ee7b
Signed-off-by: Kalyani Chidambaram <kalyanic@nvidia.com>

e6c0da15

Merge "aarch32: stop speculative execution past exception returns" into integration · efe30cb1
Mark Dykes authored Mar 09, 2020

efe30cb1

Merge changes from topic "tbbr/fw_enc" into integration · 091576e7

Sandrine Bailleux authored Mar 09, 2020

* changes:
  docs: qemu: Add instructions to boot using FIP image
  docs: Update docs with firmware encryption feature
  qemu: Support optional encryption of BL31 and BL32 images
  qemu: Update flash address map to keep FIP in secure FLASH0
  Makefile: Add support to optionally encrypt BL31 and BL32
  tools: Add firmware authenticated encryption tool
  TBB: Add an IO abstraction layer to load encrypted firmwares
  drivers: crypto: Add authenticated decryption framework

091576e7

docs: qemu: Add instructions to boot using FIP image · 4ebbea95

Sumit Garg authored Nov 15, 2019



Update qemu documentation with instructions to boot using FIP image.
Also, add option to build TF-A with TBBR and firmware encryption
enabled.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: Ib3af485d413cd595352034c82c2268d7f4cb120a

4ebbea95

docs: Update docs with firmware encryption feature · f97062a5

Sumit Garg authored Nov 15, 2019



Update documentation with optional firmware encryption feature.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I26691b18e1ee52a73090954260f26f2865c4e05a

f97062a5

Merge "fdts: a5ds: add ethernet node in devicetree" into integration · a3d0fa31
Manish Pandey authored Mar 09, 2020

a3d0fa31
Merge "uniphier: shrink UNIPHIER_ROM_REGION_SIZE" into integration · a1463c8e
Sandrine Bailleux authored Mar 09, 2020

a1463c8e
Merge "TSP: corrected log information" into integration · 366d95f9
Sandrine Bailleux authored Mar 09, 2020

366d95f9

06 Mar, 2020 10 commits

TSP: corrected log information · a16bc845

Manish Pandey authored Mar 06, 2020



In CPU resume function, CPU suspend count was printed instead of CPU
resume count.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I0c081dc03a4ccfb2129687f690667c5ceed00a5f

a16bc845

uniphier: shrink UNIPHIER_ROM_REGION_SIZE · 548654bc

Masahiro Yamada authored Mar 06, 2020



Currently, the ROM region is needlessly too large.

The on-chip SRAM region of the next SoC will start from 0x04000000,
and this will cause the region overlap.

Mapping 0x04000000 for the ROM is enough.

Change-Id: I85ce0bb1120ebff2e3bc7fd13dc0fd15dfff5ff6
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

548654bc

Merge "driver/arm/css: minor bug fix" into integration · 03ea84c3
Alexei Fedorov authored Mar 06, 2020

03ea84c3

qemu: Support optional encryption of BL31 and BL32 images · 51857762

Sumit Garg authored Nov 14, 2019



Enable encryption IO layer to be stacked above FIP IO layer for optional
encryption of Bl31 and BL32 images in case ENCRYPT_BL31 or ENCRYPT_BL32
build flag is set.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I24cba64728861e833abffc3d5d9807599c49feb6

51857762

qemu: Update flash address map to keep FIP in secure FLASH0 · a886bbec

Sumit Garg authored Nov 14, 2019



Secure FLASH0 memory map looks like:
- Offset: 0 to 256K -> bl1.bin
- Offset: 256K to 4.25M -> fip.bin

FLASH1 is normally used via UEFI/edk2 to keep varstore.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I6883f556c22d6a5d3fa3846c703bebc2abe36765

a886bbec

Makefile: Add support to optionally encrypt BL31 and BL32 · c6ba9b45

Sumit Garg authored Nov 14, 2019



Following build flags have been added to support optional firmware
encryption:

- FW_ENC_STATUS: Top level firmware's encryption numeric flag, values:
    0: Encryption is done with Secret Symmetric Key (SSK) which is
       common for a class of devices.
    1: Encryption is done with Binding Secret Symmetric Key (BSSK) which
       is unique per device.

- ENC_KEY: A 32-byte (256-bit) symmetric key in hex string format. It
    could be SSK or BSSK depending on FW_ENC_STATUS flag.

- ENC_NONCE: A 12-byte (96-bit) encryption nonce or Initialization Vector
    (IV) in hex string format.

- ENCRYPT_BL31: Binary flag to enable encryption of BL31 firmware.

- ENCRYPT_BL32: Binary flag to enable encryption of Secure BL32 payload.

Similar flags can be added to encrypt other firmwares as well depending
on use-cases.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I94374d6830ad5908df557f63823e58383d8ad670

c6ba9b45

tools: Add firmware authenticated encryption tool · 90aa901f

Sumit Garg authored Nov 11, 2019

Add firmware authenticated encryption tool which utilizes OpenSSL
library to encrypt firmwares using a key provided via cmdline. Currently
this tool supports AES-GCM as an authenticated encryption algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I60e296af1b98f1912a19d5f91066be7ea85836e4

90aa901f

TBB: Add an IO abstraction layer to load encrypted firmwares · 2be57b86

Sumit Garg authored Nov 15, 2019



TBBR spec advocates for optional encryption of firmwares (see optional
requirement: R060_TBBR_FUNCTION). So add an IO abstaction layer to
support firmware decryption that can be stacked above any underlying IO/
packaging layer like FIP etc. It aims to provide a framework to load any
encrypted IO payload.

Also, add plat_get_enc_key_info() to be implemented in a platform
specific manner as handling of encryption key may vary from one platform
to another.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I9892e0ddf00ebecb8981301dbfa41ea23e078b03

2be57b86

drivers: crypto: Add authenticated decryption framework · 7cda17bb

Sumit Garg authored Nov 15, 2019



Add framework for autheticated decryption of data. Currently this
patch optionally imports mbedtls library as a backend if build option
"DECRYPTION_SUPPORT = aes_gcm" is set to perform authenticated decryption
using AES-GCM algorithm.
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Change-Id: I2966f0e79033151012bf4ffc66f484cd949e7271

7cda17bb

Merge changes from topic "spmd-sel2" into integration · d95f7a72

Olivier Deprez authored Mar 06, 2020

* changes:
  SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
  SPMD: smc handler qualify secure origin using booleans
  SPMD: SPMC init, SMC handler cosmetic changes
  SPMD: [tegra] rename el1_sys_regs structure to sys_regs
  SPMD: Adds partially supported EL2 registers.
  SPMD: save/restore EL2 system registers.

d95f7a72

05 Mar, 2020 5 commits

Merge changes from topic "console_t_drvdata_fix" into integration · ac56d008

Manish Pandey authored Mar 05, 2020

* changes:
  imx: console: Use CONSOLE_T_BASE for UART base address
  Tegra: spe: use CONSOLE_T_BASE to save MMIO base address

ac56d008

driver/arm/css: minor bug fix · cc7f89de

Manish Pandey authored Mar 03, 2020

The cpu index was wrongly checked causing it to assert always.
Since this code path is exercised only during TF test "NODE_HW_STAT",
which queries Power state from SCP, this bug was not detected earlier.

Change-Id: Ia25cef4c0aa23ed08092df39134937a2601c21ac
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

cc7f89de

imx: console: Use CONSOLE_T_BASE for UART base address · 6627de53

Andre Przywara authored Mar 05, 2020

Since commit ac71344e

 we have the UART base address in the generic
console_t structure. For most platforms the platform-specific struct
console is gone, so we *must* use the embedded base address, since there
is no storage behind the generic console_t anymore.

Replace the usage of CONSOLE_T_DRVDATA with CONSOLE_T_BASE to fix this.

Change-Id: I6d2ab0bc2c845c71f98b9dd64d89eef3252f4591
Reported-by: Varun Wadekar <vwadekar@nvidia.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

6627de53

Tegra: spe: use CONSOLE_T_BASE to save MMIO base address · 9e7e9867

Varun Wadekar authored Mar 04, 2020

Commit ac71344e

 moved the base address
for the MMIO aperture of the console inside the console_t struct. As
a result, the driver should now save the MMIO base address to console_t
at offset marked by the CONSOLE_T_BASE macro.

This patch updates the SPE console driver to use the CONSOLE_T_BASE macro
to save/access the MMIO base address.
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Change-Id: I42afc2608372687832932269108ed642f218fd40

9e7e9867

Merge changes from topic "sp_loading" into integration · 801c3ece

Olivier Deprez authored Mar 05, 2020

* changes:
  SPMD: loading Secure Partition payloads
  fvp: add Cactus/Ivy Secure Partition information
  fconf: Add Secure Partitions information as property

801c3ece

04 Mar, 2020 2 commits

fdts: a5ds: add ethernet node in devicetree · c84cbf41

Vishnu Banavath authored Mar 04, 2020



This change is to add ethernet and voltage regulator nodes into
a5ds devicetree.

Change-Id: If9ed67040d54e76af1813c9f99835f51f617e9df
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>

c84cbf41

SPMD: loading Secure Partition payloads · cb3b5344

Manish Pandey authored Feb 25, 2020



This patch implements loading of Secure Partition packages using
existing framework of loading other bl images.

The current framework uses a statically defined array to store all the
possible image types and at run time generates a link list and traverse
through it to load different images.

To load SPs, a new array of fixed size is introduced which will be
dynamically populated based on number of SPs available in the system
and it will be appended to the loadable images list.

Change-Id: I8309f63595f2a71b28a73b922d20ccba9c4f6ae4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

cb3b5344

03 Mar, 2020 8 commits

Merge "Update pathnames in maintainers.rst file" into integration · 6e46981f
Sandrine Bailleux authored Mar 03, 2020

6e46981f

SPMD: add command line parameter to run SPM at S-EL2 or S-EL1 · 033039f8

Max Shvetsov authored Feb 25, 2020



Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.

Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

033039f8

SPMD: smc handler qualify secure origin using booleans · 93ff138b

Olivier Deprez authored Dec 23, 2019



Change-Id: Icc8f73660453a2cbb2241583684b615d5d1af9d4
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>

93ff138b

SPMD: SPMC init, SMC handler cosmetic changes · 0f14d02f

Max Shvetsov authored Feb 27, 2020



Change-Id: I8881d489994aea667e3dd59932ab4123f511d6ba
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

0f14d02f

SPMD: [tegra] rename el1_sys_regs structure to sys_regs · e0f924a5

Max Shvetsov authored Jan 24, 2020



Renamed the structure according to a SPMD refactoring
introduced in <c585d07aa> since this structure is used
to service both EL1 and EL2 as opposed to serving only EL1.

Change-Id: I23b7c089e53f617157a4b4e6443acce50d85c3b5
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

e0f924a5

SPMD: Adds partially supported EL2 registers. · 2825946e

Max Shvetsov authored Feb 17, 2020



This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.

Note: Following registers are still not covered in save/restore.
 * AMEVCNTVOFF0<n>_EL2
 * AMEVCNTVOFF1<n>_EL2
 * ICH_AP0R<n>_EL2
 * ICH_AP1R<n>_EL2
 * ICH_LR<n>_EL2

Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

2825946e

fvp: add Cactus/Ivy Secure Partition information · 8f066f61

Manish Pandey authored Feb 18, 2020



Add load address and UUID in fw config dts for Cactus and Ivy which are
example SP's in tf-test repository.

For prototype purpose these information is added manually but later on
it will be updated at compile time from SP layout file and SP manifests
provided by platform.

Change-Id: I41f485e0245d882c7b514bad41fae34036597ce4
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

8f066f61

fconf: Add Secure Partitions information as property · 7cd64d19

Olivier Deprez authored Jan 23, 2020



Use the firmware configuration framework to retrieve information about
Secure Partitions to facilitate loading them into memory.

To load a SP image we need UUID look-up into FIP and the load address
where it needs to be loaded in memory.

This patch introduces a SP populator function which gets UUID and load
address from firmware config device tree and updates its C data
structure.

Change-Id: I17faec41803df9a76712dcc8b67cadb1c9daf8cd
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

7cd64d19

02 Mar, 2020 3 commits

Merge "doc: Fix variables names in TBBR CoT documentation" into integration · d83f3e5d
Sandrine Bailleux authored Mar 02, 2020

d83f3e5d

doc: Fix variables names in TBBR CoT documentation · 51d4e227

Sandrine Bailleux authored Mar 02, 2020

In commit 516beb58

 ("TBB: apply TBBR naming
convention to certificates and extensions"), some of the variables used in the
TBBR chain of trust got renamed but the documentation did not get properly
updated everywhere to reflect these changes.

Change-Id: Ie8e2146882c2d3538c5b8c968d1bdaf5ea2a6e53
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

51d4e227

SPMD: save/restore EL2 system registers. · 28f39f02

Max Shvetsov authored Feb 25, 2020



NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>

28f39f02

01 Mar, 2020 1 commit

aarch32: stop speculative execution past exception returns · 6bc24382

Madhukar Pappireddy authored Feb 26, 2020

aarch32 CPUs speculatively execute instructions following a
ERET as if it was not a jump instruction. This could lead to
cache-based side channel vulnerabilities. The software fix is
to place barrier instructions following ERET.

The counterpart patch for aarch64 is merged:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=f461fe346b728d0e88142fd7b8f2816415af18bc

Change-Id: I2aa3105bee0b92238f389830b3a3b8650f33af3d
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

6bc24382

28 Feb, 2020 1 commit

Merge changes I75f6d135,I4add470e,I0ecd3a2b,I67a63d73 into integration · 24038137

Manish Pandey authored Feb 28, 2020

* changes:
  board/rddaniel: intialize tzc400 controllers
  plat/arm/tzc: add support to configure multiple tzc400
  plat/arm: allow boards to specify second DRAM Base address
  plat/arm: allow boards to define PLAT_ARM_TZC_FILTERS

24038137