GitLab

Currently sptool generates a single blob containing all the Secure
Partitions, with latest SPM implementation, it is desirable to have
individual blobs for each Secure Partition. It allows to leverage
packaging and parsing of SP on existing FIP framework. It also allows
SP packages coming from different sources.

This patch modifies sptool so that it takes number of SP payload pairs
as input and generates number of SP blobs instead of a single blob.

Each SP blob can optionally have its own header containing offsets and
sizes of different payloads along with a SP magic number and version.
It is also associated in FIP with a UUID, provided by SP owner.

Usage example:
sptool -i sp1.bin:sp1.dtb -o sp1.pkg -i sp2.bin:sp2.dtb -o sp2.pkg ...
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ie2db8e601fa1d4182d0a1d22e78e9533dce231bc

* changes:
  plat/arm: Add support for SEPARATE_NOBITS_REGION
  Changes necessary to support SEPARATE_NOBITS_REGION feature

This patch removes unnecessary header file includes
discovered by Coverity HFA option.

Change-Id: I2827c37c1c24866c87db0e206e681900545925d4
Signed-off-by: Zelalem <zelalem.aweke@arm.com>

CID 353228:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)

The checks on size and offset_address in get_entry always resolve to
false provided those fields are long long int and cannot be greater
than LONG_MAX.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I0fac485a39ac4a40ae8c0d25a706ad74c795e130

When Trusted Boot is enabled, images are loaded and authenticated
following up the root of trust. This means that between the initial
console message saying that an image is being loaded, and the final one
where it says that it failed to load it, BL2 may print several messages
about other images on the chain of trust being loaded, thus it is not
always clear which image we failed loading at the end of the day.

Change-Id: I3b189ec9d12c2a6203d16c8dbbb4fc117639c3c1
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

This patch adds 'fdtw_read_bytes' and 'fdtw_write_inplace_bytes'
functions for read/write array of bytes from/to a given property.
It also adds 'fdt_setprop_inplace_namelen_partial' to jmptbl.i
files for builds with USE_ROMLIB=1 option.

Change-Id: Ied7b5c8b38a0e21d508aa7bcf5893e656028b14d
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The current URL for QEMU_EFI.fd is not found. Update the link to
point to the new one.

If you run the shell command as instructed, you will see this error:
  qemu-system-aarch64: keep_bootcon: Could not open 'keep_bootcon': No such file or directory

The part "console=ttyAMA0,38400 keep_bootcon root=/dev/vda2" is the
kernel parameter, so it must be quoted.

As of writing, QEMU v4.2.0 is the latest, but it does not work for
TF-A (It has been fixed in the mainline.) QEMU v4.1.0 works fine.

With those issues addressed, I succeeded in booting the latest kernel.

Tested with QEMU v4.1.0 and Linux 5.5 (defconfig with no modification).
Update the tested versions.

Change-Id: Ic85db0e688d67b1803ff890047d37de3f3db2daa
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

* changes:
  Introduce COT build option
  cert_create: Remove references to TBBR in common code
  cert_create: Introduce COT build option
  cert_create: Introduce TBBR CoT makefile

Allows to select the chain of trust to use when the Trusted Boot feature
is enabled. This affects both the cert_create tool and the firmware
itself.

Right now, the only available CoT is TBBR.

Change-Id: I7ab54e66508a1416cb3fcd3dfb0f055696763b3d
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

In preparation of supporting alternate chains of trust, reword comments
and error messages that explicitly mentioned TBBR.

Change-Id: I85a0b08e16d0cd82f3b767fcc092d1f20f45939f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

It allows to select the desired chain of trust. Right now, only the TBBR
CoT is available.

At this stage, this build option only affects the tool itself. It is not
plugged into the rest of the build system yet. To use it:

 > make -C tools/cert_create COT=tbbr

Change-Id: I4484418f76d3c7b330d8653c978499a181534dcd
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Move all TBBR-specific stuff out of the tool's makefile into a
sub-makefile. This will make it easier to define and select an alternate
chain of trust in the future.

Change-Id: I92e366a1999b74cf51127d1771b64b807cd94b29
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Command to build HTML-formatted pages from docs:
make doc

Change-Id: I4103c804b3564fe67d8fc5a3373679daabf3f2e9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

This is based on the rpi implementation from
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/2746

.
Signed-off-by: Andrew Walbran <qwandor@google.com>
Change-Id: I5fe324fcd9d5e232091e01267ea12147c46bc9c1

* changes:
  qemu: Implement qemu_system_off via semihosting.
  qemu: Support ARM_LINUX_KERNEL_AS_BL33 to pass FDT address.

This patch enables uboot's spl entrypoint to BL31 and also handles
secondary cpus state during cold boot.
Signed-off-by: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Change-Id: Ib70ec91a3ad09a568cb66e7c1e23a2b3e460746c

This flag warns if anything is declared more than once in the same
scope, even in cases where multiple declaration is valid and changes
nothing.

Consequently, this patch also fixes the issues reported by this
flag. Consider the following two lines of code from two different source
files(bl_common.h and bl31_plat_setup.c):

IMPORT_SYM(uintptr_t, __RO_START__, BL_CODE_BASE);
IMPORT_SYM(unsigned long, __RO_START__, BL2_RO_BASE);

The IMPORT_SYM macro which actually imports a linker symbol as a C expression.
The macro defines the __RO_START__ as an extern variable twice, one for each
instance. __RO_START__ symbol is defined by the linker script to mark the start
of the Read-Only area of the memory map.

Essentially, the platform code redefines the linker symbol with a different
(relevant) name rather than using the standard symbol. A simple solution to
fix this issue in the platform code for redundant declarations warning is
to remove the second IMPORT_SYM and replace it with following assignment

static const unsigned long BL2_RO_BASE = BL_CODE_BASE;

Change-Id: If4835d1ee462d52b75e5afd2a59b64828707c5aa
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

This patch adds 'calc_hash' function using Mbed TLS library
required for Measured Boot support.

Change-Id: Ifc5aee0162d04db58ec6391e0726a526f29a52bb
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

The Secure Configuration Register is 64-bits in AArch64 and 32-bits in
AArch32. Use u_register_t instead of unsigned int to reflect this.

Change-Id: I51b69467baba36bf0cfaec2595dc8837b1566934
Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>

* changes:
  ti: k3: drivers: ti_sci: Put sequence number in coherent memory
  ti: k3: drivers: ti_sci: Remove indirect structure of const data
  ti: k3: common: Enable ARM cluster power down
  ti: k3: common: Rename device IDs to be more consistent

This patch enables the config to switch to the console provided
by the SPE firmware.

Change-Id: I5a3bed09ee1e84f958d0925501d1a79fb7f694de
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>

In order to support SEPARATE_NOBITS_REGION for Arm platforms, we need to load
BL31 PROGBITS into secure DRAM space and BL31 NOBITS into SRAM. Hence mandate
the build to require that ARM_BL31_IN_DRAM is enabled as well.

Naturally with SEPARATE_NOBITS_REGION enabled, the BL31 initialization code
cannot be reclaimed to be used for runtime data such as secondary cpu stacks.

Memory map for BL31 NOBITS region also has to be created.

Change-Id: Ibbc8c9499a32e63fd0957a6e254608fbf6fa90c9
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

Since BL31 PROGBITS and BL31 NOBITS sections are going to be
in non-adjacent memory regions, potentially far from each other,
some fixes are needed to support it completely.

1. adr instruction only allows computing the effective address
of a location only within 1MB range of the PC. However, adrp
instruction together with an add permits position independent
address of any location with 4GB range of PC.

2. Since BL31 _RW_END_ marks the end of BL31 image, care must be
taken that it is aligned to page size since we map this memory
region in BL31 using xlat_v2 lib utils which mandate alignment of
image size to page granularity.

Change-Id: I3451cc030d03cb2032db3cc088f0c0e2c84bffda
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

The current message sequence number is accessed both with caches on and
off so put this memory in the un-cached coherent section so accesses
are consistent and coherency is maintained.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Change-Id: Ieeefefeaffc691e4e4c4de7c74490d50ff9de807