1. 26 Jun, 2020 1 commit
  2. 24 Jun, 2020 1 commit
    • Manish V Badarkhe's avatar
      plat/arm: Rentroduce tb_fw_config device tree · 3cb84a54
      Manish V Badarkhe authored
      
      
      Moved BL2 configuration nodes from fw_config to newly
      created tb_fw_config device tree.
      
      fw_config device tree's main usage is to hold properties shared
      across all BLx images.
      An example is the "dtb-registry" node, which contains the
      information about the other device tree configurations
      (load-address, size).
      
      Also, Updated load-address of tb_fw_config which is now located
      after fw_config in SRAM.
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      Change-Id: Ic398c86a4d822dacd55b5e25fd41d4fe3888d79a
      3cb84a54
  3. 09 Jun, 2020 1 commit
    • Manish Pandey's avatar
      dualroot: add chain of trust for secure partitions · 44f1aa8e
      Manish Pandey authored
      
      
      A new certificate "sip-sp-cert" has been added for Silicon Provider(SiP)
      owned Secure Partitions(SP). A similar support for Platform owned SP can
      be added in future. The certificate is also protected against anti-
      rollback using the trusted Non-Volatile counter.
      
      To avoid deviating from TBBR spec, support for SP CoT is only provided
      in dualroot.
      Secure Partition content certificate is assigned image ID 31 and SP
      images follows after it.
      
      The CoT for secure partition look like below.
      +------------------+       +-------------------+
      | ROTPK/ROTPK Hash |------>| Trusted Key       |
      +------------------+       | Certificate       |
                                 | (Auth Image)      |
                                /+-------------------+
                               /                   |
                              /                    |
                             /                     |
                            /                      |
                           L                       v
      +------------------+       +-------------------+
      | Trusted World    |------>| SiP owned SPs     |
      | Public Key       |       | Content Cert      |
      +------------------+       | (Auth Image)      |
                              /   +-------------------+
                             /                      |
                            /                      v|
      +------------------+ L     +-------------------+
      | SP_PKG1 Hash     |------>| SP_PKG1           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
              .                           .
              .                           .
              .                           .
      +------------------+       +-------------------+
      | SP_PKG8 Hash     |------>| SP_PKG8           |
      |                  |       | (Data Image)      |
      +------------------+       +-------------------+
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Ia31546bac1327a3e0b5d37e8b99c808442d5e53f
      44f1aa8e
  4. 08 Jun, 2020 1 commit
    • Manish Pandey's avatar
      plat/arm: do not include export header directly · 81de5bf7
      Manish Pandey authored
      
      
      As per "include/export/README", TF-A code should never include export
      headers directly. Instead, it should include a wrapper header that
      ensures the export header is included in the right manner.
      
      "tbbr_img_def_exp.h" is directly included in TF-A code, this patch
      replaces it with its  wrapper header "tbbr_img_def.h".
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: I31c1a42e6a7bcac4c396bb17e8548567ecd8147d
      81de5bf7
  5. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored
      
      
      SPCI is renamed as PSA FF-A which stands for Platform Security
      Architecture Firmware Framework for A class processors.
      This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
      or simply FFA(in code).
      
      Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  6. 30 Apr, 2020 1 commit
  7. 23 Apr, 2020 1 commit
  8. 25 Mar, 2020 1 commit
  9. 19 Mar, 2020 2 commits
    • Manish Pandey's avatar
      fvp: use two instances of Cactus at S-EL1 · 161dbc43
      Manish Pandey authored
      
      
      To demonstrate communication between SP's two instances of Cactus at
      S-EL1 has been used.
      This patch replaces Ivy SP with cactus-secondary SP which aligns with
      changes in tf-a-tests repository.
      Signed-off-by: default avatarManish Pandey <manish.pandey2@arm.com>
      Change-Id: Iee84f1f7f023b7c4f23fbc13682a42614a7f3707
      161dbc43
    • Olivier Deprez's avatar
      spmc: manifest changes to support two sample cactus secure partitions · 3d5ed6de
      Olivier Deprez authored
      
      
      When using the SPM Dispatcher, the SPMC sits as a BL32 component
      (BL32_IMAGE_ID). The SPMC manifest is passed as the TOS fw config
      component (TOS_FW_CONFIG_ID). It defines platform specific attributes
      (memory range and physical CPU layout) as well as the attributes for
      each secure partition (mostly load address). This manifest is passed
      to the SPMC on boot up. An SP package contains the SP dtb in the SPCI
      defined partition manifest format. As the SPMC manifest was enriched
      it needs an increase of tos_fw-config max-size in fvp_fw_config dts.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: Ia1dce00c6c4cbaa118fa56617980d32e2956a94e
      3d5ed6de
  10. 16 Mar, 2020 1 commit
    • Louis Mayencourt's avatar
      fconf: Clean Arm IO · a6de824f
      Louis Mayencourt authored
      
      
      Merge the previously introduced arm_fconf_io_storage into arm_io_storage. This
      removes the duplicate io_policies and functions definition.
      
      This patch:
      - replace arm_io_storage.c with the content of arm_fconf_io_storage.c
      - rename the USE_FCONF_BASED_IO option into ARM_IO_IN_DTB.
      - use the ARM_IO_IN_DTB option to compile out io_policies moved in dtb.
      - propagate DEFINES when parsing dts.
      - use ARM_IO_IN_DTB to include or not uuid nodes in fw_config dtb.
      - set the ARM_IO_IN_DTB to 0 by default for fvp. This ensure that the behavior
        of fvp stays the same as it was before the introduction of fconf.
      
      Change-Id: Ia774a96d1d3a2bccad29f7ce2e2b4c21b26c080e
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      a6de824f
  11. 12 Mar, 2020 1 commit
  12. 03 Mar, 2020 2 commits
  13. 10 Feb, 2020 1 commit
  14. 07 Feb, 2020 2 commits
    • Louis Mayencourt's avatar
      fconf: Move platform io policies into fconf · 0a6e7e3b
      Louis Mayencourt authored
      
      
      Use the firmware configuration framework to store the io_policies
      information inside the configuration device tree instead of the static
      structure in the code base.
      
      The io_policies required by BL1 can't be inside the dtb, as this one is
      loaded by BL1, and only available at BL2.
      
      This change currently only applies to FVP platform.
      
      Change-Id: Ic9c1ac3931a4a136aa36f7f58f66d3764c1bfca1
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      0a6e7e3b
    • Louis Mayencourt's avatar
      fconf: Add dynamic config DTBs info as property · 25ac8794
      Louis Mayencourt authored
      
      
      This patch introduces a better separation between the trusted-boot
      related properties, and the dynamic configuration DTBs loading
      information.
      
      The dynamic configuration DTBs properties are moved to a new node:
      `dtb-registry`. All the sub-nodes present will be provided to the
      dynamic config framework to be loaded. The node currently only contains
      the already defined configuration DTBs, but can be extended for future
      features if necessary.
      The dynamic config framework is modified to use the abstraction provided
      by the fconf framework, instead of directly accessing the DTBs.
      
      The trusted-boot properties are kept under the "arm,tb_fw" compatible
      string, but in a separate `tb_fw-config` node.
      The `tb_fw-config` property of the `dtb-registry` node simply points
      to the load address of `fw_config`, as the `tb_fw-config` is currently
      part of the same DTB.
      
      Change-Id: Iceb6c4c2cb92b692b6e28dbdc9fb060f1c46de82
      Signed-off-by: default avatarLouis Mayencourt <louis.mayencourt@arm.com>
      25ac8794
  15. 04 Sep, 2018 1 commit
    • John Tsichritzis's avatar
      Support shared Mbed TLS heap for FVP · ba597da7
      John Tsichritzis authored
      
      
      This patch introduces the shared Mbed TLS heap optimisation for Arm
      platforms. The objective is the Mbed TLS heap to be shared between BL1
      and BL2 so as to not allocate the heap memory twice. To achieve that,
      the patch introduces all the necessary helpers for implementing this
      optimisation. It also applies it for FVP.
      
      Change-Id: I6d85eaa1361517b7490956b2ac50f5fa0d0bb008
      Signed-off-by: default avatarJohn Tsichritzis <john.tsichritzis@arm.com>
      ba597da7
  16. 25 Jun, 2018 1 commit
  17. 21 May, 2018 1 commit
    • Soby Mathew's avatar
      FVP: Add dummy configs for BL31, BL32 and BL33 · 1d71ba14
      Soby Mathew authored
      
      
      This patch adds soc_fw_config, tos_fw_config and nt_fw_config to the FVP.
      The config files are placeholders and do not have any useful bindings
      defined. The tos_fw_config is packaged in FIP and loaded by BL2 only
      if SPD=tspd. The load address of these configs are specified in tb_fw_config
      via new bindings defined for these configs. Currently, in FVP, the
      soc_fw_config and tos_fw_config is loaded in the page between BL2_BASE
      and ARM_SHARED_RAM. This memory was typically used for BL32 when
      ARM_TSP_RAM_LOCATION=tsram but since we cannot fit BL32 in that
      space anymore, it should be safe to use this memory for these configs.
      There is also a runtime check in arm_bl2_dyn_cfg_init() which ensures
      that this overlap doesn't happen.
      
      The previous arm_dyn_get_hwconfig_info() is modified to accept configs
      other than hw_config and hence renamed to arm_dyn_get_config_load_info().
      The patch also corrects the definition of ARM_TB_FW_CONFIG_LIMIT to be
      BL2_BASE.
      
      Change-Id: I03a137d9fa1f92c862c254be808b8330cfd17a5a
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      1d71ba14
  18. 18 May, 2018 1 commit
    • Soby Mathew's avatar
      FVP: Enable capability to disable auth via dynamic config · 6e79f9fd
      Soby Mathew authored
      
      
      This patch adds capability to FVP to disable authentication dynamically
      via the `disable_auth` property in TB_FW_CONFIG. Both BL1 and BL2 parses
      the TB_FW_CONFIG for the `disable_auth` property and invokes the
      `load_dyn_disable_auth()` API to disable authentication if the
      property is set to 1. The DYN_DISABLE_AUTH is enabled by default for
      FVP as it is a development platform. Note that the TB_FW_CONFIG has to
      be authenticated by BL1 irrespective of these settings.
      
      The arm_bl2_dyn_cfg_init() is now earlier in bl2_plat_preload_setup()
      rather than in bl2_platform_setup() as we need to get the value of
      `disable_auth` property prior to authentication of any image by BL2.
      
      Change-Id: I734acd59572849793e5020ec44c6ac51f654a4d1
      Signed-off-by: default avatarSoby Mathew <soby.mathew@arm.com>
      6e79f9fd
  19. 26 Feb, 2018 1 commit
    • Soby Mathew's avatar
      FVP: Add TB_FW_CONFIG and HW_CONFIG · ce6d9643
      Soby Mathew authored
      
      
      This patch adds TB_FW_CONFIG for FVP and allows FVP
      to select the appropriate HW_CONFIG to include in the
      fip. The HW_CONFIG for FVP is selected via `FVP_HW_CONFIG_DTS`
      build option. The TB_FW_CONFIG specifies the load address of
      HW_CONFIG to BL2. Since currently the load address is different
      between AARCH32 and AARCH64, 2 separate TB_FW_CONFIGs are
      maintained for the 2 modes.
      
      Change-Id: Ide8581e752dfa900087f5895c775073c841c0daf
      Signed-Off-By: default avatarSoby Mathew <soby.mathew@arm.com>
      ce6d9643