Rebase to upstream v2.13.0#3
Draft
AreYouLoco wants to merge 5403 commits intoSolidRun:v2.5-lx2160acex7from
Draft
Rebase to upstream v2.13.0#3AreYouLoco wants to merge 5403 commits intoSolidRun:v2.5-lx2160acex7from
AreYouLoco wants to merge 5403 commits intoSolidRun:v2.5-lx2160acex7from
Conversation
Change-Id: I2981cb438be6f4569d069203b555310588db2627 Signed-off-by: Chris Kay <chris.kay@arm.com>
Implement safer version of 'strnlen' function to handle NULL terminated strings with additional bound checking and secure version of string copy function to support better security and avoid destination buffer overflow. Change-Id: I93916f003b192c1c6da6a4f78a627c8885db11d9 Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com> Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Commit fe488c3 added an override to force `CTX_INCLUDE_SVE_REGS` to 0 when `SPD == spmd` and `SPMD_SPM_AT_SEL2 == 1`. Since there is an architectural dependency between FP and SVE registers, `CTX_INCLUDE_FPREGS` must also be overridden to 0 when CTX_INCLUDE_SVE_REGS is 0. Signed-off-by: Rakshit Goyal <rakshit.goyal@arm.com> Change-Id: I1cd834241a2d5a5368ac532a348d8729a701bbcd
The bit is already implicitly zero so no functional change. Adding it helps fully describe how we expect FEAT_TRF to behave. Change-Id: If7a7881e2b50188222ce46265b432d658a664c75 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I90f1bcaa8bec133d3be81785aea11948208ca0a5 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
ZynqMP provides two QSPI interfaces on MIO[0..12], but the existing pin group definitions only allow all or none of the pins to be configured for QSPI. This is an issue on platforms that use only the lower QSPI interface and require the remaining pins to be configured for other purposes such as general I/O. Add pin groups to support QSPI on MIO[0..4] with SS (slave select) on MIO5, freeing up MIO[7..12] for other uses. The new pin groups can be accessed from Linux as 'qspi0_1_grp' and 'qspi_ss_1_grp'. Change-Id: Ibdb3f13d4ba9194a3be8ce5e63478d9066d087ac Signed-off-by: Carsten Hansen <Carsten.Hansen@bksv.com> Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti@amd.com>
The code is never referenced, the build flag is never defined and some of the #defines are missing. Remove. Change-Id: I44caae52f9b7503363ac553fd1187bbf6c951438 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Previously we have used enclosed the Errata ordering check within the FEATURE_DETECTION flag as this flag is only used for development purpose and it also enforces ordering by causing a panic when the assert fails. A simple warning message would suffice and hence this patch removes the assert. The erratum and cve ordering check is planned to be implemented in static check at which point the warning will be taken out as well. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I0ffc40361985281163970ea5bc81ca0269b16442
This patch rearranges CVE-2024-5660 apply order in Cortex-A77. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I41d76268ce2248bfd3600bbf6b89d16b6bdce8f0
This patch rearranges CVE-2024-5660 apply order in Cortex-A78. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: If80a0f95f82dbf69100a2687b06db2373a9e9832
This patch rearranges CVE-2024-5660 apply order in Cortex-A78_AE. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: Idfb076b798a840847c00066bd062ee919369272f
This patch rearranges CVE-2024-5660 apply order in Cortex-A78C. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: I326be1da279bd34df8667f7e957fb4a2c6913ab9
This patch rearranges CVE-2024-5660, erratum 2313941 and 3701772 apply order in Cortex-X2. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: Ie74d7232a14f3cdd14c4d0ffb1ee91b537c491ea
This patch rearranges CVE-2024-5660 apply order in Neoverse-V1. Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com> Change-Id: Ice0b1c6efa913f88522fb33182b9cdc0e7723988
Patch rearranges CVE-2024-5660 in ascending order based on the year and index for Cortex X1. Change-Id: I0c4206e38f09b1f88ee95e8ce69d7e13b8a9bb2d Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's in ascending order based on the year and index for CPU Neoverse N2. Change-Id: Ieb4a8ab0030ea4e83efdef86a0ff1e2990b3e0dd Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's in ascending order based on the year and index for CPU Cortex-A710. Change-Id: Ie7c2b77879f8fa5abb77204678e09cc759b10278 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch rearranges CVE-2024-5660 in order based on the year and index for Neoverse-V2. Change-Id: I092a93ef3299fd733abae9c462c019f94d881413 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE-2024-5660 in order based on the year and index for Cortex-X3. Change-Id: I2a4baebe0c3133528c089d999bdffa8c992f4989 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's in ascending order based on the year and index for Neoverse-V3. Change-Id: I108eb2896e24c135d56e5096289766d777b48b48 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Patch sorts the errata IDs in ascending order and the CVE's in ascending order based on the year and index for CPU Cortex-X4. Change-Id: Ic304c2f68e7d0b96bbb30760696b7bceabe1ae2d Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>
Some APIs, like `transfer_list_check_header`, are used preemptively to determine if a new TL needs to be initialized. If we validate a TL and anticipate its contents to be invalid or corrupted, logging these as error message isn't helpful. Change-Id: Ic22378828548d48f73aa74d494f110fbd11857f4 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Initializing the transfer list using `transfer_list_ensure` allows reuse of an already initialized transfer list. While this is beneficial when receiving a transfer list and ensuring one exists, it causes issues during a system RESET if the old content of SRAM is not cleared. To prevent this, at least one step in the reset path must zero intialise the transfer list memory. Unless a previous stage explicitly provides a transfer list via boot arguments, a fresh transfer list should be created. This change ensures that BL1 and BL31 properly reinitialize the transfer lists, preserving correctness for secure and non-secure handoffs in TF-A. Change-Id: I3bfaa9e76df932a637031d645e4a22d857a094a5 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
The current implementation uses the `r12` register as temporary storage for r4. However, `r12` is a call-clobbered register, meaning its contents are not preserved across function calls. This becomes problematic when we later call the `zeromem` function, as any information stored in `r12` will be lost. To address this issue, we should avoid using `r12` to store boot parameters. Change-Id: If94b7fc3a01bc617ceadaaa704d5aa5e5accfd3f Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add the 32-bit version of the entry_point_info structure used to pass the boot arguments for future executables, added to the spec under the PR: FirmwareHandoff/firmware_handoff#54. Change-Id: Id98e0f98db6ffd4790193e201f24e62101450e20 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Introduce the 32-bit variant of the SRAM layout used by BL1 to communicate available free SRAM to BL2. This layout was added to the specification in: FirmwareHandoff/firmware_handoff#54. Change-Id: I559fb8a00725eaedf01856af42d73029802aa095 Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Add firmware handoff to BL32 sources to provide support for the framework in SP-MIN. Change-Id: Ida8713fef8ba8fa72146004e41bf40f1a6b6f5ca Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
`r3` is used to pass the base address of the transfer list. Make sure we update the context structure with this register value so it is populated with this information prior to executing the next stage. Change-Id: Ie1eedbd2eb68b592df30779625691e8975d987bf Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
Refactor `arm_sp_min_early_platform_setup` to accept generic `u_register_r` values to support receiving firmware handoff boot arguments in common code. This has the added benefit of simplifying the interface into common early platform setup. Change-Id: Idfc3d41f94f2bf3a3a0c7ca39f6b9b0013836e3a Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
- Define information structures for SMMU, root complex, root port and BDF mappings. - Add entries for SMMU and PCIe root complexes to Boot manifest. - Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5. Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1 Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Fixed below MISRA violation:
- MISRA Violation: MISRA-C:2012 R.11.3:
- A cast shall not be performed between a pointer to object type and a
pointer to a different object type.
- Fix:
- Removed unnecessary cast of pointers.
Change-Id: Iba5dbec0784dcaa86e3a00bd213cbc2711d12029
Signed-off-by: Devanshi Chauhan Alpeshbhai <devanshi.chauhanalpeshbhai@amd.com>
Fixed below MISRA violation:
- MISRA Violation: MISRA-C:2012 R.8.6:
- An identifier with external linkage shall have exactly one external
definition.
- Fix:
- Removed redundant function declarations since it is not defined.
Change-Id: If003efbfa08ee6ff4f545605ef34dfd16f33b664
Signed-off-by: Devanshi Chauhan Alpeshbhai <devanshi.chauhanalpeshbhai@amd.com>
Fixed below MISRA violation: - MISRA Violation: MISRA-C:2012 R.2.7: - There should be no unused parameters in functions. - Fix: - Type casted unused parameters to void. Change-Id: I940109631dbabfbd960c1bc7b183cf865ff312c9 Signed-off-by: Devanshi Chauhan Alpeshbhai <devanshi.chauhanalpeshbhai@amd.com>
Fixed below MISRA violation: - MISRA Violation: MISRA-C:2012 R.2.3: - A project should not contain unused type declarations. - Fix: - Removed unused code. Change-Id: Ica5982fe83485da79ac18d45b44e66f5f37fb6e7 Signed-off-by: Devanshi Chauhan Alpeshbhai <devanshi.chauhanalpeshbhai@amd.com>
An esb is only necessary when FEAT_IESB is not present in hardware but FEAT_RAS is. When FEAT_RAS is present we rely on the fact that FEAT_IESB will also be present and an implicit esb will pre present on eret. Well the N1 implements FEAT_RAS and FEAT_IESB and the platforms that use it (n1sdp) enable the features in firmware. So the esb is redundant. There are dynamic platforms where this may not necessarily be true, however, the esb is in an erratum workaround which cannot be present in these platforms. Change-Id: I5775180ec61373cc5d1b9831e3fa0f2fbb19eab9 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
The definitions are duplicate and cause compilation errors when includes change. Change-Id: Iadc45e053918b5e13fa12f0b371e5e77b56aef22 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Configure the TRDC to restrict access to BLK_CTRL_S_AONMIX to secure world only. So the A55 resume entry in RVBARADDR0 can't be modified by untrusted applications. Change-Id: I498580030d5c893b6d1c1739644eeca9b55c39ec Signed-off-by: Ye Li <ye.li@nxp.com> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Reviewed-by: Jacky Bai <ping.bai@nxp.com>
The Rambus TRNG IP-76 driver was ported from Linux kernel (omap-rng.c), which was initially licensed under GPL-2.0. In term of the license violation, remove this driver and the related SMC call that originally added by the following two commits: commit 57660d9 ("plat/marvell/armada/a8k: support HW RNG by SMC") commit 6aa9f5d ("drivers/rambus: add TRNG-IP-76 driver") Change-Id: Id8c99db2e51b49623b3b034106c989a46f690b60 Signed-off-by: Wilson Ding <dingwei@marvell.com>
Armada-7K/8K and CN913x integrated the Rambus EIP-97 IP on CP11x die. It supports to generate up to 4 32-bit random number in one shot. This trivial driver provisions a simple API to read the random numbers from hardware. It allows the bootloader to get one 32-bit or 64-bit random number via SMC call to support KASLR. Change-Id: I1707a85512ca163b8c7ab1644ff0f7e2fcf57344 Signed-off-by: Wilson Ding <dingwei@marvell.com>
Introducing authentication specific makefile auth.mk to include common auth source files. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Ifb07c48861fe415d82cb7390c3a5f6e60ba699d9
Increase default mbedtls PSA crypto heap size for key id management redesign where the key information is stored for reuse during verification and needs more heap size for RSA keys. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I3afe0107a8e22ededd3eb4c0e1f635f18960d341
Adding new auth util file for the current_pk_oid and get and set functions. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I91220f94d469c86f2e18570e13f1419125447288
Adding the set of current_pk_oid during the authentication process, include the new file in auth makefile. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I3e05b8607060b424e34642d23e4960d2ef0f71f0
Adding crypto_mod_finish() function to be run at the end of crypto usage to cleanup. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Ib6d099ddaa278f293fe14b805070985522a85686
Currently the psa key is created and destroyed after each usage during signature verification. This redesign adds a key_cache to store the key ID, psa algorithm, and key attributes associated with a particular pk_oid. This allows for the psa key to be reused by each image that has the associated pk_oid. The pk_oid of the image being authenticated is stored as the global current_pk_oid variable, which is used during the psa crypto verification stage to associate a key_cache entry with a particular pk_oid. Since the psa key is no longer destroyed after each usage, the psa keys are therefore destroyed after all images have been loaded during each boot phase in the new crypto_mod_finish() function that is registered by the REGISTER_CRYPTO_LIB and enabled through the build option of PSA_CRYTPO. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: Iba330bc659a76493bd958673424efcc621bab1c4
Increase BL1 RW for PSA Crypto due to PSA key ID management redesign needing an increase in heap size. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I7c8d009f244be6252eff0d3ded3f1ca83fb1de21
Adding call to crypto_mod_finish() at the end of crypto usage in the bl mains. This is currently used for psa crytpo to destroy the psa_key_ids in the psa key store, but could be expanded if required later. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: I3dba9fe87b6bb64b629dda9d6c4653b116e7ee62
Extend REGISTER_CRYPTO_LIB calls with NULL to allow for the addition of the cryto_mod_finish() function. Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com> Change-Id: If41ed1be50e1d98b42b266c7905269f142bb67c7
Improve supply chain security by including a SBOM file with substituted values. This will be used to construct a composite platform SBOM. Change-Id: Ia34338854a0eaa4f3a8799c23e46aae382792252 Signed-off-by: Richard Hughes <richard@hughsie.com> Signed-off-by: Yann Gautier <yann.gautier@st.com>
This corrects the MISRA violation C2012-8.13: A pointer should point to a const-qualified type whenever possible. Added const qualifier to pointer. In spite of generic guidance for 3rd party libraries (https://trustedfirmware-a.readthedocs.io/en/latest/process/coding-style.html#misra-compliance) libc contains some MISRA-C fixes done by commit d5ccb75 ("libc: Fix some MISRA defects") in 2021. Also from history it is not clear where libc is coming from that's why there is no way to fix violation in base library. Change-Id: I9d6ec6df08358adf0832a53485d080d8b93b0e29 Signed-off-by: Nithin G <nithing@amd.com> Signed-off-by: Maheedhar Bollapalli <maheedharsai.bollapalli@amd.com>
The header guard define is IMX_XRDC_H where everything else is IMX_TRDC_H, gcc-15 complains about this so update the define to what it should be. Fixes: 2935291 ("feat(imx93): add the trdc driver") Change-Id: I4767dc4d1c26ebe95d417be724f5cb848f54a524 Signed-off-by: Peter Robinson <pbrobinson@gmail.com>
The current testing method does not involve manually building and running the instrumentation tests. The ones listed have diverged from what happens. The source of trust are the jobs in CI, so update the docs to reflect that. Change-Id: I332f85044a36aed9ef2d87485d90861c58875e4a Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Update for v2.13 release based on v2.13-rc0 Change-Id: I88da6fcc7ee13788968d9a57eec5ad450f5dcd35 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Update for v2.13 release based on v2.13-rc0 Change-Id: I16ebfde57c27c1c72e955b5ef35d71e8286b90d5 Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Updated the Juno platform documentation to reflect testing with SCP version 2.14.0 instead of 2.15.0. The version used in testing was reverted in [1] due to instability in the tftf-manual-reboot tests caused by upgrading to v2.15 and v2.16. [1] https://review.trustedfirmware.org/c/ci/tf-a-ci-scripts/+/37997 Change-Id: I48c2b51a33950ad096e021d7bdd9cdb6a1303f8c Signed-off-by: Harrison Mutai <harrison.mutai@arm.com>
To ease sorting fdts patches in changelog, add platform vendor subsections. There is no dedicated scope. Signed-off-by: Yann Gautier <yann.gautier@st.com> Change-Id: I4dea2e81cf3f7a970a8531d542d7fe15a99656e5
Add missing platform scopes, this is based on contribution to platform since 2.12.0 release. Also update deprecation list with incorrect/invalid scopes used since last release to avoid future usage. Change-Id: I852da1c91669079eb7fc3fdfe1e4f7ae602d46cf Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
When OP-TEE runs with multiple Secure Partitions (SPs), a larger EventLog size is required to accommodate the additional measurements. This patch updates the configuration to allocate sufficient memory in such cases. In the future, the Maximum EventLog size should be calculated based on the maximum number of images loaded by BL2. That enhancement can be addressed in a separate patch. Change-Id: Ibd9bed0a5b1029158142711fd08809729dd05b08 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Generated this change-log using below command: npm run release -- --skip.commit --skip.tag --release-as 2.13.0 Change-Id: Ibb0623f04c641b65a03deaffd50a5a8b65637419 Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Call ocram_init() to initialize OCRAM. Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I did painful long rebase.
Opening PR against v2.5-lx2160acex7 but you would like to create new branch
v2.13.0-lx2160acex7And merge there. Build tested on lx2k. Boots. But more testing might be required.