with platform format PK

In some platform the digest of the public key saved in the OTP is not
the the digest of the exact same public key buffer needed to check the
signature.  Typically, check signature may need a BER encapsulated
public key, but the hash saved in OTP may be the hash of the plain
public key.  Add a new platform weak function to transform the public
key buffer used by verify_signature to a buffer which hash is saved in
OTP.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@st.com>
Change-Id: I71017b41e3eca9398cededf317ad97e9b511be5f
Reviewed-on: https://gerrit.st.com/c/mpu/oe/st/tf-a/+/184836


Reviewed-by: CITOOLS <smet-aci-reviews@lists.codex.cro.st.com>
Reviewed-by: CIBUILD <smet-aci-builds@lists.codex.cro.st.com>
Reviewed-by: Yann GAUTIER <yann.gautier@st.com>

Change-Id: I3f7c3a1c50608dbd19cc24b13a8af0646bac0d50
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas LE BAYON <nicolas.le.bayon@st.com>

This is no more tested at the moment, and may require some adaptations.

Change-Id: I322cb638f52f7967e39cd8871da3f45ad6e50d23
Signed-off-by: Yann Gautier <yann.gautier@st.com>

Change-Id: I67c9db2fc6d4b83fec2d001745b9305102d4a2ae
Signed-off-by: Chris Kay <chris.kay@arm.com>

Include EL2 registers related to Nested Virtualization in EL2 context
save/restore routines if architecture supports it and platform wants to
use these features in Secure world.

Change-Id: If006ab83bbc2576488686f5ffdff88b91adced5c
Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>

There are no references to AARCH32, AARCH64 and
__ASSEMBLY__ macros in the TF-A code hence
removed the deprecated information mentioning about
these macros in the document.

Change-Id: I472ab985ca2e4173bae23ff7b4465a9b60bc82eb
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

Updated tentative code freeze and release target date
for v2.5 release.

Change-Id: Idcfd9a127e9210846370dfa0685badac5b1c25c7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

Updated code freeze and release information date for v2.4
release.

Change-Id: I76d5d04d0ee062a350f6a693eb04c29017d8b2e0
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

After introducing the new STM32MP1 SoC versions in patch [1], the
document describing STM32MP1 platform is updated with the information
given in the patch commit message.

 [1]: stm32mp1: add support for new SoC profiles

Change-Id: I6d7ce1a3c29678ddac78a6685f5d5daf28c3c3a1
Signed-off-by: Yann Gautier <yann.gautier@st.com>

Add information about 2GB variant of EspressoBin V5 and use Marvell git
branches which contain required fixes for EspressoBin.

Signed-off-by: Pali Rohár <pali@kernel.org>
Change-Id: I1db510f1576f4762259ad7b0c10024b8ab434a59

And from crash_console_flush.

We ignore the error information return by console_flush in _every_
place where we call it, and casting the return type to void does not
work around the MISRA violation that this causes. Instead, we collect
the error information from the driver (to avoid changing that API), and
don't return it to the caller.

Change-Id: I1e35afe01764d5c8f0efd04f8949d333ffb688c1
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>

Cortex A77 erratum 1925769 is a Cat B erratum, present in older
revisions of the Cortex A77 processor core.  The workaround is to
set bit 8 in the ECTLR_EL1 register, there is a small performance cost
(<0.5%) for setting this bit.

SDEN can be found here:
https://documentation-service.arm.com/static/5f7c35d0d3be967f7be46d33



Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I9cf0e0b5dc1e3e32e24279d2632c759cc7bd7ce9

Document the code review process in TF-A.
Specifically:

 * Give an overview of code review and best practices.
 * Give guidelines for the participants in code review.
 * Outline responsibilities of each type of participant.
 * Explain the Gerrit labels used in the review process.

Change-Id: I519ca4b2859601a7b897706e310f149a0c92e390
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Signed-off-by: David Horstmann <david.horstmann@arm.com>

Now that the BLE image sources (mv_ddr) are updated, reflect
the proper branch in the Armada build howto.

Change-Id: I959d1343d0dfdd681c7e39bdcaed9b36aaddfca1
Signed-off-by: Marcin Wojtas <mw@semihalf.com>

Cortex A76 erratum 1868343 is a Cat B erratum, present in older
revisions of the Cortex A76 processor core.  The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.

This workaround is the same as workarounds for errata 1262606 and
1275112, so all 3 have been combined into one function call.

SDEN can be found here:
https://documentation-service.arm.com/static/5f2bed6d60a93e65927bc8e7



Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I7f2f9965f495540a1f84bb7dcc28aff45d6cee5d

Morello platform has a SCP which brings the primary Rainier CPU
out of reset which starts executing at BL31.

This patch provides documentation support for Morello platform.

Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Change-Id: I38f596668e2b14862d543fabc04549ff34bfb8a2

Updated the list of supported FVP platform as per latest
FVP platform release.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I45ef79aff147ed598a3a92ab6f6b277f7f70604a

stm32mp15_optee_defconfig has been dropped from U-Boot as it became
identical to stm32mp15_trusted_defconfig.

Furthermore give a hint how OP-TEE is supposed to be installed.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Change-Id: Id8f0bd84a87e3a62072dd4405aadddcdd3511213

This patch migrates the mbedcrypto dependency for TF-A
to mbedTLS repo v2.24.0 which is the latest release tag.
The relevant documentation is updated to reflect the
use of new version.

Change-Id: I116f44242e8c98e856416ea871d11abd3234dac1
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>

As the Arm Ltd. FPGA port is now working for all existing images, add
some documentation file.

Change-Id: I9e2c532ed15bbc121bb54b3dfc1bdfee8f1443a6
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

This patch adds support for Morello platform.
It is an initial port which includes only BL31 support
as the System Control Processor (SCP) is expected to take
the role of primary bootloader.

Change-Id: I1ecbe5a14a2d487b2ecea3c1ca227f08473ed2dd
Co-authored-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Chandni Cherukuri <chandni.cherukuri@arm.com>
Signed-off-by: Anurag Koul <anurag.koul@arm.com>

Cortex A77 erratum 1508412 is a Cat B Errata present in r0p0 and r1p0.
The workaround is a write sequence to several implementation defined
registers based on A77 revision.

This errata is explained in this SDEN:
https://static.docs.arm.com/101992/0010/Arm_Cortex_A77_MP074_Software_Developer_Errata_Notice_v10.pdf



Signed-off-by: Lauren Wehrmeister <lauren.wehrmeister@arm.com>
Change-Id: I217993cffb3ac57c313db8490e7b8a7bb393379b

Builds in Debug mode with Measured Boot enabled might run out of trusted
SRAM. This patch allows to change the Log Level at which the Measured Boot
driver will dump the event log, so the latter can be accessed even on
Release builds if necessary, saving space on RAM.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I133689e313776cb3f231b774c26cbca4760fa120

Change-Id: Iedaa83ed546eb2476849a8d53f6e05b847a48b23
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>

To avoid trapping from EL0/1, FPEN bits need to be set 0x3, not
clearing.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Change-Id: Ic34e9aeb876872883c5f040618ed6d50f21dacd0

Neoverse N1 erratum 1868343 is a Cat B erratum, present in older
revisions of the Neoverse N1 processor core.  The workaround is to
set a bit in the CPUACTLR_EL1 system register, which delays instruction
fetch after branch misprediction. This workaround will have a small
impact on performance.

SDEN can be found here:
https://documentation-service.arm.com/static/5f2c130260a93e65927bc92f



Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I37da2b3b2da697701b883bff9a1eff2772352844

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I69365d4aed1160af41e291f6e4b1dd31cbd12e02

I am leaving Socionext. Orphan the UniPhier platform until somebody
takes the role.

Change-Id: I54d3da6d49c1ccaaa475431654db578b683db88a
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I542ec3cf1bb929a5656dda6dbad816b69837c646

Updated the cot-binding documentation to add 'id'
property for the trusted and non-trusted nv-counters.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: If1c628c5b90fe403dd96c7cd0cd04f37288c965c

- Add some guidance about the type of information a patch author should
  provide to facilitate the review (and for future reference).

- Make a number of implicit expectations explicit:
  - Every patch must compile.
  - All CI tests must pass.

- Mention that the patch author is expected to add reviewers and explain
  how to choose them.

- Explain the patch submission rules in terms of Gerrit labels.

Also do some cosmetic changes, like adding empty lines, shuffling some
paragraphs around.

Change-Id: I6dac486684310b5a35aac7353e10fe5474a81ec5
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Add a section for that in the coding guidelines.

Change-Id: Ie6819c4df5889a861460eb96acf2bc9c0cfb494e
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: I5362780db422772fd547dc8e68e459109edccdd0
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Enable the spm_mm framework for the qemu_sbsa platform.
Memory layout required for spm_mm is created in secure SRAM.

Co-developed-by: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Fu Wei <fu.wei@linaro.org>
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Change-Id: I104a623e8bc1e44d035b95f014a13b3f8b33a62a

Documented the CPU specific build macros created for AT
speculative workaround.

Updated the description of 'ERRATA_SPECULATIVE_AT' errata
workaround option.

Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie46a80d4e8183c1d5c8b153f08742a04d41a2af2

SP804 TIMER is not platform specific, and current code base adds
multiple defines to use this driver. Like FVP_USE_SP804_TIMER and
FVP_VE_USE_SP804_TIMER.

This patch removes platform specific build flag and adds generic
flag `USE_SP804_TIMER` to be set to 1 by platform if needed.

Change-Id: I5ab792c189885fd1b98ddd187f3a38ebdd0baba2
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>

Ensuring that each file changed by a patch has the correct copyright and
license information does not only apply to documentation files but to
all files within the source tree.

Move the guidance for copyright and license headers out of the paragraph
about updating the documentation to avoid any confusion.

Also do some cosmetic changes (adding empty lines, fitting in longer
lines in the 80-column limit, ...) to improve the readability of the RST
file.

Change-Id: I241a2089ca9db70f5a9f26b7070b947674b43265
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: Ib4ad853ebb6e28adcf9ed14714d43799f9370343
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Change-Id: I43e452c9993a8608b20ec029562982f5dcf8e6b2
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

We have noticed that Phabricator (the ticketing system on tf.org [1])
has far less visibility within the community than the mailing list [2].
For this reason, let's drop usage of Phabricator for anything else than
bug reports. For the rest, advise contributors to start a discussion on
the mailing list, where they are more likely to get feedback.

[1] https://developer.trustedfirmware.org/project/board/1/
[2] https://lists.trustedfirmware.org/mailman/listinfo/tf-a



Change-Id: I7d2d3d305ad0a0f8aacc2a2f25eb5ff429853a3f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>