Some fdts changes in STM32MP1 family can be dedicated to one SoC,
STM32MP13 or STM32MP15. Add the dedicated scopes.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I2d64244054251c1f89dfe1ebbf6ce9dac21d47b6

Merge "feat(stm32mp15-fdts): add support for STM32MP157C based DHCOM SoM on PDK2 board" into integration

This is an SoM in SODIMM-200 format on an evaluation board called
"DHCOM Premium Developer Kit #2" (DHCOM PDK2 for short). The SoM features an
STM32MP157C SoC with 1 GB DDR3, 8 GB eMMC, microSD and 2 MB SPI flash.
The baseboard has multiple UART, USB, SPI, and I2C ports/headers and several
other interfaces that are not important for TF-A.

These dts(i) files are based on DHCOM dt's from Linux 5.16 and U-Boot 2022.01.
The DRAM calibration values are taken from U-Boot 2022.01 and are optimized for
industrial temperature range above 85° C.

TF-A on this board was fully tested with the latest OP-TEE developer setup.

Change-Id: I696c01742954d761fbad312cd1059e3ab01fa93c
Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>

Merge "refactor(arm): add debug logs to show the reason behind skipping firmware config loading" into integration

Manish Badarkhe authored Jun 20, 2022 and Manish Badarkhe committed Jul 07, 2022

Added debug logs to show the reason behind skipping firmware
configuration loading, and also a few debug strings were corrected.
Additionally, a panic will be triggered if the configuration sanity
fails.

Change-Id: I6bbd67b72801e178a14cbe677a8831b25a907d0c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>

* changes:
  feat(sgi): bump bl1 rw size
  refactor(sgi): rewrite address space size definitions

Increase BL1 RW size by 16 KiB to accommodate for future development.

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: I21626a97de4a6c98c25b93b9f79e16325c6e4349

The value of the macro CSS_SGI_REMOTE_CHIP_MEM_OFFSET can be different
across all the Neoverse reference design platforms. This value depends
on the number of address bits used per chip. So let all platforms define
CSS_SGI_ADDR_BITS_PER_CHIP which specifies the number of address bits
used per chip.

In addition to this, reuse the definition of CSS_SGI_ADDR_BITS_PER_CHIP
for single chip platforms and CSS_SGI_REMOTE_CHIP_MEM_OFFSET for multi-
chip platforms to determine the maximum address space size. Also,
increase the RD-N2 multi-chip address space per chip from 4TB to 64TB.

Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com>
Change-Id: If5e69ec26c2389304c71911729d4addbdf8b2686

The EL3 runtime firmware has been running from internal trusted
SRAM space on the Morello platform. Due to unavailability of tag
support for the internal trusted SRAM this becomes a problem if
we enable capability pointers in BL31.

To support capability pointers in BL31 it has to be run from the
main DDR memory space. This patch updates the Morello platform
configuration such that BL31 is loaded and run from DDR space.

Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
Change-Id: I16d4d757fb6f58c364f5133236d50fc06845e0b4

The patch 8c980a4a created a 4KB shared region from the 32MB
Realm region for RMM-EL3 communication. But this meant that BL2
needs to map a region of 32MB - 4KB, which required more xlat
tables at runtime. This patch maps the entire 32MB region in BL2
which is more memory efficient in terms of xlat tables needed.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I17aa27545293d7b5bbec1c9132ea2c22bf2e7e65

Venkatesh Yadav Abbarapu authored Jul 04, 2022 and joannafarley-arm committed Jul 07, 2022

MISRA Violation: MISRA-C:2012 R.10.1
1) The expression of non-boolean essential type is being interpreted as a
boolean value for the operator.
2) The operand to the operator does not have an essentially unsigned type.

Signed-off-by: Venkatesh Yadav Abbarapu <venkatesh.abbarapu@xilinx.com>
Change-Id: I97bbc056f4fee167742429e144144ba793bf77b3

* changes:
  fix(stm32mp13): correct USART addresses
  feat(stm32mp13): change BL33 memory mapping

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I93f5e622e37f3156bd5326b7d3a3d0d7f73b2c2e

On STM32MP13, USART1 and USART2 addresses are 0x4C000000 and 0x4C001000.
Whereas on STM32MP15, the addresses were 0x5C000000 and 0x4000E000.
Use dedicated flags to choose the correct address, that could be use
for early or crash console.

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I98bd97a0ac8b0408a50376801e2a1961b241a3d6

U-Boot is loaded at the beginning of the DDR:
STM32MP_DDR_BASE = 0xC0000000.

This patch remove the need to use the 0x100000 offset, reserved
on STM32MP15 for flashlayout.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Change-Id: I8d0a93f4db411cf59838e635a315c729cccee269

* changes:
  docs(rmmd): document EL3-RMM Interfaces
  feat(rmmd): add support to create a boot manifest
  fix(rme): use RMM shared buffer for attest SMCs
  feat(rmmd): add support for RMM Boot interface

Mark Brown authored May 09, 2022 and Manish Badarkhe committed Jul 05, 2022

Due to their interrelationship in the architecture the SVE and SME
features in TF-A are mutually exclusive. This means that a single binary
can't be shared between systems with and without SME if the system
without SME does support SVE, SVE will not be initialised so lower ELs
will run into trouble trying to use it. This unusual behaviour for TF-A
which normally gracefully handles situations where features are enabled
but not supported on the current hardware.

Address this by calling the SVE enable and disable functions if SME is
not supported rather than immediately exiting, these perform their own
feature checks so if neither SVE nor SME is supported behaviour is
unchanged.

Signed-off-by: Mark Brown <broonie@kernel.org>
Change-Id: I2c606202fa6c040069f44e29d36b5abb48391874

Javier Almansa Sobrino authored Apr 07, 2022 and Soby Mathew committed Jul 05, 2022

This patch documents the RMM-EL3 Boot and runtime interfaces.

Note that for the runtime interfaces, some services are not
documented in this patch and will be added on a later doc patch.

These services are:

* RMMD_GTSI_DELEGATE
* RMMD_GTSI_UNDELEGATE
* RMMD_RMI_REQ_COMPLETE

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I8fcc89d91fe5a334c2f68c6bfd1fd672a8738b5c

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

According to Arm CCA security model [1],

"Root world firmware, including Monitor, is the most trusted CCA
component on application PE. It enforces CCA security guarantees for
not just Realm world, but also for Secure world and for itself.

It is expected to be small enough to feasibly fit in on-chip memory,
and typically needs to be available early in the boot process when
only on-chip memory is available."

For these reasons, it is expected that "monitor code executes entirely
from on-chip memory."

This precludes usage of ARM_BL31_IN_DRAM for RME-enlightened firmware.

[1] Arm DEN0096 A.a, section 7.3 "Use of external memory by CCA".

Change-Id: I752eb45f1e6ffddc7a6f53aadcc92a3e71c1759f
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>

Shruti Gupta authored Jun 09, 2022 and Shruti Gupta committed Jul 01, 2022

Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.

Change-Id: I7eadb8886142d94bef107cf485462dfcda828895
Signed-off-by: Shruti <shruti.gupta@arm.com>

* changes:
  feat(spm): add tpm event log node to spmc manifest
  fix(measured-boot): add SP entries to event_log_metadata

On STM32MP15, there is currently an OP-TEE shared memory area at the end
of the DDR. But this area will in term be removed. To allow a smooth
transition, a new flag is added (STM32MP15_OPTEE_RSV_SHM). It reflects
the OP-TEE flag: CFG_CORE_RESERVED_SHM. The flag is enabled by default
(no behavior change). It will be set to 0 when OP-TEE is aligned, and
then later be removed.

Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I91146cd8a26a24be22143c212362294c1e880264

* changes:
  fix(zynqmp): resolve the misra 8.6 warnings
  fix(zynqmp): resolve the misra 4.6 warnings

Add dependency between rules to generate SP packages and their dtb files
to ensure the dtb files are built before the sptool attempts to generate
the SP package.

Change-Id: I071806f4aa09f39132e3e1990c91d71dc9acd728
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>

Merge "fix(measured-boot): clear the entire digest array of Startup Locality event" into integration