Adds an SST test partition, which can be used to call the
sst_system_prepare() function from the SST test partition's
context.

Change-Id: Ib07a88e5f05fc181da2b9276279e57618fb059e4
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Previously the design doc was available here:
https://developer.trustedfirmware.org/w/tf_m/design/trusted_boot/rollback_protection/



Change-Id: I45996da031ac6e97aff8fbe4981101a1f9154896
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

The call to stdio_init() has moved from tfm_core.c to tfm_platform.c,
so moves the corresponding include.

Change-Id: I72bb1ab7a22a33e5cc108756eccf658d480d7384
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

When the connection is currently handling a request, the
psa_close should call tfm_panic().

Change-Id: Ic29c0dea33c11c97616086490d26e034a8b8cb11
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

- Remove redundant NULL handler checking since it has been checked
  in sub-sequent 'tfm_psa_close()' call.
- Fix some typing errors.

Change-Id: Iea9340f1a43bce5f97bb5eac3a5ff106ada4c280
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

Include stddef.h to cover size_t definitions.

Change-Id: I694e64217dcccd6bdc4c5e3e2ecf5717af6a1c71
Signed-off-by: David Hu <david.hu@arm.com>

Add extern "C" keyword which was lost in tfm_mailbox.h.

Change-Id: I85480ffdf6932200a761d9dc823ac6aec1482350
Signed-off-by: David Hu <david.hu@arm.com>

According to PSA FF, the signature of entry point should be
"void entry_point(void)"

Change-Id: Id5b5be8012da3ce9753db2e48818fd79467bb425
Signed-off-by: Edison Ai <edison.ai@arm.com>

Adding tfm_spm_hal_post_init() and tfm_spm_hal_post_init_platform()
functions.

Contrarily to SystemInit() intended for a high priority hw
initialization (for example clock and power subsystems), and called
on a very early boot stage from startup code, this function is called
from C code, hence variables and other drivers data are protected from
being cleared up by the C library init.

These functions can be used for initializing platform-specific hw
resources (e.g. IPC, UART) thus freeing up application main() function
from the platform details.

tfm_spm_hal_post_init() function is intended for initialization common
to all platforms, while tfm_spm_hal_post_init_platform() implements
platform-specific initialization.

Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: I7e5c9941c86a1be7fe718d1ebee7427526e8dd83

The tfm_spm_db.inc and tfm_spm_db.inc.template are used by SPM, so that
move them from services to spm.

Change-Id: I1410bb559bb2653e918f112f449f962e2f82f75b
Signed-off-by: Edison Ai <edison.ai@arm.com>

Align manifest service to PSA FF 1.0.0:
- Remove "signal" from service region.
- Change signal macro names postfix from "_SIG" to "_SIGNAL".

Change-Id: Ib405f5cc8ec9b4a04e294a19957c4b425f6ccb65
Signed-off-by: Edison Ai <edison.ai@arm.com>

Use the partition ID generated by tools:
- Remove tfm_partition_defs.inc.
- Change the partition name with "_LINKER" postfix in linker files and
  related files. Because the partition name is used as macro for
  partition ID.
- Remove "id" attribute from manifest file.

Change-Id: I3e60954e6d15f62fea0f1345862d2865743f8c53
Signed-off-by: Edison Ai <edison.ai@arm.com>

- Create the partition ID header file by tools, which is used for macro
  definitions that map from Secure Partition names to Secure Partition
  IDs.
- The partition ID is added to the "tfm_manifest_list.yaml" manually so
  that the values will keep the same if the build sequence of secure
  partition is changed.
- The "short_name" in "tfm_manifest_list.yaml" should be the same as the
  "name" in the related manifest.

Change-Id: I0955a700e2a0c195f97c38c3ceb29f3b8c237674
Signed-off-by: Edison Ai <edison.ai@arm.com>

Corrects the documentation for the ITS flash layout, and fixes a
definition for AN539 to use the ITS area size instead of offset.

Change-Id: I567adeffc660f767d725d8d939d8c38507471185
Signed-off-by: Jamie Fox <jamie.fox@arm.com>

Support is provided for both the PSA IPC and Library models.

To enable platform specific SVC handlers, add
-DPLATFORM_SVC_HANDLERS=True to the CMAKE command line.

When PLATFORM_SVC_HANDLERS is defined, user must provide an
implementation of:

   int32_t platform_svc_handlers(tfm_svc_number_t svc_num,
                                 uint32_t *ctx, uint32_t lr);

Change-Id: I5fc641038732d2630e954f6c9b12df929b65c24a
Signed-off-by: Alan DeMars <ademars@ti.com>

- Add "psa_framework_version" attribute in manifest files.
- Support psa_framework_version check.

Change-Id: I1b2a9bb63124bf8f45ac93c95bb8fdb687f9561f
Signed-off-by: Edison Ai <edison.ai@arm.com>

- Use generated signal header file created by tools.
- Remove tfm_sec_client_ser_sig.h.

Change-Id: Ic83905351168ec271981ac555ac9d55ef3303081
Signed-off-by: Edison Ai <edison.ai@arm.com>

If the signal_mask does not include any assigned signals,
it is a PROGRAMMER ERROR, trigger the tfm_panic.

Change-Id: Ib3699800e540a758b79a0a79f55f6c6ba2285187
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

Check the bit of irq_signal firstly, then do other things.

Change-Id: Ieb0557fd296129d6b1f3177db49e40744aa16d47
Signed-off-by: Shawn Shan <shawn.shan@arm.com>

interface/include/psa_manifest/sid.h.template
  - Remove conditional code gaurding as this type of style
    may create problem for partition developers if they don't
    have knowledge about the macros
  - Generate SID and version macro from service.name
secure_fw/services/manifestfilename.template
  - Remove conditional code gaurding
  - Generate SIGNAL macro from service.name
secure_fw/services/tfm_service_list.inc.template
  - Generate SIGNAL macro from service.name
  - Fix for unspecified minor policy
And re-generate manifest output files for above changes

Change-Id: Id367384ac76cb942da966e7619fb8090763ff0a7
Signed-off-by: Jaykumar Pitambarbhai Patel <jaykumar.pitambarbhaipatel@arm.com>

Replace minor_version by version field
Replace minor_policy by version_policy field

Change-Id: I51b6f35fa4e5b529188168b7e99765a4add1cc47
Signed-off-by: Jaykumar Pitambarbhai Patel <jay08ec71@yahoo.com>

Mate Toth-Pal authored Oct 21, 2019 and Mate Toth-Pal committed Nov 15, 2019

PyYAML's yaml.load() function provides arbitrary code execution before
PyYAML v4.1 and is therefore deprecated - as of v5.1 - with a single
file argument as described in

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation



Use yaml.SafeLoader in TF-M generator scripts.

Change-Id: I9eee8805053dd653fca946c4376be3eebd4bfd53
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>

Define new TFM_RAM_CODE SRAM region in gcc and clang linker
scripts for code with .ramfunc attribute. This region is
intended for privileged secure code running from SRAM.

Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: I4ab72f878271f20d28dbdd1cbfb84ed814c16caf

In multi-core topology, Armv6-M/Armv7-M MPU requires a MPU region
base address to align with its size. Specify the starting address
of privileged secure data area when the multi-core platform defines
the S_DATA_PRIV_START. It can make MPU configuration more easier to
satisfy Armv6-M/Armv7-M MPU alignment on multi-core platforms.

Change-Id: I57904b772b352b1bbd1b4b9015093da258358e00
Signed-off-by: David Hu <david.hu@arm.com>

Adjust the secure data layout in ARMLANG linker script to support
build in multi-core topology.
- Armv6-M/Armv7-M MPU requires MPU region base address to align
  with MPU region size. Multi-core platforms may have to use
  multiple MPU regions to cover a data section which doesn't
  satisfy the alignment. The interleaved unprivileged/privileged
  data sections layout will run out of Armv6-M/Armv7-M MPU regions.
  To save both MPU regions and memory resource, separate the
  unprivileged and privileged secure data sections and group them
  into unprivileged/privileged data area respectively.
  Thus, multi-core platforms can just cover a whole unprivileged
  data area and a whole privileged data area, with much fewer MPU
  regions cost.
- Put privileged data sections at the bottom of secure data area
  to align with GCC linker script layout.
- Move BL2 shared data section and Main Stack to privileged data
  area in multi-core topology.
- Move Process Stack to privileged data area in multi-core
  topology.

Change-Id: I7e30906ce85cf325dc0ebde6711893f1a2835795
Signed-off-by: David Hu <david.hu@arm.com>

Adjust the secure data layout in GNUARM linker script to support
build in multi-core topology.
- Armv6-M/Armv7-M MPU requires MPU region base address to align
  with MPU region size. Multi-core platforms may have to use
  multiple MPU regions to cover a data section which doesn't
  satisfy the alignment. The interleaved unprivileged/privileged
  data sections layout will run out of Armv6-M/Armv7-M MPU regions.
  To save both MPU regions and memory resource, separate the
  unprivileged and privileged secure data sections and group them
  into unprivileged/privileged data area respectively.
  Thus multi-core platform can just cover a whole unprivileged data
  area and a whole privileged data area, with much fewer MPU regions
  cost.
- Put privileged data sections at the bottom of secure data area to
  make sure TFM_DATA and TFM_BSS sections are at the end.
  Otherwise, the two sections will collect data/bss from other
  sections.
- Move BL2 shared data section and Main Stack to privileged data
  area in multi-core topology.
- Move Process Stack to privileged data area in multi-core
  topology.

Change-Id: I544769542e5e65ca90b8bfb1af81f59e536fd006
Signed-off-by: David Hu <david.hu@arm.com>

Adds Musca-S1 target, using eMRAM for
code storage and execution.

Change-Id: Id4598d72861e7c9261c8b99e64ae8e0ebc290714
Signed-off-by: Bence Kaposzta <bence.kaposzta@arm.com>

 Adding tfm_ns_platform_init() function.

 Contrarily to SystemInit() intended for a high priority hw initialization
 (for example clock and power subsystems), and called on a very early boot
 stage from startup code, this function is called from C code, hence variables
 and other drivers data are protected from being cleared up by the C library
 init.

 This function can be used for initializing platform-specific hw resources
 (e.g. IPC, UART) thus freeing up application main() function from the platform
 details.

 Implemented as a "weak" functions, it can be overwritten by a platform
 specific implementation.

Signed-off-by: Andrei Narkevitch <ainh@cypress.com>
Change-Id: I16091d35a77ba3e246692cff9df7f31ea082ab27

Clarification added for the review process for design and code
contributions.
Steps added to explain how to create a ticket and patch.

Change-Id: I1402c58f65629b2dffa159b150c1a949af29c828
Signed-off-by: Ashutosh Singh <ashutosh.singh@arm.com>

Dávid Vincze authored Nov 06, 2019 and Mate Toth-Pal committed Nov 12, 2019

The command to install the cbor Python package was missing from
the 'Ubuntu setup' section.

Change-Id: Ic1ee1ce2fd0dcbd2e99284146ce63ce302164447
Signed-off-by: David Vincze <david.vincze@arm.com>

Update the Inter-Process Communication design document according to
the new PSA FF.

Change-Id: Ia048f862004d1c0fad39f0dcaff75d6527ed0848
Signed-off-by: Edison Ai <edison.ai@arm.com>

Change the structure type name to make it more understandable.
Refine the format and description of some comments.

Change-Id: I786000c45d567b4a7602a0489dd736a215eaf05b
Signed-off-by: Mingyang Sun <mingyang.sun@arm.com>

Add definitions of multi-core check access data types and HAL APIs.
Implement the general check process for Isolation Level 1 and 2
according to design document [1].
Implement simple check functions based on system memory region
layout. Multi-core platforms can invoke those functions to execute
basic check instead of walking through hardware protection unit
configurations.

[1] https://git.trustedfirmware.org/trusted-firmware-m.git/tree/docs/design_documents/tfm_multi_core_access_check.rst



Change-Id: I7efbe15108548748d9f9b9e3d7c36bae2432286d
Signed-off-by: David Hu <david.hu@arm.com>

Describe the general check process, data types and APIs definitions
of multi-core memory access check.

This design document of multi-core memory access check has been
reviewed and accepted as patch [1] on feature-twincpu branch

[1] https://review.trustedfirmware.org/c/trusted-firmware-m/+/1601



Change-Id: I5fd1b9923d318faae772eeee1d5bbd3741128ef8
Signed-off-by: David Hu <david.hu@arm.com>

Disable building single Armv8-M specific files in multi-core
topology.
Disable veneer setting in multi-core topology.

Change-Id: Ibc5d0a6cd4d6c8136cb0a99f124ef756d3f8cc5b
Signed-off-by: David Hu <david.hu@arm.com>

Add multi-core synchronization and NSPE mailbox initialization in
App main() for multi-core topology.

Change-Id: I1a2fd03bfe736eb3dbc7337feac5b6ef775eb34f
Signed-off-by: David Hu <david.hu@arm.com>

Add Non-secure PSA client call interface implementation in
multi-core topology.
Add multi-core specific lock/unlock to synchronize multi-core NS
PSA client call requests. Currently, only single NS PSA client call
request is supported.

Change-Id: I3317f3eafbf90a45cccf7459abb6b563800bad2e
Signed-off-by: David Hu <david.hu@arm.com>

Add reference example of NSPE mailbox implementation

Change-Id: I6b658459faaddbbc643761a93714a78df6fdbb38
Signed-off-by: David Hu <david.hu@arm.com>

Update NSPE mailbox APIs to align with Non-secure interface naming
convention.

Change-Id: I97d984c13f935bca8b3f28df5dd8d5c38b6c503d
Signed-off-by: David Hu <david.hu@arm.com>

Use the macro DEFAULT_UART_BAUDRATE in stdio_init to set UART baud rate
instead of the hardcoded value 115200.

Change-Id: Id33014f02b39b67f74321e71f082f3a707986e99
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>