Merge changes from topic "xlnx_fitimage_check" into integration
* changes:
fix(xilinx): update correct return types
fix(xilinx): add FIT image check in DT console
fix(xilinx): add FIT image check in prepare_dtb
diff --git a/Makefile b/Makefile
index 5edd385..81143e4 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 2
-VERSION_MINOR := 9
+VERSION_MINOR := 10
VERSION_PATCH := 0 # Only used for LTS releases
VERSION := ${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}
@@ -1191,7 +1191,6 @@
NS_TIMER_SWITCH \
OVERRIDE_LIBC \
PL011_GENERIC_UART \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
@@ -1354,7 +1353,6 @@
NS_TIMER_SWITCH \
PL011_GENERIC_UART \
PLAT_${PLAT} \
- PLAT_RSS_NOT_SUPPORTED \
PROGRAMMABLE_RESET_ADDRESS \
PSCI_EXTENDED_STATE_ID \
PSCI_OS_INIT_MODE \
diff --git a/changelog.yaml b/changelog.yaml
index 33e5e8c..1467ab4 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -150,6 +150,10 @@
scope: trf
- title: Platforms
+ scope: platforms
+
+ deprecated:
+ - plat/common
subsections:
- title: Allwinner
@@ -180,8 +184,8 @@
deprecated:
- arm_fgpa
- - arm_fpga
- plat/arm_fpga
+ - arm/fpga
- title: FVP
scope: fvp
@@ -254,6 +258,9 @@
- title: Broadcom
scope: brcm
+ - title: Cadence
+ scope: cadence
+
- title: HiSilicon
scope: hisilicon
@@ -499,6 +506,9 @@
- title: SBSA
scope: qemu-sbsa
+ deprecated:
+ - qemu_sbsa
+
- title: QTI
scope: qti
@@ -694,6 +704,9 @@
scope: spm
subsections:
+ - title: EL3 SPM
+ scope: el3-spm
+
- title: EL3 SPMC
scope: el3-spmc
@@ -719,6 +732,7 @@
- errata_abi
- title: Libraries
+ scope: lib
subsections:
- title: CPU Support
diff --git a/docs/about/features.rst b/docs/about/features.rst
index 4a2c77e..c12509d 100644
--- a/docs/about/features.rst
+++ b/docs/about/features.rst
@@ -108,6 +108,28 @@
- Position-Independent Executable (PIE) support.
+Experimental features
+---------------------
+
+A feature is considered experimental when still in development or isn't known
+to the TF-A team as widely deployed or proven on end products. It is generally
+advised such options aren't pulled into real deployments, or done with the
+appropriate level of supplementary integration testing.
+
+A feature is no longer considered experimental when it is generally agreed
+the said feature has reached a level of maturity and quality comparable to
+other features that have been integrated into products.
+
+Experimental build options are found in following section
+:ref:`build_options_experimental`. Their use through the build emits a warning
+message.
+
+Additionally the following libraries are marked experimental when included
+in a platform:
+
+- MPU translation library ``lib/xlat_mpu``
+- RSS comms driver ``drivers/arm/rss``
+
Still to come
-------------
diff --git a/docs/about/maintainers.rst b/docs/about/maintainers.rst
index aca5ec0..4531a03 100644
--- a/docs/about/maintainers.rst
+++ b/docs/about/maintainers.rst
@@ -67,6 +67,8 @@
:|G|: `bytefire`_
:|M|: Varun Wadekar <vwadekar@nvidia.com>
:|G|: `vwadekar`_
+:|M|: Yann Gautier <yann.gautier@st.com>
+:|G|: `Yann-lms`_
.. _code owners:
diff --git a/docs/about/release-information.rst b/docs/about/release-information.rst
index d6e2ee9..654d65f 100644
--- a/docs/about/release-information.rst
+++ b/docs/about/release-information.rst
@@ -81,6 +81,8 @@
| | Date | after | |
| | | Release | |
+================================+=============+=========+=========================================================+
+| Mbedtls-2.x | 2.10 | 2.10 | Support for TF-A builds with Mbedtls-2.x will be removed|
++--------------------------------+-------------+---------+---------------------------------------------------------+
| STM32MP15_OPTEE_RSV_SHM | 2.10 | 3.0 | OP-TEE manages its own memory on STM32MP15 |
+--------------------------------+-------------+---------+---------------------------------------------------------+
diff --git a/docs/change-log.md b/docs/change-log.md
index b660c73..cfc8c56 100644
--- a/docs/change-log.md
+++ b/docs/change-log.md
@@ -3,6 +3,985 @@
This document contains a summary of the new features, changes, fixes and known
issues in each release of Trusted Firmware-A.
+## [2.10.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.9.0..refs/tags/v2.10.0) (2023-11-21)
+
+### ⚠ BREAKING CHANGES
+
+- **Architecture**
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - This patch explicitly breaks the EL2 entry path. It is
+ currently unsupported.
+
+ **See:** convert FEAT_MTPMU to C and move to persistent register init ([83a4dae](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/83a4dae1af916b938659b39b7d0884359c638185))
+
+- **Libraries**
+
+ - **EL3 Runtime**
+
+ - **Context Management**
+
+ - Initialisation code for handoff from EL3 to NS-EL1
+ disabled by default. Platforms which do that need to enable this macro
+ going forward
+
+ **See:** introduce INIT_UNUSED_NS_EL2 macro ([183329a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/183329a5847df2bc6164ac8e9dbe7de4ca92836d))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - remove CryptoCell-712/713 support
+
+ **See:** remove CryptoCell-712/713 support ([b65dfe4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b65dfe40aef550ee9ef7e869749013cb7f3c4cce))
+
+### New Features
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - add AArch32 PAN detection support ([d156c52](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d156c5220adb35971aafa0b0de922992e4b8aa66))
+ - add memory retention bit define for CLUSTERPWRDN ([278beb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/278beb894aeda23278a01c3c6aff1f40b8ce0a34))
+ - deny AArch64-only features when building for AArch32 ([733d112](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/733d112f05ecb29f7d8fce12c66a9721031970df))
+ - initialize HFG*_EL2 registers ([4a530b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a530b4c6556c87deb22c027dfaf2c5d6c9997a3))
+
+ - **Memory Tagging Extension**
+
+ - adds feature detection for MTE_PERM ([4d0b663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d0b66323b242323ff738431c523aeb6d18dd3d5))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - introduce pmuv3 lib/extensions folder ([c73686a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c73686a11cea8f9d22d7df3c5480f8824cfeec09))
+
+- **Platforms**
+
+ - **Allwinner**
+
+ - use reset through scpi for warm/soft reset ([0cf5f08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cf5f08a205e4877c9daef5d90e1086643590226))
+
+ - **Arm**
+
+ - add IO policy to use backup gpt header ([3e6d245](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6d245772ccb4b43f1ba6cd9d1bb8abe86a516c))
+ - ecdsa p384/p256 full key support ([b8ae689](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b8ae68908de5560436c565ac22d59c0cbfc9a7df))
+ - enable FHI PPI interrupt to report CPU errors ([f1e4a28](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1e4a28d3f9e4c5e7905f44d41c13de63d735864))
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([5df1dcc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5df1dccd0be06cc45e82a57dc01be5b6b5d1a21b))
+ - save BL32 image base and size in entry point info ([821b01f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/821b01fa7521c0d6a0f16d02929fac3c44d14f86))
+ - add memory map entry for CPER memory region ([4dc91ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4dc91ac9069271325ffd3552a6a146256f5d0da3))
+ - firmware first error handling support for base RAMs ([5b77a0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b77a0e6759733d8a7de86e4492bd9b8628282d5))
+ - update common platform RAS implementation ([7f15131](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f15131df42a42fef86cc594a56b6e7998dd2ba4))
+
+ - **FVP**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([0605060](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06050601d2a0ff06f92ca30ab988cbaf4e9929a1))
+ - add public key-OID information in RSS metadata structure ([bfbb1cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfbb1cbaac3e74da37d906c9ce1d39993dce8b66))
+ - add spmd logical partition ([5cf311f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5cf311f3a41fc114289265305a6254a8fb412c0e))
+ - allow configurable FVP Trusted SRAM size ([41e56f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/41e56f422df47b8bc1a7699ff258999f900a6290))
+ - capture timestamps in bl stages ([ed8f06d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed8f06ddda52bc0333f79e9ff798419e67771ae5))
+ - implement platform function to measure and publish Public Key ([db55d23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/db55d23d34b687cf6ce79c0723fedf10ef7227be))
+ - increase BL1 RW area for PSA_CRYPTO implementation ([ce18938](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce189383dc816cf1a48c1a94329c00f44d8acdc3))
+ - mock support for CCA NV ctr ([02552d4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02552d45e526766e000f3e3ae91ef381d402dab1))
+ - new SiP call to set an interrupt pending ([2032401](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20324013b17706751ecdd68f57c0ab95c522ca7e))
+ - spmd logical partition smc handler ([a1a9a95](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a1a9a950713468a734ef3d8da210baf97f7c1071))
+
+ - **Juno**
+
+ - add mbedtls_asn1_get_len symbol in ROMlib ([ec8ba97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ec8ba97e4ffde486670cb5a22ec4aac01409d92e))
+
+ - **Morello**
+
+ - add cpuidle support ([4f7330d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f7330dc78ee620b8564a4bbc1ca2f2ae4cd1d9e))
+ - add support for I2S audio ([6bcbe43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bcbe437909d3779111e19774f911c625e98f1b3))
+ - add TF-A version string to NT_FW_CONFIG ([f4e64d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4e64d1f5e8277013c35dbd8e056b8071942f759))
+ - fdts: add CoreSight DeviceTree bindings ([3e6cfa7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6cfa7bd05521935c7753401dad823d044bfa23))
+ - set NT_FW_CONFIG properties for MCC, PCC and SCP version ([10fd85d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/10fd85d8f4a8f338942616ed403a1e02a388a16f))
+
+ - **RD**
+
+ - **RD-N2**
+
+ - enable base element RAM RAS support on RD-N2 platform ([0288632](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02886326659db3e4f46c0abd10be91a2de82cc90))
+ - add defines needed for spmc-el3 ([b4bed4b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4bed4b769e907c8431b07f698da24660dfe0059))
+ - add plat hook for memory transaction ([f99dcba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f99dcbace7015169ac5d230b8007686d144962fb))
+ - enable Neoverse N2 CPU error handling support ([e802748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e80274880bf694fd0b0e869a6ceb67e95e547544))
+ - introduce accessor function to obtain datastore ([f458934](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f45893426546703d9e21970889e6333ca30c0dd7))
+ - introduce platform handler for Group0 interrupt ([c47d049](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c47d0491ed078cfa8ca400e182fd4a44acd8041a))
+
+ - **SGI**
+
+ - remove RAS setup call from common code ([0f5e8eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f5e8eb4536e27f5fd99b1367b18710927b014b9))
+ - firmware first error handling for Neoverse N2 CPU ([31d1e4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31d1e4ff8dd70dc0094ff44df0c1844d27430e77))
+ - increase sp memmap size ([7c33bca](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c33bcab5973fb73b8278c674677663f5109948e))
+
+ - **TC**
+
+ - define memory ranges for tc platform ([9be6b16](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9be6b168fb482835a13ad39e7567721f74d513f9))
+ - implement platform function to measure and publish Public Key ([eee9fb0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eee9fb02f7b2c29befa27a0f2f0b6cb966f6d7c5))
+ - deprecate Arm TC1 FVP platform ([6a2b11c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a2b11c29da50eed969834f6c6ee97cdb90cb51e))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add Aspeed AST2700 platform support ([85f199b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85f199b774476706b21f793503b36d861cab0a14))
+
+ - **Intel**
+
+ - add intel_rsu_update() to sip_svc_v2 ([e3c3a48](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3c3a48c85dd1478e311e2e773a22fecfda69ec5))
+ - ccu driver for Agilex5 SoC FPGA ([02df499](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02df49900006ed44b4a0c239299dd45ca8509c17))
+ - clock manager support for Agilex5 SoC FPGA ([1b1a3eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1b1a3eb1edff99b49bb40ad4172073d04a230938))
+ - cold/warm reset and smp support for Agilex5 SoC FPGA ([79626f4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/79626f460f115cc32b0dbeb48e72828d2dbf662a))
+ - ddr driver for Agilex5 SoC FPGA ([29461e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/29461e4c880235532385c01f202e638fb5ba11de))
+ - mailbox and SMC support for Agilex5 SoC FPGA ([8e59b9f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e59b9f42374aaa641409b6469c8fe9245a33107))
+ - memory controller support for Agilex5 SoC FPGA ([18adb4e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/18adb4efa42946252b489d02f06cccb61ad0c867))
+ - mmc support for Agilex5 SoC FPGA ([4a577da](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4a577da6612ef6584695311e687ca00c57d68d53))
+ - pinmux, peripheral and Handoff support for Agilex5 SoC FPGA ([fcbb5cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fcbb5cf7eadb8b048149941b08f09d04a860fee0))
+ - platform enablement for Agilex5 SoC FPGA ([7931d33](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7931d3322dc137447981d261e900f5a62d2181ee))
+ - power manager for Agilex5 SoC FPGA ([a8bf898](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a8bf898f02185ed838d8039949800843146ab245))
+ - reset manager support for Agilex5 SoC FPGA ([9b8d813](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9b8d813cc96173ce8ab7634dea17fb7f89b21626))
+ - restructure sys mgr for Agilex ([6197dc9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6197dc98feba98c3e123256424d2d33d5de997b8))
+ - restructure sys mgr for S10/N5X ([b653f3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b653f3caf0f5e624604564c8c89ac8f4b450ba20))
+ - sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA ([ddaf02d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ddaf02d17142187d9f17acd4900aafa598666317))
+ - setup SEU ERR read interface for FP8 ([91239f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91239f2c05c5df041e4a570a9d29c0ccbc34269a))
+ - system manager support for Agilex5 SoC FPGA ([7618403](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7618403110dad81c84822332225a7a687dc7f684))
+ - uart support for Agilex5 SoC FPGA ([34971f8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34971f816a777df5afb6672990b9eceda60e84b7))
+ - vab support for Agilex5 SoC FPGA ([4754925](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4754925057b27d5992d4c913276602666d303b01))
+
+ - **MediaTek**
+
+ - add APU bootup control smc call ([94a9e62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a9e6243e3978b42017639dad93481267bcf6e4))
+ - add APU watchdog timeout control ([baa0d45](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/baa0d45ced6b058681ade9213e30ab0e91f4f4fb))
+
+ - **MT8188**
+
+ - add apusys ao devapc setting ([777e3b7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/777e3b71bb0a37f98b4105af657d97c2afc2d0bc))
+ - add backup/restore function when power on/off ([233d604](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/233d604f500b5693b0caa6bcfdf0e2f766fd4cbd))
+ - add devapc setting of apusys rcx ([5986ae5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5986ae57aa4468b392d0f5fcb8b5bc04388fa3e2))
+ - add DSB before udelay ([b254b98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b254b9815ee25c90264a2305940bc575910f55e4))
+ - add emi mpu protection for APU secure memory ([176846a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/176846a50b73267ff787432f74a1d9607b57ed20))
+ - add EMI MPU support for SCP and DSP ([013006f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/013006f1f889f5869502147af464e38619459463))
+ - add support for SMC from OP-TEE ([34d9d61](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34d9d619f1c58549736b63aa5c5cddd7f171762e))
+ - enable apusys domain remap ([b5900c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b5900c92a1579371ea6f40199c70673beb08b1ac))
+ - enable apusys mailbox mpu protect ([ad7673a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad7673adef9bc5eaeef333ecaca8e85e82abe342))
+ - increase TZRAM_SIZE from 192KB to 256KB ([aa1cb27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aa1cb279b62d82e3d6e7b6ec17b9eb71d598497e))
+ - modify APU DAPC permission ([d06edab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d06edabfd14e0d196139fb1c780017f34366ae0d))
+ - update return value in mtk_emi_mpu_sip_handler ([d07eee2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d07eee245b3fcc6b276969df34dc63ded1d4c8a2))
+
+ - **MT8195**
+
+ - increase TZRAM ([4f79b67](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f79b67250641f67327c3e351d2f8339e8fd2d26))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - add dummy 'plat_mboot_measure_key' function ([b9bceef](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b9bceef8eebf5c0f7f213921cca885a3f3c64ec1))
+
+ - **i.MX 8M**
+
+ - add more dram pll setting ([8947404](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/89474044a59d74cc088eb09292e99a3ca623fe33))
+ - detect console base address during runtime ([df730d9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/df730d94cb5850683371dd695e242a0c3817f070))
+ - enable snvs privileged registers access ([8d150c9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8d150c9524b1459b61c9d881100e20da827c1bd0))
+ - move the gpc reg & macro to a separate header file ([2a6ffa9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a6ffa99afb6091110231381d1263407e9d88c3f))
+
+ - **i.MX 8M Nano**
+
+ - add workaround for errata ERR050362 ([8562564](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85625646692597ba8a1829efaadf56163450efaf))
+
+ - **i.MX 9**
+
+ - **i.MX93**
+
+ - add cpuidle and basic suspend support ([422d30c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/422d30c626beef689967b56d26a68f029e7b7cf9))
+ - add OPTEE support ([27a0be7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27a0be77a064cbc87aaefecbf45fe0a2b133b188))
+ - add reset & poweroff support ([cf7ef4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf7ef4c762ddb573ffb6f1f434c04fdc52f6c2cf))
+ - add the basic support ([2368d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2368d7b157c169b84bc46d3d8a57d080507e81bd))
+ - add the trdc driver ([2935291](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2935291009c2933714a027b7b5cd1c8e41f70aff))
+ - allow SoC masters access to system TCM ([3d3b769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3d3b769a7c112bff9468dbb21e36ce44125a72c0))
+ - protect OPTEE memory to secure access only ([f560f84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f560f843bdc0e33ef47918a6c10676fa6aff95ac))
+ - update the ocram trdc config for did10 ([eb76a24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb76a2416a9bd5239db7b55d846bd2a16eec417a))
+
+ - **QEMU**
+
+ - add sdei support for QEMU ([cef76a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef76a7c5df7056cb73667e4e0b83d022e1b50fa))
+ - add "cortex-a710" cpu support ([4734a62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4734a62d2c22f5b6a1e2b0369248d42fb9eddd1b))
+ - add "neoverse-n2" cpu support ([408f9cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408f9cb485796a73c5b87da70644665a13c685e4))
+ - add "neoverse-v1" cpu support ([6d8d7d2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d8d7d2380d5120b3235c6f00eddcab126c3d648))
+ - add "neoverse-v1" cpu support ([214de62](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/214de62c92b2fc4b7edda9d9d637b7a4c0ba1fa5))
+ - add A55 cpu support for virt ([409c20c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/409c20c84dcfa61de68754152f331a7277609fb2))
+ - add dummy plat_mboot_measure_key() BL1 function ([8e2fd6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8e2fd6a84b17fde92cef48ecaccdc3b666ef0588))
+ - add dummy plat_mboot_measure_key() function ([f0f11ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f0f11acd86650da04a41298acbf4ae38b7e25894))
+ - implement firmware handoff on qemu ([322af23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/322af23445fe7a86eaad335b8a0f2ed523f5c1df))
+
+ - **SBSA**
+
+ - handle platform version ([c681d02](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c681d02c6ce2652307a4fcef16bd5626135dfad9))
+ - handle GIC base ([1e67b1b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1e67b1b17a1692dd653d31016ccd8fa18b5f8f67))
+ - handle GIC ITS address ([4171e98](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4171e981d13e6aa764c2520a2b513beafe449818))
+
+ - **QTI**
+
+ - **MSM8916**
+
+ - add port for MDM9607 ([78aac78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/78aac78ad246ac8a04e1946bb9cd41b5734ba909))
+ - add port for MSM8909 ([cf0a75f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cf0a75f04df8e90c7958304e6e0499a7d2e2519c))
+ - add port for MSM8939 ([c28e96c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c28e96cd52f8fbdbbfd0bbc8bacef353ac65bfd6))
+ - add SP_MIN port for AArch32 ([45b2bd0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/45b2bd0acbf4678eb59d36eb0db7746f5286a868))
+ - add Test Secure Payload (TSP) port ([6b8f9e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6b8f9e16a7849852abaf190f96130462f70eae17))
+ - allow selecting which UART to use ([aad23f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/aad23f1a2c109fb853e498c17fa1e97fbdb6522c))
+ - clear CACHE_LOCK for MMU-500 r2p0+ ([d9b0442](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9b04423cfbf18cb510fb8e65ad02e7a1f4fe873))
+ - initialize CCI-400 for multiple clusters ([1240dc7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1240dc7ef11e850bdf7a4e66de3d858e26555842))
+ - power on L2 caches for secondary clusters ([c822d26](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c822d26506a589d4fa017246eeb83627f2efb554))
+
+ - **ST**
+
+ - add RCC registers list ([4cfbb84](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4cfbb84aeb361d8e4d72f0b0652d02918168b55e))
+ - allow AARCH64 compilation for common code ([dad7181](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dad718169815f7cec09144b770fc66c6d9c58d17))
+ - introduce new platform STM32MP2 ([35527fb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/35527fb41829102083b488a5150c0c707c5ede15))
+ - support gcc as linker ([7762531](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7762531216a599d98dcf88aef8f8e980e0db90ed))
+ - update STM32MP DT files ([4c8e8ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4c8e8ea772905c1420720a900dd3e7d94eefbc7e))
+
+ - **STM32MP1**
+
+ - add FWU with boot from NOR-SPI ([dfbadfd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dfbadfd96b6f3d383e8f1c3c8b0c91ca2110ea2e))
+
+ - **STM32MP15**
+
+ - disable OP-TEE shared memory ([fb1d3bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb1d3bd9330ce70f735a344dd4223faffb261118))
+
+ - **STM32MP2**
+
+ - add console configuration ([87a940e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/87a940e027dd11d0ec03ec605f205374b18361ba))
+ - generate stm32 file ([e5839ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5839ed79e34b8aa8c7c94da8c79e8ee8a7467df))
+
+ - **Texas Instruments**
+
+ - add TI-SCI query firmware capabilities command support ([7ab7828](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ab782801f8c78ae6a8293d25cad687c86a4ac4e))
+ - query firmware for suspend capability ([ce1008f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ce1008fef1ace613bc36886fd1627164edfef245))
+ - remove extra core counts in cluster 2 and 3 ([e986845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e9868458e6de2ffb3c08e2fafa444a812b895337))
+
+ - **Xilinx**
+
+ - add support to get chipid ([0563601](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0563601f03f0404bbc57464d3458c07614f920ca))
+ - clean macro names ([bfd0626](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfd0626554374dd94a0105a5633df0afeae731b1))
+ - fix IPI calculation for Versal/NET ([69a5bee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69a5bee4c3633fd963d97f90f3a98e95a640d2da))
+ - move IPI related macros to plat_ipi.h ([b2258ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2258ce30cf720d71b1022c9cbee135c879027c5))
+ - remove crash console unused macros ([473ada6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/473ada6be65af7fdad85845336f42ed481eea11b))
+ - setup local/remote id in header ([068b0bc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/068b0bc6e39f1fc18f9450619942c711f860a7e2))
+ - switch boot console to runtime ([9c1c8f0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c1c8f010143e179dee76381f3796f3801e6d220))
+ - sync macro names ([04a4833](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/04a483359fef61353d95619e84ec6b495b27adfb))
+ - used console also as crash console ([3e6b96e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3e6b96e869238f21c8887b835c3bfed487dbe653))
+
+ - **Versal**
+
+ - add support for SMCC ARCH SOC ID ([079c6e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/079c6e2403fd07db2b41f7c6e7e8c568467a2c6b))
+ - add tsp support ([7ff4d4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ff4d4fbe58273541da86fa72786d4bd4604be9a))
+ - ddr address reservation in dtb at runtime ([56d1857](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56d1857efc21cff5e75aa65bba21e333a8552d04))
+ - enable assertion ([0375188](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0375188a3e114edf62a732e80ea0f08dde3bf0b0))
+ - retrieval of console information from dtb ([7c36fbc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7c36fbcc13793899390a01a9b4a623ff2fbf7ee1))
+
+ - **Versal NET**
+
+ - add cluster check in handoff parameters ([01c8c6a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/01c8c6a5542fbf09fa91bbdbc95b735bbc9f02d7))
+ - add support for SMCC ARCH SOC ID ([1873e7f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1873e7f7d879c3d0aba54c3785df534b9a7037b7))
+ - add the IPI CRC checksum macro support ([ba56b01](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ba56b012c8ba8e5c4e6f77ab8a921e494d040a44))
+ - add tsp support ([639b367](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/639b3676cc30dcf3e3e4d478906e7f7f37a7f1e4))
+ - ddr address reservation in dtb at runtime ([46a08aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/46a08aab4c56ad9e3f57b127a02fead1e6b8cf38))
+ - enable assertion ([80cb4b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80cb4b14049c01df9a57cad9d1b94b10f904462f))
+ - get the handoff params using IPI ([a36ac40](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a36ac40c4e93e56380374301f558f508ad2cbf96))
+ - remove empty crash console setup ([6a14246](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6a14246ad469664b56f1fdb111433515ffcccaf6))
+ - retrieval of console information from dtb ([a467e81](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a467e813a362fae69484e70ecb26fd8b14489d38))
+
+ - **ZynqMP**
+
+ - enable assertion ([2243ba3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2243ba3c38ae5bab894709a4e98f188815398ef1))
+ - remove pm_ioctl_set_sgmii_mode api ([7414aaa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7414aaa1a1e31df66866f0e1c97ba7c9add2427f))
+ - retrieval of console information from dtb ([3923462](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3923462239c9e54088bd5b01fd5df469b2758582))
+
+ - **Nuvoton**
+
+ - added support for npcm845x chip ([edcece1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edcece15c76423832fc1ffdb255528bf4c719516))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - add gpt support ([6ed98c4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6ed98c45db01023d52a47eb4ede0ffb44de85f00))
+
+ - **BL31**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([f5e1bed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f5e1bed2669cce46a1d7c6b8d3f8f884b4d589b3))
+
+ - **BL32**
+
+ - print entry point before exiting SP_MIN ([94e1be2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94e1be2b2918d8e70ac33cc8551e913d75e86398))
+
+- **Services**
+
+ - **RME**
+
+ - save PAuth context when RME is enabled ([13cc1aa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/13cc1aa70a666bc8f768569e5481b3daf499b7d1))
+
+ - **RMMD**
+
+ - enable SME for RMM ([f92eb7e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f92eb7e261bdaea54c10ad34451a7667a6eb4084))
+ - pass SMCCCv1.3 SVE hint bit to RMM ([6788963](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/678896301b807cb1130ca27fa53acc66d57b855e))
+
+ - **RMM**
+
+ - update RMI VERSION command as per EAC5 ([ade6000](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ade6000ff0b3aa41d581d5738ce42f5ea4d3b77d))
+
+ - **SPM**
+
+ - separate StMM SP specifics to add support for a S-EL0 SP ([549bc04](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549bc04f148f3b42ea0808b9ab0794a48d67007d))
+
+ - **EL3 SPMC**
+
+ - add a flag to enable support to load SEL0 SP ([801cd3c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/801cd3c84a7bb8a66c5a40de25e611ec6448239c))
+
+ - **SPMD**
+
+ - add partition info get regs ([0b850e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b850e9e7c89667f9a12d49492a60baf44750dd9))
+ - add spmd logical partitions ([890b508](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/890b5088203e990d683a9c837e976be62c6501aa))
+ - el3 direct message API ([66bdfd6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66bdfd6e4e6d8e086a30397be6055dbb04846895))
+ - get logical partitions info ([95f7f6d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/95f7f6d86a6aadc9d235684fd1aa57ddc4c56ea9))
+
+ - **ERRATA ABI**
+
+ - add support for Cortex-X3 ([9c16521](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9c16521606b1269ef13a69ec450b8d14ef92bde9))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - add a concise way to implement AArch64 errata ([3f4c1e1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f4c1e1e7b976e6950cbcc4ddf8c32e989d837ac))
+ - add a way to automatically report errata ([4f748cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4f748cc44cb12160dfca86d94a1075f38f7c99e4))
+ - add errata framework helpers ([445f7b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/445f7b5191992c760e1089f566b94473a0432a1e))
+ - add more errata framework helpers ([94a75ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94a75ad456a8bda75ca1e4343f00be249a201a69))
+ - add support for Gelas CPU ([02586e0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/02586e0e28e590fbc5e8461cfdc03db08485c14f))
+ - add support for hermes cpu ([a00e907](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a00e907696dd7dcae9ec221ea4ee49d4179a8e2a))
+ - add support for Nevis CPU ([5497958](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/549795895cae55b11c1a7ce522aa6740de863fb4))
+ - add support for Travis CPU ([a0594ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0594add2e2661a1b1e1f392bf015687004197bb))
+ - conform DSU errata to errata framework PCS ([ee6d04d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee6d04d449d7a23840bab00f3d3ffd88c6c7bca6))
+ - make revision procedure call optional ([4d22b0e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d22b0e5ba01b423f9f5200e4702750102635145))
+ - wrappers to propagate AArch32 errata info ([34c51f3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/34c51f327d47653637cf3604b4cd20819e795f25))
+
+ - **EL3 Runtime**
+
+ - modify vector entry paths ([d04c04a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d04c04a4e8d968f9f82de810a3c763474e3faeb7))
+
+ - **RAS**
+
+ - reuse SPM_MM specific defines for SPMC_AT_EL3 ([6e92a82](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e92a82c81d2b0e49df730f68c8312beec1d3b48))
+ - use FEAT_IESB for error synchronization ([6597fcf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6597fcf169fa548d40f1e63391d12d207c491266))
+
+ - **Translation Tables**
+
+ - detect 4KB and 16KB page support when FEAT_LPA2 is present ([bff074d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bff074dd941d4fb51d6abade5db4b636f977d6f7))
+
+ - **C Standard Library**
+
+ - add %X to printf/snprintf ([483edc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/483edc207a533a5eaf07fa1e2c47f29f1dc64e4a))
+ - implement memcpy_s in lib ([f328bff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f328bff667c12099e82de6e94f3775a124ee78c7))
+
+ - **PSA**
+
+ - interface with RSS for retrieving ROTPK ([50316e2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/50316e226fbbe30b5eb4121225958a9b63e58bb1))
+
+ - **Firmware Handoff**
+
+ - introduce firmware handoff library ([3ba2c15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ba2c15147cc0c86342a443cd0cbfab3d2931c06))
+ - port BL31-BL33 interface to fw handoff framework ([94c90ac](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/94c90ac8168f4e257b67e138a53a2dbc612e4194))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - add CCA NV ctr to CCA CoT ([e3b1cc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e3b1cc0c51c7b0bae6abd81e15e4c2a00442c5db))
+ - add explicit entries for key OIDs ([0cffcdd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0cffcdd617986f0750b384620f5b960059d91fc9))
+ - create a zero-OID for Subject Public Key ([9505d03](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9505d03e368d8e620c4defeb53dad846d5bc7e62))
+ - ecdsa p384 key support ([557f7d8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/557f7d806a62a460404f8d1bec84c9400585930b))
+ - measure and publicise the Public Key ([9eaa5a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9eaa5a09ed5805ec6423bc751b4254fba19090c1))
+
+ - **mbedTLS**
+
+ - update to 3.4.1 ([e686cdb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e686cdb450bbf01d42850457f83e45208a2655f8))
+ - add deprecation notice ([267c106](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/267c106f02e6996071985adbe695406a4978e97f))
+
+ - **mbedTLS-PSA**
+
+ - initialise mbedtls psa crypto ([4eaaaa1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4eaaaa19299040cfee0585d7daa744dee716d398))
+ - introduce PSA_CRYPTO build option ([5782b89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5782b890d29646924d8bd3f46acdc73a6e02feb2))
+ - mbedTLS PSA Crypto with ECDSA ([255ce97](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/255ce97d609a93ab5528a653735abc46c2627e8f))
+ - register an ad-hoc PSA crypto driver ([38f8936](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/38f893692ad9b8edb5413f4b2b9cd15a9b485685))
+ - use PSA crypto API during hash calculation ([484b586](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/484b58696d627c68869d86e2c401a9088392659e))
+ - use PSA crypto API during signature verification ([eaa62e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eaa62e825e31fb22a6245d9a5ab9cf5c9f8c0e46))
+ - use PSA crypto API for hash verification ([2ed061c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2ed061c43525b8a9cd82b38d31277a8df594edd5))
+
+ - **Measured Boot**
+
+ - introduce platform function to measure and publish Public Key ([2971bad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2971bad8d48c6f0ddb7436efd16375bd72ade6bd))
+
+ - **GUID Partition Tables Support**
+
+ - add interface to init gpt ([f08460d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f08460dc085283f25fd6b5df792f263ccdf22421))
+ - add support to use backup GPT header ([ad2dd65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ad2dd65871b4411c735271f98a4fa5102abb2a00))
+
+ - **Arm**
+
+ - **Ethos-N**
+
+ - update npu error handling ([4796d2d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4796d2d9bb4a1c0ccaffa4f6b49dbb0f0304d1d1))
+
+ - **RSS**
+
+ - set the signer-ID in the RSS metadata ([60861a0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60861a04e06d98ba6a9ae984cc5565f064fac9d1))
+
+ - **ST**
+
+ - **Clock**
+
+ - allow aarch64 compilation of STGEN functions ([b1718c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1718c6382cff096c46dd216b5c99586eb303d29))
+ - stub fdt_get_rcc_secure_state ([19c3808](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/19c38081d3cbb4062d8894e6c3ec3c4e1d01a767))
+
+ - **UART**
+
+ - add AARCH64 stm32_console driver ([c6d070c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d070cdba2c9a37b2253354f4cc3ba7e127e35d))
+
+- **Miscellaneous**
+
+ - **AArch64**
+
+ - add stack debug information to assembly routines ([f832885](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f8328853031ab6dfc57059ff181138babc7779a0))
+
+ - **DT Bindings**
+
+ - add the STM32MP2 clock and reset bindings ([3ccb708](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ccb708ecede0858c3c8633942dd9ceec1511fa5))
+
+ - **FDTs**
+
+ - **Morello**
+
+ - add thermal framework ([0b22160](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0b221603e909cd493feeaab96d9c6f5458c628a8))
+
+ - **STM32MP2**
+
+ - add stm32mp257f-ev1 board ([9aa5371](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9aa5371f2fde18ed9ef466f3ee08e599bcdca2dd))
+ - introduce stm32mp25 pinctrl files ([2c62cc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c62cc4a879b3ca5414227a2ddcd965814f3d112))
+ - introduce stm32mp25 SoCs family ([0dc283d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0dc283d29e4d962553046ea7ba30e90ea64f6d3d))
+
+ - **TBBR**
+
+ - add image id for backup GPT ([1051606](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1051606c3df3b5a0ebd4e4dad1e5e4a57e2f4d69))
+ - update PK_DER_LEN for ECDSA P-384 keys ([c1ec23d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c1ec23dd60954582a9b5dd49e85b092e9ece0680))
+
+- **Documentation**
+
+ - introduce STM32MP2 doc ([ee5076f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ee5076f9716591333f1f5aa73b02c130c57917db))
+ - save BL32 image base and size in entry point info ([31dcf23](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31dcf2345172de50b098d7a080c65ee6faa87df8))
+ - add a threat model for TF-A with Arm CCA ([4463541](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/446354122cea54255630d250064f5f889045acb0))
+ - cover threats inherent to receiving data over UART ([348446a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/348446ad2a836f7fa0ab05cdf6142342a1c4a4b3))
+ - add a section for experimental build options ([4885600](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48856003bfaf8c8d0ce7b29e2e1262f7f1dfbb5d))
+
+- **Build System**
+
+ - include plat header in fdt build ([e03dcc8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e03dcc8f5ee2c2c48732745c5c364951eb36ceec))
+ - manage patch version in Makefile ([055ebec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/055ebeca1b642ae69885a95e3c102f95d567a11e))
+ - march option selection ([7794d6c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7794d6c8f8c44acc14fbdc5ada5965310056be1e))
+ - pass CCA NV ctr option to cert_create ([0f19b7a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0f19b7aada428e0ca69d27ab016928b8fbc64a79))
+ - .gitignore to include memory tools ([82257de](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/82257de06df2f744b12907079d5224bd56704de1))
+ - allow gcc linker on Aarch32 platforms ([cfe6767](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cfe6767f7dd483f1bd76b2ba88a75809e013c5bd))
+ - bump certifi to version 2023.7.22 ([6cbf432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cbf43204f3ca7cc6db621652da182743748af3f))
+ - convert tabs and ifdef comparisons ([72f027c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/72f027c335a9e20e479e0d684132401546685616))
+ - convert tabs to spaces ([1ca73b4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca73b4f4a0f6929a6649b4eb12e4ce45644a892))
+ - disable ENABLE_FEAT_MPAM for Aarch32 ([a07b459](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a07b4590dd06c9e27ec6d403003bcf55afa9dc27))
+ - include Cortex-A78AE cpu file for FVP ([b996db1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b996db168dcdac89245bb2cb60212e3e1b3ad061))
+ - pass parameters through response files ([430be43](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/430be4396bbf779c9d2cac0ed8fefd07c7b8fde2))
+ - remove duplicated include order ([c189adb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c189adbd5559a31078749fd3ddd483337ad609f6))
+ - remove handling of mandatory options ([1ca902a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1ca902a537d622b9f7f53f872586120ae75e2603))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - add ability to build statically ([4d4fec2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4d4fec281861066ab2249bc3db7c2decdd176f34))
+
+ - **Secure Partition Tool**
+
+ - generate `ARM_BL2_SP_LIST_DTS` file from `sp_layout.json` ([20629b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/20629b3153bccdda32116ed5c4861e61fa1fba95))
+
+ - **Certificate Creation Tool**
+
+ - add new option for CCA NV ctr ([60753a6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/60753a63290e255d6c4d34d0145ac00e8d69c9cf))
+ - add pkcs11 engine support ([616b3ce](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/616b3ce27d9a8a83a189a16ff6a05698bc6df3c8))
+ - ecdsa p384 key support ([c512c89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c512c89cde91f10e1b283522ac956fa4da85a797))
+
+ - **Memory Mapping Tool**
+
+ - add tabular memory use data ([d9d5eb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d9d5eb138ded8d4abeaf0cd1341ddf451aa299b8))
+ - add topological memory view ([cc60aba](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cc60aba227e74a171c924146a0b745450af72f3d))
+
+### Resolved Issues
+
+- **Architecture**
+
+ - **CPU feature / ID register handling in general**
+
+ - move nested virtualization support to optionals ([8b2048c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b2048c1c019d799d1806926724c2fbbc399c4c1))
+
+ - **Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)**
+
+ - refine MPAM initialization and enablement process ([edebefb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/edebefbcbc01f4ab67a7838e0191736fd9ee0192))
+
+ - **Performance Monitors Extension (FEAT_PMUv3)**
+
+ - make MDCR_EL3.MTPME=1 out of reset ([33815eb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/33815eb7194e662169676b2ce88ee4785aac9ccd))
+
+- **Platforms**
+
+ - register PLAT_SP_PRI only if not already registered ([bf01999](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bf01999aba3949e810b7c66d3a164c4e3a964bf8))
+
+ - **Arm**
+
+ - add Event Log area behind Trustzone Controller ([d836df7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d836df71ea50e0863f7858f71b06653058e64140))
+ - correct the SPMC_AT_EL3 condition ([a0ef1c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a0ef1c0ef030e8fee8ad8f8a5f4a0fa911403a7c))
+ - fix GIC macros for GICv4.1 support ([f1df8f1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1df8f10c6906519c54483f1f7a67f5cc507ec31))
+ - add RAS_FFH_SUPPORT check for RAS EHF priority ([1c01284](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1c012840cab6529edbbc1bc7e3bcba11477a6955))
+ - do not program DSU CLUSTERPWRDN register ([3209b35](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3209b35d2a372e71b96f3efbd7631d32518dc9b7))
+
+ - **FPGA**
+
+ - enable CPU features required for ARMv9.2 cores ([b321c24](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b321c243423b9341bc04e839a795ff31247eacd5))
+
+ - **FVP**
+
+ - adjust BL2 maximum size as per total SRAM size ([965aace](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/965aacea919525baa03308a5a08205e506be0bf4))
+ - adjust BL31 maximum size as per total SRAM size ([24e224b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/24e224b41cc6fda4b507861cf8e409d8e4a3f7cd))
+ - conditionally increase XLAT and MMAP table entries ([03cf4e9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/03cf4e9aad2774ce221ccfe6f345ffcc8aabee4a))
+ - extract core id from mpidr for pwrc operations ([70bc744](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/70bc74441b9901ee91ebb32be1def1e645374488))
+ - increase maximum MMAP and XLAT entries count ([12fe591](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12fe591b3e05255c167c5a9e21eaac2a9946f55c))
+ - increase the maximum size of Event Log ([f1dfaa4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1dfaa42cf1a93523501ce694260d88acee7c0c0))
+ - resolve broken workaround reference ([bcb3ea9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bcb3ea92f8626e48340bd65c7c3007953e0ee8f4))
+ - update pwr_domain_suspend ([f51d277](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f51d277de3e5f84eafafb32596ca0b154d11c4d5))
+ - update system suspend in OS-initiated mode ([e0ef05b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e0ef05bb2c260e0441186dd8647dea531bb1daf3))
+
+ - **Morello**
+
+ - configure platform specific secure SPIs ([80f8769](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80f8769b26efcbce842d0ed62950603dfd83ef9b))
+
+ - **N1SDP**
+
+ - configure platform specific secure SPIs ([7b0c95a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7b0c95abc8e399a4a676647f4cffffa7ed21b3e6))
+ - fix spi_ids range for n1sdp multichip boot ([31f60a9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/31f60a968347497562b0129134928d7ac4767710))
+
+ - **SGI**
+
+ - update PLAT_SP_PRI macro definition ([6f689a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f689a51a577f740b341744e62c667733a79df94))
+
+ - **TC**
+
+ - Correct return type ([b0542b5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b0542b58ca77b922cf879dfb7d38356b32399c56))
+ - rename macro to match PSA spec ([1fc20d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1fc20d7f523e5c4bafb23584b1309ca432307ea4))
+
+ - **Corstone-1000**
+
+ - add cpu_helpers.S to platform.mk ([cb27274](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cb27274c9964deab3b613a48c1f293c122126ee5))
+ - modify boot device dependencies ([3ff5fc2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3ff5fc2b35638afea2fad3cd0c76dcadc1adb8c2))
+ - removing the signature area ([5856a91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5856a91a641a4cd7403143bb90b098855a77ac16))
+
+ - **Aspeed**
+
+ - **AST2700**
+
+ - add device mapping for coherent memory ([cef2e92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cef2e92568045da4e1d26a9ebfb38b0176b4ec33))
+
+ - **Broadcom**
+
+ - fix misspelled header inclusion guard ([a9779c1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9779c11daa251abb9c523b4e01e6ef26c7d46fc))
+
+ - **Cadence**
+
+ - update console flush uart driver ([e27bebb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e27bebb0fe84bf58eed1fb61a65da9280309f24e))
+
+ - **Intel**
+
+ - fix ncore ccu snoop dvm enable bug ([106aa54](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/106aa54d922c8d0980c527530cbb417141fe3f83))
+ - resolved coverity checking ([1af7bf7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1af7bf71c042add4f473c056f850a8a4792b6bbd))
+ - update boot scratch cold register to use cold 8 ([655af4f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/655af4f49278476ebac6bb865e325eca865684f2))
+ - update checking for memcpy and memset ([c418064](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c418064eb5ae2f223457e4a25a91f379e8cf5223))
+
+ - **MediaTek**
+
+ - support saving/restoring GICR registers ([f73466e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f73466e9a2fe35fc31a7a58a2e24308a9db341d7))
+
+ - **NVIDIA**
+
+ - **Tegra**
+
+ - return correct error code for plat_core_pos_by_mpidr ([6bd79b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6bd79b13f8a8566d047ff25da9110a887b4e36e7))
+
+ - **NXP**
+
+ - **i.MX**
+
+ - **i.MX 8M**
+
+ - make IMX_BOOT_UART_BASE autodetection option more obvious ([101f070](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/101f07022a0337b074c03e60078b94789bc766f6))
+ - map BL32 memory only if SPD_opteed or SPD_trusty is enabled ([4827613](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/4827613c9a8db6238e9411b508ef20bda3113146))
+
+ - **QEMU**
+
+ - fix 32-bit builds with stack protector ([e57ca89](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e57ca899efe414bd685e89e335a21d15a25b04f8))
+
+ - **SBSA**
+
+ - align FIP base to BL1 size ([408cde8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/408cde8a59080ac2caa11c4d99474b2ef09f90df))
+
+ - **QTI**
+
+ - **SC7280**
+
+ - update pwr_domain_suspend ([a43be0f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a43be0f61003df1d8cf01bd706d5af305428c022))
+ - update system suspend in OS-initiated mode ([0a9270a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0a9270abe82b396bf6fa15c7eb39c3499452686a))
+
+ - **Renesas**
+
+ - **R-Car**
+
+ - add mandatory fields in 'reserved-memory' node ([f945498](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f945498faab3bd44f0f957931809de2f59517814))
+
+ - **R-Car 3**
+
+ - fix CPG register code comment ([69c371b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69c371bc16533eb97a1d9bc408f9f17da87ba641))
+ - update Draak and Eagle board IDs ([281edfe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/281edfee02bc72d81aa4972d60216647f932f3df))
+
+ - **ST**
+
+ - allow crypto lib compilation in aarch64 ([76e4fab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76e4fab000825c4361b4b9843c6e0c2f4f6eb1fd))
+ - enable RTC clock before accessing nv counter ([77ce6a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/77ce6a561eae769419559632afa4d807a4fc33b6))
+ - flush UART at the end of uart_read() ([a9cb7d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a9cb7d002df4f09dce779b5b56640c2fdd77ba3b))
+ - properly check LOADADDR ([9f72f5e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9f72f5eac81c23fe39415b2346b112f64fba8610))
+ - reduce MMC block_buffer ([a2500ab](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a2500ab7aba27ed5d613718f5f15371bbe895ca6))
+ - setting default KEY_SIZE ([6f3ca8a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6f3ca8ada60addc601f685fa51619d2101d7406a))
+ - update comment on encryption key ([5c506c7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c506c73751cc3f51df88826b89b5f729d8955c5))
+ - update dt_get_ddr_size() type ([2a4abe0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2a4abe0b37f8d1987019c3de30e3301d8f8958d7))
+
+ - **STM32MP1**
+
+ - add void entry in plat_def_toc_entries ([8214ecd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8214ecdab22a72877dfff539eee31cfb92f36423))
+ - properly check PSCI functions return ([241f874](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/241f8745459ae413ca22fcc0f1081da8de48796f))
+ - use the BSEC nodes compatible for stm32mp13 ([2171bd9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2171bd9511258e7aebaa3ce2f9498093d3a3c63e))
+
+ - **Texas Instruments**
+
+ - align static device region addresses to reduce MMU table count ([53a868f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53a868f676d9ad6ec37d69155241883b8e7bf0bf))
+ - fix TISCI API changes during refactor ([d7a7135](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7a7135d32a8c7da004c0c19b75bd4e2813f9759))
+ - release lock in all TI-SCI xfer return paths ([e92375e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e92375e07cf54c2fbac6616e58116c98507ac177))
+ - remove check for zero value in BL31 boot args ([44edd3b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/44edd3bd7cfe1d5fb1599ab5eee9b81efea984e0))
+
+ - **Xilinx**
+
+ - add headers to resolve compile time issue ([744d60a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/744d60aab4e0173e21564fde092884c10267a6cc))
+ - dcache flush for dtb region ([93ed138](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/93ed138006dc09e5b09222cabae8952dd5363ad2))
+ - don't reserve 1 more byte ([c3b69bf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3b69bf17bc0231b0dae613dc9e1e01e41f32236))
+ - dynamic mmap region for dtb ([7ca7fb1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7ca7fb1bf0873824531a6eee2da1214b61496b02))
+ - remove clock_setrate and clock_getrate api ([e5955d7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e5955d7c63291a736efe75fb93effbc3fefb19fb))
+ - remove console error message ([f9820f2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f9820f21b8317fb3a08598452b252f7a6a2a4ad7))
+ - update dtb when dtb address and tf-a ddr flow is used ([fdf8f92](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fdf8f929df078943c24154e25d9d7661139826b3))
+
+ - **DCC (Debug Communication Channel)**
+
+ - add dcc console unregister function ([0936abe](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0936abe9b235dd996e9466288415bb994acbbe8f))
+ - enable DCC also for crash console ([c6d9186](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c6d9186f60a08b4a44b1ecf38071eacdc9553ef6))
+
+ - **Versal**
+
+ - add missing irq mapping for wakeup src ([06b9c4c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/06b9c4c87df0b2a052e4f3330b86cc572c7bf885))
+ - fix BLXX memory limits for user defined values ([f123b91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f123b91fddfcc882577590bbf4a54e1497ef9a64))
+ - make pmc ipi channel as secure ([96eaafa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/96eaafa3f855ea9e0b6ce13a44f37fa9f1026207))
+ - type cast addresses to fix integer overflow ([bfe82cf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bfe82cff6f6ab8e557e7ad7db8eae573f1fb02f3))
+ - use correct macro name for ocm base address ([56afab7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56afab73a852fd3e10e607d2d86dedc3bae3ff2d))
+
+ - **Versal NET**
+
+ - add redundant call to avoid glitches ([cebb7cc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cebb7cc110e02281060ec854a28a3bee382d8efa))
+ - change flag to increase security ([e8efb65](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8efb65afb996c9832384c96b36aee3092b56a4b))
+ - correct device node indexes ([66b5620](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/66b5620c873ef656f779a4c2d844b187ba474d9d))
+ - don't clear pending interrupts ([fb73ea6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fb73ea6cc3f9f4f51195b416a0f803a72d81eff6))
+ - fix BLXX memory limits for user defined values ([a80da38](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a80da3899a5eea6bc022c37101ac0b7d970846f7))
+ - make pmc ipi channel as secure ([2c65b79](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2c65b79e256ea5ead117efeaa5d39c3e53c83bdc))
+ - use correct macro name for uart baudrate ([e2ef1df](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e2ef1dfcdbef7e448e9dd96852ffb8489c187d34))
+
+ - **ZynqMP**
+
+ - do not export apu_ipi ([237c5a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/237c5a74a295d6306529be024aaa3d6af4b32898))
+ - fix BLXX memory limits for user defined values ([8ce2fbf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ce2fbffe37ddcab5071601f1b311ee82a56b7cc))
+ - fix prepare_dtb() memory description ([3efee73](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3efee73d528578162b8eb046dce540f0c5f0041a))
+ - fix sdei arm_validate_ns_entrypoint() ([3b3c70a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3b3c70a418522176f3a55d8e266e3968f7d4f832))
+ - handling of type el3 interrrupts ([e8d61f7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e8d61f7d91901f577030f6a45a71cf389b96d9dc))
+ - make zynqmp_devices structure smaller ([7e3e799](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e3e79995a3c02871211dd0e983fb6e886a9c518))
+ - remove unused headers ([6288636](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/62886363a16f0dcef3b6acdff0a96880cf9940ce))
+ - resolve runtime error in TSP ([81ad3b1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81ad3b14b95e019eaa8d89d444680c14ede4d8ab))
+ - type cast addresses to fix overflow issue ([9129163](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/91291633a1c99736803f39edb21cad95a3517ee8))
+ - validate clock_id to avoid OOB variable access ([abc79c2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/abc79c275be764d76bd983837ffc487664182dac))
+
+ - **Nuvoton**
+
+ - fix typo in platform.mk ([c7efb78](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c7efb78f8edc8fa66bbe2f9bad390d29f6a43fb0))
+
+- **Bootloader Images**
+
+ - **BL2**
+
+ - bl2 start address for RESET_TO_BL2+ENABLE_PIE ([d478ac1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d478ac16c9002114da1c4708a0efb083c494ce2f))
+
+ - **BL31**
+
+ - resolve runtime console garbage in next stage ([889e3d1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/889e3d1c68e37dc9f75ae432703fa8ffc7259546))
+
+ - **BL32**
+
+ - always include arm_arch_svc in SP_MIN ([cd0786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/cd0786c73e536a1d2507d77ce49e2ae2b8ee71a1))
+ - avoid clearing argument registers in RESET_TO_SP_MIN case ([56055e8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56055e87b0a756d4756a22ed26b855fbe7afe93c))
+
+ - **TSP**
+
+ - fix destination ID in direct request ([ed23d27](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ed23d274fae0b2787421a1b2558d7c1e9ebb07ab))
+ - flush uart console ([ae074b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ae074b369a25747acf98a23389e9d67b39738c71))
+
+- **Services**
+
+ - **RME**
+
+ - **RMMD**
+
+ - enable sme using sme_enable_per_world ([c0e16d3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c0e16d30ab70c51737f7a01a6b365d27c1a94f3b))
+
+ - **SPM**
+
+ - **EL3 SPM**
+
+ - fix LSP direct message response ([c040621](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c040621dba5f4c097441e67c9fd99b9df174ba4e))
+ - improve direct messaging validation ([48fe24c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/48fe24c50cd4990a76f88e89b77e71b9a90aec6c))
+
+ - **EL3 SPMC**
+
+ - avoid descriptor size calc overflow ([27c0242](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/27c02425089548786a18d355b15acccd51880676))
+ - correctly account for emad_offset ([0c2583c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0c2583c6fbfd03e70915554d4093e5f9148f3792))
+ - fix incorrect CASSERT ([1dd79f9](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1dd79f9e2316e5a7a78b0ad5a34ec50288338e6f))
+ - only call spmc_shm_check_obj() on complete objects ([d781959](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d781959f81923bc3a59e77abd44df2fcc61f044e))
+ - prevent total_page_count overflow ([2d4da8e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2d4da8e265660ce7580219b51d5e79fd99ce1458))
+ - remove experimental flag ([630a06c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/630a06c4c64f3a6804dd633081190241b1e78484))
+ - use uint64_t for 64-bit type ([43318e4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/43318e4a4dcc79935150de75fe5dccbb615f4719))
+ - use version-dependent minimum descriptor length ([52d8d50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/52d8d506e715dbbeba0938cecd30ac6624d1dcfc))
+ - validate descriptor headers ([56c052d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56c052d31126c93b3c6782ea8e0c3348b5299b75))
+ - validate memory address alignment ([327b5b8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/327b5b8b74faedefc45e861c797197cf6fbd6def))
+ - validate shmem descriptor alignment ([dd94372](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/dd94372d77ff107726a7be53318b5694f3309ddb))
+
+ - **SPMD**
+
+ - coverity scan issues ([b04343f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b04343f3c912c8abc1a37b0ebe461ab574959ecd))
+ - fix FFA_VERSION forwarding ([76d53ee](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/76d53ee1aafca7ba908c7439670509107377b309))
+ - perform G0 interrupt acknowledge and deactivation ([6c91fc4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6c91fc44580415aaca4cbd774d4373475f33deb2))
+ - relax use of EHF with SPMC at S-EL2 ([bb6d0a1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb6d0a174f76240728cd911130703e712520ce16))
+
+ - **ERRATA ABI**
+
+ - added Neoverse N2 to Errata ABI list ([7e030b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7e030b376329a0466ffe7676be215770bb46d10f))
+ - fix the rev-var for Cortex-A710 ([5c8fcc0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5c8fcc0ca7f5e6dc3aea947800e146fe0ffe9b84))
+ - update the Cortex-A76 errata ABI struct ([92d5b50](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/92d5b501d4ba7e00e2ddfd546dc90b786966a352))
+ - update the Cortex-A78C errata ABI struct ([7f2caec](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/7f2caecdbc64d1fbd34942285e1194e85c5e8614))
+ - update the neoverse-N1 errata ABI struct ([56747a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/56747a5caa50eedeb627795f1c37e0a14953c2bf))
+ - update the Neoverse-N2 errata ABI struct ([80af87e](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/80af87e476ec3dd1ad26d7a906da82268a29e2b5))
+
+- **Libraries**
+
+ - **CPU Support**
+
+ - assert invalid cpu_ops obtained ([3f721c6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/3f721c6edd20cef11c241a3ef84d94c06f5bebb4))
+ - check for SME presence in Gelas ([0bbd432](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/0bbd4329bf73b0da1ed69578c385dd36358e261e))
+ - fix minor issue seen with a9 cpu ([af70470](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/af704705c135f85b8b1eeda938e3dcdba3f6e561))
+ - fix the rev-var for Cortex-A710 ([2bf7939](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2bf7939a7b313352deb6c6b77ee1316eff142a7c))
+ - fix the rev-var of Cortex-X2 ([8ae66d6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8ae66d624e2f7cae9577ff8f99e0a45e21fb353d))
+ - fix the rev-var of Neoverse-V1 ([ab2b56d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab2b56df266f73aa53ca348d7945b119e1ef71c7))
+ - flush L2 cache for Cortex-A7/12/15/17 ([c5c160c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c5c160cdddd1c365a447c1fcd148fabb9014cce0))
+ - integer suffix macro definition ([1a56ed4](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a56ed4b357e9023637c74c39c6885c558a737d2))
+ - reduce generic_errata_report()'s size ([f43e09a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f43e09a12e4f4f32185d3e2accceb65895d1f16b))
+ - revert erroneous use of override_vector_table macro in Cortex-A73 ([9a0c812](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9a0c81257ff116b2ca33f5b6737e0a000fb7e551))
+ - update the fix for Cortex-A78AE erratum 1941500 ([67a2ad1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/67a2ad171d1fb604d4cba8fa7f92ccb66d1ef3f9))
+ - update the rev-var for Cortex-A78AE ([c814619](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c814619a364aea3bd55b5ea238541864c0de7dab))
+ - workaround for Cortex-A510 erratum 2080326 ([6e86475](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6e86475d55fa2981bc342a0eb78b86be233d7718))
+ - workaround for Cortex-A710 erratum 2742423 ([d7bc2cb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d7bc2cb4303088873a715bcaa2ac3e0096b9d7f2))
+ - workaround for Cortex-X2 erratum 2742423 ([fe06e11](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fe06e118ab0837ff173f6b7e576dcc34b2d26bb1))
+ - workaround for Cortex-X3 erratum 2070301 ([2454316](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2454316c2ae4411d0071d88c3db3c95598f12498))
+ - workaround for Cortex-X3 erratum 2742421 ([5b0e443](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5b0e4438d0e604e80ffff17d02e37cae0f4b2a8f))
+ - workaround for Neoverse N2 erratum 2009478 ([74bfe31](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74bfe31fd2c992d8e1e13bf396a9d5c136967ca5))
+ - workaround for Neoverse N2 erratum 2340933 ([68085ad](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/68085ad4827ac7daa39767d479d0565daa32cb47))
+ - workaround for Neoverse N2 erratum 2346952 ([6cb8be1](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6cb8be17a53f4e11880ba13b78fca15895281cfe))
+ - workaround for Neoverse N2 erratum 2743014 ([eb44035](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/eb44035cdec5d47d7eb3c904c8e5d8443b9dfcba))
+ - workaround for Neoverse N2 erratum 2779511 ([12d2806](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/12d28067c9e76a78b148ed6fb94faf96de5e8502))
+ - workaround for Neoverse V2 erratum 2331132 ([8852fb5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8852fb5b7d94229475446c81cfa58851bc2204ff))
+ - workaround for Neoverse V2 erratum 2719105 ([b011402](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b01140256b5c0620cbde8e98c0df0e95343a3c71))
+ - workaround for Neoverse V2 erratum 2743011 ([58dd153](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/58dd153cc88e832a6b019f1d4c2e6d64986ea69d))
+ - workaround for Neoverse V2 erratum 2779510 ([ff34264](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ff342643bcfaf20d61148b90a068694fa1c44dca))
+ - workaround for Neoverse V2 erratum 2801372 ([40c81ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/40c81ed5335191fbe32466e56aa4fb6db1da466c))
+
+ - **EL3 Runtime**
+
+ - leverage generic interrupt controller helpers ([07f867b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/07f867b12251235b8582bec38e9cf39a95703e77))
+ - restrict lower el EA handlers in FFH mode ([6d22b08](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6d22b089ffb1793d581fde4de76245397ad7d4ee))
+
+ - **Context Management**
+
+ - make ICC_SRE_EL2 fixup generic to all worlds ([5e8cc72](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5e8cc7278659820bcd64c243cbd89c131462314c))
+ - set MDCR_EL3.{NSPBE, STE} explicitly ([99506fa](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/99506face112410ae37cf617b6efa809b4eee0ee))
+
+ - **RAS**
+
+ - remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT ([f87e54f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f87e54f73cfee5042df526af6185ac6d9653a8f5))
+ - restrict ENABLE_FEAT_RAS to have only two states ([970a4a8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/970a4a8d8c0d6894fe2fd483d06b6392639e8760))
+
+ - **PSCI**
+
+ - add optional pwr_domain_validate_suspend to plat_psci_ops_t ([d348861](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d34886140c74c0afc48ab20e63523505fcfb4b7d))
+
+ - **SMCCC**
+
+ - ensure that mpidr passed through SMC is valid ([e60c184](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e60c18471fc7488cc0bf1dc7eae3b43be77045a4))
+ - pass SMCCCv1.3 SVE hint to internal flags ([b2d8517](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b2d851785f6c03cae4feb015fe69091582e18f5e))
+
+ - **Translation Tables**
+
+ - fix defects on the xlat library reported by coverity scan ([2974ad8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/2974ad87b8561706176e113e2ec4457c919cb99a))
+ - set MAX_PHYS_ADDR to total mapped physical region ([1a38aaf](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1a38aafbff93e478aa6f9e19af1ed76024062a73))
+
+- **Drivers**
+
+ - **Authentication**
+
+ - allow hashes of different lengths ([22a5354](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/22a53545aa37c06a1ffd0f3c15e870b256a41cb7))
+ - don't overwrite pk with converted pk when rotpk is hash ([1046b41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1046b41808b23b4079f04cad370646e05207ded5))
+
+ - **Measured Boot**
+
+ - don't strip last non-0 char ([b85bcb8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b85bcb8ec92126c238572ed7d242115125e411e1))
+
+ - **MMC**
+
+ - initialises response buffer with zeros ([b1a2c51](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b1a2c51a0820fce803431e6ee5bd078bb1a65b0d))
+
+ - **MTD**
+
+ - **NAND**
+
+ - reset the SLC NAND ([f4d765a](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f4d765a12815e3f4bd9c4dff5fd88661b3615114))
+
+ - **SPI NAND**
+
+ - add Quad Enable management ([da7a33c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/da7a33cf2f27545d9d290ff0c2ee1ec333b061bb))
+
+ - **SCMI**
+
+ - add parameter for plat_scmi_clock_rates_array ([ca9d6ed](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ca9d6edc892165c38f1b2710b537c10d4a57062d))
+
+ - **UFS**
+
+ - performs unsigned shift for doorbell ([e47d8a5](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/e47d8a58b0d5745c943c36fad2ec8a98af709bea))
+ - set data segment length ([9d6786c](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9d6786cacee7c0eff33d1cec42c09c7002dd83d2))
+
+ - **Arm**
+
+ - **GIC**
+
+ - **GICv3**
+
+ - map generic interrupt type to GICv3 group ([632e5ff](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/632e5ffeb8f50a98090065b63d9d071b72acd23c))
+ - move invocation of gicv3_get_multichip_base function ([36704d0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/36704d09c6b26045fe2d18530a020ed23d74593d))
+
+ - **GIC-600**
+
+ - fix gic600 maximum SPI ID ([69ed7dc](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/69ed7dc2e964c66eb8ff926a63a47b701ae1f3c6))
+
+ - **Renesas**
+
+ - **R-Car3**
+
+ - update DDR setting ([138ddcb](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/138ddcbf4d330d13a11576d973513014055f98c1))
+
+ - **ST**
+
+ - **Clock**
+
+ - disabling CKPER clock is not functional on stm32mp13 ([1bbcb58](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/1bbcb58a69c4ee2ee13e9d5de4499438ca08b149))
+
+ - **Crypto**
+
+ - do not read RNG data if it's not ready ([53092a7](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/53092a7780fa3d1b926aae8666f1c5a19cb039f1))
+ - use GENMASK_32 to define PKA registers masks ([379d77b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/379d77b3705b0f3a88332663bba956289cad5797))
+
+ - **DDR**
+
+ - express memory size with size_t type ([b4e1e8f](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b4e1e8fbf0dde5679d6b3717b8579f7a3343fdf8))
+
+ - **UART**
+
+ - allow 64 bit compilation ([6fef0f6](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/6fef0f67e47b3b42fc9b5dbc55bdef00a970765d))
+ - correctly check UART enabled in flush fonction ([a527380](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a5273808aa1a4514f7849ca91b7859e15bf82bff))
+ - skip console flush if UART is disabled ([b156d7b](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/b156d7b1cca1542f0c1c6f5d4354c43e048dc4a0))
+
+- **Miscellaneous**
+
+ - **AArch32**
+
+ - disable workaround discovery on aarch32 for now ([d1f2748](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d1f2748ed25748237e894c68c5a163326a8c33b9))
+
+ - **FDTs**
+
+ - **STM32MP1**
+
+ - move /omit-if-no-ref/ to overlay files ([f351f91](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f351f9110f29a33923780c40d0896832fdb0ac81))
+
+ - **STM32MP13**
+
+ - correct the BSEC nodes compatible ([85c2ea8](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/85c2ea8fd325797a44e814b575611aafae9e7613))
+ - cosmetic fixes in PLL nodes ([8b82663](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8b826636a39e0f20cc2c0557288b1eeab46fb923))
+
+ - **SDEI**
+
+ - ensure that interrupt ID is valid ([a7eff34](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/a7eff3477dcf3624c74f5217419b1a27b7ebd2aa))
+
+ - **TBBR**
+
+ - guard defines under MBEDTLS_CONFIG_FILE ([81c2e15](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/81c2e1566dc4484c23d293961744489a9a6ea3f0))
+ - unrecognised 'tos-fw-key-cert' option ([f1cb5bd](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/f1cb5bd19034407f2de7cad23f2cc52ca924e561))
+
+- **Documentation**
+
+ - match boot-order size to implementation ([fd1479d](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/fd1479d9194d3f3ec98d235e077c9d6e24276fa2))
+ - add missing line in the fiptool command for stm32mp1 ([d526d00](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d526d00a13f86bbd2c073c065b6e9aff339e1b41))
+ - fix build errors for latexpdf ([443d6ea](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/443d6ea69992986f56246bcee44e537ab8dec069))
+ - remove out-dated information about CI review comments ([74306b2](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/74306b2ac8971693d148b34d02c556d94b3e4926))
+ - replace deprecated urls under tfa/docs ([5fdf198](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/5fdf198c117a4b6dbcf5242f5136f7224ceff6ff))
+ - update maintainers list ([9766f41](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/9766f41d3c4cae4cd515c2f9266bb7adb4725349))
+ - updated certain Neoverse N2 erratum status in docs ([d6d34b3](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d6d34b39132425dfa8c75352711c463d2989a216))
+ - use rsvg-convert as the conversion backend ([c365476](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/c3654760033c08e7ffa9337e05c48336032eacb9))
+
+- **Tools**
+
+ - **Firmware Image Package Tool**
+
+ - move juno plat_fiptool.mk ([570a230](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/570a23099c32cafcb63ecb6cc0516d76ea099daf))
+
+ - **Certificate Creation Tool**
+
+ - fix key loading logic ([bb3b0c0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/bb3b0c0b09ff1d969ddd49b99642740ce2a07064))
+ - key: Avoid having a temporary value for pkey in key_load ([ea6f845](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ea6f8452f6eb561a0fa96a712da93fcdba40cd9c))
+
+ - **Memory Mapping Tool**
+
+ - reintroduce support for GNU map files ([d0e3053](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/d0e3053c4f5b9d2bc70daf4db3c71f99c6da216d))
+
## [2.9.0](https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/refs/tags/v2.8.0..refs/tags/v2.9.0) (2023-05-16)
### ⚠ BREAKING CHANGES
diff --git a/docs/components/secure-partition-manager-mm.rst b/docs/components/secure-partition-manager-mm.rst
index 4cdb96c..d9b2b1b 100644
--- a/docs/components/secure-partition-manager-mm.rst
+++ b/docs/components/secure-partition-manager-mm.rst
@@ -4,17 +4,10 @@
Foreword
========
-Two implementations of a Secure Partition Manager co-exist in the TF-A codebase:
-
-- SPM based on the FF-A specification (:ref:`Secure Partition Manager`).
-- SPM based on the MM interface.
-
-Both implementations differ in their architectures and only one can be selected
-at build time.
-
-This document describes the latter implementation where the Secure Partition Manager
-resides at EL3 and management services run from isolated Secure Partitions at S-EL0.
-The communication protocol is established through the Management Mode (MM) interface.
+This document describes the implementation where the Secure Partition Manager
+resides at EL3 and management services run from isolated Secure Partitions at
+S-EL0. The communication protocol is established through the Management Mode
+(MM) interface.
Background
==========
diff --git a/docs/conf.py b/docs/conf.py
index 9e7a5f8..d4e5423 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -14,8 +14,8 @@
project = "Trusted Firmware-A"
author = "Trusted Firmware-A contributors"
-version = "2.9.0"
-release = "2.9.0"
+version = "2.10.0"
+release = "2.10.0"
# -- General configuration ---------------------------------------------------
diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst
index d03daf8..8782f18 100644
--- a/docs/design/cpu-specific-build-macros.rst
+++ b/docs/design/cpu-specific-build-macros.rst
@@ -389,6 +389,10 @@
an ARM interconnect IP. This needs to be enabled for revisions r0p1 and r0p2
and is still open.
+- ``ERRATA_A78C_2743232`` : This applies erratum 2743232 workaround to
+ Cortex-A78C CPU. This needs to be enabled for revisions r0p1 and r0p2.
+ This erratum is still open.
+
- ``ERRATA_A78C_2772121`` : This applies errata 2772121 workaround to
Cortex-A78C CPU. This needs to be enabled for revisions r0p0, r0p1 and r0p2.
This erratum is still open.
@@ -501,6 +505,10 @@
CPU. This needs to be enabled for revisions r0p0, r1p0, and r1p1 and r1p2 of
the CPU.
+- ``ERRATA_V1_2348377``: This applies errata 2348377 workaroud to Neoverse-V1
+ CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
+ It has been fixed in r1p2.
+
- ``ERRATA_V1_2372203``: This applies errata 2372203 workaround to Neoverse-V1
CPU. This needs to be enabled for revisions r0p0, r1p0 and r1p1 of the CPU.
It is still open.
@@ -759,6 +767,10 @@
Cortex-X3 CPU. This needs to be enabled only for revisions r0p0, r1p0 and
r1p1. It is fixed in r1p2.
+- ``ERRATA_X3_2779509``: This applies errata 2779509 workaround to Cortex-X3
+ CPU. This needs to be enabled only for revisions r0p0, r1p0 and r1p1 of the
+ CPU. It is fixed in r1p2.
+
For Cortex-A510, the following errata build flags are defined :
- ``ERRATA_A510_1922240``: This applies errata 1922240 workaround to
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index c4e5213..8a2ab2d 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -222,7 +222,7 @@
- Public key data size is passed as the third argument to this function.
- This function must return 0 on success, a signed integer error code
otherwise.
- - In FVP platform, this function is used to calculate the hash of the given
+ - In TC2 platform, this function is used to calculate the hash of the given
key and forward this hash to RSS alongside the measurement of the image
which the key signs.
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 79a3b1d..599aed9 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -436,40 +436,12 @@
be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in
software.
-- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
- Management Extension. This flag can take the values 0 to 2, to align with
- the ``FEATURE_DETECTION`` mechanism. Default value is 0. This is currently
- an experimental feature.
-
- ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime
instrumentation which injects timestamp collection points into TF-A to
allow runtime performance to be measured. Currently, only PSCI is
instrumented. Enabling this option enables the ``ENABLE_PMF`` build option
as well. Default is 0.
-- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
- registers so are enabled together. Using this option without
- ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
- world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
- superset of SVE. SME is an optional architectural feature for AArch64
- and TF-A support is experimental. At this time, this build option cannot be
- used on systems that have SPD=spmd/SPM_MM and atempting to build with this
- option will fail. This flag can take the values 0 to 2, to align with the
- ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
- version 2 (SME2) for the non-secure world only. SME2 is an optional
- architectural feature for AArch64 and TF-A support is experimental.
- This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
- accesses will still be trapped. This flag can take the values 0 to 2, to
- align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
-
-- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
- Extension for secure world. Used along with SVE and FPU/SIMD.
- ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
- This is experimental. Default is 0.
-
- ``ENABLE_SPE_FOR_NS`` : Numeric value to enable Statistical Profiling
extensions. This is an optional architectural feature for AArch64.
This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
@@ -555,44 +527,6 @@
This feature is intended for testing purposes only, and is advisable to keep
disabled for production images.
-- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
- detection mechanism. It detects whether the Architectural features enabled
- through feature specific build flags are supported by the PE or not by
- validating them either at boot phase or at runtime based on the value
- possessed by the feature flag (0 to 2) and report error messages at an early
- stage. This flag will also enable errata ordering checking for ``DEBUG``
- builds.
-
- This prevents and benefits us from EL3 runtime exceptions during context save
- and restore routines guarded by these build flags. Henceforth validating them
- before their usage provides more control on the actions taken under them.
-
- The mechanism permits the build flags to take values 0, 1 or 2 and
- evaluates them accordingly.
-
- Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
-
- ::
-
- ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
- ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
- ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
-
- In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
- 0, feature is disabled statically during compilation. If it is defined as 1,
- feature is validated, wherein FEAT_HCX is detected at boot time. In case not
- implemented by the PE, a hard panic is generated. Finally, if the flag is set
- to 2, feature is validated at runtime.
-
- Note that the entire implementation is divided into two phases, wherein as
- as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
- supported and is planned to be handled explicilty in phase-2 implementation.
-
- FEATURE_DETECTION macro is disabled by default, and is currently an
- experimental procedure. Platforms can explicitly make use of this by
- mechanism, by enabling it to validate whether they have set their build flags
- properly at an early phase.
-
- ``FIP_NAME``: This is an optional build option which specifies the FIP
filename for the ``fip`` target. Default is ``fip.bin``.
@@ -730,15 +664,6 @@
This option defaults to 0.
-- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
- for Measurement (DRTM). This feature has trust dependency on BL31 for taking
- the measurements and recording them as per `PSA DRTM specification`_. For
- platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
- be used and for the platforms which use ``RESET_TO_BL31`` platform owners
- should have mechanism to authenticate BL31. This is an experimental feature.
-
- This option defaults to 0.
-
- ``MARCH_DIRECTIVE``: used to pass a -march option from the platform build
options to the compiler. An example usage:
@@ -894,7 +819,7 @@
Dispatcher option (``SPD=spmd``). When enabled (1) it indicates the SPMC
component runs at the EL3 exception level. The default value is ``0`` (
disabled). This configuration supports pre-Armv8.4 platforms (aka not
- implementing the ``FEAT_SEL2`` extension). This is an experimental feature.
+ implementing the ``FEAT_SEL2`` extension).
- ``SPMC_AT_EL3_SEL0_SP`` : Boolean option to enable SEL0 SP load support when
``SPMC_AT_EL3`` is enabled. The default value if ``0`` (disabled). This
@@ -914,12 +839,6 @@
support pre-Armv8.4 platforms (aka not implementing the ``FEAT_SEL2``
extension).
-- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
- Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
- for logical partitions in EL3, managed by the SPMD as defined in the FF-A
- 1.2 specification. This flag is disabled by default. This flag must not be
- used if ``SPMC_AT_EL3`` is enabled. This is an experimental feature.
-
- ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
Partition Manager (SPM) implementation. The default value is ``0``
(disabled). This option cannot be enabled (``1``) when SPM Dispatcher is
@@ -945,11 +864,6 @@
hardware will limit the effective VL to the maximum physically supported
VL.
-- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
- Handoff using Transfer List defined in `Firmware Handoff specification`_.
- This defaults to ``0``. Please note that this is an experimental feature
- based on Firmware Handoff specification v0.9.
-
- ``TRNG_SUPPORT``: Setting this to ``1`` enables support for True
Random Number Generator Interface to BL31 image. This defaults to ``0``.
@@ -1008,10 +922,6 @@
(Coherent memory region is included) or 0 (Coherent memory region is
excluded). Default is 1.
-- ``USE_DEBUGFS``: When set to 1 this option activates an EXPERIMENTAL feature
- exposing a virtual filesystem interface through BL31 as a SiP SMC function.
- Default is 0.
-
- ``ARM_IO_IN_DTB``: This flag determines whether to use IO based on the
firmware configuration framework. This will move the io_policies into a
configuration device tree, instead of static structure in the code base.
@@ -1167,11 +1077,6 @@
if FEAT_TRF is implemented. This flag can take the values 0 to 2, to align
with the ``FEATURE_DETECTION`` mechanism. This flag is disabled by default.
-- ``PLAT_RSS_NOT_SUPPORTED``: Boolean option to enable the usage of the PSA
- APIs on platforms that doesn't support RSS (providing Arm CCA HES
- functionalities). When enabled (``1``), a mocked version of the APIs are used.
- The default value is 0.
-
- ``CONDITIONAL_CMO``: Boolean option to enable call to platform-defined routine
``plat_can_cmo`` which will return zero if cache management operations should
be skipped and non-zero otherwise. By default, this option is disabled which
@@ -1185,13 +1090,6 @@
errata mitigation for platforms with a non-arm interconnect using the errata
ABI. By default its disabled (``0``).
-- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
- The platform will use PSA compliant Crypto APIs during authentication and
- image measurement process by enabling this option. It uses APIs defined as
- per the `PSA Crypto API specification`_. This feature is only supported if
- using MbedTLS 3.x version. By default it is disabled (``0``), and this is an
- experimental feature.
-
- ``ENABLE_CONSOLE_GETC``: Boolean option to enable `getc()` feature in console
driver(s). By default it is disabled (``0``) because it constitutes an attack
vector into TF-A by potentially allowing an attacker to inject arbitrary data.
@@ -1288,8 +1186,118 @@
# Resume execution
continue
+.. _build_options_experimental:
+
+Experimental build options
+---------------------------
+
+Common build options
+~~~~~~~~~~~~~~~~~~~~
+
+- ``DRTM_SUPPORT``: Boolean flag to enable support for Dynamic Root of Trust
+ for Measurement (DRTM). This feature has trust dependency on BL31 for taking
+ the measurements and recording them as per `PSA DRTM specification`_. For
+ platforms which use BL2 to load/authenticate BL31 ``TRUSTED_BOARD_BOOT`` can
+ be used and for the platforms which use ``RESET_TO_BL31`` platform owners
+ should have mechanism to authenticate BL31. This option defaults to 0.
+
+- ``ENABLE_RME``: Numeric value to enable support for the ARMv9 Realm
+ Management Extension. This flag can take the values 0 to 2, to align with
+ the ``FEATURE_DETECTION`` mechanism. Default value is 0.
+
+- ``ENABLE_SME_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ (SME), SVE, and FPU/SIMD for the non-secure world only. These features share
+ registers so are enabled together. Using this option without
+ ENABLE_SME_FOR_SWD=1 will cause SME, SVE, and FPU/SIMD instructions in secure
+ world to trap to EL3. Requires ``ENABLE_SVE_FOR_NS`` to be set as SME is a
+ superset of SVE. SME is an optional architectural feature for AArch64.
+ At this time, this build option cannot be used on systems that have
+ SPD=spmd/SPM_MM and atempting to build with this option will fail.
+ This flag can take the values 0 to 2, to align with the ``FEATURE_DETECTION``
+ mechanism. Default is 0.
+
+- ``ENABLE_SME2_FOR_NS``: Numeric value to enable Scalable Matrix Extension
+ version 2 (SME2) for the non-secure world only. SME2 is an optional
+ architectural feature for AArch64.
+ This should be set along with ENABLE_SME_FOR_NS=1, if not, the default SME
+ accesses will still be trapped. This flag can take the values 0 to 2, to
+ align with the ``FEATURE_DETECTION`` mechanism. Default is 0.
+
+- ``ENABLE_SME_FOR_SWD``: Boolean option to enable the Scalable Matrix
+ Extension for secure world. Used along with SVE and FPU/SIMD.
+ ENABLE_SME_FOR_NS and ENABLE_SVE_FOR_SWD must also be set to use this.
+ Default is 0.
+
+- ``ENABLE_SPMD_LP`` : This boolean option is used jointly with the SPM
+ Dispatcher option (``SPD=spmd``). When enabled (1) it indicates support
+ for logical partitions in EL3, managed by the SPMD as defined in the
+ FF-A v1.2 specification. This flag is disabled by default. This flag
+ must not be used if ``SPMC_AT_EL3`` is enabled.
+
+- ``FEATURE_DETECTION``: Boolean option to enable the architectural features
+ detection mechanism. It detects whether the Architectural features enabled
+ through feature specific build flags are supported by the PE or not by
+ validating them either at boot phase or at runtime based on the value
+ possessed by the feature flag (0 to 2) and report error messages at an early
+ stage. This flag will also enable errata ordering checking for ``DEBUG``
+ builds.
+
+ This prevents and benefits us from EL3 runtime exceptions during context save
+ and restore routines guarded by these build flags. Henceforth validating them
+ before their usage provides more control on the actions taken under them.
+
+ The mechanism permits the build flags to take values 0, 1 or 2 and
+ evaluates them accordingly.
+
+ Lets consider ``ENABLE_FEAT_HCX``, build flag for ``FEAT_HCX`` as an example:
+
+ ::
+
+ ENABLE_FEAT_HCX = 0: Feature disabled statically at compile time.
+ ENABLE_FEAT_HCX = 1: Feature Enabled and the flag is validated at boottime.
+ ENABLE_FEAT_HCX = 2: Feature Enabled and the flag is validated at runtime.
+
+ In the above example, if the feature build flag, ``ENABLE_FEAT_HCX`` set to
+ 0, feature is disabled statically during compilation. If it is defined as 1,
+ feature is validated, wherein FEAT_HCX is detected at boot time. In case not
+ implemented by the PE, a hard panic is generated. Finally, if the flag is set
+ to 2, feature is validated at runtime.
+
+ Note that the entire implementation is divided into two phases, wherein as
+ as part of phase-1 we are supporting the values 0,1. Value 2 is currently not
+ supported and is planned to be handled explicilty in phase-2 implementation.
+
+ ``FEATURE_DETECTION`` macro is disabled by default. Platforms can explicitly
+ make use of this by mechanism, by enabling it to validate whether they have
+ set their build flags properly at an early phase.
+
+- ``PSA_CRYPTO``: Boolean option for enabling MbedTLS PSA crypto APIs support.
+ The platform will use PSA compliant Crypto APIs during authentication and
+ image measurement process by enabling this option. It uses APIs defined as
+ per the `PSA Crypto API specification`_. This feature is only supported if
+ using MbedTLS 3.x version. It is disabled (``0``) by default.
+
+- ``TRANSFER_LIST``: Setting this to ``1`` enables support for Firmware
+ Handoff using Transfer List defined in `Firmware Handoff specification`_.
+ This defaults to ``0``. Current implementation follows the Firmware Handoff
+ specification v0.9.
+
+- ``USE_DEBUGFS``: When set to 1 this option exposes a virtual filesystem
+ interface through BL31 as a SiP SMC function.
+ Default is disabled (0).
+
Firmware update options
------------------------
+~~~~~~~~~~~~~~~~~~~~~~~
+
+- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
+ `PSA FW update specification`_. The default value is 0.
+ PSA firmware update implementation has few limitations, such as:
+
+ - BL2 is not part of the protocol-updatable images. If BL2 needs to
+ be updated, then it should be done through another platform-defined
+ mechanism.
+
+ - It assumes the platform's hardware supports CRC32 instructions.
- ``NR_OF_FW_BANKS``: Define the number of firmware banks. This flag is used
in defining the firmware update metadata structure. This flag is by default
@@ -1301,14 +1309,6 @@
This flag is used in defining the firmware update metadata structure. This
flag is by default set to '1'.
-- ``PSA_FWU_SUPPORT``: Enable the firmware update mechanism as per the
- `PSA FW update specification`_. The default value is 0, and this is an
- experimental feature.
- PSA firmware update implementation has some limitations, such as BL2 is
- not part of the protocol-updatable images, if BL2 needs to be updated, then
- it should be done through another platform-defined mechanism, and it assumes
- that the platform's hardware supports CRC32 instructions.
-
--------------
*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst
index d458d86..bab1086 100644
--- a/docs/perf/psci-performance-juno.rst
+++ b/docs/perf/psci-performance-juno.rst
@@ -73,83 +73,157 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 243.76 | 239.92 | 6.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 663.5 | 30.32 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.12 | 22.84 | 5.88 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 384.16 | 19.06 | 4.7 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 523.98 | 270.46 | 4.74 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 950.54 | 220.9 | 89.2 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 104.58 | 241.20 | 5.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 384.24 | 22.50 | 138.76 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 244.56 | 22.18 | 5.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 670.56 | 18.58 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 809.36 | 269.28 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 984.96 | 219.70 | 79.62 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 266.96 | 31.74 | 167.92 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 266.9 | 31.52 | 167.82 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 279.86 | 23.42 | 87.52 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.38 | 18.8 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.18 | 19.28 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.32 | 19.02 | 4.62 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 242.66 (+132.03%) | 245.1 | 5.4 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 522.08 (+35.87%) | 26.24 | 138.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 104.36 (-57.33%) | 27.1 | 5.32 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 382.56 (-42.95%) | 23.34 | 4.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 807.74 | 271.54 | 4.64 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 981.36 | 221.8 | 79.48 |
+ +---------+------+-------------------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.56 | 23.24 | 138.18 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.86 | 23.28 | 138.10 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 281.04 | 22.80 | 77.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.28 | 18.52 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.12 | 18.78 | 4.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.36 | 18.94 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.84 | 27.1 | 138.36 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 236.96 | 27.1 | 138.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 280.06 | 26.94 | 77.5 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.76 | 23.42 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.02 | 23.42 | 4.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.08 | 23.2 | 4.4 |
+ +---------+------+-----------+--------+-------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- +---------+------+-----------+---------+-------------+
- | 0 | 0 | 661.94 | 22.88 | 9.66 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 801.64 | 23.38 | 9.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 105.56 | 16.02 | 8.12 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 245.42 | 16.26 | 7.78 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 384.42 | 16.1 | 7.84 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 523.74 | 15.4 | 8.02 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 662.34 | 15.22 | 8.08 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 802.00 | 15.50 | 8.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 385.22 | 15.74 | 7.88 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 106.16 | 16.06 | 7.44 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 524.38 | 15.64 | 7.34 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 246.00 | 15.78 | 7.72 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 102.16 | 23.64 | 6.7 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 101.66 | 23.78 | 6.6 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 277.74 | 15.96 | 4.66 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 98.0 | 15.88 | 4.64 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 97.66 | 15.88 | 4.62 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 97.76 | 15.38 | 4.64 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-------------------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 0 | 801.04 | 18.66 | 8.22 |
+ +---------+------+-------------------+--------+-------------+
+ | 0 | 1 | 661.28 | 19.08 | 7.88 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 0 | 105.9 (-72.51%) | 20.3 | 7.58 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 1 | 383.58 (+261.32%) | 20.4 | 7.42 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 2 | 523.52 | 20.1 | 7.74 |
+ +---------+------+-------------------+--------+-------------+
+ | 1 | 3 | 244.5 | 20.16 | 7.56 |
+ +---------+------+-------------------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.80 | 15.94 | 5.42 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 99.76 | 15.80 | 5.24 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.26 | 16.16 | 4.58 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.88 | 16.00 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.80 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.88 | 16.12 | 4.54 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 99.84 | 18.86 | 5.54 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 100.2 | 18.82 | 5.66 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 278.12 | 20.56 | 4.48 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 96.68 | 20.62 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 96.94 | 20.14 | 4.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 96.68 | 20.46 | 4.32 |
+ +---------+------+-----------+--------+-------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -157,44 +231,82 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 265.38 | 34.12 | 167.36 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 265.72 | 33.98 | 167.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 185.3 | 23.18 | 87.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 101.58 | 23.46 | 4.48 |
- +---------+------+-----------+---------+-------------+
- | 1 | 2 | 101.66 | 22.02 | 4.72 |
- +---------+------+-----------+---------+-------------+
- | 1 | 3 | 101.48 | 22.22 | 4.52 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 235.76 | 26.14 | 137.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.40 | 25.72 | 137.62 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 174.70 | 22.40 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.92 | 24.04 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.68 | 22.44 | 4.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 101.36 | 22.70 | 4.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_off_serial (latest) |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 236.04 | 30.02 | 137.9 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 1 | 235.38 | 29.7 | 137.72 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 175.18 | 26.96 | 77.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 1 | 100.56 | 28.34 | 4.32 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 2 | 100.38 | 26.82 | 4.3 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 3 | 100.86 | 26.98 | 4.42 |
+ +---------+------+-----------+--------+-------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.9)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 1.22 |
- +-------------+--------+--------------+
- | 0 | 1 | 1.2 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.6 |
- +-------------+--------+--------------+
- | 1 | 1 | 1.08 |
- +-------------+--------+--------------+
- | 1 | 2 | 1.04 |
- +-------------+--------+--------------+
- | 1 | 3 | 1.04 |
- +-------------+--------+--------------+
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 1.48 |
+ +-------------+--------+-------------+
+ | 0 | 1 | 1.04 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.56 |
+ +-------------+--------+-------------+
+ | 1 | 1 | 0.92 |
+ +-------------+--------+-------------+
+ | 1 | 2 | 0.96 |
+ +-------------+--------+-------------+
+ | 1 | 3 | 0.96 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (2.10)
+
+ +-------------+--------+----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+----------------------+
+ | 0 | 0 | 1.1 (-25.68%) |
+ +-------------+--------+----------------------+
+ | 0 | 1 | 1.06 |
+ +-------------+--------+----------------------+
+ | 1 | 0 | 0.58 |
+ +-------------+--------+----------------------+
+ | 1 | 1 | 0.88 |
+ +-------------+--------+----------------------+
+ | 1 | 2 | 0.92 |
+ +-------------+--------+----------------------+
+ | 1 | 3 | 0.9 |
+ +-------------+--------+----------------------+
Annotated Historic Results
--------------------------
diff --git a/docs/perf/psci-performance-n1sdp.rst b/docs/perf/psci-performance-n1sdp.rst
index ae1b89b..fd3c9c9 100644
--- a/docs/perf/psci-performance-n1sdp.rst
+++ b/docs/perf/psci-performance-n1sdp.rst
@@ -93,66 +93,129 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 3.44 | 10.04 | 0.4 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 4.98 | 12.72 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 3.58 | 15.42 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 5.24 | 17.78 | 0.18 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.80 | 10.08 | 0.80 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 4.14 | 15.92 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.68 | 12.96 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 3.36 | 18.58 | 0.18 |
+ +---------+------+-----------+--------+-------------+
.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
- serial
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.82 | 9.98 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.96 | 9.96 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.0 | 10.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.22 | 10.56 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+----------------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 2.12 | 23.94 (+137.50%) | 0.42 (-47.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 0 | 0 | 3.52 | 42.08 (+164.32%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.76 (-25.00%) | 38.3 (+195.52%) | 0.26 (+62.50%) |
+ +---------+------+----------------+------------------+-----------------+
+ | 1 | 0 | 2.64 | 44.56 (+139.83%) | 0.36 (+100.00%) |
+ +---------+------+----------------+------------------+-----------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.9)
+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.86 | 9.92 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.70 | 10.48 | 0.36 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.78 | 9.72 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.94 | 10.44 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to deepest power level in
+ serial (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.74 | 23.7 (+138.91%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 2.08 | 23.96 (+128.63%) | 0.26 (-27.78%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 1.9 | 23.62 (+143.00%) | 0.28 (+75.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 2.06 | 23.92 (+129.12%) | 0.26 (+62.50%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_SUSPEND`` to power level 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
- parallel
+ parallel (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.52 | 11.84 | 0.34 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.1 | 13.66 | 0.14 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 2.18 | 9.48 | 0.18 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.06 | 14.4 | 0.16 |
- +---------+------+-----------+---------+-------------+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_parallel |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 0.88 | 12.32 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 2.12 | 14.62 | 0.26 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.86 | 14.14 | 0.16 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.92 | 9.44 | 0.18 |
+ +---------+------+-----------+--------+-------------+
-.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in
+ parallel (v2.10)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.54 | 9.34 | 0.3 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 1.88 | 9.5 | 0.16 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 1.86 | 9.86 | 0.2 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 2.02 | 9.64 | 0.18 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+---------------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.5 (+70.45%) | 35.02 (+184.25%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
+ | 0 | 0 | 1.92 | 38.12 (+160.74%) | 0.28 |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 1.88 | 38.1 (+169.45%) | 0.26 (+62.50%) |
+ +---------+------+---------------+------------------+----------------+
+ | 1 | 0 | 2.04 | 23.1 (+144.70%) | 0.24 |
+ +---------+------+---------------+------------------+----------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.9)
+
+ +---------------------------------------------------+
+ | test_rt_instr_cpu_susp_serial |
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.52 | 9.40 | 0.30 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.92 | 9.80 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 2.20 | 9.60 | 0.14 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 1.82 | 9.78 | 0.18 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_SUSPEND`` latencies (µs) to power level 0 in serial (v2.10)
+
+ +---------+------+-----------+------------------+-----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.52 | 23.08 (+145.53%) | 0.3 |
+ +---------+------+-----------+------------------+-----------------+
+ | 0 | 0 | 1.98 | 23.68 (+141.63%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.84 | 23.86 (+148.54%) | 0.28 (+100.00%) |
+ +---------+------+-----------+------------------+-----------------+
+ | 1 | 0 | 1.98 | 23.68 (+142.13%) | 0.28 (+55.56%) |
+ +---------+------+-----------+------------------+-----------------+
``CPU_OFF`` on all non-lead CPUs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -160,36 +223,68 @@
``CPU_OFF`` on all non-lead CPUs in sequence then, ``CPU_SUSPEND`` on the lead
core to the deepest power level.
-.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.9)
- +---------+------+-----------+---------+-------------+
- | Cluster | Core | Powerdown | Wakekup | Cache Flush |
- +=========+======+===========+=========+=============+
- | 0 | 0 | 1.86 | 9.88 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 0 | 1 | 21.1 | 12.44 | 0.42 |
- +---------+------+-----------+---------+-------------+
- | 1 | 0 | 21.22 | 13.2 | 0.32 |
- +---------+------+-----------+---------+-------------+
- | 1 | 1 | 21.56 | 13.18 | 0.54 |
- +---------+------+-----------+---------+-------------+
+ +---------+------+-----------+--------+-------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 1.84 | 9.94 | 0.32 |
+ +---------+------+-----------+--------+-------------+
+ | 0 | 0 | 14.20 | 13.10 | 0.50 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 13.88 | 12.36 | 0.42 |
+ +---------+------+-----------+--------+-------------+
+ | 1 | 0 | 14.40 | 13.26 | 0.52 |
+ +---------+------+-----------+--------+-------------+
+
+.. table:: ``CPU_OFF`` latencies (µs) on all non-lead CPUs (v2.10)
+
+ +---------+------+-----------+------------------+----------------+
+ | Cluster | Core | Powerdown | Wakeup | Cache Flush |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 1.78 | 23.7 (+138.43%) | 0.3 |
+ +---------+------+-----------+------------------+----------------+
+ | 0 | 0 | 13.96 | 31.16 (+137.86%) | 0.34 (-32.00%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 13.54 | 30.24 (+144.66%) | 0.26 (-38.10%) |
+ +---------+------+-----------+------------------+----------------+
+ | 1 | 0 | 14.46 | 31.12 (+134.69%) | 0.7 (+34.62%) |
+ +---------+------+-----------+------------------+----------------+
``CPU_VERSION`` in parallel
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.9)
- +-------------+--------+--------------+
- | Cluster | Core | Latency |
- +=============+========+==============+
- | 0 | 0 | 0.08 |
- +-------------+--------+--------------+
- | 0 | 1 | 0.22 |
- +-------------+--------+--------------+
- | 1 | 0 | 0.28 |
- +-------------+--------+--------------+
- | 1 | 1 | 0.26 |
- +-------------+--------+--------------+
+ +------------------------------------+
+ | test_rt_instr_psci_version_parallel|
+ +-------------+--------+-------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.08 |
+ +-------------+--------+-------------+
+ | 0 | 0 | 0.26 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.20 |
+ +-------------+--------+-------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-------------+
+
+.. table:: ``CPU_VERSION`` latency (µs) in parallel on all cores (v2.10)
+
+ +----------------------------------------------+
+ | test_rt_instr_psci_version_parallel (latest) |
+ +-------------+--------+-----------------------+
+ | Cluster | Core | Latency |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.14 (+75.00%) |
+ +-------------+--------+-----------------------+
+ | 0 | 0 | 0.22 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.2 |
+ +-------------+--------+-----------------------+
+ | 1 | 0 | 0.26 |
+ +-------------+--------+-----------------------+
--------------
diff --git a/docs/plat/arm/fvp/index.rst b/docs/plat/arm/fvp/index.rst
index fcfa04a..700020f 100644
--- a/docs/plat/arm/fvp/index.rst
+++ b/docs/plat/arm/fvp/index.rst
@@ -12,7 +12,7 @@
(64-bit host machine only).
.. note::
- The FVP models used are Version 11.19 Build 14, unless otherwise stated.
+ The FVP models used are Version 11.22 Build 14, unless otherwise stated.
- ``Foundation_Platform``
- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` (Version 11.17/21)
@@ -41,18 +41,18 @@
- ``FVP_Base_Cortex-A76AE``
- ``FVP_Base_Cortex-A77``
- ``FVP_Base_Cortex-A78``
+- ``FVP_Base_Cortex-A78AE``
- ``FVP_Base_Cortex-A78C``
- ``FVP_Base_Cortex-X2x4`` (Version 11.17/21)
- ``FVP_Base_Neoverse-E1``
- ``FVP_Base_Neoverse-N1``
-- ``FVP_Base_Neoverse-N2x4`` (Version 11.16/16)
- ``FVP_Base_Neoverse-V1``
- ``FVP_Base_RevC-2xAEMvA``
-- ``FVP_Morello`` (Version 0.11/33)
-- ``FVP_RD_E1_edge`` (Version 11.17/29)
-- ``FVP_RD_V1`` (Version 11.17/29)
-- ``FVP_TC1`` (Version 11.17/33)
-- ``FVP_TC2`` (Version 11.18/28)
+- ``FVP_BaseR_AEMv8R``
+- ``FVP_Morello`` (Version 0.11/33)
+- ``FVP_RD_V1``
+- ``FVP_TC1``
+- ``FVP_TC2`` (Version 11.20/24)
The latest version of the AArch32 build of TF-A has been tested on the
following Arm FVPs without shifted affinities, and that do not support threaded
diff --git a/docs/plat/arm/tc/index.rst b/docs/plat/arm/tc/index.rst
index c5058f5..9469e9a 100644
--- a/docs/plat/arm/tc/index.rst
+++ b/docs/plat/arm/tc/index.rst
@@ -18,7 +18,7 @@
is the CPUs supported as below:
- TC0 has support for Cortex A510, Cortex A710 and Cortex X2. (Note TC0 is now deprecated)
-- TC1 has support for Cortex A510, Cortex A715 and Cortex X3.
+- TC1 has support for Cortex A510, Cortex A715 and Cortex X3. (Note TC1 is now deprecated)
- TC2 has support for Cortex A520, Cortex A720 and Cortex x4.
Boot Sequence
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index f135ca2..b1ccaa5 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -79,6 +79,8 @@
+----------------+----------------+--------------------+--------------------+
| tc0 | Arm | 2.8 | 2.10 |
+----------------+----------------+--------------------+--------------------+
+| tc1 | Arm | 2.10 | TBD |
++----------------+----------------+--------------------+--------------------+
| rde1edge | Arm | 2.9 | 3.0 |
+----------------+----------------+--------------------+--------------------+
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
deleted file mode 100644
index 0619cf2..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-managed-exit.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png b/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
deleted file mode 100644
index f110028..0000000
--- a/docs/resources/diagrams/ffa-ns-interrupt-handling-sp-preemption.png
+++ /dev/null
Binary files differ
diff --git a/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
new file mode 100644
index 0000000..493f078
--- /dev/null
+++ b/docs/resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
@@ -0,0 +1,82 @@
+/'
+ ' Copyright (c) 2023, Arm Limited. All rights reserved.
+ '
+ ' SPDX-License-Identifier: BSD-3-Clause
+ '/
+
+/'
+TF-A with Arm CCA Data Flow Diagram
+'/
+
+@startuml
+digraph tfa_dfd {
+
+ # Arrange nodes from left to right
+ rankdir="LR"
+
+ # Allow arrows to end on cluster boundaries
+ compound=true
+
+ # Default settings for edges and nodes
+ edge [minlen=2 color="#8c1b07"]
+ node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
+
+ # Nodes outside of the trust boundary
+ realm [label="Realm\nClients"]
+ nsec [label="Non-secure\nClients"]
+ sec [label="Secure\nClients"]
+ dbg [label="Debug & Trace"]
+ uart [label="UART"]
+ nvm [label="Non-volatile\nMemory"]
+
+ # Trust boundary cluster
+ subgraph cluster_trusted{
+ graph [style=dashed color="#f22430"]
+
+ # HW IPs cluster
+ subgraph cluster_ip{
+ label ="Hardware IPs";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ rank="same"
+ gic [label="GIC" width=1.2 height=0.5]
+ mmu [label="MMU" width=1.2 height=0.5]
+ etc [label="..." shape=none style=none height=0.5]
+ }
+
+ # TF-A cluster
+ subgraph cluster_tfa{
+ label ="TF-A";
+ graph [style=filled color="#000000" fillcolor="#faf9cd"]
+
+ bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
+ bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
+ bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
+ }
+
+ # HES cluster
+ subgraph cluster_hes{
+ label ="Arm CCA HES";
+ graph [style=filled color="#000000" fillcolor="#ffd29e"]
+
+ hes [label="Hardware\nEnforced Security"]
+ }
+ }
+
+ # Interactions between nodes
+
+ # -- The following lines are copied from tfa_dfd.puml and must not be
+ # changed, at the risk of invalidating DF* references.
+ nvm -> bl31 [lhead=cluster_tfa label="DF1"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
+ dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
+ sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
+ nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
+ bl2 -> mmu [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6"]
+
+ # -- The following lines are new for Arm CCA DFD.
+ bl2 -> hes [dir="both" ltail=cluster_tfa lhead=cluster_hes label="DF7"]
+ realm -> bl2 [dir="both" lhead=cluster_tfa label="DF8"]
+}
+
+@enduml
diff --git a/docs/resources/diagrams/plantuml/tfa_dfd.puml b/docs/resources/diagrams/plantuml/tfa_dfd.puml
index 0007911..9d3dcba 100644
--- a/docs/resources/diagrams/plantuml/tfa_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
# Trust boundary cluster
@@ -56,7 +56,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
index 23f5b17..a7e0ce5 100644
--- a/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
+++ b/docs/resources/diagrams/plantuml/tfa_rss_dfd.puml
@@ -25,7 +25,7 @@
nsec [label="Non-secure\nClients"]
sec [label="Secure\nClients"]
dbg [label="Debug & Trace"]
- logs [label="Logs\n(UART)"]
+ uart [label="UART"]
nvm [label="Non-volatile\nMemory"]
@@ -65,7 +65,7 @@
# Interactions between nodes
nvm -> bl31 [lhead=cluster_tfa label="DF1"]
- logs -> bl31 [dir="back" lhead=cluster_tfa label="DF2"]
+ uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
diff --git a/docs/threat_model/index.rst b/docs/threat_model/index.rst
index b22fb18..e22378b 100644
--- a/docs/threat_model/index.rst
+++ b/docs/threat_model/index.rst
@@ -31,10 +31,10 @@
:caption: Contents
threat_model
- threat_model_spm
threat_model_el3_spm
threat_model_fvp_r
threat_model_rss_interface
+ threat_model_arm_cca
--------------
diff --git a/docs/threat_model/threat_model.rst b/docs/threat_model/threat_model.rst
index 57a5e1b..0da2558 100644
--- a/docs/threat_model/threat_model.rst
+++ b/docs/threat_model/threat_model.rst
@@ -36,6 +36,9 @@
- There are no Root and Realm worlds. These are introduced by :ref:`Realm
Management Extension (RME)`.
+ The :ref:`Threat Model for TF-A with Arm CCA support` covers these types of
+ configurations.
+
- No experimental features are enabled. We do not consider threats that may come
from them.
@@ -63,8 +66,10 @@
| | images include TF-A BL2 and BL31 images, as well as |
| | other secure and non-secure images. |
+-----------------+--------------------------------------------------------+
- | DF2 | | TF-A log system framework outputs debug messages |
- | | over a UART interface. |
+ | DF2 | | TF-A log system framework outputs debug or |
+ | | informative messages over a UART interface. |
+ | | |
+ | | | Also, characters can be read from a UART interface. |
+-----------------+--------------------------------------------------------+
| DF3 | | Debug and trace IP on a platform can allow access |
| | to registers and memory of TF-A. |
@@ -272,6 +277,8 @@
them. To help developers implement mitigations in the right place, threats below
are categorized based on the firmware image that should mitigate them.
+.. _General Threats:
+
General Threats for All Firmware Images
---------------------------------------
@@ -552,9 +559,62 @@
| | soon as they are not needed anymore. |
+------------------------+-----------------------------------------------------+
| Mitigations | | Yes / Platform specific |
+| implemented? | |
+------------------------+-----------------------------------------------------+
++------------------------+-----------------------------------------------------+
+| ID | 15 |
++========================+=====================================================+
+| Threat | | **Improper handling of input data received over |
+| | a UART interface may allow an attacker to tamper |
+| | with TF-A execution environment.** |
+| | |
+| | | The consequences of the attack depend on the |
+| | the exact usage of input data received over UART. |
+| | Examples are injection of arbitrary data, |
+| | sensitive data tampering, influencing the |
+| | execution path, denial of service (if using |
+| | blocking I/O). This list may not be exhaustive. |
++------------------------+-----------------------------------------------------+
+| Diagram Elements | DF2, DF4, DF5 |
++------------------------+-----------------------------------------------------+
+| Affected TF-A | BL1, BL2, BL31 |
+| Components | |
++------------------------+-----------------------------------------------------+
+| Assets | Sensitive Data, Code Execution, Availability |
++------------------------+-----------------------------------------------------+
+| Threat Agent | NSCode, SecCode |
++------------------------+-----------------------------------------------------+
+| Threat Type | Tampering, Information Disclosure, Denial of |
+| | service, Elevation of privilege. |
++------------------------+-------------------+----------------+----------------+
+| Application | Server | IoT | Mobile |
++------------------------+-------------------+----------------+----------------+
+| Impact | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Likelihood | Critical (5) | Critical (5) | Critical (5) |
++------------------------+-------------------+----------------+----------------+
+| Total Risk Rating | Critical (25) | Critical (25) | Critical (25) |
++------------------------+-------------------+----------------+----------------+
+| Mitigations | | By default, the code to read input data from UART |
+| | interfaces is disabled (see `ENABLE_CONSOLE_GETC` |
+| | build option). It should only be enabled on a |
+| | need basis. |
+| | |
+| | | Data received over UART interfaces should be |
+| | treated as untrusted data. As such, it should be |
+| | properly sanitized and handled with caution. |
++------------------------+-----------------------------------------------------+
+| Mitigations | | Platform specific. |
+| implemented? | |
+| | | Generic code does not read any input data from |
+| | UART interface(s). |
++------------------------+-----------------------------------------------------+
+
+
+.. _Boot Firmware Threats:
+
Threats to be Mitigated by the Boot Firmware
--------------------------------------------
@@ -789,6 +849,8 @@
since the |SRTM| includes all secure world components.
+.. _Runtime Firmware Threats:
+
Threats to be Mitigated by the Runtime EL3 Firmware
---------------------------------------------------
diff --git a/docs/threat_model/threat_model_arm_cca.rst b/docs/threat_model/threat_model_arm_cca.rst
new file mode 100644
index 0000000..fbf3327
--- /dev/null
+++ b/docs/threat_model/threat_model_arm_cca.rst
@@ -0,0 +1,225 @@
+Threat Model for TF-A with Arm CCA support
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Introduction
+************
+
+This document provides a threat model of TF-A firmware for platforms with Arm
+Realm Management Extension (RME) support which implement Arm Confidential
+Compute Architecture (Arm CCA).
+
+Although it is a separate document, it references the :ref:`Generic Threat
+Model` in a number of places, as some of the contents is commonly applicable to
+TF-A with or without Arm CCA support.
+
+Target of Evaluation
+********************
+
+In this threat model, the target of evaluation is the Trusted Firmware for
+A-class Processors (TF-A) with RME support and Arm CCA support. This includes
+the boot ROM (BL1), the trusted boot firmware (BL2) and the runtime EL3 firmware
+(BL31).
+
+Assumptions
+===========
+
+We make the following assumptions:
+
+- :ref:`Realm Management Extension (RME)` is enabled on the platform.
+
+- Arm CCA Hardware Enforced Security (HES) is available on the platform, as
+ recommended by `Arm CCA security model`_:
+
+ *[R0004] Arm strongly recommends that all implementations of CCA utilize*
+ *hardware enforced security (CCA HES).*
+
+- All TF-A images run from on-chip memory. Data used by these images also live
+ in on-chip memory. This means TF-A is not vulnerable to an attacker that can
+ probe or tamper with off-chip memory.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0147] Monitor code executes entirely from on-chip memory.*
+
+ *[R0149] Any monitor data that may affect the CCA security guarantee, other*
+ *than GPT, is either held in on-chip memory, or in external memory but with*
+ *additional integrity protection.*
+
+ Note that this threat model hardens *[R0149]* requirement by forbidding to
+ hold data in external memory, even if it is integrity-protected - except for
+ GPT data.
+
+- TF-A BL1 image is immutable and thus implicitly trusted. It runs from
+ read-only memory or write-protected memory. This could be on-chip ROM, on-chip
+ OTP, locked on-chip flash, or write-protected on-chip RAM for example.
+
+ This is a requirement of the `Arm CCA security model`_:
+
+ *[R0158] Arm recommends that all initial boot code is immutable on a*
+ *secured system.*
+
+ *[R0050] If all or part of initial boot code is instantiated in on-chip*
+ *memory then other trusted subsystems or application PE cannot modify that*
+ *code before it has been executed.*
+
+- Trusted boot and measured boot are enabled. This means an attacker can't boot
+ arbitrary images that are not approved by platform providers.
+
+ These are requirements of the `Arm CCA security model`_:
+
+ *[R0048] A secured system can only load authorized CCA firmware.*
+
+ *[R0079] All Monitor firmware loaded by PE initial boot is measured and*
+ *verified as outlined in Verified boot.*
+
+- No experimental features are enabled. These are typically incomplete features,
+ which need more time to stabilize. Thus, we do not consider threats that may
+ come from them. It is not recommended to use these features in production
+ builds.
+
+Data Flow Diagram
+=================
+
+Figure 1 shows a high-level data flow diagram for TF-A. The diagram shows a
+model of the different components of a TF-A-based system and their interactions
+with TF-A. A description of each diagram element is given on Table 1. On the
+diagram, the red broken lines indicate trust boundaries. Components outside of
+the broken lines are considered untrusted by TF-A.
+
+.. uml:: ../resources/diagrams/plantuml/tfa_arm_cca_dfd.puml
+ :caption: Figure 1: Data Flow Diagram
+
+.. table:: Table 1: Data Flow Diagram Description
+
+ +-----------------+--------------------------------------------------------+
+ | Diagram Element | Description |
+ +=================+========================================================+
+ | DF1 | | Refer to DF1 description in the |
+ | | :ref:`Generic Threat Model`. Additionally TF-A |
+ | | loads realm images. |
+ +-----------------+--------------------------------------------------------+
+ | DF2-DF6 | | Refer to DF2-DF6 descriptions in the |
+ | | :ref:`Generic Threat Model`. |
+ +-----------------+--------------------------------------------------------+
+ | DF7 | | Boot images interact with Arm CCA HES to record boot |
+ | | measurements and retrieve data used for AP images |
+ | | authentication. |
+ | | |
+ | | | The runtime firmware interacts with Arm CCA HES to |
+ | | obtain sensitive attestation data for the realm |
+ | | world. |
+ +-----------------+--------------------------------------------------------+
+ | DF8 | | Realm world software (e.g. TF-RMM) interact with |
+ | | TF-A through SMC call interface and/or shared |
+ | | memory. |
+ +-----------------+--------------------------------------------------------+
+
+Threat Analysis
+***************
+
+In this threat model, we use the same method to analyse threats as in the
+:ref:`Generic Threat Model`. This section only points out differences where
+applicable.
+
+- There is an additional threat agent: *RealmCode*. It takes the form of
+ malicious or faulty code running in the realm world, including R-EL2, R-EL1
+ and R-EL0 levels.
+
+- At this time we only consider the ``Server`` target environment. New threats
+ identified in this threat model will only be given a risk rating for this
+ environment. Other environments may be added in a future revision
+
+Threat Assessment
+=================
+
+General Threats for All Firmware Images
+---------------------------------------
+
+The following table analyses the :ref:`General Threats` in the context of this
+threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 05 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 06 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 08 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 11 | Yes | | Misconfiguration of the Memory Management Unit |
+ | | | (MMU) may allow a **normal/secure/realm** world |
+ | | | software to access sensitive data, execute arbitrary|
+ | | | code or access otherwise restricted HW interface. |
+ | | | |
+ | | | | **Note that on RME systems, MMU configuration also |
+ | | | includes Granule Protection Tables (GPT) setup.** |
+ | | | |
+ | | | | Additional diagram elements: DF4, DF7, DF8. |
+ | | | |
+ | | | | Additional threat agents: SecCode, RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 13 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 15 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Boot Firmware
+--------------------------------------------
+
+The following table analyses the :ref:`Boot Firmware Threats` in the context of
+this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 01 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 02 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 03 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+ | 04 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+Threats to be Mitigated by the Runtime EL3 Firmware
+---------------------------------------------------
+
+The following table analyses the :ref:`Runtime Firmware Threats` in the context
+of this threat model. Only deltas are pointed out.
+
+ +----+-------------+-------------------------------------------------------+
+ | ID | Applicable? | Comments |
+ +====+=============+=======================================================+
+ | 07 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 09 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 10 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 12 | Yes | Additional diagram element: DF8. |
+ | | | |
+ | | | Additional threat agent: RealmCode. |
+ +----+-------------+-------------------------------------------------------+
+ | 14 | Yes | |
+ +----+-------------+-------------------------------------------------------+
+
+*Copyright (c) 2023, Arm Limited. All rights reserved.*
+
+.. _Arm CCA Security Model: https://developer.arm.com/documentation/DEN0096/A_a
diff --git a/docs/threat_model/threat_model_fvp_r.rst b/docs/threat_model/threat_model_fvp_r.rst
index c1462bb..725eeed 100644
--- a/docs/threat_model/threat_model_fvp_r.rst
+++ b/docs/threat_model/threat_model_fvp_r.rst
@@ -90,8 +90,10 @@
and since the MPU configuration is equivalent with that for the fvp
platform and others, this is not expected to be a concern.
+ - ID 15: Improper handling of input data received over a UART interface may
+ allow an attacker to tamper with TF-A execution environment.
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
diff --git a/docs/threat_model/threat_model_spm.rst b/docs/threat_model/threat_model_spm.rst
deleted file mode 100644
index 24a115b..0000000
--- a/docs/threat_model/threat_model_spm.rst
+++ /dev/null
@@ -1,1340 +0,0 @@
-SPMC Threat Model
-*****************
-
-************************
-Introduction
-************************
-This document provides a threat model for the TF-A :ref:`Secure Partition Manager`
-(SPM) implementation or more generally the S-EL2 reference firmware running on
-systems implementing the FEAT_SEL2 (formerly Armv8.4 Secure EL2) architecture
-extension. The SPM implementation is based on the `Arm Firmware Framework for
-Arm A-profile`_ specification.
-
-In brief, the broad FF-A specification and S-EL2 firmware implementation
-provide:
-
-- Isolation of mutually mistrusting SW components, or endpoints in the FF-A
- terminology.
-- Distinct sandboxes in the secure world called secure partitions. This permits
- isolation of services from multiple vendors.
-- A standard protocol for communication and memory sharing between FF-A
- endpoints.
-- Mutual isolation of the normal world and the secure world (e.g. a Trusted OS
- is prevented to map an arbitrary NS physical memory region such as the kernel
- or the Hypervisor).
-
-************************
-Target of Evaluation
-************************
-In this threat model, the target of evaluation is the S-EL2 firmware or the
-``Secure Partition Manager Core`` component (SPMC).
-The monitor and SPMD at EL3 are covered by the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-
-The scope for this threat model is:
-
-- The TF-A implementation for the S-EL2 SPMC based on the Hafnium hypervisor
- running in the secure world of TrustZone (at S-EL2 exception level).
- The threat model is not related to the normal world Hypervisor or VMs.
- The S-EL1 and EL3 SPMC solutions are not covered.
-- The implementation complies with the FF-A v1.0 specification, and a few
- features of FF-A v1.1 specification.
-- Secure partitions are statically provisioned at boot time.
-- Focus on the run-time part of the life-cycle (no specific emphasis on boot
- time, factory firmware provisioning, firmware udpate etc.)
-- Not covering advanced or invasive physical attacks such as decapsulation,
- FIB etc.
-- Assumes secure boot or in particular TF-A trusted boot (TBBR or dual CoT) is
- enabled. An attacker cannot boot arbitrary images that are not approved by the
- SiP or platform providers.
-
-Data Flow Diagram
-======================
-Figure 1 shows a high-level data flow diagram for the SPM split into an SPMD
-component at EL3 and an SPMC component at S-EL2. The SPMD mostly acts as a
-relayer/pass-through between the normal world and the secure world. It is
-assumed to expose small attack surface.
-
-A description of each diagram element is given in Table 1. In the diagram, the
-red broken lines indicate trust boundaries.
-
-Components outside of the broken lines are considered untrusted.
-
-.. uml:: ../resources/diagrams/plantuml/spm_dfd.puml
- :caption: Figure 1: SPMC Data Flow Diagram
-
-.. table:: Table 1: SPMC Data Flow Diagram Description
-
- +---------------------+--------------------------------------------------------+
- | Diagram Element | Description |
- +=====================+========================================================+
- | ``DF1`` | SP to SPMC communication. FF-A function invocation or |
- | | implementation-defined Hypervisor call. |
- +---------------------+--------------------------------------------------------+
- | ``DF2`` | SPMC to SPMD FF-A call. |
- +---------------------+--------------------------------------------------------+
- | ``DF3`` | SPMD to NS forwarding. |
- +---------------------+--------------------------------------------------------+
- | ``DF4`` | SP to SP FF-A direct message request/response. |
- | | Note as a matter of simplifying the diagram |
- | | the SP to SP communication happens through the SPMC |
- | | (SP1 performs a direct message request to the |
- | | SPMC targeting SP2 as destination. And similarly for |
- | | the direct message response from SP2 to SP1). |
- +---------------------+--------------------------------------------------------+
- | ``DF5`` | HW control. |
- +---------------------+--------------------------------------------------------+
- | ``DF6`` | Bootloader image loading. |
- +---------------------+--------------------------------------------------------+
- | ``DF7`` | External memory access. |
- +---------------------+--------------------------------------------------------+
-
-*********************
-Threat Analysis
-*********************
-
-This threat model follows a similar methodology to the :ref:`Generic TF-A threat model
-<threat_analysis>`.
-The following sections define:
-
-- Trust boundaries
-- Assets
-- Theat agents
-- Threat types
-
-Trust boundaries
-============================
-
-- Normal world is untrusted.
-- Secure world and normal world are separate trust boundaries.
-- EL3 monitor, SPMD and SPMC are trusted.
-- Bootloaders (in particular BL1/BL2 if using TF-A) and run-time BL31 are
- implicitely trusted by the usage of secure boot.
-- EL3 monitor, SPMD, SPMC do not trust SPs.
-
-.. figure:: ../resources/diagrams/spm-threat-model-trust-boundaries.png
-
- Figure 2: Trust boundaries
-
-Assets
-============================
-
-The following assets are identified:
-
-- SPMC state.
-- SP state.
-- Information exchange between endpoints (partition messages).
-- SPMC secrets (e.g. pointer authentication key when enabled)
-- SP secrets (e.g. application keys).
-- Scheduling cycles.
-- Shared memory.
-
-Threat Agents
-============================
-
-The following threat agents are identified:
-
-- NS-Endpoint identifies a non-secure endpoint: normal world client at NS-EL2
- (Hypervisor) or NS-EL1 (VM or OS kernel).
-- S-Endpoint identifies a secure endpoint typically a secure partition.
-- Hardware attacks (non-invasive) requiring a physical access to the device,
- such as bus probing or DRAM stress.
-
-Threat types
-============================
-
-The following threat categories as exposed in the :ref:`Generic TF-A threat model
-<threat_analysis>`
-are re-used:
-
-- Spoofing
-- Tampering
-- Repudiation
-- Information disclosure
-- Denial of service
-- Elevation of privileges
-
-Similarly this threat model re-uses the same threat risk ratings. The risk
-analysis is evaluated based on the environment being ``Server`` or ``Mobile``.
-
-Threat Assessment
-============================
-
-The following threats are identified by applying STRIDE analysis on each diagram
-element of the data flow diagram.
-
-+------------------------+----------------------------------------------------+
-| ID | 01 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint impersonates the sender or receiver |
-| | FF-A ID in a direct request/response invocation.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------++----------------+---------------+
-| ``Impact`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Likelihood`` | Critical(5) | Critical(5) | |
-+------------------------+------------------++----------------+---------------+
-| ``Total Risk Rating`` | Critical(25) | Critical(25) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | The guidance below is left for a system integrator |
-| | to implemented as necessary. |
-| | The SPMC must enforce checks in the direct message |
-| | request/response interfaces such an endpoint cannot|
-| | spoof the origin and destination worlds (e.g. a NWd|
-| | originated message directed to the SWd cannot use a|
-| | SWd ID as the sender ID). |
-| | Additionally a software component residing in the |
-| | SPMC can be added for the purpose of direct |
-| | request/response filtering. |
-| | It can be configured with the list of known IDs |
-| | and about which interaction can occur between one |
-| | and another endpoint (e.g. which NWd endpoint ID |
-| | sends a direct request to which SWd endpoint ID). |
-| | This component checks the sender/receiver fields |
-| | for a legitimate communication between endpoints. |
-| | A similar component can exist in the OS kernel |
-| | driver, or Hypervisor although it remains untrusted|
-| | by the SPMD/SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 02 |
-+========================+====================================================+
-| ``Threat`` | **Tampering with memory shared between an endpoint |
-| | and the SPMC.** |
-| | A malicious endpoint may attempt tampering with its|
-| | RX/TX buffer contents while the SPMC is processing |
-| | it (TOCTOU). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF3, DF4, DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Shared memory, Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | High (16) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | In context of FF-A v1.0 and v1.1 this is the case |
-| | of sharing the RX/TX buffer pair and usage in the |
-| | PARTITION_INFO_GET or mem sharing primitives. |
-| | The SPMC must copy the contents of the TX buffer |
-| | to an internal temporary buffer before processing |
-| | its contents. The SPMC must implement hardened |
-| | input validation on data transmitted through the TX|
-| | buffer by an untrusted endpoint. |
-| | The TF-A SPMC mitigates this threat by enforcing |
-| | checks on data transmitted through RX/TX buffers. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 03 |
-+========================+====================================================+
-| ``Threat`` | **An endpoint may tamper with its own state or the |
-| | state of another endpoint.** |
-| | A malicious endpoint may attempt violating: |
-| | - its own or another SP state by using an unusual |
-| | combination (or out-of-order) FF-A function |
-| | invocations. |
-| | This can also be an endpoint emitting |
-| | FF-A function invocations to another endpoint while|
-| | the latter is not in a state to receive it (e.g. a |
-| | SP sends a direct request to the normal world early|
-| | while the normal world is not booted yet). |
-| | - the SPMC state itself by employing unexpected |
-| | transitions in FF-A memory sharing, direct requests|
-| | and responses, or handling of interrupts. |
-| | This can be led by random stimuli injection or |
-| | fuzzing. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threat by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 04 |
-+========================+====================================================+
-| ``Threat`` | *An attacker may attempt injecting errors by the |
-| | use of external DRAM stress techniques.** |
-| | A malicious agent may attempt toggling an SP |
-| | Stage-2 MMU descriptor bit within the page tables |
-| | that the SPMC manages. This can happen in Rowhammer|
-| | types of attack. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (8) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigations to this |
-| | type of attack. It can be addressed by the use of |
-| | dedicated HW circuity or hardening at the chipset |
-| | or platform level left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 05 |
-+========================+====================================================+
-| ``Threat`` | **Protection of the SPMC from a DMA capable device |
-| | upstream to an SMMU.** |
-| | A device may attempt to tamper with the internal |
-| | SPMC code/data sections. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Elevation of privileges |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | A platform may prefer assigning boot time, |
-| | statically alocated memory regions through the SMMU|
-| | configuration and page tables. The FF-A v1.1 |
-| | specification provisions this capability through |
-| | static DMA isolation. |
-| | The TF-A SPMC does not mitigate this threat. |
-| | It will adopt the static DMA isolation approach in |
-| | a future release. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 06 |
-+========================+====================================================+
-| ``Threat`` | **Replay fragments of past communication between |
-| | endpoints.** |
-| | A malicious endpoint may replay a message exchange |
-| | that occured between two legitimate endpoint as |
-| | a matter of triggering a malfunction or extracting |
-| | secrets from the receiving endpoint. In particular |
-| | the memory sharing operation with fragmented |
-| | messages between an endpoint and the SPMC may be |
-| | replayed by a malicious agent as a matter of |
-| | getting access or gaining permissions to a memory |
-| | region which does not belong to this agent. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | Information exchange |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Repdudiation |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 07 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to extract data |
-| | or state information by the use of invalid or |
-| | incorrect input arguments.** |
-| | Lack of input parameter validation or side effects |
-| | of maliciously forged input parameters might affect|
-| | the SPMC. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMD, SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP secrets, SPMC secrets, SP state, SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | High (4) | High (4) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | High (12) | High (12) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | Secure Partitions must follow security standards |
-| | and best practises as a way to mitigate the risk |
-| | of common vulnerabilities to be exploited. |
-| | The use of software (canaries) or hardware |
-| | hardening techniques (XN, WXN, BTI, pointer |
-| | authentication, MTE) helps detecting and stopping |
-| | an exploitation early. |
-| | The TF-A SPMC mitigates this threat by implementing|
-| | stack protector, pointer authentication, BTI, XN, |
-| | WXN, security hardening techniques. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 08 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may forge a direct message |
-| | request such that it reveals the internal state of |
-| | another endpoint through the direct message |
-| | response.** |
-| | The secure partition or SPMC replies to a partition|
-| | message by a direct message response with |
-| | information which may reveal its internal state |
-| | (.e.g. partition message response outside of |
-| | allowed bounds). |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC or SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information discolure |
-+------------------------+------------------+---------------+-----------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+---------------+-----------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+---------------+-----------------+
-| ``Mitigations`` | For the specific case of direct requests targeting |
-| | the SPMC, the latter is hardened to prevent |
-| | its internal state or the state of an SP to be |
-| | revealed through a direct message response. |
-| | Further, SPMC performs numerous checks in runtime |
-| | on the basis of the rules established by partition |
-| | runtime models to stop any malicious attempts by |
-| | an endpoint to extract internal state of another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 09 |
-+========================+====================================================+
-| ``Threat`` | **Probing the FF-A communication between |
-| | endpoints.** |
-| | SPMC and SPs are typically loaded to external |
-| | memory (protected by a TrustZone memory |
-| | controller). A malicious agent may use non invasive|
-| | methods to probe the external memory bus and |
-| | extract the traffic between an SP and the SPMC or |
-| | among SPs when shared buffers are held in external |
-| | memory. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP/SPMC state, SP/SPMC secrets |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | Hardware attack |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | It is expected the platform or chipset provides |
-| | guarantees in protecting the DRAM contents. |
-| | The TF-A SPMC does not mitigate this class of |
-| | attack and this is left to the integrator. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 10 |
-+========================+====================================================+
-| ``Threat`` | **A malicious agent may attempt revealing the SPMC |
-| | state or secrets by the use of software-based cache|
-| | side-channel attack techniques.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF7 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP or SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium (6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | From an integration perspective it is assumed |
-| | platforms consuming the SPMC component at S-EL2 |
-| | (hence implementing the Armv8.4 FEAT_SEL2 |
-| | architecture extension) implement mitigations to |
-| | Spectre, Meltdown or other cache timing |
-| | side-channel type of attacks. |
-| | The TF-A SPMC implements one mitigation (barrier |
-| | preventing speculation past exeception returns). |
-| | The SPMC may be hardened further with SW |
-| | mitigations (e.g. speculation barriers) for the |
-| | cases not covered in HW. Usage of hardened |
-| | compilers and appropriate options, code inspection |
-| | are recommended ways to mitigate Spectre types of |
-| | attacks. For non-hardened cores, the usage of |
-| | techniques such a kernel page table isolation can |
-| | help mitigating Meltdown type of attacks. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 11 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt flooding the |
-| | SPMC with requests targeting a service within an |
-| | endpoint such that it denies another endpoint to |
-| | access this service.** |
-| | Similarly, the malicious endpoint may target a |
-| | a service within an endpoint such that the latter |
-| | is unable to request services from another |
-| | endpoint. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | Bounding the time for operations to complete can |
-| | be achieved by the usage of a trusted watchdog. |
-| | Other quality of service monitoring can be achieved|
-| | in the SPMC such as counting a number of operations|
-| | in a limited timeframe. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 12 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to allocate |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_CREATE.** |
-| | This might be an attempt to exhaust SPMC's memory, |
-| | or to allocate a bitmap for a VM that was not |
-| | intended to receive notifications from SPs. Thus |
-| | creating the possibility for a channel that was not|
-| | meant to exist. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of service, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(9) | Medium(9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by defining a |
-| | a fixed size pool for bitmap allocation. |
-| | It also limits the designated FF-A calls to be used|
-| | from NWd endpoints. |
-| | In the NWd the hypervisor is supposed to limit the |
-| | access to the designated FF-A call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 13 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may attempt to destroy the |
-| | notifications bitmaps in the SPMC, through the |
-| | FFA_NOTIFICATION_BITMAP_DESTROY.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that a partition isn't able to receive |
-| | notifications. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this issue by limiting the |
-| | designated FF-A call to be issued by the NWd. |
-| | Also, the notifications bitmap can't be destroyed |
-| | if there are pending notifications. |
-| | In the NWd, the hypervisor must restrict the |
-| | NS-endpoints that can issue the designated call. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 14 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint might attempt to give |
-| | permissions to an unintended sender to set |
-| | notifications targeting another receiver using the |
-| | FF-A call FFA_NOTIFICATION_BIND.** |
-| | This might be an attempt to tamper with the SPMC |
-| | state such that an unintended, and possibly |
-| | malicious, communication channel is established. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by restricting |
-| | designated FFA_NOTIFICATION_BIND call to be issued |
-| | by the receiver only. The receiver is responsible |
-| | for allocating the notifications IDs to one |
-| | specific partition. |
-| | Also, receivers that are not meant to receive |
-| | notifications, must have notifications receipt |
-| | disabled in the respective partition's manifest. |
-| | As for calls coming from NWd, if the NWd VM has had|
-| | its bitmap allocated at initialization, the TF-A |
-| | SPMC can't guarantee this threat won't happen. |
-| | The Hypervisor must mitigate in the NWd, similarly |
-| | to SPMC for calls in SWd. Though, if the Hypervisor|
-| | has been compromised, the SPMC won't be able to |
-| | mitigate it for calls forwarded from NWd. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 15 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | set notifications that are not bound to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(4) | Low(4) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | sender's ID provided in the input to the call |
-| | FFA_NOTIFICATION_SET. The SPMC keeps track of which|
-| | notifications are bound to which sender, for a |
-| | given receiver. If the sender is an SP, the |
-| | provided sender ID must match the ID of the |
-| | currently running partition. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 16 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get notifications that are not targeted to it.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Spoofing |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Informational(1) | Informational(1)| |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by checking the |
-| | receiver's ID provided in the input to the call |
-| | FFA_NOTIFICATION_GET. The SPMC keeps track of which|
-| | notifications are pending for each receiver. |
-| | The provided receiver ID must match the ID of the |
-| | currently running partition, if it is an SP. |
-| | For calls forwarded from NWd, the SPMC will return |
-| | the pending notifications if the receiver had its |
-| | bitmap created, and has pending notifications. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able to mitigate calls from rogue NWd|
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 17 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | get the information about pending notifications, |
-| | through the FFA_NOTIFICATION_INFO_GET call.** |
-| | This call is meant to be used by the NWd FF-A |
-| | driver. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Information disclosure |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this by returning error to |
-| | calls made by SPs to FFA_NOTIFICATION_INFO_GET. |
-| | If Hypervisor or OS kernel are compromised, the |
-| | SPMC won't be able mitigate calls from rogue NWd |
-| | endpoints. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 18 |
-+========================+====================================================+
-| ``Threat`` | **A malicious partition endpoint might attempt to |
-| | flood another partition endpoint with notifications|
-| | hindering its operation.** |
-| | The intent of the malicious endpoint could be to |
-| | interfere with both the receiver's and/or primary |
-| | endpoint execution, as they can both be preempted |
-| | by the NPI and SRI, respectively. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, CPU cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | DoS |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low(2) | Low(2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium(3) | Medium(3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium(6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not mitigate this threat. |
-| | However, the impact is limited due to the |
-| | architecture: |
-| | - Notifications are not queued, one that has been |
-| | signaled needs to be retrieved by the receiver, |
-| | until it can be sent again. |
-| | - Both SRI and NPI can't be pended until handled |
-| | which limits the amount of spurious interrupts. |
-| | - A given receiver could only bind a maximum number|
-| | of notifications to a given sender, within a given |
-| | execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 19 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint may abuse FFA_RUN call to |
-| | resume or turn on other endpoint execution |
-| | contexts, attempting to alter the internal state of|
-| | SPMC and SPs, potentially leading to illegal state |
-| | transitions and deadlocks.** |
-| | An endpoint can call into another endpoint |
-| | execution context using FFA_MSG_SEND_DIRECT_REQ |
-| | ABI to create a call chain. A malicious endpoint |
-| | could abuse this to form loops in a call chain that|
-| | could lead to potential deadlocks. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF4 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | threats by following the guidance for partition |
-| | runtime models as described in FF-A v1.1 EAC0 spec.|
-| | The SPMC performs numerous checks in runtime to |
-| | prevent illegal state transitions by adhering to |
-| | the partition runtime model. Further, if the |
-| | receiver endpoint is a predecessor of current |
-| | endpoint in the present call chain, the SPMC denies|
-| | any attempts to form loops by returning FFA_DENIED |
-| | error code. Only the primary scheduler is allowed |
-| | to turn on execution contexts of other partitions |
-| | though SPMC does not have the ability to |
-| | scrutinize its identity. Secure partitions have |
-| | limited ability to resume execution contexts of |
-| | other partitions based on the runtime model. Such |
-| | attempts cannot compromise the integrity of the |
-| | SPMC. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 20 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint can perform a |
-| | denial-of-service attack by using FFA_INTERRUPT |
-| | call that could attempt to cause the system to |
-| | crash or enter into an unknown state as no physical|
-| | interrupt could be pending for it to be handled in |
-| | the SPMC.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC provides mitigation against such |
-| | attack by detecting invocations from partitions |
-| | and simply returning FFA_ERROR status interface. |
-| | SPMC only allows SPMD to use FFA_INTERRUPT ABI to |
-| | communicate a pending secure interrupt triggered |
-| | while execution was in normal world. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 21 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might deactivate a |
-| | (virtual) secure interrupt that was not originally |
-| | signaled by SPMC, thereby attempting to alter the |
-| | state of the SPMC and potentially lead to system |
-| | crash.** |
-| | SPMC maps the virtual interrupt ids to the physical|
-| | interrupt ids to keep the implementation of virtual|
-| | interrupt driver simple. |
-| | Similarly, a malicious secure endpoint might invoke|
-| | the deactivation ABI more than once for a secure |
-| | interrupt. Moreover, a malicious secure endpoint |
-| | might attempt to deactivate a (virtual) secure |
-| | interrupt that was signaled to another endpoint |
-| | execution context by the SPMC even before secure |
-| | interrupt was handled. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | At initialization, the TF-A SPMC parses the |
-| | partition manifests to find the target execution |
-| | context responsible for handling the various |
-| | secure physical interrupts. The TF-A SPMC provides |
-| | mitigation against above mentioned threats by: |
-| | |
-| | - Keeping track of each pending virtual interrupt |
-| | signaled to an execution context of a secure |
-| | secure partition. |
-| | - Denying any deactivation call from SP if there is|
-| | no pending physical interrupt mapped to the |
-| | given virtual interrupt. |
-| | - Denying any deactivation call from SP if the |
-| | virtual interrupt has not been signaled to the |
-| | current execution context. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 22 |
-+========================+====================================================+
-| ``Threat`` | **A malicious secure endpoint might not deactivate |
-| | a virtual interrupt signaled to it by the SPMC but |
-| | perform secure interrupt signal completion. This |
-| | attempt to corrupt the internal state of the SPMC |
-| | could lead to an unknown state and further lead to |
-| | system crash.** |
-| | Similarly, a malicious secure endpoint could |
-| | deliberately not perform either interrupt |
-| | deactivation or interrupt completion signal. Since,|
-| | the SPMC can only process one secure interrupt at a|
-| | time, this could choke the system where all |
-| | interrupts are indefinitely masked which could |
-| | potentially lead to system crash or reboot. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Tampering, Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation against |
-| | such threat. This is a limitation of the current |
-| | SPMC implementation and needs to be handled in the |
-| | future releases. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 23 |
-+========================+====================================================+
-| ``Threat`` | **A malicious endpoint could leverage non-secure |
-| | interrupts to preempt a secure endpoint, thereby |
-| | attempting to render it unable to handle a secure |
-| | virtual interrupt targetted for it. This could lead|
-| | to priority inversion as secure virtual interrupts |
-| | are kept pending while non-secure interrupts are |
-| | handled by normal world VMs.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC alone does not provide mitigation |
-| | against such threats. System integrators must take |
-| | necessary high level design decisions that takes |
-| | care of interrupt prioritization. The SPMC performs|
-| | its role of enabling SPs to specify appropriate |
-| | action towards non-secure interrupt with the help |
-| | of partition manifest based on the guidance in the |
-| | FF-A v1.1 EAC0 specification. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 24 |
-+========================+====================================================+
-| ``Threat`` | **A secure endpoint depends on primary scheduler |
-| | for CPU cycles. A malicious endpoint could delay |
-| | the secure endpoint from being scheduled. Secure |
-| | interrupts, if not handled timely, could compromise|
-| | the state of SP and SPMC, thereby rendering the |
-| | system unresponsive.** |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2, DF3, DF5 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state, SP state, Scheduling cycles |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (9) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide full mitigation |
-| | against such threats. However, based on the |
-| | guidance provided in the FF-A v1.1 EAC0 spec, SPMC |
-| | provisions CPU cycles to run a secure endpoint |
-| | execution context in SPMC schedule mode which |
-| | cannot be preempted by a non-secure interrupt. |
-| | This reduces the dependency on primary scheduler |
-| | for cycle allocation. Moreover, all further |
-| | interrupts are masked until pending secure virtual |
-| | interrupt on current CPU is handled. This allows SP|
-| | execution context to make progress even upon being |
-| | interrupted. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 25 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint can use memory sharing |
-| | calls to exhaust SPMC resources.** |
-| | For each on-going operation that involves an SP, |
-| | the SPMC allocates resources to track its state. |
-| | If the operation is never concluded, the resources |
-| | are never freed. |
-| | In the worst scenario, multiple operations that |
-| | never conclude may exhaust the SPMC resources to a |
-| | point in which renders memory sharing operations |
-| | impossible. This could affect other, non-harmful |
-| | FF-A endpoints, from legitimately using memory |
-| | share functionality. The intent might even be |
-| | to cause the SPMC to consume excessive CPU cycles, |
-| | attempting to make it deny its service to the NWd. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, SPMD |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SPMC state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | High (4) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (16) | Medium (9) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC uses a statically allocated pool of |
-| | memory to keep track of on-going memory sharing |
-| | operations. After a possible attack, this could |
-| | fail due to insufficient memory, and return an |
-| | error to the caller. At this point, any other |
-| | endpoint that requires use of memory sharing for |
-| | its operation could get itself in an unusable |
-| | state. |
-| | Regarding CPU cycles starving threat, the SPMC |
-| | doesn't provide any mitigation for this, as any |
-| | FF-A endpoint, at the virtual FF-A instance is |
-| | allowed to invoke memory share/lend/donate. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 26 |
-+========================+====================================================+
-| ``Threat`` | **A borrower may interfere with lender's |
-| | operation, if it terminates due to a fatal error |
-| | condition without releasing the memory |
-| | shared/lent.** |
-| | Such scenario may render the lender inoperable. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC does not provide mitigation for such |
-| | scenario. The FF-A endpoints must attempt to |
-| | relinquish memory shared/lent themselves in |
-| | case of failure. The memory used to track the |
-| | operation in the SPMC will also remain usuable. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 27 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to tamper with |
-| | the content of the memory shared/lent, whilst |
-| | being accessed by other FF-A endpoints.** |
-| | It might attempt to do so: using one of the clear |
-| | flags, when either retrieving or relinquishing |
-| | access to the memory via the respective FF-A |
-| | calls; or directly accessing memory without |
-| | respecting the synchronization protocol between |
-| | all involved endpoints. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | Low (2) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Medium (3) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | Medium (6) | Medium(6) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The first case defined in the threat, the TF-A |
-| | SPMC mitigates it, by ensuring a memory is cleared |
-| | only when all borrowers have relinquished access |
-| | to the memory, in a scenario involving multiple |
-| | borrowers. Also, if the receiver is granted RO, |
-| | permissions, the SPMC will reject any request |
-| | to clear memory on behalf of the borrower, by |
-| | returning an error to the respective FF-A call. |
-| | The second case defined in the threat can't be |
-| | mitigated by the SPMC. It is up to the NS/S FF-A |
-| | endpoints to establish a robust protocol for using |
-| | the shared memory. |
-+------------------------+----------------------------------------------------+
-
-+------------------------+----------------------------------------------------+
-| ID | 28 |
-+========================+====================================================+
-| ``Threat`` | **A rogue FF-A endpoint may attempt to share |
-| | memory that is not in its translation regime, or |
-| | attempt to specify attributes more permissive than |
-| | those it possesses at a given time.** |
-| | Both ways could be an attempt for escalating its |
-| | privileges. |
-+------------------------+----------------------------------------------------+
-| ``Diagram Elements`` | DF1, DF2 |
-+------------------------+----------------------------------------------------+
-| ``Affected TF-A | SPMC, FF-A endpoint |
-| Components`` | |
-+------------------------+----------------------------------------------------+
-| ``Assets`` | SP state |
-+------------------------+----------------------------------------------------+
-| ``Threat Agent`` | NS-Endpoint, S-Endpoint |
-+------------------------+----------------------------------------------------+
-| ``Threat Type`` | Denial of Service, Tampering |
-+------------------------+------------------+-----------------+---------------+
-| ``Application`` | ``Server`` | ``Mobile`` | |
-+------------------------+------------------+-----------------+---------------+
-| ``Impact`` | High (4) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Likelihood`` | Medium (3) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Total Risk Rating`` | High (12) | Low (2) | |
-+------------------------+------------------+-----------------+---------------+
-| ``Mitigations`` | The TF-A SPMC mitigates this threat by performing |
-| | sanity checks to the provided memory region |
-| | descriptor. |
-| | For operations at the virtual FF-A instance, and |
-| | once the full memory descriptor is provided, |
-| | the SPMC validates that the memory is part of the |
-| | caller's translation regime. The SPMC also checks |
-| | that the memory attributes provided are within |
-| | those the owner possesses, in terms of |
-| | permissiveness. If more permissive attributes are |
-| | specified, the SPMC returns an error |
-| | FFA_INVALID_PARAMETERS. The permissiveness rules |
-| | are enforced in any call to share/lend or donate |
-| | the memory, and in retrieve requests. |
-+------------------------+----------------------------------------------------+
-
---------------
-
-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
-
-.. _Arm Firmware Framework for Arm A-profile: https://developer.arm.com/docs/den0077/latest
-.. _FF-A ACS: https://github.com/ARM-software/ff-a-acs/releases
-
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
index 14c3172..608866c 100644
--- a/drivers/auth/auth_mod.c
+++ b/drivers/auth/auth_mod.c
@@ -25,13 +25,6 @@
/* ASN.1 tags */
#define ASN1_INTEGER 0x02
-#define return_if_error(rc) \
- do { \
- if (rc != 0) { \
- return rc; \
- } \
- } while (0)
-
#pragma weak plat_set_nv_ctr2
static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
@@ -99,24 +92,37 @@
{
void *data_ptr, *hash_der_ptr;
unsigned int data_len, hash_der_len;
- int rc = 0;
+ int rc;
/* Get the hash from the parent image. This hash will be DER encoded
* and contain the hash algorithm */
rc = auth_get_param(param->hash, img_desc->parent,
&hash_der_ptr, &hash_der_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the data to be hashed from the current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Ask the crypto module to verify this hash */
rc = crypto_mod_verify_hash(data_ptr, data_len,
hash_der_ptr, hash_der_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -153,22 +159,34 @@
void *data_ptr, *pk_ptr, *cnv_pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr, *pk_oid;
unsigned int data_len, pk_len, cnv_pk_len, pk_plat_len, sig_len, sig_alg_len;
unsigned int flags = 0;
- int rc = 0;
+ int rc;
/* Get the data to be signed from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->data,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->sig,
img, img_len, &sig_ptr, &sig_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the signature algorithm from current image */
rc = img_parser_get_auth_param(img_desc->img_type, param->alg,
img, img_len, &sig_alg_ptr, &sig_alg_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Get the public key from the parent. If there is no parent (NULL),
* the certificate has been signed with the ROTPK, so we have to get
@@ -176,7 +194,11 @@
if (img_desc->parent != NULL) {
rc = auth_get_param(param->pk, img_desc->parent,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/*
* Root certificates are signed with the ROTPK, so we have to
@@ -184,7 +206,11 @@
*/
rc = plat_get_rotpk_info(param->pk->cookie, &pk_plat_ptr,
&pk_plat_len, &flags);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
assert(is_rotpk_flags_valid(flags));
@@ -192,7 +218,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
param->pk, img, img_len,
&pk_ptr, &pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* Validate the certificate's key against the platform ROTPK.
@@ -211,7 +241,11 @@
* suffixed or modified pk
*/
rc = crypto_mod_convert_pk(pk_ptr, pk_len, &cnv_pk_ptr, &cnv_pk_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/*
* The hash of the certificate's public key must match
@@ -219,7 +253,11 @@
*/
rc = crypto_mod_verify_hash(cnv_pk_ptr, cnv_pk_len,
pk_plat_ptr, pk_plat_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
} else {
/* Platform supports full ROTPK */
if ((pk_len != pk_plat_len) ||
@@ -245,7 +283,8 @@
*/
rc = plat_mboot_measure_key(pk_oid, pk_ptr, pk_len);
if (rc != 0) {
- WARN("Public Key measurement failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
@@ -254,8 +293,13 @@
sig_ptr, sig_len,
sig_alg_ptr, sig_alg_len,
pk_ptr, pk_len);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
- return rc;
+ return 0;
}
/*
@@ -283,14 +327,18 @@
void *data_ptr = NULL;
unsigned int data_len, len, i;
unsigned int plat_nv_ctr;
- int rc = 0;
+ int rc;
bool is_trial_run = false;
/* Get the counter value from current image. The AM expects the IPM
* to return the counter value as a DER encoded integer */
rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr,
img, img_len, &data_ptr, &data_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Parse the DER encoded integer */
assert(data_ptr);
@@ -329,7 +377,11 @@
/* Get the counter from the platform */
rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
if (*cert_nv_ctr < plat_nv_ctr) {
/* Invalid NV-counter */
@@ -417,7 +469,11 @@
/* Ask the parser to check the image integrity */
rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Authenticate the image using the methods indicated in the image
* descriptor. */
@@ -449,7 +505,11 @@
rc = 1;
break;
}
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
}
/*
@@ -459,7 +519,11 @@
if (need_nv_ctr_upgrade && sig_auth_done) {
rc = plat_set_nv_ctr2(nv_ctr_param->plat_nv_ctr->cookie,
img_desc, cert_nv_ctr);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
}
/* Extract the parameters indicated in the image descriptor to
@@ -474,7 +538,11 @@
rc = img_parser_get_auth_param(img_desc->img_type,
img_desc->authenticated_data[i].type_desc,
img_ptr, img_len, ¶m_ptr, ¶m_len);
- return_if_error(rc);
+ if (rc != 0) {
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
+ return rc;
+ }
/* Check parameter size */
if (param_len > img_desc->authenticated_data[i].data.len) {
@@ -495,8 +563,8 @@
param_ptr,
param_len);
if (rc != 0) {
- WARN("Public Key measurement "
- "failure = %d\n", rc);
+ VERBOSE("[TBB] %s():%d failed with error code %d.\n",
+ __func__, __LINE__, rc);
}
}
}
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index e380c86..a2c6430 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -21,7 +21,8 @@
# Specify mbed TLS configuration file
ifeq (${MBEDTLS_MAJOR}, 2)
- MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
+ $(info Deprecation Notice: Please migrate to Mbedtls version 3.x (refer to TF-A documentation for the exact version number))
+ MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/mbedtls_config-2.h>"
else ifeq (${MBEDTLS_MAJOR}, 3)
ifeq (${PSA_CRYPTO},1)
MBEDTLS_CONFIG_FILE ?= "<drivers/auth/mbedtls/psa_mbedtls_config.h>"
diff --git a/include/lib/cpus/aarch64/cortex_a78c.h b/include/lib/cpus/aarch64/cortex_a78c.h
index 301be69..d600eca 100644
--- a/include/lib/cpus/aarch64/cortex_a78c.h
+++ b/include/lib/cpus/aarch64/cortex_a78c.h
@@ -47,4 +47,9 @@
#define CORTEX_A78C_IMP_CPUPOR_EL3 S3_6_C15_C8_2
#define CORTEX_A78C_IMP_CPUPMR_EL3 S3_6_C15_C8_3
+/*******************************************************************************
+ * CPU Auxiliary Control register 5 specific definitions.
+ ******************************************************************************/
+#define CORTEX_A78C_ACTLR5_EL1 S3_0_C15_C9_0
+
#endif /* CORTEX_A78C_H */
diff --git a/include/lib/cpus/aarch64/cortex_x3.h b/include/lib/cpus/aarch64/cortex_x3.h
index 04548ea..4a3ac77 100644
--- a/include/lib/cpus/aarch64/cortex_x3.h
+++ b/include/lib/cpus/aarch64/cortex_x3.h
@@ -47,4 +47,10 @@
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_WIDTH U(4)
#define CORTEX_X3_CPUECTLR2_EL1_PF_MODE_CNSRV ULL(0x9)
+/*******************************************************************************
+ * CPU Auxiliary Control register 3 specific definitions.
+ ******************************************************************************/
+#define CORTEX_X3_CPUACTLR3_EL1 S3_0_C15_C1_2
+#define CORTEX_X3_CPUACTLR3_EL1_BIT_47 (ULL(1) << 47)
+
#endif /* CORTEX_X3_H */
diff --git a/include/lib/cpus/aarch64/neoverse_v1.h b/include/lib/cpus/aarch64/neoverse_v1.h
index d618994..1e2d7ea 100644
--- a/include/lib/cpus/aarch64/neoverse_v1.h
+++ b/include/lib/cpus/aarch64/neoverse_v1.h
@@ -47,5 +47,6 @@
#define NEOVERSE_V1_ACTLR5_EL1 S3_0_C15_C9_0
#define NEOVERSE_V1_ACTLR5_EL1_BIT_55 (ULL(1) << 55)
#define NEOVERSE_V1_ACTLR5_EL1_BIT_56 (ULL(1) << 56)
+#define NEOVERSE_V1_ACTLR5_EL1_BIT_61 (ULL(1) << 61)
#endif /* NEOVERSE_V1_H */
diff --git a/lib/cpus/aarch64/cortex_a78c.S b/lib/cpus/aarch64/cortex_a78c.S
index d19c693..2e6e8b6 100644
--- a/lib/cpus/aarch64/cortex_a78c.S
+++ b/lib/cpus/aarch64/cortex_a78c.S
@@ -72,6 +72,14 @@
check_erratum_range cortex_a78c, ERRATUM(2395411), CPU_REV(0, 1), CPU_REV(0, 2)
+workaround_reset_start cortex_a78c, ERRATUM(2743232), ERRATA_A78C_2743232
+ /* Set CPUACTLR5_EL1[56:55] to 2'b01 */
+ sysreg_bit_set CORTEX_A78C_ACTLR5_EL1, BIT(55)
+ sysreg_bit_clear CORTEX_A78C_ACTLR5_EL1, BIT(56)
+workaround_reset_end cortex_a78c, ERRATUM(2743232)
+
+check_erratum_range cortex_a78c, ERRATUM(2743232), CPU_REV(0, 1), CPU_REV(0, 2)
+
workaround_runtime_start cortex_a78c, ERRATUM(2772121), ERRATA_A78C_2772121
/* dsb before isb of power down sequence */
dsb sy
diff --git a/lib/cpus/aarch64/cortex_x3.S b/lib/cpus/aarch64/cortex_x3.S
index 0cb3b97..95f3d10 100644
--- a/lib/cpus/aarch64/cortex_x3.S
+++ b/lib/cpus/aarch64/cortex_x3.S
@@ -57,6 +57,13 @@
check_erratum_ls cortex_x3, ERRATUM(2742421), CPU_REV(1, 1)
+workaround_reset_start cortex_x3, ERRATUM(2779509), ERRATA_X3_2779509
+ /* Set CPUACTLR3_EL1 bit 47 */
+ sysreg_bit_set CORTEX_X3_CPUACTLR3_EL1, CORTEX_X3_CPUACTLR3_EL1_BIT_47
+workaround_reset_end cortex_x3, ERRATUM(2779509)
+
+check_erratum_ls cortex_x3, ERRATUM(2779509), CPU_REV(1, 1)
+
workaround_reset_start cortex_x3, CVE(2022, 23960), WORKAROUND_CVE_2022_23960
#if IMAGE_BL31
override_vector_table wa_cve_vbar_cortex_x3
diff --git a/lib/cpus/aarch64/dsu_helpers.S b/lib/cpus/aarch64/dsu_helpers.S
index a34b9a6..8e5b459 100644
--- a/lib/cpus/aarch64/dsu_helpers.S
+++ b/lib/cpus/aarch64/dsu_helpers.S
@@ -151,13 +151,22 @@
* This function is called from both assembly and C environment. So it
* follows AAPCS.
*
- * Clobbers: x0-x3
+ * Clobbers: x0-x4
* -----------------------------------------------------------------------
*/
.globl check_errata_dsu_2313941
.globl errata_dsu_2313941_wa
func check_errata_dsu_2313941
+ mov x4, x30
+ bl is_scu_present_in_dsu
+ cmp x0, xzr
+ /* Default error status */
+ mov x0, #ERRATA_NOT_APPLIES
+
+ /* If SCU is not present, return without applying patch */
+ b.eq 1f
+
mov x2, #ERRATA_APPLIES
mov x3, #ERRATA_NOT_APPLIES
@@ -170,7 +179,8 @@
mov x1, #(0x31 << CLUSTERIDR_REV_SHIFT)
cmp x0, x1
csel x0, x2, x3, LS
- ret
+1:
+ ret x4
endfunc check_errata_dsu_2313941
/* --------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_v1.S b/lib/cpus/aarch64/neoverse_v1.S
index 2a49134..c2fbb11 100644
--- a/lib/cpus/aarch64/neoverse_v1.S
+++ b/lib/cpus/aarch64/neoverse_v1.S
@@ -196,6 +196,13 @@
check_erratum_ls neoverse_v1, ERRATUM(2294912), CPU_REV(1, 2)
+workaround_runtime_start neoverse_v1, ERRATUM(2348377), ERRATA_V1_2348377
+ /* Set bit 61 in CPUACTLR5_EL1 */
+ sysreg_bit_set NEOVERSE_V1_ACTLR5_EL1, NEOVERSE_V1_ACTLR5_EL1_BIT_61
+workaround_runtime_end neoverse_v1, ERRATUM(2348377)
+
+check_erratum_ls neoverse_v1, ERRATUM(2348377), CPU_REV(1, 1)
+
workaround_reset_start neoverse_v1, ERRATUM(2372203), ERRATA_V1_2372203
/* Set bit 40 in ACTLR2_EL1 */
sysreg_bit_set NEOVERSE_V1_ACTLR2_EL1, NEOVERSE_V1_ACTLR2_EL1_BIT_40
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 434ee08..3901d17 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk
@@ -393,6 +393,10 @@
# It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2712575
+# Flag to apply erratum 2743232 workaround during reset. This erratum applies
+# to revisions r0p1 and r0p2 of the A78C cpu. It is still open.
+CPU_FLAG_LIST += ERRATA_A78C_2743232
+
# Flag to apply erratum 2772121 workaround during powerdown. This erratum
# applies to revisions r0p0, r0p1 and r0p2 of the A78C cpu. It is still open.
CPU_FLAG_LIST += ERRATA_A78C_2772121
@@ -520,6 +524,10 @@
# to revisions r0p0, r1p0, and r1p1 and r1p2 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2294912
+# Flag to apply erratum 2348377 workaround during reset. This erratum applies
+# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_V1_2348377
+
# Flag to apply erratum 2372203 workaround during reset. This erratum applies
# to revisions r0p0, r1p0 and r1p1 of the Neoverse V1 cpu and is still open.
CPU_FLAG_LIST += ERRATA_V1_2372203
@@ -769,6 +777,10 @@
# to revisions r0p0, r1p0 and r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
CPU_FLAG_LIST += ERRATA_X3_2742421
+# Flag to apply erratum 2779509 workaround on reset. This erratum applies
+# to revisions r0p0, r1p0, r1p1 of the Cortex-X3 cpu, it is fixed in r1p2.
+CPU_FLAG_LIST += ERRATA_X3_2779509
+
# Flag to apply erratum 1922240 workaround during reset. This erratum applies
# to revision r0p0 of the Cortex-A510 cpu and is fixed in r0p1.
CPU_FLAG_LIST += ERRATA_A510_1922240
diff --git a/lib/psa/measured_boot.c b/lib/psa/measured_boot.c
index c359e9f..38990b5 100644
--- a/lib/psa/measured_boot.c
+++ b/lib/psa/measured_boot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -61,7 +61,6 @@
INFO(" - locking : %s\n", lock_measurement ? "true" : "false");
}
-#if !PLAT_RSS_NOT_SUPPORTED
psa_status_t
rss_measured_boot_extend_measurement(uint8_t index,
const uint8_t *signer_id,
@@ -175,47 +174,3 @@
return status;
}
-
-#else /* !PLAT_RSS_NOT_SUPPORTED */
-
-psa_status_t
-rss_measured_boot_extend_measurement(uint8_t index,
- const uint8_t *signer_id,
- size_t signer_id_size,
- const uint8_t *version,
- size_t version_size,
- uint32_t measurement_algo,
- const uint8_t *sw_type,
- size_t sw_type_size,
- const uint8_t *measurement_value,
- size_t measurement_value_size,
- bool lock_measurement)
-{
- log_measurement(index, signer_id, signer_id_size,
- version, version_size, sw_type, sw_type_size,
- measurement_algo, measurement_value,
- measurement_value_size, lock_measurement);
-
- return PSA_SUCCESS;
-}
-
-psa_status_t rss_measured_boot_read_measurement(uint8_t index,
- uint8_t *signer_id,
- size_t signer_id_size,
- size_t *signer_id_len,
- uint8_t *version,
- size_t version_size,
- size_t *version_len,
- uint32_t *measurement_algo,
- uint8_t *sw_type,
- size_t sw_type_size,
- size_t *sw_type_len,
- uint8_t *measurement_value,
- size_t measurement_value_size,
- size_t *measurement_value_len,
- bool *is_locked)
-{
- return PSA_SUCCESS;
-}
-
-#endif /* !PLAT_RSS_NOT_SUPPORTED */
diff --git a/make_helpers/defaults.mk b/make_helpers/defaults.mk
index f0f157c..3ff0aaf 100644
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@@ -347,9 +347,6 @@
# Disable Firmware update support by default
PSA_FWU_SUPPORT := 0
-# By default, disable the mocking of RSS provided services
-PLAT_RSS_NOT_SUPPORTED := 0
-
# Dynamic Root of Trust for Measurement support
DRTM_SUPPORT := 0
diff --git a/package-lock.json b/package-lock.json
index e23f9a4..e43fa65 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"hasInstallScript": true,
"license": "BSD-3-Clause",
"devDependencies": {
diff --git a/package.json b/package.json
index 8b724dae..1c557fd 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "trusted-firmware-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"scripts": {
diff --git a/plat/arm/board/fvp/fvp_common_measured_boot.c b/plat/arm/board/fvp/fvp_common_measured_boot.c
index 0c1d5e7..d56f510 100644
--- a/plat/arm/board/fvp/fvp_common_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_common_measured_boot.c
@@ -19,7 +19,6 @@
int plat_mboot_measure_image(unsigned int image_id, image_info_t *image_data)
{
int err;
- int rc = 0;
/* Calculate image hash and record data in Event Log */
err = event_log_measure_and_record(image_data->image_base,
@@ -29,26 +28,14 @@
if (err != 0) {
ERROR("%s%s image id %u (%i)\n",
"Failed to ", "record in event log", image_id, err);
- rc = err;
+ return err;
}
- /* Calculate image hash and record data in RSS */
- err = rss_mboot_measure_and_record(fvp_rss_mboot_metadata,
- image_data->image_base,
- image_data->image_size,
- image_id);
- if (err != 0) {
- ERROR("%s%s image id %u (%i)\n",
- "Failed to ", "record in RSS", image_id, err);
- rc = (rc == 0) ? err : -1;
- }
-
- return rc;
+ return 0;
}
int plat_mboot_measure_key(const void *pk_oid, const void *pk_ptr,
size_t pk_len)
{
- return rss_mboot_set_signer_id(fvp_rss_mboot_metadata, pk_oid, pk_ptr,
- pk_len);
+ return 0;
}
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index 2fdff34..df26dd7 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -440,10 +440,6 @@
override BL1_SOURCES =
endif
-# RSS is not supported on FVP right now. Thus, we use the mocked version
-# of the provided PSA APIs. They return with success and hard-coded token/key.
-PLAT_RSS_NOT_SUPPORTED := 1
-
# Include Measured Boot makefile before any Crypto library makefile.
# Crypto library makefile may need default definitions of Measured Boot build
# flags present in Measured Boot makefile.
@@ -471,23 +467,6 @@
BL2_SOURCES += plat/arm/board/fvp/fvp_common_measured_boot.c \
plat/arm/board/fvp/fvp_bl2_measured_boot.c \
lib/psa/measured_boot.c
-
-# Even though RSS is not supported on FVP (see above), we support overriding
-# PLAT_RSS_NOT_SUPPORTED from the command line, just for the purpose of building
-# the code to detect any build regressions. The resulting firmware will not be
-# functional.
-ifneq (${PLAT_RSS_NOT_SUPPORTED},1)
- $(warning "RSS is not supported on FVP. The firmware will not be functional.")
- include drivers/arm/rss/rss_comms.mk
- BL1_SOURCES += ${RSS_COMMS_SOURCES}
- BL2_SOURCES += ${RSS_COMMS_SOURCES}
- BL31_SOURCES += ${RSS_COMMS_SOURCES}
-
- BL1_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL2_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
- BL31_CFLAGS += -DPLAT_RSS_COMMS_PAYLOAD_MAX_SIZE=0
-endif
-
endif
ifeq (${DRTM_SUPPORT}, 1)
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index 8db6f1d..6874cfa 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -9,6 +9,11 @@
$(error Platform ${PLAT}$(TARGET_PLATFORM) is deprecated.)
endif
+ifeq ($(TARGET_PLATFORM), 1)
+ $(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
+ Some of the features might not work as expected)
+endif
+
ifeq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
$(error TARGET_PLATFORM must be less than or equal to 2)
endif
diff --git a/plat/arm/css/sgi/include/sgi_base_platform_def.h b/plat/arm/css/sgi/include/sgi_base_platform_def.h
index 610f1fc..dab5f8b 100644
--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@@ -105,7 +105,7 @@
* A buffer of ~35KB is added to account for future expansion of the image,
* making it a total of 100KB.
*/
-#define CSS_SGI_BL31_SIZE (100 * 1024) /* 100 KB */
+#define CSS_SGI_BL31_SIZE (116 * 1024) /* 116 KB */
#define PLAT_ARM_MAX_BL31_SIZE (CSS_SGI_BL31_SIZE + \
PLAT_ARM_MAX_BL2_SIZE + \
PLAT_ARM_MAX_BL1_RW_SIZE)
@@ -217,7 +217,7 @@
*/
#define CSS_SGI_SP_CPER_BUF_BASE (PLAT_SP_IMAGE_NS_BUF_BASE + \
PLAT_SP_IMAGE_NS_BUF_SIZE)
-#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x20000)
+#define CSS_SGI_SP_CPER_BUF_SIZE ULL(0x10000)
#define CSS_SGI_SP_CPER_BUF_MMAP MAP_REGION2( \
CSS_SGI_SP_CPER_BUF_BASE, \
CSS_SGI_SP_CPER_BUF_BASE, \
diff --git a/plat/intel/soc/agilex/include/socfpga_plat_def.h b/plat/intel/soc/agilex/include/socfpga_plat_def.h
index a744d09..ff7d971 100644
--- a/plat/intel/soc/agilex/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex/include/socfpga_plat_def.h
@@ -65,7 +65,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -77,6 +77,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/agilex5/bl2_plat_setup.c b/plat/intel/soc/agilex5/bl2_plat_setup.c
index a2fafd2..3912ba8 100644
--- a/plat/intel/soc/agilex5/bl2_plat_setup.c
+++ b/plat/intel/soc/agilex5/bl2_plat_setup.c
@@ -84,7 +84,8 @@
PLAT_BAUDRATE, &console);
/* Store magic number */
- mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
+ // TODO: Temp workaround to ungate testing
+ // mmio_write_32(L2_RESET_DONE_REG, PLAT_L2_RESET_REQ);
}
void bl2_el3_plat_arch_setup(void)
diff --git a/plat/intel/soc/agilex5/include/socfpga_plat_def.h b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
index 8a49d61..597612f 100644
--- a/plat/intel/soc/agilex5/include/socfpga_plat_def.h
+++ b/plat/intel/soc/agilex5/include/socfpga_plat_def.h
@@ -23,9 +23,12 @@
#define PLAT_CPU_ID_MPIDR_AFF_SHIFT MPIDR_AFF1_SHIFT
#define PLAT_L2_RESET_REQ 0xB007C0DE
-/* System Counter */ /* TODO: Update back to 400MHz */
-#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (80000000)
-#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (80)
+/* System Counter */
+/* TODO: Update back to 400MHz.
+ * This shall be updated to read from L4 clock instead of hardcoded.
+ */
+#define PLAT_SYS_COUNTER_FREQ_IN_TICKS (400000000)
+#define PLAT_SYS_COUNTER_FREQ_IN_MHZ (400)
/* FPGA config helpers */
#define INTEL_SIP_SMC_FPGA_CONFIG_ADDR 0x400000
@@ -83,7 +86,7 @@
#define GIC_SIZE (0x00100000)
#define BL2_BASE (0x00000000)
-#define BL2_LIMIT (0x0001b000)
+#define BL2_LIMIT (0x0002b000)
#define BL31_BASE (0x80000000)
#define BL31_LIMIT (0x82000000)
@@ -95,6 +98,11 @@
#define PLAT_UART1_BASE (0x10C02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0x10D00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0x1D000000)
diff --git a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
index 684a625..2094c65 100644
--- a/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
+++ b/plat/intel/soc/common/drivers/ccu/ncore_ccu.c
@@ -134,7 +134,7 @@
/* Enabled Stream ctrl register for Agilex5 */
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA0), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(DMA_TBU_STREAM_CTRL_REG_0_DMA1), ENABLE_STREAMID);
- mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID_SECURE_TX);
+ mmio_write_32(SOCFPGA_SYSMGR(SDM_TBU_STREAM_CTRL_REG_1_SDM), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB2), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_USB3), ENABLE_STREAMID);
mmio_write_32(SOCFPGA_SYSMGR(IO_TBU_STREAM_CTRL_REG_2_SDMMC), ENABLE_STREAMID);
diff --git a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
index da8a8bd..6d8825f 100644
--- a/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
+++ b/plat/intel/soc/common/drivers/qspi/cadence_qspi.c
@@ -634,8 +634,9 @@
int cad_qspi_read_bank(uint8_t *buffer, uint32_t offset, uint32_t size)
{
int status;
- uint32_t read_count = 0, *read_data;
+ uint32_t read_count = 0;
int level = 1, count = 0, i;
+ uint8_t *read_data;
status = cad_qspi_indirect_read_start_bank(offset, size);
@@ -647,11 +648,11 @@
level = CAD_QSPI_SRAMFILL_INDRDPART(
mmio_read_32(CAD_QSPI_OFFSET +
CAD_QSPI_SRAMFILL));
- read_data = (uint32_t *)(buffer + read_count);
+ read_data = (uint8_t *)(buffer + read_count);
for (i = 0; i < level; ++i)
- *read_data++ = mmio_read_32(CAD_QSPIDATA_OFST);
+ *read_data++ = mmio_read_8(CAD_QSPIDATA_OFST);
- read_count += level * sizeof(uint32_t);
+ read_count += level * sizeof(uint8_t);
count++;
} while (level > 0);
}
diff --git a/plat/intel/soc/common/drivers/wdt/watchdog.h b/plat/intel/soc/common/drivers/wdt/watchdog.h
index 4ee4cff..940ebf3 100644
--- a/plat/intel/soc/common/drivers/wdt/watchdog.h
+++ b/plat/intel/soc/common/drivers/wdt/watchdog.h
@@ -7,11 +7,8 @@
#ifndef CAD_WATCHDOG_H
#define CAD_WATCHDOG_H
-#if PLATFORM_MODEL == PLAT_SOCFPGA_AGILEX5
-#define WDT_BASE (0x10D00200)
-#else
-#define WDT_BASE (0xFFD00200)
-#endif
+#include "socfpga_plat_def.h"
+
#define WDT_REG_SIZE_OFFSET (0x4)
#define WDT_MIN_CYCLES (65536)
#define WDT_PERIOD (20)
diff --git a/plat/intel/soc/common/soc/socfpga_reset_manager.c b/plat/intel/soc/common/soc/socfpga_reset_manager.c
index 7db86c7..bd63e02 100644
--- a/plat/intel/soc/common/soc/socfpga_reset_manager.c
+++ b/plat/intel/soc/common/soc/socfpga_reset_manager.c
@@ -407,6 +407,7 @@
int socfpga_bridges_enable(uint32_t mask)
{
int ret = 0;
+ int ret_hps = 0;
uint32_t brg_mask = 0;
uint32_t noc_mask = 0;
uint32_t f2s_idlereq = 0;
@@ -505,9 +506,9 @@
mmio_clrbits_32(SOCFPGA_RSTMGR(BRGMODRST), brg_mask);
/* Wait until idle ack becomes 0 */
- ret = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
+ ret_hps = poll_idle_status(SOCFPGA_SYSMGR(NOC_IDLEACK),
noc_mask, 0, 300);
- if (ret < 0) {
+ if (ret_hps < 0) {
ERROR("S2F bridge enable: Timeout idle ack\n");
}
}
@@ -711,6 +712,7 @@
udelay(5);
}
#endif
+ ret = ret | ret_hps;
return ret;
}
diff --git a/plat/intel/soc/n5x/include/socfpga_plat_def.h b/plat/intel/soc/n5x/include/socfpga_plat_def.h
index a06bbc4..ae0229f 100644
--- a/plat/intel/soc/n5x/include/socfpga_plat_def.h
+++ b/plat/intel/soc/n5x/include/socfpga_plat_def.h
@@ -78,6 +78,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/intel/soc/stratix10/include/socfpga_plat_def.h b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
index 7c9f15a..112604f 100644
--- a/plat/intel/soc/stratix10/include/socfpga_plat_def.h
+++ b/plat/intel/soc/stratix10/include/socfpga_plat_def.h
@@ -64,7 +64,7 @@
#define DEVICE4_SIZE (0x0100000000)
#define BL2_BASE (0xffe00000)
-#define BL2_LIMIT (0xffe1b000)
+#define BL2_LIMIT (0xffe2b000)
#define BL31_BASE (0x1000)
#define BL31_LIMIT (0x81000)
@@ -76,6 +76,11 @@
#define PLAT_UART1_BASE (0xFFC02100)
/*******************************************************************************
+ * WDT related constants
+ ******************************************************************************/
+#define WDT_BASE (0xFFD00200)
+
+/*******************************************************************************
* GIC related constants
******************************************************************************/
#define PLAT_GIC_BASE (0xFFFC0000)
diff --git a/plat/mediatek/build_helpers/mtk_build_helpers.mk b/plat/mediatek/build_helpers/mtk_build_helpers.mk
index 83a4dd2..ac2cbad 100644
--- a/plat/mediatek/build_helpers/mtk_build_helpers.mk
+++ b/plat/mediatek/build_helpers/mtk_build_helpers.mk
@@ -103,12 +103,8 @@
MTK_OPTIONS := $(MTK_PLAT)/build_helpers/options.mk
MTK_COND_EVAL := $(MTK_PLAT)/build_helpers/conditional_eval_options.mk
-# Indicate which BL should be built in command line
-ifeq (${NEED_BL32},yes)
-MTK_BL := bl32
-else
MTK_BL := bl31
-endif
+
# Include common, platform, board level config
include $(MTK_COMMON_CFG)
include $(MTK_PLAT_CFG)
diff --git a/plat/qemu/common/common.mk b/plat/qemu/common/common.mk
index 020dc1f..2dcac69 100644
--- a/plat/qemu/common/common.mk
+++ b/plat/qemu/common/common.mk
@@ -29,18 +29,6 @@
lib/cpus/aarch64/qemu_max.S
PLAT_INCLUDES += -Iinclude/plat/arm/common/${ARCH}
-
-# Cpu core architecture level:
-# v8.0: a53, a57, a72
-# v8.2: a55, a76, n1
-# v8.4: v1
-# v9.0: a710, n2
-#
-# let treat v9.0 as v8.5 as they share cpu features
-# https://developer.arm.com/documentation/102378/0201/Armv8-x-and-Armv9-x-extensions-and-features
-
-ARM_ARCH_MAJOR := 8
-ARM_ARCH_MINOR := 5
endif
PLAT_BL_COMMON_SOURCES := ${PLAT_QEMU_COMMON_PATH}/qemu_common.c \
@@ -91,7 +79,44 @@
# CPU flag enablement
ifeq (${ARCH},aarch64)
-# Later QEMU versions support SME and SVE.
+# Cpu core architecture level:
+# v8.0: a53, a57, a72
+# v8.2: a55, a76, n1
+# v8.4: v1
+# v9.0: a710, n2
+#
+#
+# We go v8.0 by default and will enable all features we want
+
+ARM_ARCH_MAJOR := 8
+ARM_ARCH_MINOR := 0
+
+# 8.0
+ENABLE_FEAT_CSV2_2 := 2
+
+# 8.1
+ENABLE_FEAT_PAN := 2
+ENABLE_FEAT_VHE := 2
+
+# 8.2
+# TF-A currently does not permit dynamic detection of FEAT_RAS
+# so this is the only safe setting
+ENABLE_FEAT_RAS := 0
+
+# 8.4
+ENABLE_FEAT_SEL2 := 2
+ENABLE_FEAT_DIT := 2
+
+# 8.5
+ENABLE_FEAT_RNG := 2
+ENABLE_FEAT_SB := 2
+
+# 8.6
+ENABLE_FEAT_FGT := 2
+
+# 8.7
+ENABLE_FEAT_HCX := 2
+
# SPM_MM is not compatible with ENABLE_SVE_FOR_NS (build breaks)
ifeq (${SPM_MM},1)
ENABLE_SVE_FOR_NS := 0
@@ -101,12 +126,6 @@
ENABLE_SME_FOR_NS := 2
endif
-# QEMU will use the RNDR instruction for the stack protector canary.
-ENABLE_FEAT_RNG := 2
-
-# QEMU 7.2+ has support for FGT and Linux needs it enabled to boot on max
-ENABLE_FEAT_FGT := 2
-
# Treating this as a memory-constrained port for now
USE_COHERENT_MEM := 0
diff --git a/pyproject.toml b/pyproject.toml
index 19ba4d8..0fe2383 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
[tool.poetry]
name = "trusted-firmware-a"
-version = "2.9.0"
+version = "2.10.0"
description = "Trusted Firmware-A (TF-A) Python dependencies."
authors = ["Arm Ltd."]
license = "BSD-3-Clause"
diff --git a/services/std_svc/errata_abi/errata_abi_main.c b/services/std_svc/errata_abi/errata_abi_main.c
index 0b263e5..cf2e653 100644
--- a/services/std_svc/errata_abi/errata_abi_main.c
+++ b/services/std_svc/errata_abi/errata_abi_main.c
@@ -239,9 +239,10 @@
[5] = {2395411, 0x01, 0x02, ERRATA_A78C_2395411},
[6] = {2712575, 0x01, 0x02, ERRATA_A78C_2712575, \
ERRATA_NON_ARM_INTERCONNECT},
- [7] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
- [8] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
- [9 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [7] = {2743232, 0x01, 0x02, ERRATA_A78C_2743232},
+ [8] = {2772121, 0x00, 0x02, ERRATA_A78C_2772121},
+ [9] = {2779484, 0x01, 0x02, ERRATA_A78C_2779484},
+ [10 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_A78C_H_INC */
@@ -297,13 +298,14 @@
[8] = {2139242, 0x00, 0x11, ERRATA_V1_2139242},
[9] = {2216392, 0x10, 0x11, ERRATA_V1_2216392},
[10] = {2294912, 0x00, 0x12, ERRATA_V1_2294912},
- [11] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
- [12] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
+ [11] = {2348377, 0x00, 0x11, ERRATA_V1_2348377},
+ [12] = {2372203, 0x00, 0x11, ERRATA_V1_2372203},
+ [13] = {2701953, 0x00, 0x11, ERRATA_V1_2701953, \
ERRATA_NON_ARM_INTERCONNECT},
- [13] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
- [14] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
- [15] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
- [16 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [14] = {2743093, 0x00, 0x12, ERRATA_V1_2743093},
+ [15] = {2743233, 0x00, 0x12, ERRATA_V1_2743233},
+ [16] = {2779461, 0x00, 0x12, ERRATA_V1_2779461},
+ [17 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* NEOVERSE_V1_H_INC */
@@ -443,7 +445,8 @@
[1] = {2313909, 0x00, 0x10, ERRATA_X3_2313909},
[2] = {2615812, 0x00, 0x11, ERRATA_X3_2615812},
[3] = {2742421, 0x00, 0x11, ERRATA_X3_2742421},
- [4 ... ERRATA_LIST_END] = UNDEF_ERRATA,
+ [4] = {2779509, 0x00, 0x11, ERRATA_X3_2779509},
+ [5 ... ERRATA_LIST_END] = UNDEF_ERRATA,
}
},
#endif /* CORTEX_X3_H_INC */
diff --git a/tools/conventional-changelog-tf-a/package.json b/tools/conventional-changelog-tf-a/package.json
index 116b28b..d0efab8 100644
--- a/tools/conventional-changelog-tf-a/package.json
+++ b/tools/conventional-changelog-tf-a/package.json
@@ -1,6 +1,6 @@
{
"name": "conventional-changelog-tf-a",
- "version": "2.9.0",
+ "version": "2.10.0",
"license": "BSD-3-Clause",
"private": true,
"main": "index.js",
