Merge changes from topic "ar/pmuSaveRestore" into integration
* changes:
feat(tc): add save/restore DSU PMU register support
feat(dsu): save/restore DSU PMU register
feat(plat): add platform API that gets cluster ID
diff --git a/Makefile b/Makefile
index 0ecd794..2ba4fa7 100644
--- a/Makefile
+++ b/Makefile
@@ -907,10 +907,6 @@
endif
endif #(CTX_INCLUDE_PAUTH_REGS)
-ifeq ($(PSA_FWU_SUPPORT),1)
- $(info PSA_FWU_SUPPORT is an experimental feature)
-endif #(PSA_FWU_SUPPORT)
-
ifeq ($(FEATURE_DETECTION),1)
$(info FEATURE_DETECTION is an experimental feature)
endif #(FEATURE_DETECTION)
@@ -1017,6 +1013,10 @@
$(info PSA_CRYPTO is an experimental feature)
endif
+ifeq ($(DICE_PROTECTION_ENVIRONMENT),1)
+ $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature)
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 2bb23f9..55ab935 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -41,7 +41,6 @@
cipher.c \
cipher_wrap.c \
constant_time.c \
- hash_info.c \
memory_buffer_alloc.c \
oid.c \
platform.c \
@@ -51,6 +50,7 @@
gcm.c \
md.c \
pk.c \
+ pk_ecc.c \
pk_wrap.c \
pkparse.c \
pkwrite.c \
@@ -65,22 +65,16 @@
x509_crt.c \
)
-# Currently on Mbedtls-3 there is outstanding bug due to usage
-# of redundant declaration[1], So disable redundant-decls
-# compilation flag to avoid compilation error when compiling with
-# Mbedtls-3.
-# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
-LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
-
ifeq (${PSA_CRYPTO},1)
+LIBMBEDTLS_CFLAGS += -Wno-error=unused-but-set-variable
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
psa_crypto.c \
psa_crypto_client.c \
- psa_crypto_driver_wrappers.c \
psa_crypto_hash.c \
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
+ psa_util.c \
)
endif
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 230cec9..9bfcaac 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -65,6 +65,18 @@
#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
+
+
+/*
+ * NOTE: This has been made internal in mbedtls 3.6.0 and the mbedtls team has
+ * advised that it's better to copy out the declaration than it would be to
+ * update to 3.5.2, where this function is exposed.
+ */
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+ const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
/*
* Verify a signature.
*
diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index 5891acf..99242e3 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,7 @@
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/oid.h>
#include <mbedtls/platform.h>
+#include <mbedtls/psa_util.h>
#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#include <psa/crypto.h>
@@ -49,16 +50,6 @@
* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
*/
-static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(
- mbedtls_md_type_t md_type)
-{
- assert((md_type == MBEDTLS_MD_SHA256) ||
- (md_type == MBEDTLS_MD_SHA384) ||
- (md_type == MBEDTLS_MD_SHA512));
-
- return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) (md_type + 0x5);
-}
-
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
@@ -293,6 +284,62 @@
**/
/*
+ * This is a helper function that adjusts the start of the pk_start to point to
+ * the subjectPublicKey bytes within the SubjectPublicKeyInfo block.
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ *
+ * This function returns error(CRYPTO_ERR_SIGNATURE) on ASN.1 parsing failure,
+ * otherwise success(0).
+ **/
+static int pk_bytes_from_subpubkey(unsigned char **pk_start,
+ unsigned int *pk_len)
+{
+ mbedtls_asn1_buf alg_oid, alg_params;
+ int rc;
+ unsigned char *pk_end;
+ size_t len;
+ unsigned char *pk_ptr = *pk_start;
+
+ pk_end = pk_ptr + *pk_len;
+ rc = mbedtls_asn1_get_tag(&pk_ptr, pk_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ pk_end = pk_ptr + len;
+ rc = mbedtls_asn1_get_alg(&pk_ptr, pk_end, &alg_oid, &alg_params);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+ pk_end = pk_ptr + len - (alg_oid.len + alg_params.len +
+ 2 * (SIZE_OF_ASN1_LEN + SIZE_OF_ASN1_TAG));
+ rc = mbedtls_asn1_get_bitstring_null(&pk_ptr, pk_end, &len);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ *pk_start = pk_ptr;
+ *pk_len = len;
+
+ return rc;
+}
+
+/*
+ * NOTE: This has been made internal in mbedtls 3.6.0 and the mbedtls team has
+ * advised that it's better to copy out the declaration than it would be to
+ * update to 3.5.2, where this function is exposed.
+ */
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+ const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
+/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
@@ -388,6 +435,20 @@
psa_set_key_type(&psa_key_attr, psa_key_type);
psa_set_key_usage_flags(&psa_key_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ /*
+ * Note: In the implementation of the psa_import_key function in
+ * version 3.6.0, the function expects the starting pointer of the
+ * subject public key instead of the starting point of
+ * SubjectPublicKeyInfo.
+ * This is only needed while dealing with RSASSA_PSS (RSA Signature
+ * scheme with Appendix based on Probabilistic Signature Scheme)
+ * algorithm.
+ */
+ if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+ rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
+ goto end2;
+ }
+
/* Get the key_id using import API */
status = psa_import_key(&psa_key_attr,
pk_ptr,
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h
index 923fc54..37a9288 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -128,7 +128,6 @@
#ifndef __ASSEMBLER__
/* System headers required to build mbed TLS with the current configuration */
#include <stdlib.h>
-#include <mbedtls/check_config.h>
#endif
/*
diff --git a/include/drivers/auth/mbedtls/psa_mbedtls_config.h b/include/drivers/auth/mbedtls/psa_mbedtls_config.h
index ad825f0..1001d89 100644
--- a/include/drivers/auth/mbedtls/psa_mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/psa_mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Ltd. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Ltd. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,6 +10,7 @@
#include "mbedtls_config-3.h"
#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
/*
* Using PSA crypto API requires an RNG right now. If we don't define the macro
diff --git a/include/lib/cpus/aarch64/neoverse_n3.h b/include/lib/cpus/aarch64/neoverse_n3.h
index a3bb42a..9196330 100644
--- a/include/lib/cpus/aarch64/neoverse_n3.h
+++ b/include/lib/cpus/aarch64/neoverse_n3.h
@@ -13,6 +13,7 @@
* CPU Extended Control register specific definitions
******************************************************************************/
#define NEOVERSE_N3_CPUECTLR_EL1 S3_0_C15_C1_4
+#define NEOVERSE_N3_CPUECTLR_EL1_EXTLLC_BIT (ULL(1) << 0)
/*******************************************************************************
* CPU Power Control register specific definitions
diff --git a/include/lib/cpus/aarch64/neoverse_v2.h b/include/lib/cpus/aarch64/neoverse_v2.h
index 39a6607..1171e95 100644
--- a/include/lib/cpus/aarch64/neoverse_v2.h
+++ b/include/lib/cpus/aarch64/neoverse_v2.h
@@ -16,6 +16,7 @@
* CPU Extended Control register specific definitions
******************************************************************************/
#define NEOVERSE_V2_CPUECTLR_EL1 S3_0_C15_C1_4
+#define NEOVERSE_V2_CPUECTLR_EL1_EXTLLC_BIT (ULL(1) << 0)
/*******************************************************************************
* CPU Power Control register specific definitions
diff --git a/include/lib/debugfs.h b/include/lib/debugfs.h
index 9415962..1fdccb6 100644
--- a/include/lib/debugfs.h
+++ b/include/lib/debugfs.h
@@ -66,8 +66,8 @@
*/
#define DEBUGFS_FID_VALUE (0x10U)
-#define is_debugfs_fid(_fid) \
- (((_fid) & FUNCID_NUM_MASK) == DEBUGFS_FID_VALUE)
+#define is_debugfs_fid(_fid) \
+ (GET_SMC_NUM(_fid) == DEBUGFS_FID_VALUE)
/* Function ID for accessing the debugfs interface from arm sip.
@@ -76,7 +76,7 @@
#define DEBUGFS_FID_VALUE_DEPRECATED (0x30U)
#define is_debugfs_fid_deprecated(_fid) \
- (((_fid) & FUNCID_NUM_MASK) == DEBUGFS_FID_VALUE_DEPRECATED)
+ (GET_SMC_NUM(_fid) == DEBUGFS_FID_VALUE_DEPRECATED)
/* Error code for debugfs SMC interface failures */
diff --git a/include/lib/pmf/pmf.h b/include/lib/pmf/pmf.h
index 38841d9..41bf7fc 100644
--- a/include/lib/pmf/pmf.h
+++ b/include/lib/pmf/pmf.h
@@ -44,7 +44,7 @@
#define PMF_FID_VALUE_DEPRECATED U(0x10)
#define is_pmf_fid_deprecated(_fid) \
- (((_fid) & FUNCID_NUM_MASK) == PMF_FID_VALUE_DEPRECATED)
+ (GET_SMC_NUM(_fid) == PMF_FID_VALUE_DEPRECATED)
/*
* Defines for PMF SMC function ids used with Vendor-Specific
@@ -64,7 +64,8 @@
* PMF calls from the SMC function ID.
*/
#define PMF_FID_VALUE U(0x20)
-#define is_pmf_fid(_fid) (((_fid) & FUNCID_NUM_MASK) == PMF_FID_VALUE)
+#define PMF_ID_MASK (FUNCID_NUM_MASK & ~(0xf))
+#define is_pmf_fid(_fid) ((GET_SMC_NUM(_fid) & PMF_ID_MASK) == PMF_FID_VALUE)
/* Following are the supported PMF service IDs */
#define PMF_PSCI_STAT_SVC_ID 0
diff --git a/lib/compiler-rt/builtins/assembly.h b/lib/compiler-rt/builtins/assembly.h
index 169d496..8c42fc7 100644
--- a/lib/compiler-rt/builtins/assembly.h
+++ b/lib/compiler-rt/builtins/assembly.h
@@ -260,9 +260,10 @@
.globl name SEPARATOR \
SYMBOL_IS_FUNC(name) SEPARATOR \
DECLARE_SYMBOL_VISIBILITY_UNMANGLED(name) SEPARATOR \
- CFI_START SEPARATOR \
DECLARE_FUNC_ENCODING \
- name: SEPARATOR BTI_C
+ name: \
+ SEPARATOR CFI_START \
+ SEPARATOR BTI_C
#define DEFINE_COMPILERRT_FUNCTION_ALIAS(name, target) \
.globl SYMBOL_NAME(name) SEPARATOR \
diff --git a/lib/compiler-rt/builtins/int_lib.h b/lib/compiler-rt/builtins/int_lib.h
index 04ea2d9..f6c1b7c 100644
--- a/lib/compiler-rt/builtins/int_lib.h
+++ b/lib/compiler-rt/builtins/int_lib.h
@@ -119,14 +119,14 @@
#if defined(_MSC_VER) && !defined(__clang__)
#include <intrin.h>
-int __inline __builtin_ctz(uint32_t value) {
+static int __inline __builtin_ctz(uint32_t value) {
unsigned long trailing_zero = 0;
if (_BitScanForward(&trailing_zero, value))
return trailing_zero;
return 32;
}
-int __inline __builtin_clz(uint32_t value) {
+static int __inline __builtin_clz(uint32_t value) {
unsigned long leading_zero = 0;
if (_BitScanReverse(&leading_zero, value))
return 31 - leading_zero;
@@ -134,14 +134,14 @@
}
#if defined(_M_ARM) || defined(_M_X64)
-int __inline __builtin_clzll(uint64_t value) {
+static int __inline __builtin_clzll(uint64_t value) {
unsigned long leading_zero = 0;
if (_BitScanReverse64(&leading_zero, value))
return 63 - leading_zero;
return 64;
}
#else
-int __inline __builtin_clzll(uint64_t value) {
+static int __inline __builtin_clzll(uint64_t value) {
if (value == 0)
return 64;
uint32_t msh = (uint32_t)(value >> 32);
@@ -154,7 +154,7 @@
#define __builtin_clzl __builtin_clzll
-bool __inline __builtin_sadd_overflow(int x, int y, int *result) {
+static bool __inline __builtin_sadd_overflow(int x, int y, int *result) {
if ((x < 0) != (y < 0)) {
*result = x + y;
return false;
diff --git a/lib/compiler-rt/builtins/int_types.h b/lib/compiler-rt/builtins/int_types.h
index 18bf0a7..48862f3 100644
--- a/lib/compiler-rt/builtins/int_types.h
+++ b/lib/compiler-rt/builtins/int_types.h
@@ -107,8 +107,8 @@
static __inline ti_int make_ti(di_int h, di_int l) {
twords r;
- r.s.high = h;
- r.s.low = l;
+ r.s.high = (du_int)h;
+ r.s.low = (du_int)l;
return r.all;
}
@@ -139,7 +139,6 @@
udwords u;
double f;
} double_bits;
-#endif
typedef struct {
#if _YUGA_LITTLE_ENDIAN
@@ -190,12 +189,16 @@
#define CRT_LDBL_IEEE_F128
#endif
#define TF_C(x) x##L
-#elif __LDBL_MANT_DIG__ == 113
-// Use long double instead of __float128 if it matches the IEEE 128-bit format.
+#elif __LDBL_MANT_DIG__ == 113 || \
+ (__FLT_RADIX__ == 16 && __LDBL_MANT_DIG__ == 28)
+// Use long double instead of __float128 if it matches the IEEE 128-bit format
+// or the IBM hexadecimal format.
#define CRT_LDBL_128BIT
#define CRT_HAS_F128
+#if __LDBL_MANT_DIG__ == 113
#define CRT_HAS_IEEE_TF
#define CRT_LDBL_IEEE_F128
+#endif
typedef long double tf_float;
#define TF_C(x) x##L
#elif defined(__FLOAT128__) || defined(__SIZEOF_FLOAT128__)
@@ -220,7 +223,6 @@
#define CRT_HAS_TF_MODE
#endif
-#if CRT_HAS_FLOATING_POINT
#if __STDC_VERSION__ >= 199901L
typedef float _Complex Fcomplex;
typedef double _Complex Dcomplex;
@@ -270,5 +272,5 @@
#define COMPLEXTF_IMAGINARY(x) (x).imaginary
#endif
-#endif
+#endif // CRT_HAS_FLOATING_POINT
#endif // INT_TYPES_H
diff --git a/lib/cpus/aarch64/neoverse_n3.S b/lib/cpus/aarch64/neoverse_n3.S
index 9c1ccaf..0b33b7e 100644
--- a/lib/cpus/aarch64/neoverse_n3.S
+++ b/lib/cpus/aarch64/neoverse_n3.S
@@ -24,6 +24,11 @@
cpu_reset_func_start neoverse_n3
/* Disable speculative loads */
msr SSBS, xzr
+
+#if NEOVERSE_Nx_EXTERNAL_LLC
+ /* Some systems may have External LLC, core needs to be made aware */
+ sysreg_bit_set NEOVERSE_N3_CPUECTLR_EL1, NEOVERSE_N3_CPUECTLR_EL1_EXTLLC_BIT
+#endif
cpu_reset_func_end neoverse_n3
/* ----------------------------------------------------
diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index d4b3a96..3179918 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -109,6 +109,11 @@
cpu_reset_func_start neoverse_v2
/* Disable speculative loads */
msr SSBS, xzr
+
+#if NEOVERSE_Vx_EXTERNAL_LLC
+ /* Some systems may have External LLC, core needs to be made aware */
+ sysreg_bit_set NEOVERSE_V2_CPUECTLR_EL1, NEOVERSE_V2_CPUECTLR_EL1_EXTLLC_BIT
+#endif
cpu_reset_func_end neoverse_v2
errata_report_shim neoverse_v2
diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk
index 8ef6f76..8d39325 100644
--- a/plat/arm/board/tc/platform_test.mk
+++ b/plat/arm/board/tc/platform_test.mk
@@ -61,11 +61,12 @@
hmac_drbg.c \
psa_crypto.c \
psa_crypto_client.c \
- psa_crypto_driver_wrappers.c \
+ psa_crypto_driver_wrappers_no_static.c \
psa_crypto_hash.c \
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
+ psa_util.c \
)
BL31_SOURCES += ${RSE_COMMS_SOURCES} \
diff --git a/plat/st/common/include/stm32mp_mbedtls_config-3.h b/plat/st/common/include/stm32mp_mbedtls_config-3.h
index a812671..2dbf068 100644
--- a/plat/st/common/include/stm32mp_mbedtls_config-3.h
+++ b/plat/st/common/include/stm32mp_mbedtls_config-3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -102,7 +102,6 @@
#ifndef __ASSEMBLER__
/* System headers required to build mbed TLS with the current configuration */
#include <stdlib.h>
-#include <mbedtls/check_config.h>
#endif
/*