Merge "docs: Update changelog for v2.4 release" into integration
diff --git a/docs/change-log.rst b/docs/change-log.rst
index 7befba4..3b8f836 100644
--- a/docs/change-log.rst
+++ b/docs/change-log.rst
@@ -4,6 +4,560 @@
 This document contains a summary of the new features, changes, fixes and known
 issues in each release of Trusted Firmware-A.
 
+Version 2.4
+-----------
+
+New Features
+^^^^^^^^^^^^
+
+- Architecture support
+    - Armv8.6-A
+        - Added support for Armv8.6 Enhanced Counter Virtualization (ECV)
+        - Added support for Armv8.6 Fine Grained Traps (FGT)
+        - Added support for Armv8.6 WFE trap delays
+
+- Bootloader images
+    - Added support for Measured Boot
+
+- Build System
+    - Added build option ``COT_DESC_IN_DTB`` to create Chain of Trust at runtime
+    - Added build option ``OPENSSL_DIR`` to direct tools to OpenSSL libraries
+    - Added build option ``RAS_TRAP_LOWER_EL_ERR_ACCESS`` to enable trapping RAS
+      register accesses from EL1/EL2 to EL3
+    - Extended build option ``BRANCH_PROTECTION`` to support branch target
+      identification
+
+- Common components
+    - Added support for exporting CPU nodes to the device tree
+    - Added support for single and dual-root Chains of Trust in secure
+      partitions
+
+- Drivers
+    - Added Broadcom RNG driver
+    - Added Marvell ``mg_conf_cm3`` driver
+    - Added System Control and Management Interface (SCMI) driver
+    - Added STMicroelectronics ETZPC driver
+
+    - Arm GICv3
+        - Added support for detecting topology at runtime
+
+    - Dual Root
+        - Added support for platform certificates
+
+    - Marvell Cache LLC
+        - Added support for mapping the entire LLC into SRAM
+
+    - Marvell CCU
+        - Added workaround for erratum 3033912
+
+    - Marvell CP110 COMPHY
+        - Added support for SATA COMPHY polarity inversion
+        - Added support for USB COMPHY polarity inversion
+        - Added workaround for erratum IPCE_COMPHY-1353
+
+    - STM32MP1 Clocks
+        - Added ``RTC`` as a gateable clock
+        - Added support for shifted clock selector bit masks
+        - Added support for using additional clocks as parents
+
+- Libraries
+    - C standard library
+        - Added support for hexadecimal and pointer format specifiers in
+          ``snprint()``
+        - Added assembly alternatives for various library functions
+
+    - CPU support
+        - Arm Cortex-A53
+            - Added workaround for erratum 1530924
+
+        - Arm Cortex-A55
+            - Added workaround for erratum 1530923
+
+        - Arm Cortex-A57
+            - Added workaround for erratum 1319537
+
+        - Arm Cortex-A76
+            - Added workaround for erratum 1165522
+            - Added workaround for erratum 1791580
+            - Added workaround for erratum 1868343
+
+        - Arm Cortex-A72
+            - Added workaround for erratum 1319367
+
+        - Arm Cortex-A77
+            - Added workaround for erratum 1508412
+            - Added workaround for erratum 1800714
+            - Added workaround for erratum 1925769
+
+        - Arm Neoverse N1
+            - Added workaround for erratum 1868343
+
+    - EL3 Runtime
+        - Added support for saving/restoring registers related to nested
+          virtualization in EL2 context switches if the architecture supports it
+
+    - FCONF
+        - Added support for Measured Boot
+        - Added support for populating Chain of Trust properties
+        - Added support for loading the ``fw_config`` image
+
+    - Measured Boot
+        - Added support for event logging
+
+- Platforms
+    - Added support for Arm Morello
+    - Added support for Arm TC0
+    - Added support for iEi PUZZLE-M801
+    - Added support for Marvell OCTEON TX2 T9130
+    - Added support for MediaTek MT8192
+    - Added support for NXP i.MX 8M Nano
+    - Added support for NXP i.MX 8M Plus
+    - Added support for QTI CHIP SC7180
+    - Added support for STM32MP151F
+    - Added support for STM32MP153F
+    - Added support for STM32MP157F
+    - Added support for STM32MP151D
+    - Added support for STM32MP153D
+    - Added support for STM32MP157D
+
+    - Arm
+        - Added support for platform-owned SPs
+        - Added support for resetting to BL31
+
+    - Arm FPGA
+        - Added support for Klein
+        - Added support for Matterhorn
+        - Added support for additional CPU clusters
+
+    - Arm FVP
+        - Added support for performing SDEI platform setup at runtime
+        - Added support for SMCCC's ``SMCCC_ARCH_SOC_ID`` command
+        - Added an ``id`` field under the NV-counter node in the device tree to
+          differentiate between trusted and non-trusted NV-counters
+        - Added support for extracting the clock frequency from the timer node
+          in the device tree
+
+    - Arm Juno
+        - Added support for SMCCC's ``SMCCC_ARCH_SOC_ID`` command
+
+    - Arm N1SDP
+        - Added support for cross-chip PCI-e
+
+    - Marvell
+        - Added support for AVS reduction
+
+    - Marvell ARMADA
+        - Added support for twin-die combined memory device
+
+    - Marvell ARMADA A8K
+        - Added support for DDR with 32-bit bus width (both ECC and non-ECC)
+
+    - Marvell AP806
+        - Added workaround for erratum FE-4265711
+
+    - Marvell AP807
+        - Added workaround for erratum 3033912
+
+    - Nvidia Tegra
+        - Added debug printouts indicating SC7 entry sequence completion
+        - Added support for SDEI
+        - Added support for stack protection
+        - Added support for GICv3
+        - Added support for SMCCC's ``SMCCC_ARCH_SOC_ID`` command
+
+    - Nvidia Tegra194
+        - Added support for RAS exception handling
+        - Added support for SPM
+
+    - NXP i.MX
+        - Added support for SDEI
+
+    - QEMU SBSA
+        - Added support for the Secure Partition Manager
+
+    - QTI
+        - Added RNG driver
+        - Added SPMI PMIC arbitrator driver
+        - Added support for SMCCC's ``SMCCC_ARCH_SOC_ID`` command
+
+    - STM32MP1
+        - Added support for exposing peripheral interfaces to the non-secure
+          world at runtime
+        - Added support for SCMI clock and reset services
+        - Added support for STM32MP15x CPU revision Z
+        - Added support for SMCCC services in ``SP_MIN``
+
+- Services
+    - Secure Payload Dispatcher
+        - Added a provision to allow clients to retrieve the service UUID
+
+    - SPMC
+        - Added secondary core endpoint information to the SPMC context
+          structure
+
+    - SPMD
+        - Added support for booting OP-TEE as a guest S-EL1 Secure Partition on
+          top of Hafnium in S-EL2
+        - Added a provision for handling SPMC messages to register secondary
+          core entry points
+        - Added support for power management operations
+
+- Tools
+    - CertCreate
+        - Added support for secure partitions
+
+    - CertTool
+        - Added support for the ``fw_config`` image
+
+    - FIPTool
+        - Added support for the ``fw_config`` image
+
+Changed
+^^^^^^^
+
+- Architecture support
+
+- Bootloader images
+
+- Build System
+    - The top-level Makefile now supports building FipTool on Windows
+    - The default value of ``KEY_SIZE`` has been changed to to 2048 when RSA is
+      in use
+    - The previously-deprecated macro ``__ASSEMBLY__`` has now been removed
+
+- Common components
+    - Certain functions that flush the console will no longer return error
+      information
+
+- Drivers
+    - Arm GIC
+        - Usage of ``drivers/arm/gic/common/gic_common.c`` has now been
+          deprecated in favour of ``drivers/arm/gic/vX/gicvX.mk``
+        - Added support for detecting the presence of a GIC600-AE
+        - Added support for detecting the presence of a GIC-Clayton
+
+    - Marvell MCI
+        - Now performs link tuning for all MCI interfaces to improve performance
+
+    - Marvell MoChi
+        - PIDI masters are no longer forced into a non-secure access level when
+          ``LLC_SRAM`` is enabled
+        - The SD/MMC controllers are now accessible from guest virtual machines
+
+    - Mbed TLS
+        - Migrated to Mbed TLS v2.24.0
+
+    - STM32 FMC2 NAND
+        - Adjusted FMC node bindings to include an EBI controller node
+
+    - STM32 Reset
+        - Added an optional timeout argument to assertion functions
+
+    - STM32MP1 Clocks
+        - Enabled several additional system clocks during initialization
+
+- Libraries
+    - C Standard Library
+        - Improved ``memset`` performance by avoiding single-byte writes
+        - Added optimized assembly variants of ``memset``
+
+    - CPU support
+        - Renamed Cortex-Hercules to Cortex-A78
+        - Renamed Cortex-Hercules AE to Cortex-A78 AE
+        - Renamed Neoverse Zeus to Neoverse V1
+
+    - Coreboot
+        - Updated ‘coreboot_get_memory_type’ API to take an extra argument as a
+          ’memory size’ that used to return a valid memory type.
+
+    - libfdt
+        - Updated to latest upstream version
+
+- Platforms
+    - Allwinner
+        - Disabled non-secure access to PRCM power control registers
+
+    - Arm
+        - ``BL32_BASE`` is now platform-dependent when ``SPD_spmd`` is enabled
+        - Added support for loading the Chain of Trust from the device tree
+        - The firmware update check is now executed only once
+        - NV-counter base addresses are now loaded from the device tree when
+          ``COT_DESC_IN_DTB`` is enabled
+        - Now loads and populates ``fw_config`` and ``tb_fw_config``
+        - FCONF population now occurs after caches have been enabled in order
+          to reduce boot times
+
+    - Arm Corstone-700
+        - Platform support has been split into both an FVP and an FPGA variant
+
+    - Arm FPGA
+        - DTB and BL33 load addresses have been given sensible default values
+        - Now reads generic timer counter frequency, GICD and GICR base
+          addresses, and UART address from DT
+        - Now treats the primary PL011 UART as an SBSA Generic UART
+
+    - Arm FVP
+        - Secure interrupt descriptions, UART parameters, clock frequencies and
+          GICv3 parameters are now queried through FCONF
+        - UART parameters are now queried through the device tree
+        - Added an owner field to Cactus secure partitions
+        - Increased the maximum size of BL2 when the Chain of Trust is loaded
+          from the device tree
+        - Reduces the maximum size of BL31
+        - The ``FVP_USE_SP804_TIMER`` and ``FVP_VE_USE_SP804_TIMER`` build
+          options have been removed in favour of a common ``USE_SP804_TIMER``
+          option
+        - Added a third Cactus partition to manifests
+        - Device tree nodes now store UUIDs in big-endian
+
+    - Arm Juno
+        - Increased the maximum size of BL2 when optimizations have not been
+          applied
+        - Reduced the maximum size of BL31 and BL32
+
+    - Marvell AP807
+        - Enabled snoop filters
+
+    - Marvell ARMADA A3K
+        - UART recovery images are now suffixed with ``.bin``
+
+    - Marvell ARMADA A8K
+        - Option ``BL31_CACHE_DISABLE`` is now disabled (``0``) by default
+
+    - Nvidia Tegra
+        - Added VPR resize supported check when processing video memory resize
+          requests
+        - Added SMMU verification to prevent potential issues caused by
+          undetected corruption of the SMMU configuration during boot
+        - The GIC CPU interface is now properly disabled after CPU off
+        - The GICv2 sources list and the ``BL31_SIZE`` definition have been made
+          platform-specific
+        - The SPE driver will no longer flush the console when writing
+          individual characters
+
+    - Nvidia Tegra194
+        - TZDRAM setup has been moved to platform-specific early boot handlers
+        - Increased verbosity of debug prints for RAS SErrors
+        - Support for powering down CPUs during CPU suspend has been removed
+        - Now verifies firewall settings before using resources
+
+    - TI K3
+        - The UART number has been made configurable through ``K3_USART``
+
+    - Rockchip RK3368
+        - The maximum number of memory map regions has been increased to 20
+
+    - Socionext Uniphier
+        - The maximum size of BL33 has been increased to support larger
+          bootloaders
+
+    - STM32
+        - Removed platform-specific DT functions in favour of using existing
+          generic alternatives
+
+    - STM32MP1
+        - Increased verbosity of exception reports in debug builds
+        - Device trees have been updated to align with the Linux kernel
+        - Now uses the ETZPC driver to configure secure-aware interfaces for
+          assignment to the non-secure world
+        - Finished good variants have been added to the board identifier
+          enumerations
+        - Non-secure access to clocks and reset domains now depends on their
+          state of registration
+        - NEON is now disabled in ``SP_MIN``
+        - The last page of ``SYSRAM`` is now used as SCMI shared memory
+        - Checks to verify platform compatibility have been added to verify that
+          an image is compatible with the chip ID of the running platform
+
+    - QEMU SBSA
+        - Removed support for Arm's Cortex-A53
+
+- Services
+    - Renamed SPCI to FF-A
+
+    - SPMD
+        - No longer forwards requests to the non-secure world when retrieving
+          partition information
+        - SPMC manifest size is now retrieved directly from SPMD instead of the
+          device tree
+        - The FF-A version handler now returns SPMD's version when the origin
+          of the call is secure, and SPMC's version when the origin of the call
+          is non-secure
+
+    - SPMC
+        - Updated the manifest to declare CPU nodes in descending order as per
+          the SPM (Hafnium) multicore requirement
+        - Updated the device tree to mark 2GB as device memory for the first
+          partition excluding trusted DRAM region (which is reserved for SPMC)
+        - Increased the number of EC contexts to the maximum number of PEs as
+          per the FF-A specification
+
+- Tools
+    - FIPTool
+        - Now returns ``0`` on ``help`` and ``help <command>``
+
+    - Marvell DoImage
+        - Updated Mbed TLS support to v2.8
+
+    - SPTool
+        - Now appends CertTool arguments
+
+Resolved Issues
+^^^^^^^^^^^^^^^
+
+- Bootloader images
+    - Fixed compilation errors for dual-root Chains of Trust caused by symbol
+      collision
+
+    - BL31
+        - Fixed compilation errors on platforms with fewer than 4 cores caused
+          by initialization code exceeding the end of the stacks
+        - Fixed compilation errors when building a position-independent image
+
+- Build System
+    - Fixed invalid empty version strings
+    - Fixed compilation errors on Windows caused by a non-portable architecture
+      revision comparison
+
+- Drivers
+    - Arm GIC
+        - Fixed spurious interrupts caused by a missing barrier
+
+    - STM32 Flexible Memory Controller 2 (FMC2) NAND driver
+        - Fixed runtime instability caused by incorrect error detection logic
+
+    - STM32MP1 Clock driver
+        - Fixed incorrectly-formatted log messages
+        - Fixed runtime instability caused by improper clock gating procedures
+
+    - STMicroelectronics Raw NAND driver
+        - Fixed runtime instability caused by incorrect unit conversion when
+          waiting for NAND readiness
+
+- Libraries
+    - AMU
+        - Fixed timeout errors caused by excess error logging
+
+    - EL3 Runtime
+        - Fixed runtime instability caused by improper register save/restore
+          routine in EL2
+
+    - FCONF
+        - Fixed failure to initialize GICv3 caused by overly-strict device tree
+          requirements
+
+    - Measured Boot
+        - Fixed driver errors caused by a missing default value for the
+          ``HASH_ALG`` build option
+
+    - SPE
+        - Fixed feature detection check that prevented CPUs supporting SVE from
+          detecting support for SPE in the non-secure world
+
+    - Translation Tables
+        - Fixed various MISRA-C 2012 static analysis violations
+
+- Platforms
+    - Allwinner A64
+        - Fixed USB issues on certain battery-powered device caused by
+          improperly activated USB power rail
+
+    - Arm
+        - Fixed compilation errors caused by increase in BL2 size
+        - Fixed compilation errors caused by missing Makefile dependencies to
+          generated files when building the FIP
+        - Fixed MISRA-C 2012 static analysis violations caused by unused
+          structures in include directives intended to be feature-gated
+
+    - Arm FPGA
+        - Fixed initialization issues caused by incorrect MPIDR topology mapping
+          logic
+
+    - Arm RD-N1-edge
+        - Fixed compilation errors caused by mismatched parentheses in Makefile
+
+    - Arm SGI
+        - Fixed crashes due to the flash memory used for cold reboot attack
+          protection not being mapped
+
+    - Intel Agilex
+        - Fixed initialization issues caused by several compounding bugs
+
+    - Marvell
+        - Fixed compilation warnings caused by multiple Makefile inclusions
+
+    - Marvell ARMADA A3K
+        - Fixed boot issue in debug builds caused by checks on the BL33 load
+          address that are not appropriate for this platform
+
+    - Nvidia Tegra
+        - Fixed incorrect delay timer reads
+        - Fixed spurious interrupts in the non-secure world during cold boot
+          caused by the arbitration bit in the memory controller not being
+          cleared
+        - Fixed faulty video memory resize sequence
+
+    - Nvidia Tegra194
+        - Fixed incorrect alignment of TZDRAM base address
+
+    - NXP iMX8M
+        - Fixed CPU hot-plug issues caused by race condition
+
+    - STM32MP1
+        - Fixed compilation errors in highly-parallel builds caused by incorrect
+          Makefile dependencies
+
+    - STM32MP157C-ED1
+        - Fixed initialization issues caused by missing device tree hash node
+
+    - Raspberry Pi 3
+        - Fixed compilation errors caused by incorrect dependency ordering in
+          Makefile
+
+    - Rockchip
+        - Fixed initialization issues caused by non-critical errors when parsing
+          FDT being treated as critical
+
+    - Rockchip RK3368
+        - Fixed runtime instability caused by incorrect CPUID shift value
+
+    - QEMU
+        - Fixed compilation errors caused by incorrect dependency ordering in
+          Makefile
+
+    - QEMU SBSA
+        - Fixed initialization issues caused by FDT exceeding reserved memory
+          size
+
+    - QTI
+        - Fixed compilation errors caused by inclusion of a non-existent file
+
+- Services
+    - FF-A (previously SPCI)
+        - Fixed SPMD aborts caused by incorrect behaviour when the manifest is
+          page-aligned
+
+- Tools
+    - Fixed compilation issues when compiling tools from within their respective
+      directories
+
+    - FIPTool
+        - Fixed command line parsing issues on Windows when using arguments
+          whose names also happen to be a subset of another's
+
+    - Marvell DoImage
+        - Fixed PKCS signature verification errors at boot on some platforms
+          caused by generation of misaligned images
+
+Known Issues
+^^^^^^^^^^^^
+
+- Platforms
+    - NVIDIA Tegra
+        - Signed comparison compiler warnings occurring in libfdt are currently
+          being worked around by disabling the warning for the platform until
+          the underlying issue is resolved in libfdt
+
 Version 2.3
 -----------
 
@@ -32,7 +586,7 @@
 - Build System
    - Add support for documentation build as a target in Makefile
 
-   - Add ``COT`` build option to select the chain of trust to use when the
+   - Add ``COT`` build option to select the Chain of Trust to use when the
      Trusted Boot feature is enabled (default: ``tbbr``).
 
    - Added creation and injection of secure partition packages into the FIP.