Merge "fix(smc): correctly find pmf version" into integration
diff --git a/Makefile b/Makefile
index 57e27ca..5e3bb00 100644
--- a/Makefile
+++ b/Makefile
@@ -907,10 +907,6 @@
endif
endif #(CTX_INCLUDE_PAUTH_REGS)
-ifeq ($(PSA_FWU_SUPPORT),1)
- $(info PSA_FWU_SUPPORT is an experimental feature)
-endif #(PSA_FWU_SUPPORT)
-
ifeq ($(FEATURE_DETECTION),1)
$(info FEATURE_DETECTION is an experimental feature)
endif #(FEATURE_DETECTION)
@@ -1017,6 +1013,10 @@
$(info PSA_CRYPTO is an experimental feature)
endif
+ifeq ($(DICE_PROTECTION_ENVIRONMENT),1)
+ $(info DICE_PROTECTION_ENVIRONMENT is an experimental feature)
+endif
+
################################################################################
# Process platform overrideable behaviour
################################################################################
diff --git a/drivers/auth/mbedtls/mbedtls_common.mk b/drivers/auth/mbedtls/mbedtls_common.mk
index 2bb23f9..55ab935 100644
--- a/drivers/auth/mbedtls/mbedtls_common.mk
+++ b/drivers/auth/mbedtls/mbedtls_common.mk
@@ -41,7 +41,6 @@
cipher.c \
cipher_wrap.c \
constant_time.c \
- hash_info.c \
memory_buffer_alloc.c \
oid.c \
platform.c \
@@ -51,6 +50,7 @@
gcm.c \
md.c \
pk.c \
+ pk_ecc.c \
pk_wrap.c \
pkparse.c \
pkwrite.c \
@@ -65,22 +65,16 @@
x509_crt.c \
)
-# Currently on Mbedtls-3 there is outstanding bug due to usage
-# of redundant declaration[1], So disable redundant-decls
-# compilation flag to avoid compilation error when compiling with
-# Mbedtls-3.
-# [1]: https://github.com/Mbed-TLS/mbedtls/issues/6910
-LIBMBEDTLS_CFLAGS += -Wno-error=redundant-decls
-
ifeq (${PSA_CRYPTO},1)
+LIBMBEDTLS_CFLAGS += -Wno-error=unused-but-set-variable
LIBMBEDTLS_SRCS += $(addprefix ${MBEDTLS_DIR}/library/, \
psa_crypto.c \
psa_crypto_client.c \
- psa_crypto_driver_wrappers.c \
psa_crypto_hash.c \
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
+ psa_util.c \
)
endif
diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c
index 230cec9..9bfcaac 100644
--- a/drivers/auth/mbedtls/mbedtls_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2024, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -65,6 +65,18 @@
#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \
CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
+
+
+/*
+ * NOTE: This has been made internal in mbedtls 3.6.0 and the mbedtls team has
+ * advised that it's better to copy out the declaration than it would be to
+ * update to 3.5.2, where this function is exposed.
+ */
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+ const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
/*
* Verify a signature.
*
diff --git a/drivers/auth/mbedtls/mbedtls_psa_crypto.c b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
index 5891acf..99242e3 100644
--- a/drivers/auth/mbedtls/mbedtls_psa_crypto.c
+++ b/drivers/auth/mbedtls/mbedtls_psa_crypto.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -14,6 +14,7 @@
#include <mbedtls/memory_buffer_alloc.h>
#include <mbedtls/oid.h>
#include <mbedtls/platform.h>
+#include <mbedtls/psa_util.h>
#include <mbedtls/version.h>
#include <mbedtls/x509.h>
#include <psa/crypto.h>
@@ -49,16 +50,6 @@
* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
*/
-static inline psa_algorithm_t mbedtls_md_psa_alg_from_type(
- mbedtls_md_type_t md_type)
-{
- assert((md_type == MBEDTLS_MD_SHA256) ||
- (md_type == MBEDTLS_MD_SHA384) ||
- (md_type == MBEDTLS_MD_SHA512));
-
- return PSA_ALG_CATEGORY_HASH | (psa_algorithm_t) (md_type + 0x5);
-}
-
/*
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
@@ -293,6 +284,62 @@
**/
/*
+ * This is a helper function that adjusts the start of the pk_start to point to
+ * the subjectPublicKey bytes within the SubjectPublicKeyInfo block.
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING }
+ *
+ * This function returns error(CRYPTO_ERR_SIGNATURE) on ASN.1 parsing failure,
+ * otherwise success(0).
+ **/
+static int pk_bytes_from_subpubkey(unsigned char **pk_start,
+ unsigned int *pk_len)
+{
+ mbedtls_asn1_buf alg_oid, alg_params;
+ int rc;
+ unsigned char *pk_end;
+ size_t len;
+ unsigned char *pk_ptr = *pk_start;
+
+ pk_end = pk_ptr + *pk_len;
+ rc = mbedtls_asn1_get_tag(&pk_ptr, pk_end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED |
+ MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ pk_end = pk_ptr + len;
+ rc = mbedtls_asn1_get_alg(&pk_ptr, pk_end, &alg_oid, &alg_params);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+ pk_end = pk_ptr + len - (alg_oid.len + alg_params.len +
+ 2 * (SIZE_OF_ASN1_LEN + SIZE_OF_ASN1_TAG));
+ rc = mbedtls_asn1_get_bitstring_null(&pk_ptr, pk_end, &len);
+ if (rc != 0) {
+ return CRYPTO_ERR_SIGNATURE;
+ }
+
+ *pk_start = pk_ptr;
+ *pk_len = len;
+
+ return rc;
+}
+
+/*
+ * NOTE: This has been made internal in mbedtls 3.6.0 and the mbedtls team has
+ * advised that it's better to copy out the declaration than it would be to
+ * update to 3.5.2, where this function is exposed.
+ */
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+ const mbedtls_x509_buf *sig_params,
+ mbedtls_md_type_t *md_alg,
+ mbedtls_pk_type_t *pk_alg,
+ void **sig_opts);
+/*
* Verify a signature.
*
* Parameters are passed using the DER encoding format following the ASN.1
@@ -388,6 +435,20 @@
psa_set_key_type(&psa_key_attr, psa_key_type);
psa_set_key_usage_flags(&psa_key_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
+ /*
+ * Note: In the implementation of the psa_import_key function in
+ * version 3.6.0, the function expects the starting pointer of the
+ * subject public key instead of the starting point of
+ * SubjectPublicKeyInfo.
+ * This is only needed while dealing with RSASSA_PSS (RSA Signature
+ * scheme with Appendix based on Probabilistic Signature Scheme)
+ * algorithm.
+ */
+ if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+ rc = pk_bytes_from_subpubkey((unsigned char **) &pk_ptr, &pk_len);
+ goto end2;
+ }
+
/* Get the key_id using import API */
status = psa_import_key(&psa_key_attr,
pk_ptr,
diff --git a/include/drivers/auth/mbedtls/mbedtls_config-3.h b/include/drivers/auth/mbedtls/mbedtls_config-3.h
index 923fc54..37a9288 100644
--- a/include/drivers/auth/mbedtls/mbedtls_config-3.h
+++ b/include/drivers/auth/mbedtls/mbedtls_config-3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Limited. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -128,7 +128,6 @@
#ifndef __ASSEMBLER__
/* System headers required to build mbed TLS with the current configuration */
#include <stdlib.h>
-#include <mbedtls/check_config.h>
#endif
/*
diff --git a/include/drivers/auth/mbedtls/psa_mbedtls_config.h b/include/drivers/auth/mbedtls/psa_mbedtls_config.h
index ad825f0..1001d89 100644
--- a/include/drivers/auth/mbedtls/psa_mbedtls_config.h
+++ b/include/drivers/auth/mbedtls/psa_mbedtls_config.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2023, Arm Ltd. All rights reserved.
+ * Copyright (c) 2023-2024, Arm Ltd. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -10,6 +10,7 @@
#include "mbedtls_config-3.h"
#define MBEDTLS_PSA_CRYPTO_C
+#define MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
/*
* Using PSA crypto API requires an RNG right now. If we don't define the macro
diff --git a/include/lib/cpus/aarch64/neoverse_v2.h b/include/lib/cpus/aarch64/neoverse_v2.h
index 39a6607..1171e95 100644
--- a/include/lib/cpus/aarch64/neoverse_v2.h
+++ b/include/lib/cpus/aarch64/neoverse_v2.h
@@ -16,6 +16,7 @@
* CPU Extended Control register specific definitions
******************************************************************************/
#define NEOVERSE_V2_CPUECTLR_EL1 S3_0_C15_C1_4
+#define NEOVERSE_V2_CPUECTLR_EL1_EXTLLC_BIT (ULL(1) << 0)
/*******************************************************************************
* CPU Power Control register specific definitions
diff --git a/lib/cpus/aarch64/neoverse_v2.S b/lib/cpus/aarch64/neoverse_v2.S
index d4b3a96..3179918 100644
--- a/lib/cpus/aarch64/neoverse_v2.S
+++ b/lib/cpus/aarch64/neoverse_v2.S
@@ -109,6 +109,11 @@
cpu_reset_func_start neoverse_v2
/* Disable speculative loads */
msr SSBS, xzr
+
+#if NEOVERSE_Vx_EXTERNAL_LLC
+ /* Some systems may have External LLC, core needs to be made aware */
+ sysreg_bit_set NEOVERSE_V2_CPUECTLR_EL1, NEOVERSE_V2_CPUECTLR_EL1_EXTLLC_BIT
+#endif
cpu_reset_func_end neoverse_v2
errata_report_shim neoverse_v2
diff --git a/plat/arm/board/tc/platform_test.mk b/plat/arm/board/tc/platform_test.mk
index 8ef6f76..8d39325 100644
--- a/plat/arm/board/tc/platform_test.mk
+++ b/plat/arm/board/tc/platform_test.mk
@@ -61,11 +61,12 @@
hmac_drbg.c \
psa_crypto.c \
psa_crypto_client.c \
- psa_crypto_driver_wrappers.c \
+ psa_crypto_driver_wrappers_no_static.c \
psa_crypto_hash.c \
psa_crypto_rsa.c \
psa_crypto_ecp.c \
psa_crypto_slot_management.c \
+ psa_util.c \
)
BL31_SOURCES += ${RSE_COMMS_SOURCES} \
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 414ac40..b7941ec 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -443,9 +443,6 @@
void bl31_plat_runtime_setup(void)
{
arm_bl31_plat_runtime_setup();
-
- console_flush();
- console_switch_state(CONSOLE_FLAG_RUNTIME);
}
/*******************************************************************************
diff --git a/plat/st/common/include/stm32mp_mbedtls_config-3.h b/plat/st/common/include/stm32mp_mbedtls_config-3.h
index a812671..2dbf068 100644
--- a/plat/st/common/include/stm32mp_mbedtls_config-3.h
+++ b/plat/st/common/include/stm32mp_mbedtls_config-3.h
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2024, STMicroelectronics - All Rights Reserved
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -102,7 +102,6 @@
#ifndef __ASSEMBLER__
/* System headers required to build mbed TLS with the current configuration */
#include <stdlib.h>
-#include <mbedtls/check_config.h>
#endif
/*
diff --git a/plat/xilinx/versal/plat_psci.c b/plat/xilinx/versal/plat_psci.c
index 48d9f5f..4cf1ed1 100644
--- a/plat/xilinx/versal/plat_psci.c
+++ b/plat/xilinx/versal/plat_psci.c
@@ -36,7 +36,7 @@
}
proc = pm_get_proc((uint32_t)cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return PSCI_E_INTERN_FAIL;
}
@@ -62,7 +62,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -103,7 +103,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -201,7 +201,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
diff --git a/plat/xilinx/versal_net/plat_psci_pm.c b/plat/xilinx/versal_net/plat_psci_pm.c
index 7260403..e5a5235 100644
--- a/plat/xilinx/versal_net/plat_psci_pm.c
+++ b/plat/xilinx/versal_net/plat_psci_pm.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -38,7 +38,7 @@
}
proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return PSCI_E_INTERN_FAIL;
}
@@ -63,7 +63,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -147,7 +147,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -194,7 +194,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
diff --git a/plat/xilinx/zynqmp/plat_psci.c b/plat/xilinx/zynqmp/plat_psci.c
index 9fd00db..1e7df05 100644
--- a/plat/xilinx/zynqmp/plat_psci.c
+++ b/plat/xilinx/zynqmp/plat_psci.c
@@ -44,7 +44,7 @@
}
proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return PSCI_E_INTERN_FAIL;
}
@@ -68,7 +68,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -97,7 +97,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
@@ -133,7 +133,7 @@
uint32_t cpu_id = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpu_id);
- if (!proc) {
+ if (proc == NULL) {
return;
}
diff --git a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
index 6b42055..3d546b3 100644
--- a/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
+++ b/plat/xilinx/zynqmp/pm_service/zynqmp_pm_api_sys.c
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2013-2022, Arm Limited and Contributors. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2024, Advanced Micro Devices, Inc. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@@ -272,6 +272,11 @@
uint32_t cpuid = plat_my_core_pos();
const struct pm_proc *proc = pm_get_proc(cpuid);
+ if (proc == NULL) {
+ WARN("Failed to get proc %d\n", cpuid);
+ return PM_RET_ERROR_INTERNAL;
+ }
+
/*
* Do client specific suspend operations
* (e.g. set powerdown request bit)