- TF-A - lists.trustedfirmware.org

Non volatile boot index for the purpose of firmware update

by Patryk

Hi I'm looking for a suggestion for a reliable place to store a small boot index for PSA Firmware Update. SNVS LPGPRs looked promising, but NXP’s guidance is thin and we don’t keep the battery-backed LP domain alive, so those values won’t survive many power cycles. Are there better options on LS1028A? Would using the user RAM byte in our external I2C RTC make sense? Or perhaps should I store it on eMMC? (we don't use raw NOR/NAND flash). That RTC I mentioned is already accessed in both U-Boot and Linux, so I’m wary of conflicts but can try it if you think it’s viable. Any suggestions would be much appreciated. Best regards Patryk

2 weeks, 4 days

1
0
0 0

Question about SError exception routing

by Julius Werner

Hi, I have a sort of generic Arm architecture question that's not directly related to TF-A (other than that TF-A controls some of the registers involved in this decision), but I'm hoping that one of the experts here can still help me out or at least refer me to someone who can. I'm trying to figure out how exception routing for SError aborts works in EL2. Specifically, I have a bootloader (BL33) running in NS-EL2 and I want the "simple" setup that it manages all its own exceptions, the same way that an OS kernel normally manages all exceptions at EL1. I assumed that I could achieve that simply by installing exception handlers, unmasking all exceptions in PSTATE, and leaving all the special trap feature bits in the MSRs at 0 (disabled). This seems to work for synchronous exceptions and external aborts, but not for SErrors. Looking at the architecture reference manual (revision L.b), table D1-14 in section D1.3.6.3 (page D1-6114), I can see that my case is represented by the first line (all special trap bits 0), which shows that SErrors caused by EL0 and EL1 would be routed to EL1 as expected (though even when PSTATE.A is 1 which seems odd?), but SErrors caused by EL2 will get ignored and remain pending (with no regard to PSTATE.A). Instead, the "default" behavior I expect (aborts get routed to the EL that caused them if PSTATE.A is 0) seems to require me to enable SCTLR_EL2.NMEA. But if you're looking at the description of SCTLR_EL2.NMEA, it says that it controls whether PSTATE.A masks SError exceptions at EL2 (and that if it is 0, SError exceptions are not taken at EL2 if PSTATE.A == 1). Doesn't that imply that SError exceptions *are* taken at EL2 if PSTATE.A == 0? What does a control that seems to be about trapping masked aborts from a lower EL have to do with unmasked aborts from my current EL? Basically, I think what I'm asking is: is that table really correct as printed (some behavior we've observed seems to indicate it is), and if so, why? Why do SError exceptions seem to behave differently by default in EL1 and EL2 (in regards to unmasked exceptions taken from the same exception level)? Why does the PSTATE.A bit only seem to apply to EL0 and EL1, not EL2 and EL3, even for exceptions taken from the same level, when this peculiarity seems to not be mentioned anywhere else in the manual? Why do SError exceptions get treated so differently from external aborts in EL2/EL3, when in EL1 they seem to mostly count as the same? Is the current description of the NMEA bit in the SCTLR_EL2 register documentation really accurate, if it also seems to make fundamental changes to cases not really mentioned in that description? Is there any way for EL2 to only handle its own SError exceptions without interfering with EL1's exception handling when FEAT_DoubleFault2 is not implemented (other than flipping HCR_EL2.AMO on every EL2 entry/exit)? And am I the only one who finds this all incredibly inconsistent and confusing? I feel like I'm missing some critical insight in how you were meant to think about this to make it make sense, would appreciate any help in that regard! Thanks, Julius

2 weeks, 4 days

2
5
0 0

Trusted Firmware v2.14 release announcement

by Olivier Deprez

Hi, We are pleased to announce the formal release of Trusted Firmware-A version 2.14 bundle of project deliverables. This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, TF-RMM, Trusted Services, and TF-A OpenCI scripts/jobs components. These went live on Nov, 24th 2025. Please find tag references and change logs at the end of this email. Many thanks to the trustedfirmware.org community for the active engagement in delivering this release! Notable features of the release version 2.14 are as follows: TF-A/EL3 * New architectural features support: FEAT_FGWTE3, FEAT_IDTE3, FEAT_RME_GPC2, FEAT_AIE, FEAT_CPA2, FEAT_MPAM_PE_BW_CTRL, FEAT_PFAR, FEAT_RME_GDI. * Live Firmware Activation: base support enabling TF-RMM LFA, added RMM MEM RESERVE ABI. * Armv9 CPU power down abandon support * GICv5 driver permitting normal world kernel boot * GIC720-AE support added * Per-cpu framework supporting NUMA platforms * SMCCC SoC name support (SMCCC v1.6 SMCCC_ARCH_SOC_ID) * SPMD: added FF-A v1.3 FFA_NS_RES_INFO_GET, FFA_ABORT interfaces * EL3 SPMC: add multiple UUIDs support, TPM event log delivered by HOB list, FFA_MEM_RETRIEVE_REQ from hypervisor * RME: FEAT_D128 for realm world, SMCCC_ARCH_FEATURE_AVAILABILITY * Platforms: RD-Aspen added, updates to Arm FVP/Juno, AMD Versal Gen2, Intel, MT8189, MT8196, i.MX94, i.MX95, S32G274A, QTI Kodiak, Renesas R-Car, STM32MP1, STM32MP2, STM32MP21, STM32MP25, Xilinx Versal, ZynqMP Boot flow * Transfer list and event log libraries now offered as shared libraries consumed as submodules by TF-A. * Update to mbedTLS 3.6.5 * Various PSA FWU improvements, namely BL2 in a dedicated FIP, GPT-corruption notifications to BL32, and expanded FWU tests. Errata/Security mitigations (CPU/GIC) * New CPU support: Arm Lumex C1, Dionysus, Caddo/Veymont, Venom. * Added close to 30 new CPU errata across multiple processor families, based on the latest SDEN updates. Hafnium/SPM (S-EL2) * FF-A v1.3 early adoption * FFA_NS_RES_INFO_GET ABI added * Partition lifecycle support: new states, abort handling. Pre-requisite to secure partitions live firmware activation. * Notifications support refactored with per-vCPU notifications removed. * Multi-GIC configuration supporting complex topologies. * Shrinkwrap used at core of Hafnium testing infrastructure. TF-RMM (R-EL2) * RMM v1.1 Planes support * PMU, timer, GIC ownership transfer. * Support for FEAT_S1POE/S1PIE, FEAT_S2POE/S2PIE * RMM v1.1 Memory Encryption Contexts (MEC) support * Realm Device Assignment * RMM v1.1. ALP12 base Device Assignment support * RMI VDEV ABIs, PDEV life cycle, root port IDE key programming, SPDM client as EL0 app. * Improved ID registers trapping leveraging SMCCC ARCH_FEATURE_AVAILABILITY, in light of future FEAT_IDTE3 support. * Additional architectural support: FEAT_TCR2, FEAT_D128, single-copy atomics, TF-A Tests * RME: DA and PCIe, Planes, MEC * SPM/FF-A * Bumped support o FF-A v1.3 * FFA_ABORT ABI * Deprecated per-vCPU notifications. * FWU: added negative testing (invalid image size, corrupted ROTPK) * GICv5 support added * Arm architecture tests * FEAT_TCR2 (for RME) , FEAT_IDTE3, FEAT_MPAM_PE_BW_CTRL, FEAT_EBEP, FEAT_AIE, FEAT_PFAR * SMCCC_ARCH_SOC_ID * SMCCC_ARCH_FEATURE_AVAILABILITY * Fuzzing: added SMC fuzzer documentation * Basic LFA framework tests * Platforms updates: AMD/Xilinx, Arm FVP, Corstone-1000 Trusted Services * RD-Aspen platform support added. * EFI ESRT handling in FWU Proxy (supporting Corstone1000 platform). * Block Storage service threat modelling. Release tags across repositories: https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/r… https://git.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-ci-scripts/+/refs/t… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-job-configs/+/refs/… https://git.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/refs/tags… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-ci-scripts/+/ref… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-job-configs/+/re… https://git.trustedfirmware.org/plugins/gitiles/TF-RMM/tf-rmm/+/refs/tags/t… https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/… Change logs: https://trustedfirmware-a.readthedocs.io/en/v2.14.0/change-log.html#id1 https://trustedfirmware-a-tests.readthedocs.io/en/v2.14.0/change-log.html#v… https://hafnium.readthedocs.io/en/v2.14.0/change-log.html#id1 https://tf-rmm.readthedocs.io/en/tf-rmm-v0.8.0/about/change-log.html#v0-8-0 https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/… Regards, Olivier.

2 weeks, 5 days

1
0
0 0

TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 11am - 12pm (UK)

by Olivier Deprez

Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards, Olivier. ________________________________ From: Google Calendar <calendar-notification(a)google.com> on behalf of Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org> Sent: 07 November 2025 09:13 To: hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org> Subject: [Hafnium] Invitation: TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 12pm - 1pm (GMT+1) (hafnium(a)lists.trustedfirmware.org) TF-A Tech Forum - Hafnium future looking improvements Thursday Nov 13, 2025 ⋅ 12pm – 1pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards,Olivier.Trusted Firmware is inviting you to a scheduled Zoom meeting.Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Reply for hafnium(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MDdmMGs0NjBkcW5q… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding -- Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org

3 weeks, 6 days

1
1
0 0

Trusted Firmware-A LTS v2.8.40 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.8.40 is now available. This release contains the following patches: af828443d fix(spm-mm): prevent excessive racing [1] c1c4d7d5d fix(security): remove CVE_2022_23960 Cortex-A720 [2] 7d6831115 fix(security): remove CVE_2022_23960 Neoverse V3 [3] 373b22562 fix(security): remove CVE_2022_23960 Cortex-X4 [4] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [3] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [4] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.40/change-log.html Thanks, TF-A LTS team

1 month

1
0
0 0

Trusted Firmware-A LTS v2.10.26 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.10.26 is now available. This release contains the following patches: abea08e8c fix(spm-mm): prevent excessive racing [1] 91edc92e9 fix(security): fix spectre bhb loop count for Cortex-A720 [2] d12e9ecf2 fix(security): fix Cortex-A715 CVE-2022-23960 [3] f360aa51d fix(security): fix Cortex-X3 CVE-2022-23960 [4] 8ee12c187 fix(security): fix Neoverse V2 CVE-2022-23960 [5] d30e468b3 fix(security): remove CVE_2022_23960 Cortex-X4 [6] 96e666d6b fix(security): remove CVE_2022_23960 Neoverse V3 [7] a483d67c7 fix(security): remove CVE_2022_23960 Cortex-A720 [8] 07a6a7a9c refactor(cpufeat): rework check_feature() [9] 3eaacdf0c fix(security): add clrbhb support [10] f973eca20 fix(cpus): workaround for Cortex-A715 erratum 2409570 [11] f70c757d8 fix(cpus): workaround for Cortex-A715 erratum 2376701 [12] bb5add11c fix(cpus): workaround for Cortex-A715 erratum 3711916 [13] 7486be6bf build(deps): bump js-yaml in the dev-deps group across 1 directory [14] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/Ib6862dbed55e5ffcd0fcd58b45a88cf925c54… [3] https://review.trustedfirmware.org/q/Ib6b704733e474824772cb27bd048b1e179d90… [4] https://review.trustedfirmware.org/q/I3d46fa70c80129ca0085d8245ee013f11a884… [5] https://review.trustedfirmware.org/q/I859012281fc67243f050d27e364f27434389c… [6] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… [7] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [8] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [9] https://review.trustedfirmware.org/q/Idb182b0dd2aa77a0a5c5a349fe79a42fe1256… [10] https://review.trustedfirmware.org/q/Ie6e56e96378503456a1617d5e5d51bc64c2e0… [11] https://review.trustedfirmware.org/q/Id9429831525b842779d7b7e60f103c93be4ac… [12] https://review.trustedfirmware.org/q/Idcd2a07d269d55534dc5faa59c454d37426f2… [13] https://review.trustedfirmware.org/q/Iad149a2c02a804b3f4f0f2f5b89e866675cb4… [14] https://review.trustedfirmware.org/q/Ibec1d8a3c6620daeb0e663cfab929bca7bba8… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.26/change-log.html Thanks, TF-A LTS team

1 month

1
0
0 0

Changelog for v2.14 Release

by Arvind Ram Prakash

Hello Everyone, Please take a look at the changelog for your respective platforms ahead of the TF-A v2.14 release. The changelog is autogenerated from the commit messages of the patches that have been merged since the v2.13 release. Here's your chance to give us guidance on any small manual adjustments you would like to see. Patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/45309 Rendered Version: https://ci.trustedfirmware.org/job/tf-a-builder/890858/artifact/artefacts/r… Thanks, Arvind

1 month

1
0
0 0

AI Policy - Guidance on AI-assisted contributions

by Shaun Longhorn

All, Please be aware that today we have published our AI policy with Guidance on AI-assisted contributions. See the full details here: https://www.trustedfirmware.org/aipolicy/ Should you have any questions feel free to raise them. Thanks, Shaun Community Manager

1 month

1
0
0 0

Firmware-A v2.12 release code freeze notification

by Govindraj Raja

Hi All, The next release of the Firmware-A bundle of projects tagged v2.12 has an expected code freeze date of Nov, 8th 2024. Refer to the release cadence section from TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…). Closing out the release takes around 6-10 working days after the code freeze. v2.12 release preparation tasks start from now. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. -- Thanks, Govindraj R

1 month

2
2
0 0

Re: Question about SPM-MM SMC function ids

by Olivier Deprez

Hi, This issue was raised long time ago but unfortunately never got fixed/merged. It may be ok restoring the change and progress it: Https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002<https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002> Https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…<https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…> https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… On a related note, I hope you saw the deprecation notice: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… Regards, Olivier. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com> Sent: 11 November 2025 05:46 To: David Daney <daviddaney(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org <tf-a-owner(a)lists.trustedfirmware.org> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: RE: Question about SPM-MM SMC function ids Yes, the problem is in comparing logic and masks used. From: David Daney <daviddaney(a)microsoft.com> Sent: Monday, November 10, 2025 7:38 PM To: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: Re: Question about SPM-MM SMC function ids According to the DEN0060A specification the only values used are: MM_VERSION: 0x8400 0040 MM_COMMUNICATE: 0x8400 0041/0xC400 0041 These don't overlap with the TRNG function IDs defined in DEN0098 David. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com<mailto:sponnusamy@microsoft.com>> Sent: Monday, November 10, 2025 7:32 PM To: tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org> <tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org>> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com<mailto:girimudusuru@microsoft.com>>; David Daney <daviddaney(a)microsoft.com<mailto:daviddaney@microsoft.com>>; Kun Qin <Kun.Qin(a)microsoft.com<mailto:Kun.Qin@microsoft.com>> Subject: Question about SPM-MM SMC function ids Hi Manish, Levi Yun , TF-A community , I am facing an issue when enabling SPM-MM feature and it looks like there is a minor issue with the SMC ID range check. When SPM-MM is enabled, I cannot use the TRNG SMC services. /* These macros are used to identify SPM-MM calls using the SMC function ID */ #define SPM_MM_FID_MASK U(0xffff) #define SPM_MM_FID_MIN_VALUE U(0x40) #define SPM_MM_FID_MAX_VALUE U(0x7f) #define is_spm_mm_fid(_fid) \ ((((_fid) & SPM_MM_FID_MASK) >= SPM_MM_FID_MIN_VALUE) && \ (((_fid) & SPM_MM_FID_MASK) <= SPM_MM_FID_MAX_VALUE)) Here, the SPM-MM SMC ID range spans from 0x40 to 0x7F, which overlaps with the TRNG SMC service IDs: /* SMC function IDs for TRNG queries */ #define ARM_TRNG_VERSION U(0x84000050) #define ARM_TRNG_FEATURES U(0x84000051) #define ARM_TRNG_GET_UUID U(0x84000052) #define ARM_TRNG_RND32 U(0x84000053) #define ARM_TRNG_RND64 U(0xC4000053) Could you please clarify the rationale behind including the TRNG SMC IDs within the SPM-MM ID range? If this overlap was unintentional, we have to fix it. Looking forward to your insights and feedback on this matter. Thanks Suresh

1 month

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A