Hi All,
We are pleased to announce the formal release of Trusted Firmware-A version 2.10 bundle of project deliverables.
This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, RMM and TF-A OpenCI Scripts/Jobs 2.10 releases involving the tagging of multiple repositories.
These went live on 22nd November 2023.
Please find references to tags and change logs at the end of this email.
Many thanks to the community for the active engagement in delivering this release!
Notable Features of the Version 2.10 Release are as follows:
TF-A/EL3 Root World
* New Features:
* Firmware handoff library support
* Improvements to BL31 runtime exception handling
* Context management refactoring for RME/4 worlds
* Gelas, Nevis & Travis CPUs support
* V8.9 features enabled (FEAT_ HAFT, RPRFM, LRCPC3, MTE_PERM)
TF-A Boot BL1/BL2
* New Features
* Trusted Boot support for ECDSA (Elliptic Curve Digital Signature Algorithm)
* Migrated to PSA crypto API’s
* Improved the GUID Partition Table (GPT) parser.
* Various security Improvements and threat Model updates for ARM CCA
* Signer id extraction Implementation
Hafnium/SEL2 SPM
* New Features:
* FF-A v1.2: FFA_YIELD with time-out; EL3 SPMDs LSPs communication; memory sharing updates.
* Memory region relative base address field support in SP manifests.
* Interrupt re-configuration hypervisor calls.
* Memory management: S2 PT NS/S IPA split
* SMCCCv1.2+ compliance fixes.
* Feature parity test improvements, EL3 SPMC and Hafnium (S-EL2 SPMC)
TF-RMM/REL2
* New Feature/Support
* Fenimore v1.0 EAC5 aligned implementation.
* TFTF Enhancements for RME testing
* Initial CBMC support
* NS SME support in RMM
* BTI support for RMM
Errata
* Errata implemented (1xCortex-X2/ Matterhorn-ELP, 1xCortex-A710/Matterhorn, 1xNeoverse N2/Perseus, 2xNeoverse V2/Demeter, Makalu ELP/Cortex X3, Klein/Cortex-A510)
* Fix some minor defects with version in a few errata that applies for some follow up revisions of the CPUs. (Neoverse V1, Cortex-X2, Cortex-A710)
TF-A Tests
* Core
* Added errata management firmware interface tests.
* Added firmware handoff tests.
* Introduced RAS KFH support test.
* SPM/FF-A
* Support SMCCCv1.2 extended GP registers set.
* Test SMCCC compliance at the non-secure physical instance.
* Test secure eSPI interrupt handling.
* Test FF-A v1.2 FFA_PARTITION_INFO_GET_REGS interface.
* RMM
* Added FPU/SVE/SME tests
* Added multiple REC single CPU tests.
* Added PAuth support in Realms tests.
* Added PMU tests.
Platform Support
* New platforms added:
* Aspeed AST2700, NXP IMX93, Intel Agilex5, Nuvoton NPCM845x, QTI MDM9607, MSM8909, MSM8939, ST STM32MP2
Release tags across repositories:
https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.10https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tag/?h=v2.10https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tag/?h=v2.10https://git.trustedfirmware.org/ci/tf-a-job-configs.git/tag/?h=v2.10https://git.trustedfirmware.org/hafnium/hafnium.git/tag/?h=v2.10https://git.trustedfirmware.org/ci/hafnium-ci-scripts.git/tag/?h=v2.10https://git.trustedfirmware.org/ci/hafnium-job-configs.git/tag/?h=v2.10https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.4.0
Change logs:
https://trustedfirmware-a.readthedocs.io/en/v2.10/change-log.html#id1https://trustedfirmware-a-tests.readthedocs.io/en/v2.10/change-log.html#ver…https://hafnium.readthedocs.io/en/latest/change-log.html#v2-10https://tf-rmm.readthedocs.io/en/tf-rmm-v0.4.0/about/change-log.html#v0-4-0
Regards,
Olivier.
Hi All,
The next release of the Firmware-A bundle of projects tagged v2.10 has an expected code freeze date of Nov, 7th 2023.
Refer to the Release Cadence section from TF-A documentation (https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/about…).
Closing out the release takes around 6-10 working days after the code freeze.
Preparations tasks for v2.10 release should start in coming month.
We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.:
-For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run).
-For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 in the middle of the patch stack).
-Carefully analyze results and fix the change if required, before launching new jobs on the same change.
-If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued.
Thanks & Regards,
Olivier.
Hi Everyone,
This Thursday , Shruti from TF-RMM team will discuss the following topics in TF-A Tech Forum :
1. Integration of CPPCheck in TF-RMM
* CPPCheck is an open-source static analyzer with addon MISRA checker. In this talk, we will discuss the CPPCheck integration in TF-RMM build system and demonstrate the same.
2. TF-A-Tests enhancements and testing for TF-RMM
* Discuss new enhancements in TF-A-Tests for Realm Payload tests including Creating, Loading & Running Realm Payload, testing multiple Rec’s and PSCI support for Realms. We will also cover some Test framework conventions and aspects of Stage2 Memory Management, Realm Memory Exception Model testing.
Best Regards
Soby Mathew
-----Original Appointment-----
From: Trusted Firmware Public Meetings <linaro.org_havjv2figrh5egaiurb229pd8c(a)group.calendar.google.com>
Sent: Thursday, February 22, 2024 10:13 PM
To: Trusted Firmware Public Meetings; tf-a(a)lists.trustedfirmware.org; marek.bykowski(a)gmail.com; okash.khawaja(a)gmail.com
Subject: TF-A Tech Forum
When: 02 May 2024 16:00-17:00 Europe/London.
Where:
TF-A Tech Forum
We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this
This event has been updated with a note:
"Updating invite link"
Changed: description
Description
CHANGED
We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC.
Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website.
Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…>
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Join Zoom Meeting
https://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvd…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmy%2Ftruste…>
One tap mobile
+16465588656,,9159704974# US (New York)
+16699009128,,9159704974# US (San Jose)
Dial by your location
+1 646 558 8656 US (New York)
+1 669 900 9128 US (San Jose)
877 853 5247 US Toll-free
888 788 0099 US Toll-free
Meeting ID: 915 970 4974
Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…>
When
Every 2 weeks from 9am to 10am on Thursday (Mountain Standard Time - Phoenix)
Guests
tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
marek.bykowski(a)gmail.com<mailto:marek.bykowski@gmail.com>
okash.khawaja(a)gmail.com<mailto:okash.khawaja@gmail.com>
View all guest info<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…>
RSVP for tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> for all events in this series
Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…>
No<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…>
Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…>
More options<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…>
Invitation from Google Calendar<https://calendar.google.com/calendar/>
You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event.
Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>
Hi,
I would like to restart a discussion that we already had a few years
ago on a thread called "SMC to intentionally trigger a panic in TF-A"
(https://lists.trustedfirmware.org/archives/search?mlist=tf-a%40lists.truste…)
but that petered out without any real resolution (and resulted in me
ultimately not implementing the feature I was hoping to add).
Basically, we are repeatedly stumbling over the problem that we have a
use case for some platform-independent SMC API that we want to
implement in TF-A, but don't have an appropriate SMC FID range to put
it. My request from a few years ago was about implementing a call to
intentionally trigger a panic in TF-A for test-automation purposes.
Today we came up with a use case where a Trusted OS wants to query
BL31 about the location of a shared log buffer:
https://review.trustedfirmware.org/20478 .
Currently, the available SMC ranges are Arm, CPU, SiP, OEM, Standard,
Hypervisor, TA and TOS. The SiP, OEM and TOS ranges are all specific
to a single silicon vendor, OEM or trusted OS implementation, so they
are not good targets to implement APIs that would make sense to be
shared among multiple of these. In theory, the Standard range would
probably be the right target to implement calls that are independently
useful for multiple platforms / OSes... but as far as I understand,
adding a new call to that range requires petitioning Arm to update the
SMC calling convention itself, which is a ridiculously high bar to
implement a small utility API. In practice, the only choice we have
for implementing these kinds of calls is to let every OEM, SiP or TOS
assign its own (different) FID for it and then write separate SMC
handlers for each in TF-A that all end up calling the same underlying
function... which creates a lot of unnecessary code duplication and
identifier soup (especially in the case of SMCs for the non-secure OS
which would then be implemented by a platform-independent Linux driver
that needs a big mapping table to decide which FID to use on which
platform for the same API).
I think it would be very useful if there was another range of easily
allocatable FIDs that developers could just add to with a simple TF-A
CL without having to go through a huge specification update process.
There are still 41 OENs unused in the Arm SMCCC, and I don't think any
new ones were added in the 10 years that the specification existed...
so we are really not going to run out of them any time soon. If we
could get even one of those OENs for this purpose, we would have 64K
FIDs to use up for our small, simple platform-independent API needs,
which should last us a long while. We could maybe call it the "Secure
Monitor range" and say the FIDs are specific to a certain
implementation of Secure Monitor (e.g. TF-A). Then there could just be
a header file in the TF-A sources that serves as the authoritative FID
assignment table for TF-A, and anyone with a sufficiently useful idea
(subject to TF-A maintainer review) for a platform-independent API
like this could add it there by just uploading a patch.
I recently argued for a similar "simple tag allocation" concept on
https://github.com/FirmwareHandoff/firmware_handoff and it found
support there, so I hope I'll be able to convince you that it would be
useful for SMC FIDs as well?
Hello Jonathan and Kevar,
> I also see this issue when switching between Rockchip ATF and Upstream ATF.
>
> Versions:
> Rockchip DDR Blob - rk3399_ddr_800MHz_v1.30.bin
> Rockchip Miniloader - rk3399_miniloader_v1.30.bin
> Rockchip ATF - rk3399_bl31_v1.36.elf
> Upstream ATF - git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git,
> git tag v2.8.0, with RK3399_BAUDRATE changed from 115200 to 1500000 in
> plat/rockchip/rk3399/rk3399_def.h
> U-Boot - git://git.denx.de/u-boot.git, git tag v2022.01
>
> Results:
> Rockchip DDR Blob + Rockchip Miniloader + Rockchip ATF + U-Boot = DMA working
> dma-pl330 ff6d0000.dma-controller: Loaded driver for PL330 DMAC-241330
> dma-pl330 ff6d0000.dma-controller: DBUFF-32x8bytes Num_Chans-6
> Num_Peri-12 Num_Events-12
> dma-pl330 ff6e0000.dma-controller: Loaded driver for PL330 DMAC-241330
> dma-pl330 ff6e0000.dma-controller: DBUFF-128x8bytes
> Num_Chans-8 Num_Peri-20 Num_Events-16
> Rockchip DDR Blob + Rockchip Miniloader + Upstream ATF + U-Boot = DMA
> not working
> OF: amba_device_add() failed (-19) for /bus/dma-controller@ff6d0000
> OF: amba_device_add() failed (-19) for /bus/dma-controller@ff6e0000
>
> I can't check the Rockchip ATF source code as it isn't available.
> Any idea what is different between Rockchip ATF and Upstream ATF for
> DMA to work properly?
@Kevar: It would be really great if you could have a look into it.
I am still having this issue.
Thanks
-- Christoph
Hello,
Recently I wondered who was the Code-Owner of the files in this patch:
fix(pmu): fix breakage on ARMv7 CPUs with SP_min as BL32
(https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/27162)
By the way it still doesn't have the Code-Owner review vote ;-)
But that triggered a more generic question about files and directories
in docs/about/maintainers.rst: are all the paths listed here reflect all
the files in TF-A repository?
The answer is unfortunately no.
I've then ended up writing some shell commands to try to list
unmaintained files:
for p in $(grep ^':|F|' docs/about/maintainers.rst | cut -d" " -f2 |
grep ^[a-zA-Z] | grep -v "drivers/nuvoton" | sed "s;\\\;;g"); do find $p
-type f >> /tmp/find_tf-a_maintained_files.txt; done; sort -u -o
/tmp/find_tf-a_maintained_files.txt{,}; git ls-files | sort -u >
/tmp/tf-a_files.txt; diff /tmp/find_tf-a_maintained_files.txt
/tmp/tf-a_files.txt > /tmp/tf-a_unmaintained_files.txt
Some are easy to correct, e.g. some docs/plat/<platform> files should be
added to the list of files for a given <platform>. Or some
include/drivers paths missing. I may push some patches for this if I
can. The drivers/nuvoton path is listed but it doesn't exist.
Some platforms or drivers are completely missing, and that would be good
their maintainers add a chapter for them.
But some generic & core files are also not listed. The goal of this mail
is to open the discussion about that.
That could be tricky as maintainer may change.
But all of that would ease the contributors way of working.
I've also seen that gerrit automatically adds Code-Owner for the review.
So it seems there is another list for that, and we could somehow try to
align those 2 lists.
Best regards,
Yann
We do nightly testing of our yocto layers against the latest kernel,
uboot, trusted-firmware-a, and optee. On April 12th we started getting
a build failure with trusted-firmware-a. I have tracked the issue down
to this commit:
https://github.com/ARM-software/arm-trusted-firmware/commit/71c42e98bbe900a…
Specifically, the line in make_helpers/utilities.mk:
escape-shell = '$(subst ','\'',$(1))'
On the surface it feels like the ' is overused and might cause issues.
I tried making the line:
escape-shell = $(subst ','\'',$(1))
And the builds went back to working properly. Does that seem like a
change that should be made, or was there a reason for the extra '' wrapper?
I have submitted a GitHub issue about this as well:
https://github.com/TrustedFirmware-A/trusted-firmware-a/issues/7
--
Ryan Eatmon reatmon(a)ti.com
-----------------------------------------
Texas Instruments, Inc. - LCPD - MGTS
Hi,
I'm upgrading the ATF I use from 2.4 to 2.8, and ran into a header
conflict. The change
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13806
introduced an inclusion of
include/drivers/arm/gicv3.h
in lib/el3_runtime/aarch64/context_mgmt.c, but in my build environment that
.c file also includes
include/drivers/arm/gicv2.h
so now I get macro redefinition of "INT_ID_MASK" errors when compiling. Is
it an error, that in my build environment the gicv2.h gets included ?
I've solved it locally by doing:
diff --git a/lib/el3_runtime/aarch64/context_mgmt.c
b/lib/el3_runtime/aarch64/context_mgmt.c
index 866ac4154..395635a86 100644
--- a/lib/el3_runtime/aarch64/context_mgmt.c
+++ b/lib/el3_runtime/aarch64/context_mgmt.c
@@ -18,7 +18,9 @@
#include <common/bl_common.h>
#include <common/debug.h>
#include <context.h>
+#if CTX_INCLUDE_EL2_REGS
#include <drivers/arm/gicv3.h>
+#endif
#include <lib/el3_runtime/context_mgmt.h>
#include <lib/el3_runtime/pubsub_events.h>
#include <lib/extensions/amu.h>
but I am not sure whether this is the correct fix or not, or if I am doing
something else wrong here. Any suggestions on what would be the correct fix
?
Regards
Jacob
