- TF-A - lists.trustedfirmware.org

Trusted Firmware-A LTS v2.12.1 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.12.1 is now available. This release contains the following patches: Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.12.1/change-log.html Thanks, TF-A LTS team

1 day, 18 hours

1
0
0 0

Trusted Firmware-A LTS v2.8.30 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.8.30 is now available. This release contains the following patches: 983f4c8ed chore(cpus): fix incorrect header macro [1] 1a2a26897 refactor(errata-abi): move EXTRACT_PARTNUM to arch.h [2] 37db9abef refactor(cm): move remaining EL2 save/restore into C [3] f2a263ed8 fix(cm): update gic el2 sysregs save/restore mechanism [4] 8c6068fab fix(cpus): workaround for accessing ICH_VMCR_EL2 [5] c32e3a38d fix(cpus): workaround for Cortex-A710 erratum 3701772 [6] 3b8a3ad15 fix(cpus): workaround for Cortex-A715 erratum 3699560 [7] c7d5de9fe fix(cpus): workaround for Cortex-A720 erratum 3699561 [8] 2296df6fe fix(cpus): workaround for Cortex-X2 erratum 3701772 [9] ed4bd3c61 fix(cpus): workaround for Cortex-X3 erratum 3701769 [10] 395f67e87 fix(cpus): workaround for Cortex-X4 erratum 3701758 [11] 2414a852a fix(cpus): workaround for Neoverse-N2 erratum 3701773 [12] 35caff979 fix(cpus): workaround for Neoverse-V3 erratum 3701767 [13] 55589ce29 chore(smccc): bump up SMCCC version to 1.4 [14] [1] https://review.trustedfirmware.org/q/I6a4a8ec6546adb41e24d8885cb445fa8be830… [2] https://review.trustedfirmware.org/q/Id8bbaf21566f3145a75cfa0dafec6823ed2df… [3] https://review.trustedfirmware.org/q/If690f792e70b97fd4b4cd5f43847a71719b12… [4] https://review.trustedfirmware.org/q/I8d55c3dc6a17c4749748822d4a738912c1e13… [5] https://review.trustedfirmware.org/q/I9f0403601c6346276e925f02eab55908b009d… [6] https://review.trustedfirmware.org/q/I997c9cfaa75321f22b4f690c4d3f234c0b51c… [7] https://review.trustedfirmware.org/q/I183aa921b4b6f715d64eb6b70809de2566017… [8] https://review.trustedfirmware.org/q/I7ea3aaf3e7bf6b4f3648f6872e505a41247b1… [9] https://review.trustedfirmware.org/q/I2ffc5e7d7467f1bcff8b895fea52a1daa7d14… [10] https://review.trustedfirmware.org/q/Ifd722e1bb8616ada2ad158297a7ca80b19a33… [11] https://review.trustedfirmware.org/q/I4ee941d1e7653de7a12d69f538ca05f7f9f99… [12] https://review.trustedfirmware.org/q/If95bd67363228c8083724b31f630636fb27f3… [13] https://review.trustedfirmware.org/q/I5be0de881f408a9e82a07b8459d79490e9065… [14] https://review.trustedfirmware.org/q/Ie5476c4601bd504d3f3e8433e1d672ebd0a75… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.30/change-log.html Thanks, TF-A LTS team

1 day, 20 hours

1
0
0 0

Canceled event with note: TF-A Tech Forum @ Thu Feb 20, 2025 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, No topic planned for today. Thanks & Regards, Olivier." TF-A Tech Forum Thursday Feb 20, 2025 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 days, 22 hours

1
0
0 0

Trusted Firmware-A LTS v2.10.13 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.10.13 is now available. This release contains the following patches: b2be8b051 fix(security): enable WORKAROUND_CVE_2024_7881 build option [1] 8618e9d8f fix(security): add CVE-2024-7881 mitigation to Cortex-X4 [2] 81476ada1 fix(security): add CVE-2024-7881 mitigation to Cortex-X925 [3] 6caef6a1f fix(security): add CVE-2024-7881 mitigation to Neoverse-V2 [4] a7371652e fix(security): add CVE-2024-7881 mitigation to Neoverse-V3 [5] 023e80d4c fix(security): add CVE-2024-7881 mitigation to Cortex-X3 [6] b5386661a fix(security): add support in cpu_ops for CVE-2024-7881 [7] 64618d664 fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus [8] f823cc74e fix(cm): update gic el2 sysregs save/restore mechanism [9] 053bdc35f refactor(fvp): move cpus with nomodel [10] 813f66774 chore: rename hermes to neoverse-n3 [11] 86b37315e chore(cpus): fix incorrect header macro [12] 57ab066a2 refactor(errata-abi): move EXTRACT_PARTNUM to arch.h [13] 57bdc57e3 fix(cpus): workaround for accessing ICH_VMCR_EL2 [14] 8f709377f fix(cpus): workaround for Cortex-A710 erratum 3701772 [15] 857cfc2e9 fix(cpus): workaround for Cortex-A715 erratum 3699560 [16] 36b53f90f fix(cpus): workaround for Cortex-A720 erratum 3699561 [17] 17b8a8a33 fix(cpus): workaround for Cortex-A725 erratum 3699564 [18] 3e9433d76 fix(cpus): workaround for Cortex-X2 erratum 3701772 [19] 1852f608b fix(cpus): workaround for Cortex-X3 erratum 3701769 [20] db3048d54 fix(cpus): workaround for Cortex-X4 erratum 3701758 [21] c8a6cc0a1 fix(cpus): workaround for Cortex-X925 erratum 3701747 [22] 1d17578bd fix(cpus): workaround for Neoverse-N2 erratum 3701773 [23] e2a5da1c0 fix(cpus): workaround for Neoverse-N3 erratum 3699563 [24] fc497736f fix(cpus): workaround for Neoverse-V3 erratum 3701767 [25] [1] https://review.trustedfirmware.org/q/Id77f82a4dfaa4422729f7e3f2429f47cc90d9… [2] https://review.trustedfirmware.org/q/I0bec96d4f71a08a89c6612e272ecfb173f80d… [3] https://review.trustedfirmware.org/q/I53e72e4dbc8937cea3c344a5ba04664c50a07… [4] https://review.trustedfirmware.org/q/I129814eb3494b287fd76a3f7dbc50f76553b2… [5] https://review.trustedfirmware.org/q/Ib5c644895b8c76d3c7e8b5e6e98d7b9afef7f… [6] https://review.trustedfirmware.org/q/I410517d175a80fc6f459fa6ce5c30c0a38db9… [7] https://review.trustedfirmware.org/q/I417389f040c6ead7f96f9b720d29061833f43… [8] https://review.trustedfirmware.org/q/I1b1ffaa1f806f07472fd79d5525f81764d99b… [9] https://review.trustedfirmware.org/q/I8d55c3dc6a17c4749748822d4a738912c1e13… [10] https://review.trustedfirmware.org/q/I3da12d2f8d9c246b435b31adfac61c79dc1ab… [11] https://review.trustedfirmware.org/q/I912d4c824c5004a8c1909c68fef77f1f5e202… [12] https://review.trustedfirmware.org/q/I6a4a8ec6546adb41e24d8885cb445fa8be830… [13] https://review.trustedfirmware.org/q/Id8bbaf21566f3145a75cfa0dafec6823ed2df… [14] https://review.trustedfirmware.org/q/I9f0403601c6346276e925f02eab55908b009d… [15] https://review.trustedfirmware.org/q/I997c9cfaa75321f22b4f690c4d3f234c0b51c… [16] https://review.trustedfirmware.org/q/I183aa921b4b6f715d64eb6b70809de2566017… [17] https://review.trustedfirmware.org/q/I7ea3aaf3e7bf6b4f3648f6872e505a41247b1… [18] https://review.trustedfirmware.org/q/Ifad1f6c3f5b74060273f897eb5e4b79dd9f08… [19] https://review.trustedfirmware.org/q/I2ffc5e7d7467f1bcff8b895fea52a1daa7d14… [20] https://review.trustedfirmware.org/q/Ifd722e1bb8616ada2ad158297a7ca80b19a33… [21] https://review.trustedfirmware.org/q/I4ee941d1e7653de7a12d69f538ca05f7f9f99… [22] https://review.trustedfirmware.org/q/I080296666f89276b3260686c2bdb8de63fc17… [23] https://review.trustedfirmware.org/q/If95bd67363228c8083724b31f630636fb27f3… [24] https://review.trustedfirmware.org/q/I77aaf8ae0afff3adde9a85f4a1a13ac9d1daf… [25] https://review.trustedfirmware.org/q/I5be0de881f408a9e82a07b8459d79490e9065… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.13/change-log.html Thanks, TF-A LTS team

1 week, 1 day

1
0
0 0

Trusted Firmware-A LTS v2.8.29 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.8.29 is now available. This release contains the following patches: 772bdd3bc style: normalize linker script code style [1] cf5e7d8d4 build: always prefix section names with `.` [2] e2084abfc fix(services): disable workaround discovery on aarch32 for now [3] cc04eac23 fix(security): enable WORKAROUND_CVE_2024_7881 build option [4] 2ef768d4a fix(security): add CVE-2024-7881 mitigation to Cortex-X4 [5] 172ccad6a fix(security): add CVE-2024-7881 mitigation to Neoverse-V2 [6] cbf4a4e3c fix(security): add CVE-2024-7881 mitigation to Neoverse-V3 [7] a7f53d34f fix(security): add CVE-2024-7881 mitigation to Cortex-X3 [8] 8fc0fa7c0 fix(security): add support in cpu_ops for CVE-2024-7881 [9] 337aa3bf1 fix(security): apply SMCCC_ARCH_WORKAROUND_4 to affected cpus [10] 1e4b43644 feat(fvp): allow configurable FVP Trusted SRAM size [11] [1] https://review.trustedfirmware.org/q/Ibee2afad0d543129c9ba5a8a22e3ec17d77e3… [2] https://review.trustedfirmware.org/q/I51c13c5266d5975fbd944ef4961328e72f82f… [3] https://review.trustedfirmware.org/q/Ic19973a8e4d50a97f274d4461794c117b3373… [4] https://review.trustedfirmware.org/q/Id77f82a4dfaa4422729f7e3f2429f47cc90d9… [5] https://review.trustedfirmware.org/q/I0bec96d4f71a08a89c6612e272ecfb173f80d… [6] https://review.trustedfirmware.org/q/I129814eb3494b287fd76a3f7dbc50f76553b2… [7] https://review.trustedfirmware.org/q/Ib5c644895b8c76d3c7e8b5e6e98d7b9afef7f… [8] https://review.trustedfirmware.org/q/I410517d175a80fc6f459fa6ce5c30c0a38db9… [9] https://review.trustedfirmware.org/q/I417389f040c6ead7f96f9b720d29061833f43… [10] https://review.trustedfirmware.org/q/I1b1ffaa1f806f07472fd79d5525f81764d99b… [11] https://review.trustedfirmware.org/q/I8344d3718564cd2bd53f1e6860e2fe341ae24… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.29/change-log.html Thanks, TF-A LTS team

1 week, 1 day

1
0
0 0

TBBR: Question about the available Non Volatile Counters

by Rares Constantin

Hi, I have a question regarding the TBBR implementation for non-volatile counters in TF-A. While looking through the code and documentation for Trusted Boot authentication options, it was not clear why there are only two non-volatile counters for the Trusted and Non-Trusted worlds (`TRUSTED_FW_NVCOUNTER` and `NON_TRUSTED_FW_NVCOUNTER`). This is true for the Arm DEN0006D specification, but it was retired and ARM DEN0072 is the current specification. Is there any specific reason why there isn't a counter for each authenticated image declared and created by `cert_create` or is the retired specification the only reason? This limits the non-volatile counter extensions for all certificates, meaning that the Trusted OS content certificate for example cannot be authenticated with another extension, unless I add a custom certificate with another non-volatile counter extension and a new command line option. To quote the ARM DEN0072 TBBR specification [source: https://developer.arm.com/documentation/den0072/latest]: "It is recommended to implement as many version counters as there are images, where each image can use a separate counter without affecting other images. However, the number of rollback counters that can practically be supported is implementation dependent.". Thank you!

1 week, 2 days

2
3
0 0

Canceled event with note: TF-A Tech Forum @ Thu Feb 6, 2025 5pm - 6pm (GMT+1) (tf-a@lists.trustedfirmware.org)

by Olivier Deprez

This event has been canceled with a note: "Hi, Cancelling as no topic proposed this week. Regards, Olivier. " TF-A Tech Forum Thursday Feb 6, 2025 ⋅ 5pm – 6pm Central European Time - Paris We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/Trusted Firmware is inviting you to a scheduled Zoom meeting.Join Zoom Meetinghttps://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvdU84QT09 One tap mobile+16465588656,,9159704974# US (New York)+16699009128,,9159704974# US (San Jose)Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-freeMeeting ID: 915 970 4974Find your local number: https://zoom.us/u/ad27hc6t7h Guests tf-a(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 4 days

1
0
0 0

Trusted Firmware-A LTS v2.8.28 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.8.28 is now available. This release contains the following patches: d4ce532c6 fix(arm): add extra hash config to validate ROTPK [1] 0f7eed07d refactor(mbedtls): rename default mbedtls confs [2] ae45ec9d4 docs(prerequisites): update mbedtls to version 3.6.2 [3] 8c37a4b7f feat(mbedtls): mbedtls config update for v3.6.2 [4] bf358fef7 docs: add inital lts doc [5] 633fc7323 docs: updates to LTS [6] 0330b630a chore(deps): bump jinja2 in the pip group across 1 directory [7] b3d5cc387 chore(deps): bump cross-spawn [8] 2c6035419 docs(maintainers): update LTS maintainers [9] [1] https://review.trustedfirmware.org/q/Ib3128ce7b0fb5c0858624ecbc998d456968be… [2] https://review.trustedfirmware.org/q/I1f665c2471877ecc833270c511749ff845046… [3] https://review.trustedfirmware.org/q/Ibc4a8712c92019648fe0e75390cd3540d86b7… [4] https://review.trustedfirmware.org/q/I79027f6c741ab3f419f7b555321507e6a78b9… [5] https://review.trustedfirmware.org/q/I1434c29f0236161d2a127596e2cc528bf4cc3… [6] https://review.trustedfirmware.org/q/Iafc606a66ea3ea69c51b433867b5025b8debe… [7] https://review.trustedfirmware.org/q/I4502ed17a6ce37f53ac64370a5d7fe756875f… [8] https://review.trustedfirmware.org/q/I78624d7ef8c3842a2271d091bf2d3213d9455… [9] https://review.trustedfirmware.org/q/Ibf087c6b0e24d6faa9dafb6f8a0955a47f583… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.28/change-log.html Thanks, TF-A LTS team

3 weeks, 5 days

1
0
0 0

Trusted Firmware-A LTS v2.10.12 Release Announcement

by ci_notify＠trustedfirmware.org

Hello, Trusted Firmware-A LTS version 2.10.12 is now available. This release contains the following patches: 8b2c88573 fix(arm): add extra hash config to validate ROTPK [1] 0ac65e7aa refactor(mbedtls): rename default mbedtls confs [2] 44161dcb1 docs(prerequisites): update mbedtls to version 3.6.2 [3] 564922601 feat(mbedtls): mbedtls config update for v3.6.2 [4] 13657a3f3 docs: add inital lts doc [5] 3d85a19f2 docs: updates to LTS [6] 7c8c034e5 chore(deps): bump jinja2 in the pip group across 1 directory [7] 924c7f42c chore(deps): bump cross-spawn [8] 8355ef772 docs(maintainers): update LTS maintainers [9] [1] https://review.trustedfirmware.org/q/Ib3128ce7b0fb5c0858624ecbc998d456968be… [2] https://review.trustedfirmware.org/q/I1f665c2471877ecc833270c511749ff845046… [3] https://review.trustedfirmware.org/q/Ibc4a8712c92019648fe0e75390cd3540d86b7… [4] https://review.trustedfirmware.org/q/I79027f6c741ab3f419f7b555321507e6a78b9… [5] https://review.trustedfirmware.org/q/I1434c29f0236161d2a127596e2cc528bf4cc3… [6] https://review.trustedfirmware.org/q/Iafc606a66ea3ea69c51b433867b5025b8debe… [7] https://review.trustedfirmware.org/q/I4502ed17a6ce37f53ac64370a5d7fe756875f… [8] https://review.trustedfirmware.org/q/I78624d7ef8c3842a2271d091bf2d3213d9455… [9] https://review.trustedfirmware.org/q/Ibf087c6b0e24d6faa9dafb6f8a0955a47f583… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.12/change-log.html Thanks, TF-A LTS team

3 weeks, 5 days

1
0
0 0

question about encryption

by 林觀明

Hi I tried to turn on encryption in BL31. And, I met some trouble. Here is my code. ``` static struct plat_io_policy policies[] = { ... [BL31_IMAGE_ID] = {&enc_dev_handle, &bl31_uuid_spec, check_enc_fip}, .... [ENC_IMAGE_ID] = {&fip_dev_handle, NULL, check_fip} } int plat_get_image_source(...) { ... policy = &policies[image_id]; ret = policy->check[policy->image_spec]; ... } static int check_fip(const uintptr_t spec) { int ret; ret = io_dev_open(fip_dev_con, (uintptr_t)NULL, &fip_dev_handle); if (ret) { ERROR("io_dev_open failed for FIP (%d)\n", ret); return ret; } ret = io_dev_init(fip_dev_handle, fip_image_id); if (ret) { ERROR("io_dev_init failed for FIP image id %lu (%d)\n", fip_image_id, ret); io_dev_close(fip_dev_handle); } return ret; } static int check_enc_fip(const uintptr_t spec) { int result; uintptr_t local_image_handle; /* See if a Firmware Image Package is available */ result = io_dev_open(enc_dev_con, (uintptr_t)NULL, &enc_dev_handle); if (result) { ERROR("io_dev_open failed for FIP (%d)\n", result); return result; } result = io_dev_init(enc_dev_handle, (uintptr_t)ENC_IMAGE_ID); if (result != 0) return result; return result; } ``` But, I can't boot successfully. Below is log. ``` INFO: Image id=3 loaded: 0x40800000 - 0x4080e299 INFO: BL2: Loading image id 5 WARNING: ===== allocate_dev_info 1 ===== WARNING: ==== -12 ==== ERROR: io_dev_open failed for FIP (-12) ERROR: Image id 11 open failed with -12 WARNING: Failed to obtain reference to image id=11 (-12) ERROR: BL2: Failed to load image id 5 (-12) ``` And, I found root cause in `allocate_dev_info` and `free_dev_info` in `drivers/io/io_fip.c` In `allocate_dev_info`, there is a count, `fip_dev_count`, increasing by 1 after calling `fip_dev_open` There is a check. The value of MAX_FIP_DEVICES is 1. ``` if (fip_dev_count < (unsigned int)MAX_FIP_DEVICES) { unsigned int index = 0; result = find_first_fip_state(0, &index); assert(result == 0); /* initialize dev_info */ dev_info_pool[index].funcs = &fip_dev_funcs; dev_info_pool[index].info = (uintptr_t)&state_pool[index]; *dev_info = &dev_info_pool[index]; ++fip_dev_count; } ``` And, in `fip_dev_close`, The `fip_dev_count` will be decreased by 1. However, The root casue is it call fip_dev_open but not calling fip_dev_close. It cause the `fip_dev_count` not be decreased by 1. Now, I have two solution. 1. Increasing the MAX_FIP_DEVICES, it will be working. 2. Add the io_dev_close in `enc_dev_close` in `driver/io_/io_encrypted.c`. And, it will call the fip_dev_close. It will be working. Do you have any idea in this solution ? Which solution is more general ? Thanks !

1 month

2
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-A