butok
diff --git a/‎.gitignore
+3 b/‎.gitignore
+3
diff --git a/‎.readthedocs.yaml
+35 b/‎.readthedocs.yaml
+35
diff --git a/‎CMakeLists.txt
+13-16 b/‎CMakeLists.txt
+13-16
diff --git a/‎Kconfig.misc
-23 b/‎Kconfig.misc
-23
diff --git a/‎bl1/Kconfig
+8 b/‎bl1/Kconfig
+8
diff --git a/‎bl1/bl1_1/CMakeLists.txt
+30-26 b/‎bl1/bl1_1/CMakeLists.txt
+30-26
diff --git a/‎bl1/bl1_1/bl1_1_shared_symbols.txt
+15-37 b/‎bl1/bl1_1/bl1_1_shared_symbols.txt
+15-37
diff --git a/‎bl1/bl1_1/lib/CMakeLists.txt
+2-2 b/‎bl1/bl1_1/lib/CMakeLists.txt
+2-2
diff --git a/‎bl1/bl1_1/lib/image_otp.c
+10-3 b/‎bl1/bl1_1/lib/image_otp.c
+10-3
@@ -9,6 +9,9 @@
 # Visual Studio Code
 .vscode/
 
+# Local dependency repo
+localrepos.cmake
+
 # Garbage files
 /build*/
 /cmake_build*/
 
@@ -0,0 +1,35 @@
+#-------------------------------------------------------------------------------
+#
+# Copyright (c) 2023, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Version of the configuration file, v1 is no longer supported
+version: 2
+
+# Configuration for the documentation build
+build:
+  os: ubuntu-22.04
+  tools:
+    python: "3.11"
+  apt_packages:
+    - plantuml
+
+# Build documentation in the "docs/" directory with Sphinx
+sphinx:
+  configuration: docs/conf.py
+
+# The documentation will also be built in a pdf format
+formats:
+   - pdf
+   - htmlzip
+
+# Configuration of the Python environment
+python:
+   install:
+   - requirements: docs/requirements.txt
@@ -21,6 +21,12 @@ endif()
 list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 include(version)
 include(remote_library)
+include(utils)
+
+if(EXISTS ${CMAKE_SOURCE_DIR}/localrepos.cmake)
+    message(WARNING "Building using local repositories from \"" ${CMAKE_SOURCE_DIR}/localrepos.cmake "\"")
+    include(${CMAKE_SOURCE_DIR}/localrepos.cmake)
+endif()
 
 ############################ CONFIGURATION #####################################
 include(config/pre_config.cmake)
@@ -36,31 +42,18 @@ include(config/post_config.cmake)
 ############################### Compiler configuration #########################
 
 include(${TFM_TOOLCHAIN_FILE})
-set(CMAKE_PROJECT_INCLUDE_BEFORE ${CMAKE_SOURCE_DIR}/cmake/disable_compiler_detection.cmake)
+
+set(CMAKE_C_COMPILER_FORCED true)
+set(CMAKE_CXX_COMPILER_FORCED true)
 
 project("Trusted Firmware M" VERSION ${TFM_VERSION} LANGUAGES C CXX ASM)
 tfm_toolchain_reload_compiler()
 
-# Synchronise the install path variables. If CMAKE_INSTALL_PREFIX is manually
-# set then set both to the value of that, else set both to the value of
-# TFM_INSTALL_PATH. This has to be done after the call to `project()`.
-if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
-    set(CMAKE_INSTALL_PREFIX  ${TFM_INSTALL_PATH} CACHE PATH  "" FORCE)
-else()
-    set(TFM_INSTALL_PATH  ${CMAKE_INSTALL_PREFIX} CACHE PATH  "Path to which to install TF-M files" FORCE)
-endif()
-
 add_subdirectory(lib/ext)
 add_subdirectory(lib/fih)
 add_subdirectory(tools)
 add_subdirectory(secure_fw)
 
-if(NS AND NS_EVALUATION_APP_PATH)
-    add_subdirectory(${NS_EVALUATION_APP_PATH} ${CMAKE_CURRENT_BINARY_DIR}/evaluation-app)
-elseif(NS OR TFM_S_REG_TEST OR TFM_NS_REG_TEST OR TEST_BL2 OR TEST_BL1_1 OR TEST_BL1_2)
-    add_subdirectory(${TFM_TEST_REPO_PATH} ${CMAKE_CURRENT_BINARY_DIR}/tf-m-tests)
-endif()
-
 add_subdirectory(interface)
 if(BL2)
     add_subdirectory(bl2)
@@ -77,6 +70,10 @@ if(CRYPTO_HW_ACCELERATOR)
     add_subdirectory(platform/ext/accelerator)
 endif()
 
+if(IS_DIRECTORY ${CONFIG_TFM_TEST_DIR})
+    add_subdirectory(${CONFIG_TFM_TEST_DIR} ${CMAKE_CURRENT_BINARY_DIR}/tf-m-tests)
+endif()
+
 ############################ Config Check ######################################
 
 include(${CMAKE_SOURCE_DIR}/config/check_config.cmake)
 
@@ -70,31 +70,8 @@ endmenu
 
 ################################# Manifest #####################################
 
-menu "TF-M manifest"
-
 config TFM_MANIFEST_LIST
     string "TF-M native Secure Partition manifests list file"
     default "$(TFM_SOURCE_DIR)/tools/tfm_manifest_list.yaml"
     help
       TF-M native Secure Partition manifests list file
-
-config TFM_EXTRA_MANIFEST_LIST_FILES
-    string "Extra manifest list file(s)"
-    default ""
-    help
-      Used to list extra Secure Partition manifests.
-
-config TFM_EXTRA_GENERATED_FILE_LIST_PATH
-    string "Path to extra generated file list."
-    default ""
-    help
-      Appended to stardard TFM generated file list
-
-config TFM_EXTRA_PARTITION_PATHS
-    string "List of extra Secure Partitions directories."
-    default ""
-    help
-      An extra Secure Parition folder contains source code, CMakeLists.txt and
-      manifest files
-
-endmenu
@@ -96,4 +96,12 @@ config TFM_BL1_LOGGING
     bool "Enable BL1 Logging"
     default y
 
+config BL1_2_BUILD_TYPE
+    string "BL1_2 build type"
+    default "$(CMAKE_BUILD_TYPE)"
+
+config BL1_SHARED_SYMBOLS_PATH
+    string "Path to list of symbols that BL1_1 that can be referenced from BL1_2"
+    default "${TFM_SOURCE_DIR}/bl1/bl1_1/bl1_1_shared_symbols.txt"
+
 endif
@@ -1,5 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -29,22 +29,24 @@ target_link_options(bl1_1
 target_sources(bl1_1
     PRIVATE
         main.c
+        $<$<BOOL:${CONFIG_GNU_SYSCALL_STUB_ENABLED}>:${CMAKE_SOURCE_DIR}/platform/ext/common/syscalls_stub.c>
 )
 
 target_link_libraries(bl1_1
     PRIVATE
         bl1_1_lib
         bl1_1_shared_lib
-        platform_bl1
+        platform_bl1_1
         $<$<BOOL:${TEST_BL1_1}>:bl1_1_tests>
 )
 
 target_compile_definitions(bl1_1
     PRIVATE
         $<$<BOOL:${TEST_BL1_1}>:TEST_BL1_1>
+        $<$<AND:$<BOOL:${CONFIG_TFM_BOOT_STORE_MEASUREMENTS}>,$<NOT:$<BOOL:${CONFIG_TFM_BOOT_STORE_ENCODED_MEASUREMENTS}>>>:TFM_MEASURED_BOOT_API>
 )
 
-target_share_symbols(bl1_1 ${CMAKE_CURRENT_SOURCE_DIR}/bl1_1_shared_symbols.txt)
+target_share_symbols(bl1_1 ${BL1_SHARED_SYMBOLS_PATH})
 
 ################################################################################
 
@@ -84,26 +86,28 @@ add_custom_command(OUTPUT bl1_2_padded.bin bl1_2_padded_hash.bin
 
 ################################################################################
 
-add_custom_target(bl1_provisioning_bundle
-    ALL
-    SOURCES bl1_provisioning_bundle.bin
-)
-
-add_custom_command(OUTPUT bl1_provisioning_bundle.bin
-    DEPENDS ${TFM_BL2_ENCRYPTION_KEY_PATH}
-    DEPENDS ${TFM_GUK_PATH}
-    DEPENDS $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded_hash.bin
-    DEPENDS $<TARGET_FILE_DIR:bl2>/bl2_signed_hash.bin
-    DEPENDS $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded.bin
-    bl1_2_padded_bin bl2_signed_bin
-    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/create_provisioning_bundle.py
-    COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/create_provisioning_bundle.py
-                    --bl2_encryption_key_input_file ${TFM_BL2_ENCRYPTION_KEY_PATH}
-                    --bl2_signing_key_input_file ${TFM_BL2_SIGNING_KEY_PATH}
-                    --guk_input_file ${TFM_GUK_PATH}
-                    --bl1_2_padded_hash_input_file $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded_hash.bin
-                    --bl2_signed_hash_input_file $<TARGET_FILE_DIR:bl2>/bl2_signed_hash.bin
-                    --bl1_2_input_file $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded.bin
-                    --bundle_output_file bl1_provisioning_bundle.bin
-    COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/bl1_provisioning_bundle.bin $<TARGET_FILE_DIR:bl1_1>
-)
+if (TFM_BL1_DEFAULT_PROVISIONING)
+    add_custom_target(bl1_provisioning_bundle
+        ALL
+        SOURCES bl1_provisioning_bundle.bin
+    )
+
+    add_custom_command(OUTPUT bl1_provisioning_bundle.bin
+        DEPENDS ${TFM_BL2_ENCRYPTION_KEY_PATH}
+        DEPENDS ${TFM_GUK_PATH}
+        DEPENDS $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded_hash.bin
+        DEPENDS $<TARGET_FILE_DIR:bl2>/bl2_signed_hash.bin
+        DEPENDS $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded.bin
+        bl1_2_padded_bin bl2_signed_bin
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/create_provisioning_bundle.py
+        COMMAND ${Python3_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/create_provisioning_bundle.py
+                        --bl2_encryption_key_input_file ${TFM_BL2_ENCRYPTION_KEY_PATH}
+                        --bl2_signing_key_input_file ${TFM_BL2_SIGNING_KEY_PATH}
+                        --guk_input_file ${TFM_GUK_PATH}
+                        --bl1_2_padded_hash_input_file $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded_hash.bin
+                        --bl2_signed_hash_input_file $<TARGET_FILE_DIR:bl2>/bl2_signed_hash.bin
+                        --bl1_2_input_file $<TARGET_FILE_DIR:bl1_2>/bl1_2_padded.bin
+                        --bundle_output_file bl1_provisioning_bundle.bin
+        COMMAND ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_BINARY_DIR}/bl1_provisioning_bundle.bin $<TARGET_FILE_DIR:bl1_1>
+    )
+endif()
@@ -1,41 +1,19 @@
-bl1_sha256_compute
-bl1_sha256_init
-bl1_sha256_update
-bl1_sha256_finish
-
+Driver_FLASH0
+SystemInit
 bl1_aes_256_ctr_decrypt
 bl1_derive_key
-bl1_otp_read_nv_counter
-bl1_otp_write_nv_counter
-bl1_otp_read_bl2_image_hash
 bl1_otp_read_key
-bl1_otp_read
-mbedtls_init
-crypto_hw_accelerator_init
-crypto_hw_accelerator_finish
-fih_delay_init
-fih_delay_finish
-bl_secure_memeql
-bl_secure_memcpy
-
-fih_delay_random_uchar
-_fih_cfi_ctr
-FIH_FAILURE
-FIH_SUCCESS
-_fih_mask
-fih_cfi_decrement
-fih_cfi_get_and_increment
-fih_cfi_validate
-fih_panic_loop
-
-SystemInit
-boot_platform_init
-boot_platform_post_init
-boot_platform_quit
-bl1_image_get_flash_offset
+bl1_sha256_compute
+bl1_sha256_finish
+bl1_sha256_init
+bl1_sha256_update
+bl1_trng_generate_random
+computed_bl1_2_hash
+pq_crypto_verify
+stdio_init
 stdio_output_string
-Driver_FLASH0
-platform_code_is_bl1_2
-
-run_testsuite
-tfm_log_printf
+stdio_uninit
+tfm_plat_init_nv_counter
+tfm_plat_otp_read
+tfm_plat_read_nv_counter
+tfm_plat_set_nv_counter
@@ -1,5 +1,5 @@
 #-------------------------------------------------------------------------------
-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+# Copyright (c) 2021-2023, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -22,5 +22,5 @@ target_include_directories(bl1_1_lib
 target_link_libraries(bl1_1_lib
     INTERFACE
         bl1_1_shared_lib
-        platform_bl1
+        platform_bl1_1
 )
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
@@ -14,9 +14,16 @@ fih_int bl1_read_bl1_2_image(uint8_t *image)
 {
     fih_int fih_rc;
     enum tfm_plat_err_t plat_err;
+    uint32_t bl1_2_len;
 
-    plat_err = tfm_plat_otp_read(PLAT_OTP_ID_BL1_2_IMAGE, BL1_2_CODE_SIZE,
-                                 image);
+    plat_err = tfm_plat_otp_read(PLAT_OTP_ID_BL1_2_IMAGE_LEN, sizeof(bl1_2_len),
+                                 (uint8_t *)&bl1_2_len);
+    fih_rc = fih_int_encode_zero_equality(plat_err);
+    if (fih_not_eq(fih_rc, FIH_SUCCESS)) {
+        FIH_RET(fih_rc);
+    }
+
+    plat_err = tfm_plat_otp_read(PLAT_OTP_ID_BL1_2_IMAGE, bl1_2_len, image);
     fih_rc = fih_int_encode_zero_equality(plat_err);
 
     FIH_RET(fih_rc);
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`#-------------------------------------------------------------------------------`
`2`		`-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.`
	`2`	`+# Copyright (c) 2021-2023, Arm Limited. All rights reserved.`
`3`	`3`	`#`
`4`	`4`	`# SPDX-License-Identifier: BSD-3-Clause`
`5`	`5`	`#`
`@@ -22,5 +22,5 @@ target_include_directories(bl1_1_lib`
`22`	`22`	`target_link_libraries(bl1_1_lib`
`23`	`23`	`INTERFACE`
`24`	`24`	`bl1_1_shared_lib`
`25`		`- platform_bl1`
	`25`	`+ platform_bl1_1`
`26`	`26`	`)`