IGPS_04.00.06

IGPS 04.00.06 - Feb 5th 2024

• Bootblock 0.4.1

  • Set PCI and GFX core clock to PLL1.

• Add bootblock XML for MS (with GPIO enabled).

• Remove Z1 from signing flows. Add MS signing.

  signed-off-by:[email protected]

IGPS_04.00.04

IGPS 04.00.04 - Jan 28th 2024

• TIP_FW: 0.6.7 L0 0.5.6 L1
  https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.6.7_L0_0.5.6_L1
  • Disable attestation.
  • Fix Macronix issue: if BMC changes to wrong command set FIU_DRD_CFG RD_CMD back to a valid value.

IGPS 04.00.03 - Jan 22th 2024

• TIP_FW: 0.6.7 L0 0.5.6 L1
  https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.6.7_L0_0.5.6_L1

  • Move manifests to the end of the flash.
  • format manifests when needed.
  • Enhance logging during malloc\stack failure.
  • Increase BMC_task stack.
  • Limit SKMT to 10 keys (final number TBD).
  • Limit KMT to 4 keys (final number is TBD).
  • Restore FIU_DRD_CFG (bug fix for Macronix flash).

• Total wipe: enhance logging.

• key_mask: instead of writing 1<<key_index to key_mask: IGPS sets the relevant bit without changing other bits in key_mask.

  signed-off-by:[email protected]

IGPS_04.00.01

IGPS 04.00.01 - Jan 4th 2024

• Add support for external hardening tables.

• Add chip XML.

• Add registers CSV files in inputs.

• Add a folder output_binaries/tmp as staging area.
  kmt_map.bin and skmt_map.bin will be created in tmp instead of inputs.

• Add pointers to regisers tables in all FW headers.

• Add file IGPS_common.py where all GenerateAll.run subroutines are located.
  This allows OpenBMC build to call these scripts directly.

• Split combo 0 and combo 1 sign so that OpenBMC build can call only combo1 buildand take a signed image from tip repo as-is.

• Fix ReplaceComponent.bat scripts, add register handleing and fix KMT and SKMT in-correct build.

• uboot v2023.10-npcm8xx-20240103
  https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20240103

  • Fix PCI reset
  • Fix PSPI clock divider
  • Fix 4GB dram issue
  • Fix reset driver bug

• TIP_FW: 0.6.6 L0 0.5.5 L1
  https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.6.6_L0_0.5.5_L1

  • Support Hardening.
  • Fix Coverity issues.
  • Support BMC direct access commands: flash erase, program, read and FW update. (note: FW udpate in direct mode has a known issue with encrypted images).
  • Direct mode: handle unknown interrupts - clean the correct notification.
  • Support OTP key revokation.
  • Init CDI to counter to allow devices in pre-production to boot to uboot.
  • PA-RoT: component attestation enablement This PR includes all the features required for PA-RoT (component attestation).
    1. CFM workflow enablement
    2. PCD workflow enablement
    3. Configuration reset workflow enablement
    4. Attestation requester bring-up
    5. PCR/TCG log extension
       Those features are under the control of compilation flags:
       CMD_ENABLE_ISSUE_REQUEST
       CERBERUS_ENABLE_COMPONENT_ATTESTATION
       ATTESTATION_SUPPORT_SPDM
       ATTESTATION_SUPPORT_DEVICE_DISCOVERY
       CMD_ENABLE_RESET_CONFIG
    • When disabling those flags, TIP acts as AC-RoT.
    • Fix issue in malloc
  • Bug fix: handle key store in the case of zero block.
  • Add scripts for total_wipe and flash read.
  • Remove Programing 'Basic' mode. Always use the 'Secure' version.

  signed-off-by:[email protected]

IGPS_03.09.08

IGPS 03.09.08 - Nov 29th 2023

• Write key mask automatically by scripts.
• Bootblock version 0.3.9:
  • block PLL reseting in secondary boot.
    PLLs are set only after PORST. (PLLs only, other dividers like FIU are set on any reset)
  • Change print of DRAM type.
  • Print all values in MHz (instead of Hz).
• XML mark the key_mask area as reserved.

IGPS_03.09.07

IGPS_03.09.07

• Remove Google TIP_FW. SA FW replaces it.
• Bootblock version 0.3.8: https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.3.8
  • bootblock output file rename back to arbel_a35_bootblock.bin.
  • unused fuse data moved under ifdef
  • Add 3 fields to header (FIU_DRD_CFG for fiu 0, 1, 3). User can change these values in IGPS. bootblock does not check
    value is legal.
  • Cleanup makefile.
• XML: add FIU_DRD_CFG0, 1, 3 to bootblock headers.

IGPS_03.09.06

IGPS 03.09.06 - Nov 2 2023

TIP_FW: 0.6.5 L0 0.5.4 L1

https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_0.6.5_L0_0.5.4_L1

* MC reset, if needed, performed synchronously from TIP side while BMC is in reset.

Bootblock version 0.3.7

https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.3.7

* Modify the makefile to ensure compatibility with Linux compilation and incorporate a build.sh script.
* In NO_TIP mode: if training fails perform FSW to retry.
* In TIP mode: need to use TIP_FW 0.6.5 and up so that TIP will reset MC before bootblock to ensure no BMC access 
  during reset MC.
* Update timer driver with registers and basic functionality.
* Update FIU divider on every reset, according to the header.
* Set RDLEN to 0 on AHB6 and AHB13.

bl31

https://github.com/Nuvoton-Israel/arm-trusted-firmware/releases/tag/v2.9.0

* Fix GFX frame buffer memory corruption during secondary boot.

• Scripts: create image_no_tip_SA.bin for A1 mimic no_tip mode (concatenated file image_no_tip + SA FW).

IGPS_03.09.05

IGPS 03.09.05 - Oct 23 2023

• OPTEE: 0.0.4 : https://github.com/Nuvoton-Israel/optee_os/releases/tag/npcm_4_0_0
  • Reading HUK from UUID stored in two scratchpad registers
• Add UpdateInputBinaries for A2. Files are the same as A1.
• u-boot: v2023.10-npcm8xx-20231023:
  https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2023.10-npcm8xx-20231023
  first release of npcm-v2023.10
  • Fix memory corruption in GFX frame buffer.
• TIP_FW 0.6.4 L0 0.5.3 L1
  • Fix DRAM window handling bug, in order to allow loading images to any address in DRAM.
  • Fix access for Z1 devices to NCL lib.
  • Move tip log to end of recovery flash.
  • Support flash encryption. Need to create per die key and enable in each image header.
  • Fix TAG alignment issue.
  • Support A35 bootblock reset case.
  • Switch to lightweight X.509 and base64 API to remove mbedTLS from L0 completely
  • Extend key scan option from TIP_ROM to all images
  • Enhance NCL hash porting with SW SHA1 support
  • TIP_SCR0 fix configuration during BMC reset.
  • Update OEM table
  • Customize TIP DICE layer 0 to generate ECC-384 device ID key pair matching ROM
  • Generate counter DICE is missing. Fuse DME and DICE requests.
• Bootblock 0.3.6:
  • Fix SPIX settings. SPIX should be below 33MHz. It was calculated according to SPI0 and not SPIX, and then set to SPIX.
  • Read the DIE information from OTP and place it in SCRACHPAD 72 and 73, for the OPTEE to read it
  • Bug fix: return pass status to TIP in secondary reset if training is skipped.

IGPS_03.09.04

IGPS 03.09.04 - Sep 28th 2023

• SA TIP_FW 0.2.1 L0
  • Added support to a stand-alone (SA) TIP FW which starts BMC execution. Used to mimic A2 NO_TIP mode an A1 chip.
    This option should only be used for external RoT users.
• Zero KMT field fwTableOffset.
• Monitor 1.1.0
  • added self_destruction and reset option
• XML:
  • Move all XMLs to reference.
  • Added random IV to header.
  • Added SVN version to each XML file.
  • Added key_mask option to all images.
    Note: for flash encryption, SVN and key_mask need to udpate TIP_FW from Azure.
• Cleanup Update* scripts.
• Add batch file to NO_TIP modes.

IGPS_03.09.03

IGPS 03.09.03 - Aug 10th 2023

• uboot https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2021.04-npcm8xx-20230809
  * Fix incorrect ram size of 4GB dram with ECC enabled
• TIP_FW 0.6.2 L0 0.5.1 L1
  https://github.com/Nuvoton-Israel/npcm8xx-tip-fw/releases/tag/TIP_FW_L0_0.6.2_L1_0.5.1
  * Fix trap issue in export found on DC_SCM only.
  * Optimize memory usage.
  * RSA and RNG code cleanup.
• Update scripts: fix typos.
• Update scripts: copy all keys always. to replace a key please remove it from both:
  IGPS_..\py_scripts\ImageGeneration\keys
  IGPS_..\py_scripts\ImageGeneration\inputs\key_input

IGPS 03.09.02

IGPS 03.09.02 - Jul 24th 2023

bootblock 0.3.5

https://github.com/Nuvoton-Israel/npcm8xx-bootblock/releases/tag/A35_BootBlock_0.3.5

• bug fix: support NO_TIP mode + updated memory map. all images are loaded to DRAM. (from version bootblock 0.3.4)
• Call CLK_ConfigureFIUClock only in PORST (update SPI dividers from header).
• re-enable HOST_IF field in header. Supported values:
  0xFF: do nothing
  0x00: LPC.
  0x01: eSPI
  0x02: GPIOs TRIS.
  0x03: release host wait, disable eSPI
  configuration is done only in PORST.

add baud rate field to header:

Supported values: 9600,14400,19200,38400,57600,115200,230400,380400,460800,921600
default is 115200.

Update README with signing options.

Support pkcs11-tool on Linux.

Bingo 0.0.6.

https://github.com/Nuvoton-Israel/bingo/releases/tag/Bingo_0.0.6

update Monitor 1.0.9 (contact Nuvoton for internal users only release).

Optee npcm845x_3.22.0-rc1-7:

https://github.com/Nuvoton-Israel/optee_os/releases/tag/3.22.0-rc1-7
o change load address of OPTEE-OS from 0x36000000 to 0x02100000
o added HUK reading from TIP Mailbox DME PCR0

TIP_FW 0.6.1 L0 0.5.0 L1:

o Update RCR regs whenever PORST bit is set in TIP_SCR1 (ignore all other bits).
o Export PCI parameters on any reset. re-order the parameter locations.
o Fix typos un uptime and similar.
o SWRST4 is TIP_RESET.
##uboot https://github.com/Nuvoton-Israel/u-boot/releases/tag/v2021.04-npcm8xx-20230724
o u-boot.bin is built with extra config to skip UART initialization in u-boot
CONFIG_SYS_SKIP_UART_INIT

Update bootblock XML:

o Add host IF field. eSPI in all flavors except Google XML.
o Add BAUD rate field. default is 115200.