sdk_version="TZ.XF.5.0-09021-KAANAPALI-1"

'''
CRs picked in SDK release are:


CR/3871769
--------------------------------------------------------------
Title:
Adding code for argument validation of IMemSpace.mapPartial() interface.

ChangeDescription:
Added code for argument validation of IMemSpace.mapPartial() interface.
Only 4K aligned size and offset is allowed to this api
--------------------------------------------------------------


CR/3205161
--------------------------------------------------------------
Title:
FR78140:  QSEA:  Enable a mechanism to decrypt IP protected by a key managed in TEE and deliver it to SW residing in HLOS.

ChangeDescription:
FR78140:  QSEA:  Enable a mechanism to decrypt IP protected by a key managed in TEE and deliver it to SW residing in HLOS.
--------------------------------------------------------------


CR/3528161
--------------------------------------------------------------
Title:
TA crash when calling qsee_log

ChangeDescription:
When any TA sends log length > 119 bytes, its chopped down to 119 bytes. TA will loose some data from logs. But to overcome, TA can call qsee_log multiple times and get complete data printed.
--------------------------------------------------------------


CR/3355854
--------------------------------------------------------------
Title:
Add IDL APIs supports for SHA3/HMAC 

ChangeDescription:
Added IDL APIs supports for SHA3/HMAC 
--------------------------------------------------------------


CR/4054156
--------------------------------------------------------------
Title:
[ssg] Add support for NordDC 

ChangeDescription:
[ssg] Add support for NordDC 
--------------------------------------------------------------


CR/3990058
--------------------------------------------------------------
Title:
[Lemans/Monaco] GIC Save restore.

ChangeDescription:
GIC save restore is planned in TZ because HGY (RedHat) open source community was not accepting changes in GIC drivers in HLOS. So requirement came to TZ to save and restore GIC register in TZ because TZ is more privileged and has access to all the GIC registers. Another justification is TZ will be common among all SP's where different HLOS is used for e.g (HQX used , LA-> linux and HGY-> Linux RedHat)

GIC save restore changes to save Distributor and Re-distributor in DS/QB path.
--------------------------------------------------------------


CR/2531863
--------------------------------------------------------------
Title:
Double delete in CPP-based SMCInvoke skeleton

ChangeDescription:
Removed the overwritten release function
--------------------------------------------------------------


CR/3006802
--------------------------------------------------------------
Title:
Update SDK pdf with list of emulated UIDs 

ChangeDescription:
A section was added to the document "80-PF777-58_A_QTEE_TA_Software_Developers_Kit.pdf" describing the QTEE services that are emulated in QTEEEmu and available to TA developers.  
--------------------------------------------------------------


CR/2895917
--------------------------------------------------------------
Title:
Fail loading TA if architecture not supported in EL0

ChangeDescription:
Modified the apploader in QTEE to fail loading unsupported TAs
--------------------------------------------------------------


CR/3055971
--------------------------------------------------------------
Title:
QWES: add cellular summary report (CSR) and cellular detailed report (CDR) in ITrustedReport

ChangeDescription:
QWES: add cellular summary report (CSR) and cellular detailed report (CDR) in ITrustedReport
--------------------------------------------------------------


CR/2541476
--------------------------------------------------------------
Title:
Update SDK Documentation

ChangeDescription:
Update of SDK documentation to include documentation of SDK example applications 
--------------------------------------------------------------


CR/4041783
--------------------------------------------------------------
Title:
TZ support to load the LSR FW on Balsam (ssg changes)

ChangeDescription:
This change will allow the TZ to provide the support to load the LSR FW on Balsam. Requirements for LSR FW will roughly match with the EVA FW.
--------------------------------------------------------------


CR/3225641
--------------------------------------------------------------
Title:
[Kailua.LA.1.0]CFI/CIL goes fine even with test license when pushed to /mnt/vendor/persist/data/pfm/licenses

ChangeDescription:
Add a change to differentiate TEST vs PROD based certs in fatTOC 
--------------------------------------------------------------


CR/3629400
--------------------------------------------------------------
Title:
QSEE TA SDK document lacks some metadata field.

ChangeDescription:
metadata property needs detail description of each TA metadata fields and its side effects.
--------------------------------------------------------------


CR/2932483
--------------------------------------------------------------
Title:
Add support to configure pipe timer, pipe pause and retrieve pipe statistics

ChangeDescription:
Add support to configure pipe timer, pipe pause and retrieve pipe statistics
--------------------------------------------------------------


CR/3767092
--------------------------------------------------------------
Title:
Enabling non cache coherent memory object use cases.

ChangeDescription:
Change overview:
1. Update HLOS memory Region property on basis of cache property of SMO shared by NS.
2. Map KRegion as cached/ uncached on basis of above property.
3. Add new test case around SMO for validation.
--------------------------------------------------------------


CR/3235168
--------------------------------------------------------------
Title:
Update the IKVStoreAdmin to  the 80-PF777-58_A_QTEE_TA_Software_Developers_Kit.pdf

ChangeDescription:
Update the IKVStoreAdmin to  the 80-PF777-58_A_QTEE_TA_Software_Developers_Kit.pdf
--------------------------------------------------------------


CR/3095901
--------------------------------------------------------------
Title:
IDiagnostics interface not included in the SDK documentation

ChangeDescription:
Added IDiagnostics interface in the SDK documentation
--------------------------------------------------------------


CR/3230263
--------------------------------------------------------------
Title:
Initial implementation of Device Trust SDK reports

ChangeDescription:
Initial implementation of Device Trust SDK reports
--------------------------------------------------------------


CR/4035800
--------------------------------------------------------------
Title:
Vmidmt mappings Changes

ChangeDescription:
Vmidmt mappings Changes
--------------------------------------------------------------


CR/3202439
--------------------------------------------------------------
Title:
flexible shared-mem mapping from privileged qseecompat client

ChangeDescription:
to allow TA used by kernel-client of qseecompat more flexible memory mapping.
--------------------------------------------------------------


CR/3185515
--------------------------------------------------------------
Title:
[Kailua.LA.1.0]PFM Service is not availabled after running CFI for few iterations

ChangeDescription:
Deallocate the memory being used by PFM object.
--------------------------------------------------------------


CR/4039752
--------------------------------------------------------------
Title:
Make compression of TA(FR95753) change compliant with unify sdk

ChangeDescription:
compression needs to be enabled explicitly in sdk_config_X.cfg file, otherwise compression for TA will not happen if compiling the TAs using sdk_version=TZ.XF.X
--------------------------------------------------------------


CR/4049464
--------------------------------------------------------------
Title:
Documentation update for TZ_OS_GET_LOG_STATUS_ID system call

ChangeDescription:
Documentation update for TZ_OS_GET_LOG_STATUS_ID system call
--------------------------------------------------------------


CR/2830919
--------------------------------------------------------------
Title:
Incorrect Interface Exposure Documentation in QTEE TA Software Developers Kit

ChangeDescription:
All exposed interfaces are listed together, regardless if exposed to TA or HLOS.
HLOS Exposed Interfaces listed as TA exposed interfaces eg. IClientEnv and IAppLoader.
Need new section listing HLOS exposed interfaces separate from TA exposed interfaces.
--------------------------------------------------------------


CR/2800668
--------------------------------------------------------------
Title:
Add new mapping from UID to memory access authority

ChangeDescription:
Add ability for TA to use memory allocated in CP_NON_PIXEL.
--------------------------------------------------------------


CR/2661033
--------------------------------------------------------------
Title:
Adding HKDF interface to ICrypto Interfaces to Trusted Applications

ChangeDescription:
Adding HKDF interface to ICrypto Interfaces to Trusted Applications
--------------------------------------------------------------


CR/3712515
--------------------------------------------------------------
Title:
FR91377 SDK document update for end to end CA-TA leak detections.

ChangeDescription:
documented the steps for leak detection end to end (CA-TA) in 80-PF777-58_A_QTEE_TA_Software_Developers_Kit.pdf
--------------------------------------------------------------


CR/3038113
--------------------------------------------------------------
Title:
Get PRNG FIPS Hybrid Module Info for FIPS certification purpose

ChangeDescription:
Get PRNG FIPS Hybrid Module Info for FIPS certification purpose
--------------------------------------------------------------


CR/3188915
--------------------------------------------------------------
Title:
FR63179 - Access Control Logic for AUDIO, CAMERA, USB

ChangeDescription:
Access Control Logic for AUDIO, CAMERA, USB
--------------------------------------------------------------


CR/3292737
--------------------------------------------------------------
Title:
Enable memory object interface, allowing accepting larger files.

ChangeDescription:
-
--------------------------------------------------------------


CR/2288929
--------------------------------------------------------------
Title:
[offtarget-sdk] Skeleton app updates

ChangeDescription:
Changes to deploy the skeleton application and documentation to TZ_SDK.
--------------------------------------------------------------


CR/3223670
--------------------------------------------------------------
Title:
Develop queryAppDump for IDiagnostics service

ChangeDescription:
Adding IDiagnostics.queryAppDump method
--------------------------------------------------------------


CR/3170260
--------------------------------------------------------------
Title:
Changed some constants in the Provisioning IDL file

ChangeDescription:
Changed some constants
--------------------------------------------------------------


CR/2954558
--------------------------------------------------------------
Title:
Changes to facilitate making factory safe provisioning a licensed feature

ChangeDescription:
Factory safe provisioning has become a licensed feature. These changes would enable us to check for a valid license on the device before it can make use of any of the FSP functionality.

--------------------------------------------------------------


CR/4036428
--------------------------------------------------------------
Title:
Object Table destructor clean-up

ChangeDescription:
During VM registration path, VM tries to allocate Object table & Object refs  from the TA region in case allocation from TA region is allowed. If  mem allocation from TA region fails, in clean-up path mem free is being tried from TZ region in ObjectTable destruction path which is causing the crash.

Clean-up Object and Object refs map object in ObjectTAble destructor based on TARegionAloocation allowed check.
--------------------------------------------------------------


CR/3783527
--------------------------------------------------------------
Title:
FR86756: Large Address Space Feature

ChangeDescription:
Support for loading trusted applications into 64b memory space was added
--------------------------------------------------------------


CR/3795919
--------------------------------------------------------------
Title:
Remove stale documentation on memory objects

ChangeDescription:
Updated the Software development guide.
--------------------------------------------------------------


CR/3129109
--------------------------------------------------------------
Title:
Updating documentation for KVStore

ChangeDescription:
Update Missing documentation
--------------------------------------------------------------


CR/2966180
--------------------------------------------------------------
Title:
Update info regarding IPC combinations possible b/w TAs.

ChangeDescription:
Changes added and observations collected as part of CR: https://orbit/CR/2923481 are to be documented.

--------------------------------------------------------------


CR/2673610
--------------------------------------------------------------
Title:
IDeviceAttestation and IPFM updates 

ChangeDescription:
Embedded qwes TA will now be loadable by name.

IDeviceAttestation
Add initial implementation of EAT-based attestation tokens.

IPFM

TestRoot:
FeatureEnabler can use SetOption to enable test root.
QTI-signed apps can use SetOption to set test root, but an error will be logged.
Setting test root option no longer disables production root

TrustedTime:
Evaluate license expiration based on RTIC trusted time when available.
Store trusted time in RPMB for use at UEFI time.
Add support for new IPFM methods (SetTrustedTime, GetNextExpiration, GetFeatureConfig)

Fixes:
Fix crash when large license is put into the drop-in folder.
Duplicate licenses can no longer be installed.

--------------------------------------------------------------


CR/4015697
--------------------------------------------------------------
Title:
TZ Initial Enablement

ChangeDescription:
This CR is to track changes of TZ initial enablement code changes and secboot changes
--------------------------------------------------------------


CR/2419366
--------------------------------------------------------------
Title:
SDK documentation updates and deployment

ChangeDescription:
Fixes for the latest changes so they are correctly reflected in the document, revision update, deployment of the document to the internal SDK.
--------------------------------------------------------------


CR/2744029
--------------------------------------------------------------
Title:
Updated the IDL Files for IDeviceAttestation and IPFM

ChangeDescription:
Updated the IDL Files for IDeviceAttestation and IPFM
--------------------------------------------------------------


CR/2856381
--------------------------------------------------------------
Title:
Added RTIC Warmup Labels to the IDL File

ChangeDescription:
Added RTIC Warmup Labels to the IDL File
--------------------------------------------------------------


CR/3043433
--------------------------------------------------------------
Title:
QWES Storage overwrites stored key if an alias is re-used.

ChangeDescription:
Return an error from saveKey if the alias is already in the store.
--------------------------------------------------------------


CR/3299232
--------------------------------------------------------------
Title:
Extend Mink IDL support in C, C++ for structures

ChangeDescription:
Updates minkidl binary in QTEE SDK to support structures with nested structures, arrays, and embedded objects.  Alignment rules must still be adhered to, and total argument and object limits are still the same.
--------------------------------------------------------------


CR/4051262
--------------------------------------------------------------
Title:
 [Kaanapali] Prod sign support for featenabler.mbn

ChangeDescription:
 [Kaanapali] Prod sign support for featenabler.mbn
--------------------------------------------------------------


CR/2924758
--------------------------------------------------------------
Title:
Add QTEE service to query AA32 Support from HLOS

ChangeDescription:
Add QTEE service to query AA32 Support from HLOS
--------------------------------------------------------------


CR/2943557
--------------------------------------------------------------
Title:
Enable TLOC and TTIME APIs with QWES licensing control: IDL review

ChangeDescription:
add QWESTAServices and TrustedReport interface
--------------------------------------------------------------


CR/2900200
--------------------------------------------------------------
Title:
Support for HWKM based key in KeyManager service

ChangeDescription:
Added support for deriving an ECC key based on a HWKM based key seed 
--------------------------------------------------------------


CR/2612193
--------------------------------------------------------------
Title:
Add strlcpy truncation checks to SDK examples and cleanup PATH_MAX includes in QTEEEmu.

ChangeDescription:
Add truncation checks to SDK example strlcpy uses and remove sdk_common.h which defines PATH_MAX if not defined by limits.h. We should be able to rely on limits.h unless defining a value in a public header.
--------------------------------------------------------------


CR/2641386
--------------------------------------------------------------
Title:
Updates to the SDK documentation

ChangeDescription:
Moved around QTEEEmu sections to better reflect what we're describing.
Added missed services.
Added a section describing assumptions in QTEEEmu.
--------------------------------------------------------------


CR/2991642
--------------------------------------------------------------
Title:
clear qwes pending request when ssgtzd restarts

ChangeDescription:
ssgtzd restarts would trigger qwes to clear the pending requests
--------------------------------------------------------------


CR/3828793
--------------------------------------------------------------
Title:
MinkIDL Documentation update

ChangeDescription:
MinkIDL Documentation update
--------------------------------------------------------------


CR/2883749
--------------------------------------------------------------
Title:
QTEE SDK Documentation Does Not Document On-Target LLVM Version

ChangeDescription:
Update LLVM On Target Version in SDK documentation
--------------------------------------------------------------


CR/2545723
--------------------------------------------------------------
Title:
C++ TA example usage documentation

ChangeDescription:
C++ TA example usage documentation updated in TA user guide
--------------------------------------------------------------


CR/3809560
--------------------------------------------------------------
Title:
IDL Files: QTEE Submod and CREDENTIAL submod needs to be non mandated ( All submods should be optional )

ChangeDescription:
Only QTEE Submod and CREDENTIAL Submod added based on ADDONS. By default no submod will be added.
--------------------------------------------------------------


CR/2924687
--------------------------------------------------------------
Title:
Debug/dump/security state Phase1 refactoring/cleanup

ChangeDescription:
Debug/dump/security state Phase1 refactoring/cleanup
--------------------------------------------------------------


CR/3800684
--------------------------------------------------------------
Title:
qseecom_sample_client command 10 failed via QseecomCompat interface from LA-GVM 

ChangeDescription:
Deprecate qsee_is_ns_range since check on memory is automatically performed before memory is mapped into TA by QTEE.
--------------------------------------------------------------


CR/3012198
--------------------------------------------------------------
Title:
Implemented Key Derivation Checks

ChangeDescription:
Implemented Key Derivation Checks
--------------------------------------------------------------


CR/3210184
--------------------------------------------------------------
Title:
Add the ICipher supports for CE clock suspend and resume

ChangeDescription:
Added the ICipher supports for CE clock suspend and resume.  
--------------------------------------------------------------


CR/4043253
--------------------------------------------------------------
Title:
Enable  HDPC Key provisioning through FSP

ChangeDescription:
Enable  HDPC Key provisioning through FSP
--------------------------------------------------------------


CR/4043302
--------------------------------------------------------------
Title:
chip id addition

ChangeDescription:
chip id addition
--------------------------------------------------------------


CR/2623499
--------------------------------------------------------------
Title:
QTEEEmu configuration via config file

ChangeDescription:
Add support for setting a few emulator options, such as the path to the directory which will hold log files, using a config file which is loaded on initialization.
--------------------------------------------------------------


CR/2529960
--------------------------------------------------------------
Title:
C++ support for TA documentation update in TA user guide

ChangeDescription:
user guide PDF generated with C++ design and usage detail
--------------------------------------------------------------


CR/2406757
--------------------------------------------------------------
Title:
Update QTEE SDK Documentation

ChangeDescription:
Update QTEE SDK documentation to include information regarding class privileges, plus additional changes for better readability of the document in general.
--------------------------------------------------------------


CR/2913013
--------------------------------------------------------------
Title:
Integrate HW Key Manager into IP-Protector

ChangeDescription:
Remove parameters for UIE fuses and replace with new HWKM APIs
--------------------------------------------------------------


CR/3732773
--------------------------------------------------------------
Title:
Block method blowSwFuse(in int32 fuse); for all GVMs in HGY

ChangeDescription:
Block method blowSwFuse(in int32 fuse); for all GVMs in HGY

 

 

-----------------------------------

In HGY we have a THIN-UEFI as the uefi part of ABL.

All the methods from SwFuse service are currently exposed to al GVMs in HGY along with "blowswfuse" which is a security concern. 
GVM can blow the software fuses using the blowswfuse and change the software fuse security state of the device.
To mitigate the security concern, blowswfuse has been blocked for all GVMs in HGY.
Only PVM can access it.  

New conditional check has been introduced such that the requests from GVMs are blocked and other exisitng requests such that from QTEE kernel/TA are allowed. 
--------------------------------------------------------------


CR/2844565
--------------------------------------------------------------
Title:
Update SDK documentation for new function easing handling of chipsets supporting aarch32, aarch64, or both.

ChangeDescription:
Simple addition to documentation
--------------------------------------------------------------


CR/2455630
--------------------------------------------------------------
Title:
https://qctcollab.qualcomm.com:8443/ui#review:id=991906

ChangeDescription:
Introduce two new API for stack profiling
qsee_prepare_stack_profile
qsee_profile_stack_usage
--------------------------------------------------------------


CR/4041132
--------------------------------------------------------------
Title:
Use the Correct Result Dump Sizes for Shake and Sha3 Operations

ChangeDescription:
Use the Correct Result Dump Sizes for Shake and Sha3 Operations
--------------------------------------------------------------


CR/2695159
--------------------------------------------------------------
Title:
Removed unused seccam error codes and stubbed qsee_sec_camera.c

ChangeDescription:
Removed unused seccam error codes from tzbsp_errno.h and stubbed qsee_sec_camera.c
--------------------------------------------------------------


CR/4050739
--------------------------------------------------------------
Title:
VMID ID update for QUP3

ChangeDescription:
Vmid instance update in regions.csv file, and I3C IBI mapping update
--------------------------------------------------------------


CR/3152613
--------------------------------------------------------------
Title:
QWES TA Updates

ChangeDescription:
- Issue Date Extension Support.
- Whitelist new FETA DID.
- ImportKey in IProvisioning
--------------------------------------------------------------


CR/2753276
--------------------------------------------------------------
Title:
Add error codes to IPFM.idl

ChangeDescription:
Add error codes for missing feature configuration and empty license store.
--------------------------------------------------------------


CR/2807388
--------------------------------------------------------------
Title:
New Mink service for calling into the HW attestation block

ChangeDescription:
Added new Mink service for calling into the HW attestation block for attestation of QFPROM regions
--------------------------------------------------------------


CR/4034470
--------------------------------------------------------------
Title:
Fix sdk docs build and update docs

ChangeDescription:
installed required tools in docker & user can run sdkdocs build now
--------------------------------------------------------------


CR/4022637
--------------------------------------------------------------
Title:
[Bonito][FR85603]:tzt_test_gptest_ta_ta_cmds & tzt_run_get_alt_rot_hash_ta_test Tests failed from UEFITZT

ChangeDescription:
Update a check in tzt_shutdown_app which checks whether the number of TA crashes is equal to the times QTEE kernel may have crashed due to TA crash, the second value depends on whether the corresponding devcfg property is set properly in oem_config as well as it being read correctly. This check will now be enabled only when the above property is set properly and we are able to read it
--------------------------------------------------------------


CR/3254899
--------------------------------------------------------------
Title:
Making FIPS self test conditional for Kailua

ChangeDescription:
Modified selftest app to run the corresponding selftest during the first time usage of the crypto operation and save the flag for later.
--------------------------------------------------------------


CR/2781808
--------------------------------------------------------------
Title:
Added New Warm Up Error to IDeviceAttestation.idl File

ChangeDescription:
Added New Warm Up Error to IDeviceAttestation.idl File
--------------------------------------------------------------


CR/2899529
--------------------------------------------------------------
Title:
Add support for DRM HLOS Offload BAM pipes

ChangeDescription:
Add support for DRM HLOS Offload BAM pipes
--------------------------------------------------------------


CR/2589239
--------------------------------------------------------------
Title:
[SDK] Update SDK documentation for BUILD_ROOT

ChangeDescription:
Add BUILD_ROOT to the build example for SDK samples
--------------------------------------------------------------


CR/4037399
--------------------------------------------------------------
Title:
Enable interface for access control to identify subsystem clearing requirement

ChangeDescription:
Enable interface for access control to identify subsystem clearing requirement
--------------------------------------------------------------


CR/3133658
--------------------------------------------------------------
Title:
Peripheral Security - mink IDLS

ChangeDescription:
Peripheral Security IDLs and SDK docs
--------------------------------------------------------------


CR/2485708
--------------------------------------------------------------
Title:
Removal of unused header from external API

ChangeDescription:
Removal of unused header.
--------------------------------------------------------------


CR/3420475
--------------------------------------------------------------
Title:
Disable SM2/SM3/SM4 based on the fuse reading

ChangeDescription:
Disabled SM2/SM3/SM4 based on the fuse reading.
--------------------------------------------------------------


CR/3039678
--------------------------------------------------------------
Title:
Refactor the documentation for TZ SDK

ChangeDescription:
Came up with new design of documentation implementation to segregate two different chapters. 
--------------------------------------------------------------


CR/2445726
--------------------------------------------------------------
Title:
[EcoSystem: SDK] Update SDK documentation to include sample TA

ChangeDescription:
Update SDK documentation to include sample TA
--------------------------------------------------------------


CR/4039923
--------------------------------------------------------------
Title:
[Glymur][FR 93936] Secure Image QTI Metadata Parser

ChangeDescription:
Added Secure Image QTI Metadata Parser
--------------------------------------------------------------


CR/3261184
--------------------------------------------------------------
Title:
[Lanai/Halliday] [SecCam] Add a new class ID CCPCameraRWAuthority_UID for seccamdemo2 TA

ChangeDescription:
Add a new class ID CCPCameraRWAuthority_UID for seccamdemo2 TA
--------------------------------------------------------------


CR/3823180
--------------------------------------------------------------
Title:
Add SDK sample code for TA Log Sink sample

ChangeDescription:
Add sample code for TA developpers who wish to implement a TA Log Sink.
--------------------------------------------------------------


CR/2875554
--------------------------------------------------------------
Title:
Improve explanation of handling of unsupported architectures for certain chipsets to the SDK documentation

ChangeDescription:
Add documentation for new chipset architecture relevance build script functions, including expected use
--------------------------------------------------------------


CR/3260626
--------------------------------------------------------------
Title:
Unable to open the PFM service if called from the modem

ChangeDescription:
Treat empty credentials as credentials not found
--------------------------------------------------------------


CR/3835660
--------------------------------------------------------------
Title:
Deprecate qsee_read_serial_num() in documentation and log it in sampleapp TA

ChangeDescription:
Docuement deprecated API in TA User Guide.pdf and log in sampleapp TA
--------------------------------------------------------------


CR/3811032
--------------------------------------------------------------
Title:
Boot time logging framework IDLs for Trusted Application

ChangeDescription:
New IDLs for Trusted App to service API communications.
--------------------------------------------------------------


CR/2864599
--------------------------------------------------------------
Title:
Introduce a new transport error code to handle invocation timeout errors

ChangeDescription:
Added a new transport error
--------------------------------------------------------------


CR/4009706
--------------------------------------------------------------
Title:
FR105010 Remove licensing check for Strongbox RoT Transfer

ChangeDescription:
Removed the SB license check
--------------------------------------------------------------


CR/3168795
--------------------------------------------------------------
Title:
Tunnel Invoke update to support minkipc over modem

ChangeDescription:
add incoming and outgoing counter for bi-directional communication using tunnel invoke, TI mutex was disabled for allowing callback
--------------------------------------------------------------


CR/2879146
--------------------------------------------------------------
Title:
Provide an service in TZ for HLOS to do PMIC Key-based Reset Configuration

ChangeDescription:
Provide an service in TZ for HLOS to do PMIC Key-based Reset Configuration
--------------------------------------------------------------


CR/3871186
--------------------------------------------------------------
Title:
Adding error code for erasing nist partition

ChangeDescription:
added new error code for nist partition erase operation
--------------------------------------------------------------


CR/2905978
--------------------------------------------------------------
Title:
FR69414:RIPEMD-160 implementation and support in QTEE | TZ side changes

ChangeDescription:
Added TZ side changes to support UCLIB ripemd-160 implementation
--------------------------------------------------------------


CR/2714959
--------------------------------------------------------------
Title:
Update IAppClient_getAppObject to load embedded TAs.

ChangeDescription:
Update Mink interface to auto load embedded TAs.
--------------------------------------------------------------


CR/3738777
--------------------------------------------------------------
Title:
Finer granularity for GPIO access

ChangeDescription:
Introducing CSecureGPIO which provides an access control policy for GPIOs. The access control is defined thanks to a mapping using devcfg.
--------------------------------------------------------------


CR/3023592
--------------------------------------------------------------
Title:
Add update/final in ICipher API

ChangeDescription:
Added the update/final in ICipher API
--------------------------------------------------------------


CR/3758365
--------------------------------------------------------------
Title:
Release runtimeattnapp TA with nistlog enablement source to external qtee_tas

ChangeDescription:
deployed source code in scons 
--------------------------------------------------------------


CR/3883865
--------------------------------------------------------------
Title:
CKVStore_open to return IOpener error code in case of non provisioned device

ChangeDescription:
kvstore returns IOpener errors which indicate that service is not supported in case of non-provisioned/not supported
--------------------------------------------------------------


CR/2885816
--------------------------------------------------------------
Title:
QWES: Add Grace Period methods to IPFM

ChangeDescription:
Add Grace Period methods to IPFM
--------------------------------------------------------------


CR/4052125
--------------------------------------------------------------
Title:
Chipid Addition

ChangeDescription:
Chipid Addition
--------------------------------------------------------------


CR/2699737
--------------------------------------------------------------
Title:
New interface for multi client TAs.

ChangeDescription:
Adds new Mink interface IAppClient for clients to access a TA service object without having access to the TA AppController.
--------------------------------------------------------------


CR/4030590
--------------------------------------------------------------
Title:
Reserve UID for TZ-SoCCP IDL service.

ChangeDescription:
Code changes to reserve UID for TZ-SOCCP COM
--------------------------------------------------------------


CR/2587551
--------------------------------------------------------------
Title:
new interface

ChangeDescription:
new interface
--------------------------------------------------------------


CR/4038488
--------------------------------------------------------------
Title:
FR86970: Reserve UID for CStorageInfo idl service

ChangeDescription:
reserve UID
--------------------------------------------------------------


CR/4039637
--------------------------------------------------------------
Title:
Adding support for hconfig image - SSG component

ChangeDescription:
Adding software ID and PROC ID for hconfig image.
--------------------------------------------------------------


CR/4026073
--------------------------------------------------------------
Title:
Enablement changes TZ mainline

ChangeDescription:
na
--------------------------------------------------------------


CR/3036413
--------------------------------------------------------------
Title:
QWES: trusted report idl error code consolidation

ChangeDescription:
QWES: trusted report idl error code consolidation
--------------------------------------------------------------


CR/3223818
--------------------------------------------------------------
Title:
building TA steps added in SDK docs.

ChangeDescription:
Steps available to build TA. Customer will be aware about security feature(pac-ret/bti), how to enable/disable and pick up precompiled library.
--------------------------------------------------------------


CR/2956257
--------------------------------------------------------------
Title:
QTEE SDK Document Sites Incorrect Tool Versions

ChangeDescription:
Updated the tool versions in QTEE SDK documenation to correct versions.
--------------------------------------------------------------


CR/2732637
--------------------------------------------------------------
Title:
Add FBE V2 API's for content encryption and obtaining raw secret 

ChangeDescription:
We added API's to wrap key, get ice key and get raw secret with respect to FBE V2. 
--------------------------------------------------------------


CR/4040709
--------------------------------------------------------------
Title:
enum changes 

ChangeDescription:
enum changes needed
--------------------------------------------------------------


CR/2604620
--------------------------------------------------------------
Title:
[SDK] Removal of ca_paths.h

ChangeDescription:
This change removes ca_paths.h in favour of definitions from the offtarget client app builder, and also makes some changes to offtarget gp simulation to accommodate this.
--------------------------------------------------------------


CR/4044928
--------------------------------------------------------------
Title:
Enable smo testcase for Kuno with cache coherency set to true

ChangeDescription:
Enable smo testcase for kuno with cache coherency set to true. Since kuno is a 32bit chipset and cache lines are not shared; on secure side, the smo will be marked as not cached. So, enabled the testcase with appropriate cache clean and invalidate operations.
--------------------------------------------------------------


CR/3716036
--------------------------------------------------------------
Title:
Update information gap in idl documentation.

ChangeDescription:
Updated the IDL documentation to represent the detail on invoke service failures.
--------------------------------------------------------------


CR/4038316
--------------------------------------------------------------
Title:
[TZ] Porting from core.tz.2.18 to core.tz.2.0, SSG changes

ChangeDescription:
[TZ] Porting from core.tz.2.18 to core.tz.2.0, SSG changes
--------------------------------------------------------------


CR/2769632
--------------------------------------------------------------
Title:
Updated IDeviceAttestation idl File for Warm Up API and String Label

ChangeDescription:
Added the new warm up API to the IDeviceAttestation interface. Changed the type of the label parameter that gets passed in while adding client app data.
--------------------------------------------------------------


CR/2776676
--------------------------------------------------------------
Title:
qwes September 14 periodic update

ChangeDescription:
Add Grace Period license support
Add partial ISV sandboxing
--------------------------------------------------------------


CR/4042163
--------------------------------------------------------------
Title:
Enable AC with SLE 

ChangeDescription:
Enable AC with SLE 
--------------------------------------------------------------


CR/2631093
--------------------------------------------------------------
Title:
Better callback object example in SMCInvoke example app.

ChangeDescription:
Add dedicated callback object example function to CA.

Remove logger CBO object, instead add example CBO which has a print method (not for logging use, just for example purposes).
--------------------------------------------------------------


CR/3205917
--------------------------------------------------------------
Title:
Add HW SM3/SM4 support in IHash/ICipher IDLs 

ChangeDescription:
Added HW SM3/SM4 support in IHash/ICipher IDLs 
--------------------------------------------------------------


CR/3390537
--------------------------------------------------------------
Title:
KRegion refactoring

ChangeDescription:
Removing virtual address allocation information from KRegion.
--------------------------------------------------------------


CR/3705816
--------------------------------------------------------------
Title:
Cryptographic Issues in Core

ChangeDescription:
Made RSA PKCS1_5 padding decoding process constant time.
--------------------------------------------------------------


CR/3919040
--------------------------------------------------------------
Title:
Fix test_sampleapp_ext testcase

ChangeDescription:
Remove NULL check at SDMgrCompat layer for device_init API & expect non-provision error
--------------------------------------------------------------


CR/2557037
--------------------------------------------------------------
Title:
Add the off-target client headers to the documentation

ChangeDescription:
Add the off-target client headers to the documentation.
--------------------------------------------------------------


CR/2982512
--------------------------------------------------------------
Title:
Add support for curve25519 in the cmnlib PKEY interface

ChangeDescription:
Add support for curve25519 in the cmnlib PKEY interface
--------------------------------------------------------------


CR/2704476
--------------------------------------------------------------
Title:
CheckFIDAndGetAllSerialNums has been renamed to GetAllSerialNumsForFID.

ChangeDescription:
With the introduction of the new "grace period" expiration extension,
there is now a distinction between general informational queries, which will
not consume a grace period, and license checks, which may. For the most part,
methods with "Check" in the name may consume a grace period, while "Get"
methods will not. CheckFIDAndGetAllSerialNums does not follow this pattern,
so this method is being renamed to GetAllSerialNumsForFID.
--------------------------------------------------------------


CR/2642881
--------------------------------------------------------------
Title:
Bring up Secure Camera on Lahaina

ChangeDescription:
TZ kernel and unit test changes to bring up Secure Camera on Lahaina
--------------------------------------------------------------


CR/2956263
--------------------------------------------------------------
Title:
Add placeholder for new API in CICE IDL - set ephemeral context 

ChangeDescription:
Add placeholder for new API in CICE IDL - set ephemeral context 
--------------------------------------------------------------


CR/4018214
--------------------------------------------------------------
Title:
Security profile update for ASPEN target

ChangeDescription:
Update security profile for aspen target
--------------------------------------------------------------


CR/3446460
--------------------------------------------------------------
Title:
Revert the CR3420475 changes for SM3/SM4 disablement

ChangeDescription:
Reverted the CR3420475 changes for SM3/SM4 disablement
--------------------------------------------------------------


CR/3033861
--------------------------------------------------------------
Title:
FIPS 140-3 compliance - Part 1 - Service Indicator and ECDH

ChangeDescription:
Add FIPS Approved crypto service Indicator API. Add required checks to ECDH functions to meet compliance requirements
--------------------------------------------------------------


CR/3218492
--------------------------------------------------------------
Title:
FR 76012 , support in PL to invoke TA service for image decryption after image authentication

ChangeDescription:
support in PL to invoke TA service for image decryption after image authentication. This feature can be enabled in devcfg for particular sw id
--------------------------------------------------------------


CR/2702050
--------------------------------------------------------------
Title:
This is to implement the VMDeviceUniqueKey kernel service that is to be called by a VM

ChangeDescription:
This service derives and returns a key unique to the calling VM
--------------------------------------------------------------


CR/2855689
--------------------------------------------------------------
Title:
newly added TA metadata fields description and its usage purpose not available in TA user guide

ChangeDescription:
Added  TA metadata fields (allowUntrustedClients, neverUnload, restartTA) description and its usage purpose  in TA user guide
--------------------------------------------------------------


CR/4032808
--------------------------------------------------------------
Title:
Add support for gpd.ta.doesNotCloseHandleOnCorruptObject property in GP commonlib

ChangeDescription:
Added support for gpd.ta.doesNotCloseHandleOnCorruptObject property in GP commonlib
--------------------------------------------------------------


CR/4046364
--------------------------------------------------------------
Title:
Glymur: AC_Policy_SPU_UFS_Autogen

ChangeDescription:
Glymur: AC_Policy_SPU_UFS_Autogen
--------------------------------------------------------------


CR/2543840
--------------------------------------------------------------
Title:
Wrong section created for CTLOC entry in TA documentation

ChangeDescription:
Added in section "Object-Based QTEE Service Classes" for  CTLOC service in TA documentation
--------------------------------------------------------------


CR/4038996
--------------------------------------------------------------
Title:
GIC save restore mapping stability issue in coldboot 

ChangeDescription:
Mapping for GIC backup region was passed in MB and expected format is in KB. So changed the argument 3 in mapping apii.
--------------------------------------------------------------


CR/2974847
--------------------------------------------------------------
Title:
New Services to QWES TA

ChangeDescription:
Adding two new services IProvisioning & IQWESStore to QWES TA.
--------------------------------------------------------------


CR/4024604
--------------------------------------------------------------
Title:
AccessControl Validation Macro Addition

ChangeDescription:
AccessControl Validation Macro Addition
--------------------------------------------------------------


CR/2555328
--------------------------------------------------------------
Title:
New ClockConfig Object Added

ChangeDescription:
The new ClockConfig object includes a the method setBandwidth, which allows clients to vote for desired bandwidth on a clock resource. This new object has been added to the default set of privileges.
--------------------------------------------------------------

'''