This document is used to track the commits to the TF-A LTS.
**LTS Proposal**
- https://developer.trustedfirmware.org/file/data/yhf5nfsofaqobwja5ss3/PHID-FILE-e2hxgf66tgkg3qzayfyv/TF-A_LTS_Proposal.pdf
**Guidelines for Cherry Picking**
- G1. No features will be backported.
- G2. Security advisories: Any patch that makes it into TF-A security advisories qualifies for backporting. This includes patches to external components too, e.g. libfdt.
- G3. Workarounds for CPU and other ARM IP errata qualify
- G4. Workarounds for non-ARM IP errata, e.g. TI UART qualify
- G5. Fixes for platform bugs qualify too. These patches must not modify any code outside of the specific publicly shared platform that the fix applies to.
- G6. Patches can only be backported from the master branch. In other words, the master branch will be a superset of all the changes in any LTS branch.
**Entry Criteria**
- E1. Does the commit implement a workaround published in a security advisory?
- E2. Does the commit implement a workaround for a CPU erratum?
- E3. Does the commit implement a workaround for a non-ARM IP errata, e.g. TI UART?
- E4. Does the commit implement a fix for a platform bug? If yes, is the implementation confined to the platform code?
- E5. Does the commit exist in the master branch? If not, do you have a waiver from the LTS maintainers?
**Commit List**
Generated using the following command: //git log v2.8..integration --reverse --oneline --no-merges | grep "fix\|security\|cve"//
| **Commit Description** | **Entry Criteria Passed** | **Accepted for LTS** | **Analysis** | **Commit link for lts-v2.8 branch** |
| c7e698cfd fix(cpus): workaround for Cortex-X3 erratum 2615812 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18862
| c45791b2f fix(layerscape): fix errata a008850 | Yes | Yes | Platform fix for erratum. Affects NXP platforms only. | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18863
| fa0105693 fix(nxp-ddr): use CDDWW for write to read delay | No | Yes | General bug fix for NXP platforms only | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18911
| 00bb8c37e fix(nxp-ddr): apply Max CDD values for warm boot | No | Yes | General bug fix for NXP platforms only | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18912
| 5d599b71e fix(layerscape): fix nv_storage assert checking | No | No | General bug fix for NXP platforms only
| 07d8e34fd fix(nxp-drivers): fix tzc380 memory regions config | No | Yes | General bug fix for NXP platforms only | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18914
| e0f58c7fb fix(docs): deprecate plat_convert_pk() in v2.9 | No | No | Documentation fix for the next version
| 1a0bf6e1d fix(intel): fix print out ERROR when encounter SEU_Err | No | No | General bug fix for Intel platforms only
| e6c038909 fix(intel): fix pinmux handoff bug on Agilex | No | No | General bug fix for Intel platforms only
| 8de7167eb fix(intel): fix sp_timer0 is not disabled in firewall on Agilex | No | No | General bug fix for Intel platforms only
| 68ac5fe14 fix(intel): remove checking on TEMP and VOLT checking for HWMON | No | No | General bug fix for Intel platforms only
| 7f9e9e4b4 fix(intel): mailbox store QSPI ref clk in scratch reg | No | No | General bug fix for Intel platforms only
| 4b3d323ac fix(intel): agilex bitstream pre-authenticate | No | No | General bug fix for Intel platforms only
| 5199b3b93 fix(nxp-drivers): fix fspi coverity issue | No | No | General bug fix for NXP platforms only
| e49229911 fix(nxp-crypto): fix Coverity issue | No | No | Platform fix to avoid out-of-bounds acccesses. Affects NXP platforms only.
| 334badb50 fix(nxp-crypto): fix secure boot assert inclusion | No | No | General bug fix for NXP platforms only
| c0c157a68 fix(ls1046a): 4 keys secureboot failure resolved | No | Yes | General bug fix for NXP platforms only | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18913
| 50aa0ea7a fix(lx2): init global data before using it | Yes | Yes | The commit description and the implementation point to a potential security fix for NXP platform. | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18915
| 236ca5667 fix(nxp-drivers): fix sd secure boot failure | No | No | General bug fix for NXP platforms only
| 87612eaef fix(nxp-ddr): fix underrun coverity issue | No | No | General bug fix for NXP platforms only
| 2d541cbcb fix(nxp-ddr): fix coverity issue | No | No | General bug fix for NXP platforms only
| 4daeaf341 fix(sptool): add dependency to SP image | No | Yes | Bug fix for the sptool that helps scenarios when the pkg file is not re-generated if the SP image is updated | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18949
| cd73d62b0 fix(versal): initialize the variable with value 0 in pm code | No | No | General bug fix for Xilinx platforms only
| c92ad369c fix(zynqmp): check return status of pm_get_api_version | No | No | General bug fix for Xilinx platforms only
| 85a14bc0a fix(rss): remove null-terminator from RSS metadata | No | No | General bug fix for lib/psa
| 5fb6946ad fix(console): fix crash on spin_unlock with cache disabled | No | Yes | Bug fix for the console driver that can result in potentially fatal errors or crashes | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18950
| ff1d2ef38 fix(el3_runtime): restore SPSR/ELR/SCR after esb | No | Yes | Bug fix for lib/el3_runtime issue that can restore EA status from incorrect context causing further issues on the platforms that use it | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18951
| e65584a01 fix(zynqmp): initialize uint32 with value 0U in pm code | No | No | General bug fix for Xilinx platforms only
| c42402cdf fix(intel): fix fcs_client crashed when increased param size | Yes | Yes | Fixes a security issue for Intel platforms | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18864
| 55a7aa925 fix(rss): do not consider MHU_ERR_ALREADY_INIT as error | No | No | General bug fix for drivers/arm/rss
| 4fa0f0973 fix(nxp-tools): fix coverity issue | No | No | General bug fix for NXP platforms only
| e83812f11 fix(nxp-ddr): add checking return value | No | No | General bug fix for NXP platforms only
| 0ca1d8fba fix(layerscape): unlock write access SMMU_CBn_ACTLR | Yes | Yes | Errata fix for NXP platforms only | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18865
| b96253db0 fix(trp): preserve RMI SMC X4 when not used as return | No | No | General bug fix for services/trp
| be7195d06 fix(st-pmic): enclose macro parameter in parentheses | No | No | General bug fix for ST platforms only
| 3cebeec2a fix(st-pmic): define pmic_regs table size | No | No | General bug fix for ST platforms only
| 68083e7ad fix(st-regulator): explicitly check operators precedence | No | No | General bug fix for ST platforms only
| 6a3ffb539 fix(st-regulator): rework for_each_*rdev macros | No | No | General bug fix for ST platforms only
| 91af163cb fix(st-regulator): enclose macro parameters in parentheses | No | No | General bug fix for ST platforms only
| 9a00daf9d fix(st-regulator): use Boolean type for tests | No | No | General bug fix for ST platforms only
| c3ae7da02 fix(st-clock): use Boolean type for tests | No | No | General bug fix for ST platforms only
| 69a2e320b fix(st-clock): remove useless switch | No | No | General bug fix for ST platforms only
| ee21709e9 fix(st-clock): give the size for parent_mp13 and dividers_mp13 tables | No | No | General bug fix for ST platforms only
| 4198fa1db fix(st-clock): avoid arithmetics on pointers | No | No | General bug fix for ST platforms only
| 56048fe21 fix(st): explicitly check operators precedence | No | No | General bug fix for ST platforms only
| 9c1aa1253 fix(st): add U suffix for unsigned numbers | No | No | General bug fix for ST platforms only
| e7d75448b fix(st): use indices when counting GPIOs in DT | No | No | General bug fix for ST platforms only
| 0ebaf2228 fix(st): rework secure-status check in fdt_get_status() | No | No | General bug fix for ST platforms only
| 45d2d495e fix(st): use Boolean type for tests | No | No | General bug fix for ST platforms only
| d7f5bed90 fix(stm32mp1): add const for strings in stm32mp_get_soc_name() | No | No | General bug fix for ST platforms only
| 127ed0008 fix(stm32mp1): rework DWL buffer cache invalidation | No | No | General bug fix for ST platforms only
| 029f81e04 fix(st-sdmmc): check transfer size before filling register | No | No | General bug fix for ST platforms only
| 5d942ff19 fix(st-gpio): define shift as uint32_t | No | No | General bug fix for ST platforms only
| dc0ca64e4 fix(rmmd): add missing padding to RMM Boot Manifest and initialize it | No | No | This fix might be critical to the way EL3 and RMM interact.
| b87b02cf1 fix(cpus): workaround for Cortex-A710 erratum 2768515 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18866
| 1cfde8222 fix(cpus): workaround for Cortex-X2 erratum 2768515 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18867
| def7590b3 fix(el3-spmc): improve bound check for descriptor | Yes | No | Fixes potential buffer overflow or stack overflow issues
| 1543d17b9 fix(el3-spmc): fix coverity scan warnings | Yes | No | Fixes potential issue where emad descriptor might be compromised
| 3354915ff fix(tsp): use verbose for power logs | No | No | Minor bug fix for TSP
| 3a3e0e537 fix(rdn1edge): change variable type to fix gcc sign conversion error | No | No | General bug fix for Arm platforms
| f0f2c9036 fix(scmi): change function prototype to fix gcc error | No | No | General bug fix for SCMI driver
| a0d5147b8 fix(gpt_rme): fix compilation error for gpt_rme.c | No | No | Fixes compilation error with gpt_rme.c
| 0ee07d796 fix(Xilinx): use lib/smccc.h macros instead of trusty spd | No | No | General bug fix for Xilinx platforms only
| 377846b65 fix(st): include utils.h to solve compilation error | No | Yes | Fixes compilation error with stm32mp_crypto_lib.c. Confirmed by platform maintainer. | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18952
| e61713b00 fix(el3_runtime): do not save scr_el3 during EL3 entry | No | No | General bug fix for lib/el3_runtime
| 1cbe42a51 fix(el3_runtime): allow SErrors when executing in EL3 | No | Yes | Critical bug fix to keep EA enabled when executing in EL3 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18953
| 1ee7c8232 fix(cpus): workaround for Neoverse N2 erratum 2743089 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18868
| b10afcce5 fix(cpus): workaround for Cortex-A78 erratum 2772019 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18869
| 31747f057 fix(cpus): workaround for Neoverse V1 erratum 2743093 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18870
| 2fff46c80 fix(tc): change the properties of optee reserved memory | No | No | General bug fix for TotalCompute platform
| 95302e4b2 fix(arm): arm_rotpk_header undefined reference | No | No | Fixes compilation error for Arm platforms
| 4e46db40f fix(Xilinx): resolve integer handling issue | No | No | General bug fix for Xilinx platforms only
| 76ed32236 fix(intel): add mailbox error return status for FCS_DECRYPTION | No | No | General bug fix for Intel platforms only
| b34a48c1c fix(intel): missing NCORE CCU snoop filter fix in BL2 | No | Needs input | Fixes a hardware issue with the snoop filtering on Intel platforms
| 62cd8f314 fix(el3-spmc): report execution state in partition info get | No | No | General bug fix
| 9bff7ce37 fix(qemu-sbsa): enable SVE and SME | No | No | General bug fix
| d0b58c8a9 fix(zynqmp): remove redundant api_version check | No | No | General bug fix. Fixes compilation warning
| 90c4b3b62 fix(renesas): align incompatible function pointers | No | No | General bug fix. Fixes compilation warning
| 9f58bfbbe fix(brcm): add braces around bodies of conditionals | No | No | General bug fix. Fixes MISRA warning
| 02af589cf fix(st-usb): replace redundant checks with asserts | No | No | General bug fix
| 78fbb0ec8 fix(gic): wrap cache enabled assert under plat_can_cmo | No | Needs input | Fixes a boot issue with dcache disabled
| d1d8a9bad fix(st): make metadata_block_spec static | No | No | Fixes sparse warning. Looks like a compilation fix.
| 6e55f9e2c fix(stm32mp1): add missing platform.h include | No | No | Fixes sparse warning. Looks like a compilation fix.
| 70a422ba8 fix(st-crypto): set get_plain_pk_from_asn1() static | No | No | Fixes sparse warning. Looks like a compilation fix.
| 6b3ca0a81 fix(st-crypto): remove platdata functions | No | No | Fixes sparse warning
| e9e4a2a6f fix(auth): only accept v3 X.509 certificates | No | No | General bug fix
| fd37982a1 fix(auth): forbid junk after extensions | Yes | Yes | Fix for security advisory 10 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18871
| 72460f50e fix(auth): require at least one extension to be present | Yes | Yes | Fix for security advisory 10 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18872
| f47547b35 fix(auth): reject invalid padding in digests | No | No | General bug fix
| a8c8c5ef2 fix(auth): reject padding after BIT STRING in signatures | No | No | General bug fix
| 8816dbb38 fix(auth): require bit strings to have no unused bits | No | No | General bug fix
| ca34dbc0c fix(auth): reject junk after certificates | No | No | General bug fix
| 7e3f6a87d fix(plat/tc): increase TC_TZC_DRAM1_SIZE | No | No | General bug fix
| 40e740dc1 fix(fconf): make struct fconf_populator static | No | No | Fixes sparse warning
| 06c01b085 fix(libc): properly define SCHAR_MIN | No | Yes | Fixes a potential security issue if not used correctly | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18954
| 0e0bd250e fix(mpam): remove unwanted param for "endfunc" macro | No | No | General bug fix
| 89d85ad0a fix(cpus): workaround for Cortex-A710 erratum 2282622 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18873
| 8c23775e8 fix(versal-net): resolve misra 10.6 warnings | No | No | General bug fix
| 21d1966a2 fix(versal-net): resolve misra rule 20.7 warnings | No | No | General bug fix
| 2d056db4e fix(versal-net): clear power down interrupt status before enable | No | No | General bug fix
| 1f79bdfd9 fix(versal-net): fix setting power down state | No | No | General bug fix
| 5f0f7e47e fix(versal-net): clear power down bit during wakeup | No | No | General bug fix
| e663f09b3 fix(versal-net): disable wakeup interrupt during client wakeup | No | No | General bug fix
| 39fffe552 fix(versal-net): enable wake interrupt during client suspend | No | No | General bug fix
| abb8f936f fix(auth): avoid out-of-bounds read in auth_nvctr() | Yes | Yes | Fix for security advisory 10 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18874
| f5c51855d fix(auth): properly validate X.509 extensions | Yes | Yes | Fix for security advisory 10 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18875
| 0fe002c9b fix(versal): print proper atf handoff source | No | No | General bug fix
| f9c6301d7 fix(cpus): workaround for Cortex-X2 erratum 2282622 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18876
| 81f525ecc fix(ti): fix typo in boot authentication message name | No | No | General bug fix
| 60719e4e0 fix(plat/css): fix invalid redistributor poweroff | No | Yes | General bug fix | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18955
| f15659076 fix(zynqmp): fix xck24 silicon ID | No | No | General bug fix
| 600c8f7d9 fix(stm32mp15-fdts): use interrupts-extended for i2c2 | No | No | General bug fix. Fixes compilation warning.
| 8406db14f fix: add parenthesis for tests in MIN, MAX and CLAMP macros | No | No | General bug fix
| e0c56fd71 fix(fdt-wrappers): use correct prototypes | No | No | General bug fix for sparse warnings
| 06d223cb4 fix(io): compare function pointers with NULL | No | No | General bug fix for sparse warnings
| 654b65b36 fix(auth): use NULL instead of 0 for pointer check | No | No | General bug fix for sparse warnings
| 03bd48102 fix(console): correct scopes for console symbols | No | No | General bug fix for sparse warnings
| 28dc82580 fix(libc): remove __putchar alias | No | No | General bug fix for sparse warnings
| 7d1700c4d fix(cpus): workaround for Cortex-A78 erratum 2779479 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18956
| 2757da061 fix(cpus): workaround for Neoverse V1 errata 2779461 | Yes | Yes | CPU errata qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18957
| 129066203 fix(partition): add missing curly braces | No | No | General bug fix for MISRA
| d1c6c4955 fix(partition): add U suffix for unsigned numbers |No | No | General bug fix for MISRA
| 14cda5168 fix(mmc): explicitly check operators precedence | No | No | General bug fix for MISRA
| bf78a6504 fix(mmc): do not modify r_data in mmc_send_cmd() | No | No | General bug fix for MISRA
| 53cbc9496 fix(mmc): align part config type | No | No | General bug fix for MISRA
| 00230e37e fix(cpus): workaround for Cortex-A78C erratum 2772121 | Yes | Yes | CPU errata fix qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/19082
| 695a48b5b fix(psci): tighten psci_power_down_wfi behaviour | No | No | General bug fix
| aea4ccf8d fix(cpus): workaround for Cortex-A510 erratum 2684597 | Yes | Yes | CPU errata fix qualifies automatically | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/19083
| cca91b7ae docs(measured-boot): fix few typos | No | No | General bug fix for the documentation
| d7156d412 docs(security): security advisory for CVE-2022-47630 | Yes | Yes | Documentation for security advisory 10 | https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/19090
| 355dc3d4d fix(versal-net): populate gic v3 rdist data statically | No | No | Platform bug fix. Not a security issue.