core: prefix header file guard names with __

Improves header files guard names consistency by using a __ prefix
where missing.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by:

core: prefix header file guard names with __

Improves header files guard names consistency by using a __ prefix
where missing.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove boot_get_handlers()

struct thread_handlers is used to pass the entry functions
for different power management events. In practice only .cpu_on is used
and with the default function at t

core: remove boot_get_handlers()

struct thread_handlers is used to pass the entry functions
for different power management events. In practice only .cpu_on is used
and with the default function at that. In the ARMv7 case where the
secure monitor replaces TF-A not even that function entry is used.

Remove struct thread_handlers and boot_get_handlers(). When configured
with TF-A initialize thread_*_handler_ptr with __weak default functions.

The __weak default PM functions
- thread_cpu_off_handler()
- thread_cpu_suspend_handler()
- thread_cpu_resume_handler()
- thread_system_off_handler()
- thread_system_reset_handler()
can be overridden by platforms when needed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm: remove #ifdef around CFG_SM_PLATFORM_HANDLER

Use IS_ENABLED() and weak attribute to remove conditional statement
at pre-compilation time. Keep IS_ENABLED(CFG_SM_PLATFORM_HANDLER)
in the de

core: sm: remove #ifdef around CFG_SM_PLATFORM_HANDLER

Use IS_ENABLED() and weak attribute to remove conditional statement
at pre-compilation time. Keep IS_ENABLED(CFG_SM_PLATFORM_HANDLER)
in the decision to ensure weak function is not even called when
CFG_SM_PLATFORM_HANDLER is disabled, for fast path consideration of
secure monitor traversal.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

Replace ASM with compiler-builtin __ASSEMBLER__

The C preprocessor predefines __ASSEMBLER__ with value 1 when when
preprocessing assembly language, see [1]. Instead of using a special
defines, let's

Replace ASM with compiler-builtin __ASSEMBLER__

The C preprocessor predefines __ASSEMBLER__ with value 1 when when
preprocessing assembly language, see [1]. Instead of using a special
defines, let's use the define already provided.

Link: [1] https://gcc.gnu.org/onlinedocs/cpp/Standard-Predefined-Macros.html

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: Enable user-space access to counter regs

To enable function execution time support in function tracing output,
user-space ftrace framework needs to access frequency register and
physic

core: ftrace: Enable user-space access to counter regs

To enable function execution time support in function tracing output,
user-space ftrace framework needs to access frequency register and
physical counter register. So enable user-space access.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm: explicit return value for sm_from_nsec()

Define macros to explicit return value for sm_from_nsec() used
in monitor assembly trampoline to invoke either secure or non-secure
world.

Signed-

core: sm: explicit return value for sm_from_nsec()

Define macros to explicit return value for sm_from_nsec() used
in monitor assembly trampoline to invoke either secure or non-secure
world.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu)

show more ...

core: sm: embed sm_platform_handler upon CFG_SM_PLATFORM_HANDLER

When CFG_SM_PLATFORM_HANDLER is disabled don't even call platform
handler which is not embedded. This change aligns sm_platform_handl

core: sm: embed sm_platform_handler upon CFG_SM_PLATFORM_HANDLER

When CFG_SM_PLATFORM_HANDLER is disabled don't even call platform
handler which is not embedded. This change aligns sm_platform_handler()
and std_handler() in secure monitor integration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: explicit return value for sm_platform_handler()

Changes sm_platform_handler() to explicitly return whether the SMC
was handled or if it shall be relayed to another layer. Prior this
change the

core: explicit return value for sm_platform_handler()

Changes sm_platform_handler() to explicitly return whether the SMC
was handled or if it shall be relayed to another layer. Prior this
change the function returned false when the SMC had been handled and
true otherwise which are not obvious return values.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: sm: optimize padding in struct sm_ctx

Removes redundant padding in struct sm_ctx and sub-structs with regards
to CFG_SM_NO_CYCLE_COUNTING. Saves 4 bytes per core if
CFG_SM_NO_CYCLE_COUNT

core: arm: sm: optimize padding in struct sm_ctx

Removes redundant padding in struct sm_ctx and sub-structs with regards
to CFG_SM_NO_CYCLE_COUNTING. Saves 4 bytes per core if
CFG_SM_NO_CYCLE_COUNTING is defined.

Removes assumptions in monitor assembly code about where the padding in
struct sm_ctx is located.

Adds compile time asserts are added to check that struct sm_ctx is
properly aligned.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: sm: initialize PMCR.DP to 1 and save/restore PMCR

Introduce CFG_SM_NO_CYCLE_COUNTING to intitialize PMCR.DP to 1 and
save/restore PMCR on world switch. Similar to what is done in ARM TF
c

core: arm: sm: initialize PMCR.DP to 1 and save/restore PMCR

Introduce CFG_SM_NO_CYCLE_COUNTING to intitialize PMCR.DP to 1 and
save/restore PMCR on world switch. Similar to what is done in ARM TF
commit 3e61b2b54336 ("Init and save / restore of PMCR_EL0 / PMCR") [1].

The purpose of this is to (hopefully) make attacks such as CLKSCREW [2]
harder to mount, although it is likely that timing information could be
obtained via other means.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Link: [1] https://github.com/ARM-software/arm-trusted-firmware/commit/3e61b2b54336
Link: [2] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: sm: rename struct sm_mode_regs to sm_unbanked_regs

struct sm_mode_regs will soon be used to store one non-banked register
other then the mode registers (PMCR). Rename it to sm_unbanked_re

core: arm: sm: rename struct sm_mode_regs to sm_unbanked_regs

struct sm_mode_regs will soon be used to store one non-banked register
other then the mode registers (PMCR). Rename it to sm_unbanked_regs.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are

Remove license notice from STMicroelectronics files

Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: arm: psci: add suspend resume common functions

Add cpu suspend/resume common functions.

Platform psci suspend functions need to call
sm_pm_cpu_suspend(arg, platform_suspend) to runs into susp

core: arm: psci: add suspend resume common functions

Add cpu suspend/resume common functions.

Platform psci suspend functions need to call
sm_pm_cpu_suspend(arg, platform_suspend) to runs into suspend.

The i.MX flow is:
psci_cpu_suspend->imx7_cpu_suspend->sm_pm_cpu_suspend(arg, func)
The "func" runs in on-chip ram that not losing power when
system runs into suspend or low power state. Argument "arg" is
passed to function "func" as argument through register "r0".

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform.

The file 'api_monitor_index.h' is synced to a an out-of-tree file and
so we should ignore formatting. Add this exeption to checkpatch.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Daniel Allred <d-allred@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm: use stack_tmp for sm_from_nsec()

As the C function sm_from_nsec() used by the secure monitor is expected
to be extended over time it needs a larger stack. With this patch the
secure monito

core: sm: use stack_tmp for sm_from_nsec()

As the C function sm_from_nsec() used by the secure monitor is expected
to be extended over time it needs a larger stack. With this patch the
secure monitor uses stack_tmp. The first part of stack_tmp is
permanently reserved for secure and non-secure contexts.

Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3)
Tested-by: Andrew F. Davis <afd@ti.com> (plat-ti)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm-b2260)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7 & v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: redesign secure monitor

The secure monitor is redesigned to make it easier to register services.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jen

core: redesign secure monitor

The secure monitor is redesigned to make it easier to register services.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: sm: [bugfix] save/restore fiq core registers

Currently there's a security problem with the FIQ registers for armv7
targets, both with leaking information and that normal world can change
stack

arm: sm: [bugfix] save/restore fiq core registers

Currently there's a security problem with the FIQ registers for armv7
targets, both with leaking information and that normal world can change
stack pointer for FIQ mode. This patch fixes this problem.

Saves and restores FIQ core registers (spsr, sp, lr) when switching
secre/non-secure state.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (modified QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Rename arm32 architecture to arm

Renames arm32 directories to arm.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by

Rename arm32 architecture to arm

Renames arm32 directories to arm.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...