core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct d

core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct device
tree source is used:

- When CFG_CORE_FFA is enabled: use manifest DT (get_manifest_dt())
- When CFG_CORE_FFA is disabled: use external DT (get_external_dt())

The fix aligns the device tree source selection with the broader FFA
configuration, ensuring TPM log area mapping works correctly across
all FFA-enabled platforms regardless of the specific SPMC variant
(S-EL1, S-EL2, or EL3).

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix asan for CFG_WITH_PAGER=n

Some fixes are needed to make CFG_CORE_SANITIZE_KADDRESS=y work both
with and without CFG_DYN_CONFIG=y.

Sanitizing stack addresses aren't supported with CFG_DYN_

core: fix asan for CFG_WITH_PAGER=n

Some fixes are needed to make CFG_CORE_SANITIZE_KADDRESS=y work both
with and without CFG_DYN_CONFIG=y.

Sanitizing stack addresses aren't supported with CFG_DYN_CONFIG=y
since it requires extensive changes in the ASAN framework.

The VCORE_FREE area is moved right before the .asan_shadow area.

init_asan() calls boot_mem_init_asan() to tag access to already
allocated boot memory.

entry_a32.S is updated to skip allowing access to stacks in the
.asan_shadow area for CFG_DYN_CONFIG=y since stacks are stored
elsewhere in that configuration.

entry_a64.S is updated to initialize the .asan_shadow area in the same
way as in entry_a32.S.

The .asan_shadow area is mapped explicitly in collect_mem_ranges()
instead of relying on the now non-existent coverage of
MEM_AREA_TEE_RAM_RW.

CFG_DYN_CONFIG=y and CFG_WITH_PAGER=y is not yet known to work.

Fixes: 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add thread_count to thread_init_threads()

Add a thread_count parameter to thread_init_threads(). This must currently
always be equal to CFG_NUM_THREADS, but may become a dynamic configuration

core: add thread_count to thread_init_threads()

Add a thread_count parameter to thread_init_threads(). This must currently
always be equal to CFG_NUM_THREADS, but may become a dynamic configuration
parameter with CFG_DYN_CONFIG=y in later patches.

The array threads[] is changed into a pointer to allow dynamic
allocation in later patches. The assembly code is updated accordingly to
handle a pointer instead of an array.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Tested-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Si

core: dynamic allocation of thread_core_local and its stacks

With CFG_DYN_CONFIG enabled, use dynamic allocation of thread_core_local
and the two stacks, tmp_stack and abt_stack, recorded in it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add core_count to thread_init_thread_core_local()

Add a core_count parameter to thread_init_thread_core_local() to enable
dynamic configuration of the number of supported cores when configured

core: add core_count to thread_init_thread_core_local()

Add a core_count parameter to thread_init_thread_core_local() to enable
dynamic configuration of the number of supported cores when configured
with CFG_DYN_STACK_CONFIG=y, or it must be equal to
CFG_TEE_CORE_NB_CORE. This is needed in later patches where the number
of cores is configured dynamically.

The array thread_core_local[] is changed into a pointer to allow dynamic
allocation in later patches. The assembly code is updated accordingly to
handle a pointer instead of an array.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the loa

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the load address. The physical memory pool is initialized with the entire
range of secure memory, with holes carved out for already used memory.

Temporarily allocate the physical memory used by the manifest until it's
not needed any longer and released by release_manifest_dt().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move plat_get_random_stack_canaries() to common part

Other architectures (e.g. RISC-V) may want to call
plat_get_random_stack_canaries() for random stack
canaries. Move it from ARM architectur

core: move plat_get_random_stack_canaries() to common part

Other architectures (e.g. RISC-V) may want to call
plat_get_random_stack_canaries() for random stack
canaries. Move it from ARM architecture directory
to common part.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Co-developed-by: Alvin Chang <alvinga@andestech.com>
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: boot: fix calling page_alloc_init()

The functions page_alloc_init() and nex_page_alloc_init() depends on
MEM_AREA_TEE_DYN_VASPACE and MEM_AREA_NEX_DYN_VASPACE, but the memory
areas are on

core: arm: boot: fix calling page_alloc_init()

The functions page_alloc_init() and nex_page_alloc_init() depends on
MEM_AREA_TEE_DYN_VASPACE and MEM_AREA_NEX_DYN_VASPACE, but the memory
areas are only available with CFG_DYN_CONFIG so check that before
calling the functions.

Fixes: 0e12fb0c2d75 ("core: arm: boot: call page_alloc_init()")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: boot: call page_alloc_init()

Call page_alloc_init()/nex_page_alloc_init() from init_primary() after
unused boot memory has been released. virt_guest_created() calls
page_alloc_init().

Th

core: arm: boot: call page_alloc_init()

Call page_alloc_init()/nex_page_alloc_init() from init_primary() after
unused boot memory has been released. virt_guest_created() calls
page_alloc_init().

This allows virt_page_alloc() to be used instead of boot_mem_alloc() now
that boot_mem_alloc() can't be used any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: boot: add boot_init_primary_runtime()

Split the early parts of boot_init_primary_final() into
boot_init_primary_runtime(). boot_init_primary_runtime() initializes the
runtime, part of that is

core: boot: add boot_init_primary_runtime()

Split the early parts of boot_init_primary_final() into
boot_init_primary_runtime(). boot_init_primary_runtime() initializes the
runtime, part of that is to generate the PAUTH keys. The PAUTH keys are
loaded in assembly before boot_init_primary_final() is called.

This fixes an error when SPs are initialized by entering and exiting
S-EL0 from boot_init_primary_final() but the PAUTH registers hasn't been
initialized with the right values.
E/TC:0 0 Core undef-abort at address 0xe106be4
E/TC:0 0 esr 0x72000000 ttbr0 0x200000e27d000 ttbr1 0x00000000 cidr 0x0
E/TC:0 0 cpu #0 cpsr 0x60000144
E/TC:0 0 x0 0000000000000000 x1 0000000000000000
E/TC:0 0 x2 0000000000000000 x3 0000000000000000
E/TC:0 0 x4 000000000e27a060 x5 000000000e27a05c
E/TC:0 0 x6 000000000000009f x7 0000000000000083
E/TC:0 0 x8 0000000000000000 x9 0000000000004367
E/TC:0 0 x10 000000000000009f x11 0000000000000000
E/TC:0 0 x12 0000000000000000 x13 0000000040006f80
E/TC:0 0 x14 0000000000000000 x15 0000000000000000
E/TC:0 0 x16 000000000e107460 x17 0000000000000000
E/TC:0 0 x18 0000000000000000 x19 000000000e002000
E/TC:0 0 x20 000000000e300000 x21 0000000040000000
E/TC:0 0 x22 0000000000000000 x23 000000000e272830
E/TC:0 0 x24 000000000e22c250 x25 0000000000000000
E/TC:0 0 x26 0000000000000000 x27 0000000000000000
E/TC:0 0 x28 0000000000000000 x29 000000000e27a020
E/TC:0 0 x30 0a2ed3b10e1314e8 elr 000000000e106be4
E/TC:0 0 sp_el0 000000000e27a010
E/TC:0 0 TEE load address @ 0xe100000
E/TC:0 0 Core undef-abort at address 0xe106be4 .debug_info+27620
E/TC:0 0 Call stack:
E/TC:0 0 0x0e106be4 thread_enter_user_mode at core/arch/arm/kernel/thread.c:1049
E/TC:0 0 0x0e110628 sp_open_session at core/arch/arm/kernel/secure_partition.c:635
E/TC:0 0 0x0e112508 sp_init_uuid at core/arch/arm/kernel/secure_partition.c:1583
E/TC:0 0 0x0e1135f8 sp_init_all at core/arch/arm/kernel/secure_partition.c:2018
E/TC:0 0 0x0e137950 do_init_calls at core/kernel/initcall.c:20
E/TC:0 0 0x0e137b0c call_finalcalls at core/kernel/initcall.c:73

Fixes: b5ec8152f3e5 ("core: arm: refactor boot")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
Th

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
That's not true when CFG_NS_VIRTUALIZATION=y so fix this by only
unmasking when NS-virtualization isn't enabled.

Fixes: 259c34df294f ("core: arm: boot: enable native interrupts before initcalls")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically a

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks()

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks() and thread_init_thread_core_local() are
replaced by a new version of thread_init_thread_core_local() for
CFG_BOOT_INIT_THREAD_CORE_LOCAL0=y.

Move initialization of thread_core_local[] from very early to
boot_init_primary_late() where various DTBs containing run-time
configuration are available. This will be needed in later patches when
the number of configured cores can be read from DT or some other
run-time configuration.

Move the "OP-TEE version" print and following code from
boot_init_primary_late() to boot_init_primary_final()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage interrupts during OP-TEE core initialization, as for example
detecting a firewall access violation when it occurs. Before this change,
OP-TEE needed to complete its initialization and return the secure
monitor for secure interrupts to be handled.

Note that when CFG_NS_VIRTUALIZATION is enabled, initcalls called from
virt_on_stdcall() is not changed here since they are executing from a
standard call entry hence with native and foreign interrupts already
default unmasked.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: expand the fdt transfer entry right before it is being used

Move the expanding of fdt transfer entry from boot_init_primary_early
to boot_init_primary_late.

Logically expanding of the fdt ent

core: expand the fdt transfer entry right before it is being used

Move the expanding of fdt transfer entry from boot_init_primary_early
to boot_init_primary_late.

Logically expanding of the fdt entry is not required until the
system needs to update it with new nodes which happens in init primary
late.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: ffa: switch to FF-A version 1.2

Update FF-A minor version from 1 to 2. spmc_exchange_version() is
updated to take the new version into account when negotiating with a
caller.

Configurati

core: arm: ffa: switch to FF-A version 1.2

Update FF-A minor version from 1 to 2. spmc_exchange_version() is
updated to take the new version into account when negotiating with a
caller.

Configurations with SPMC at EL3 and S-EL2 supplies an SP manifest when
booting OP-TEE, read the FF-A version to use from the manifest instead
of using the hard coded version.

The configuration with SPMC at S-EL1, part of OP-TEE, keep the FF-A
version at version 1.1 when configured with CFG_NS_VIRTUALIZATION=y as
workaround to remain compatible with Xen. This workaround will not be
needed after the next Xen release and can be removed then.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add boot mem paddings to the heap

Add the paddings added due to requested alignment in boot mem
allocations to the heap.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-b

core: arm: add boot mem paddings to the heap

Add the paddings added due to requested alignment in boot mem
allocations to the heap.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guest

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guests

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in c

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in core/arch/arm/kernel/boot.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init_phys_mem() in init_tee_runtime().

Remove unused code in core_mmu_init_phys_mem() and the now unused
functions core_mmu_get_ta_range() and virt_get_ta_ram().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_save_mem_map() is added and called from
boot_init_primary_late() before the temporary memory is reused.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory internally when configured.
The non-pager configuration will unmap the memory and make it available
for TAs if needed.

__FLATMAP_PAGER_TRAILING_SPACE is removed from the link script,
collect_mem_ranges() in core/mm/core_mmu.c maps the memory following
VCORE_INIT_RO automatically.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But sec

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But secure read-only or execute core
memory is not covered as that would defeat the purpose of
CFG_CORE_RWDATA_NOEXEC.

Since the partition TA memory isn't accessed via MEM_AREA_TA_RAM any
longer, don't map it using the partition specific map.

This is needed later where unification of OP-TEE core and physical TA
memory is possible.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...