plat-ti: Disable SECURE_DATA_PATH until xtest is fixed

While SDP support is being re-worked disable support by default to
prevent failing test cases. This will be re-enabled when the REE-side
suppor

plat-ti: Disable SECURE_DATA_PATH until xtest is fixed

While SDP support is being re-worked disable support by default to
prevent failing test cases. This will be re-enabled when the REE-side
support is restored.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Disable SECURE_DATA_PATH until xtest is fixed

While SDP support is being re-worked disable support by default to
prevent failing test cases. This will be re-enabled when the REE-side
suppor

plat-k3: Disable SECURE_DATA_PATH until xtest is fixed

While SDP support is being re-worked disable support by default to
prevent failing test cases. This will be re-enabled when the REE-side
support is restored.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: link: generate entry_point_address.txt for uTee image

For some platforms like mx7ulpevk, the `UL` attribute for CFG_DRAM_BASE
is necessary to avoid the following error:

$ PLATFORM=imx-mx

core: imx: link: generate entry_point_address.txt for uTee image

For some platforms like mx7ulpevk, the `UL` attribute for CFG_DRAM_BASE
is necessary to avoid the following error:

$ PLATFORM=imx-mx7ulpevk make uTee
core/mm/mobj.c: In function ‘mobj_init’:
./out/arm-plat-imx/include/generated/conf.h:222:64: warning: integer overflow in expression of type ‘int’ results in ‘-1644167168’ [-Woverflow]
222 | #define CFG_TZDRAM_START (0x60000000 - 0x01e00000 - 0x00200000 + 0x40000000)
| ^

However, this `UL` attribute prevents the shell from properly computing
the CFG_TZDRAM_START value :

$ PLATFORM=imx-mx7ulpevk make uTee
bash: (UL(0x60000000) - 0x01e00000 - 0x00200000 + 0x40000000): missing `)' (error token is "(0x60000000) - 0x01e00000 - 0x00200000 + 0x40000000)")

To address both issues, remove the `UL` attribute from CFG_TZDRAM_START
with Makefile string substitution.

Fixes: 0f8347dcafe ("core: imx: generate uImage for imx6 and imx7 platforms")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: plat-ls: correct CAAM JR interrupt numbers

CAAM JR interrupt numbers for some of platforms were configured
wrong, corrected it.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by

core: plat-ls: correct CAAM JR interrupt numbers

CAAM JR interrupt numbers for some of platforms were configured
wrong, corrected it.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to each device.

KEK is fed in hardware into the AES engine inside DMSC/SMS. The efuses
carrying the KEK are marked as read and write protected. As a result,
KEK is only accessible via the AES engine in DMSC/SMS.

System Firmware provides API to obtain a key derived from KEK(DKEK) for
encryption/decryption which is accessible through TI-SCI protocol.

The DKEK will be used in K3 SOCs to initialize HUK for Secure Storage.

Adds TI_SCI_MSG_SA2UL_GET_DKEK in TISCI protocol to extract the DKEK from
K3 SOCs and initialize HUK.

Further details can be found in the TISCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip (SoC) such as those
in keystone family K3 SoC to communicate between various compute
processors with a central system controller entity.

TISCI message protocol provides support for management of various
hardware entities within the SoC. Add support driver to allow
communication with system controller entity within the SoC using the
Secure Proxy.

Introduce the basic registration and query capability for the
driver protocol as part of this change. Subsequent patches add in
functionality specific to the TI-SCI features.

Further information can be found in TI-SCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication pa

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication path from various processors
in the System on Chip(SoC) to a central System Controller.

Secure Proxy instance exposes "threads" or "proxies" which is
primary representation of "a" communication channel. Each thread is
preconfigured by System controller configuration based on SoC usage
requirements. Secure proxy by itself represents a single "queue" of
communication but allows the proxies to be independently operated.

For communication with TISCI, Secure Proxy driver is required in OP-TEE.

NOTE: Secure proxy configuration is only done by System Controller,
hence these are assumed to be pre-configured instances.

Provide the driver support for Secure Proxy and thread instances.

Tested on AM65x.

See AM65x Technical Reference Manual (SPRUID7E, April 2018)
for further details: https://www.ti.com/lit/ug/spruid7e/spruid7e.pdf

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't updated as part of this change, so
currently it doesn't compile. Fix this and get aligned with the new
naming.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any o

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any overhead and the behaviour is unchanged. With
CFG_MEMTAG=y a check is performed to see if the platform can support MTE
and the API is dynamically configured accordingly. This means that it's
safe to have CFG_MEMTAG=y even for platforms not supporting MTE. There
will be some minimal overhead then, but likely not noticeable.

An entry is also added in the TEE_PROPSET_TEE_IMPLEMENTATION for a u32
property "org.trustedfirmware.optee.cpu.feat_memtag_implemented". The
property is set to a non-zero value only if CFG_CORE_MEMTAG is
configured and the underlying CPU supports FEAT_MTE.

This commit still only uses the default tag with the value 0 resulting
in unchanged pointers when accessing memory. However, all plumbing is in
place allowing for instance tagging of the heap in a later commit.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as t

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as tagged memory when supported.

Memory potentially shared with non-secure world or other firmware should
not be mapped as tagged since we don't have control over the tags then.

The mappings used by TEE_MATTR_MEM_TYPE_TAGGED is replaced by
TEE_MATTR_MEM_TYPE_CACHED if MTE isn't supported or configured.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerom

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flav

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flavor is
supported.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carr

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename mobj_get_cattr() to mobj_get_mem_type()

Renames mobj_get_cattr() to mobj_get_mem_type(). The mobj operation
get_ctype() is also renamed to get_mem_type().

This commit is only about ren

core: rename mobj_get_cattr() to mobj_get_mem_type()

Renames mobj_get_cattr() to mobj_get_mem_type(). The mobj operation
get_ctype() is also renamed to get_mem_type().

This commit is only about renaming ctype to mem_type, no changes in
behaviour.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: vfp_a32: check the existence of FPU NEON by CPACR

Almost all Cortex-A processors come with a Floating-Point Unit (FPU)
and most also have a NEON unit. However, use of registers D16-D31 of
the V

arm: vfp_a32: check the existence of FPU NEON by CPACR

Almost all Cortex-A processors come with a Floating-Point Unit (FPU)
and most also have a NEON unit. However, use of registers D16-D31 of
the VFP register file depends on the processor's FPU implementation.

Arm coprocessor access control register (CPACR.D32DIS) indicates if
FPU and Advanced SIMD is implemented. Check this bit to see if the
processor is supported or not.

Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lpae: check return value of core_mmu_xlat_table_entry_pa2va()

Since core_mmu_xlat_table_entry_pa2va() can return a NULL pointer, check
its return value before the memcpy().

Fixes: 8bdbbf2f5 (

core: lpae: check return value of core_mmu_xlat_table_entry_pa2va()

Since core_mmu_xlat_table_entry_pa2va() can return a NULL pointer, check
its return value before the memcpy().

Fixes: 8bdbbf2f5 ("core: lpae: add internal core_mmu_entry_copy()")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-aspeed: ast2600: control HACE into Secure World

1. Prohibit non-secure access to HACE controller
2. Grant TEE secure memory access to HACE.

Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Ac

plat-aspeed: ast2600: control HACE into Secure World

1. Prohibit non-secure access to HACE controller
2. Grant TEE secure memory access to HACE.

Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-rockchip: rk3399: define GICC_BASE

Commit 60801696667d ("plat: arm: refactor GIC initialization") has
introduced a build regression for Rockchip:

$ make -s PLATFORM=rockchip-rk3399
core/arch

plat-rockchip: rk3399: define GICC_BASE

Commit 60801696667d ("plat: arm: refactor GIC initialization") has
introduced a build regression for Rockchip:

$ make -s PLATFORM=rockchip-rk3399
core/arch/arm/plat-rockchip/main.c: In function ‘main_init_gic’:
core/arch/arm/plat-rockchip/main.c:29:29: error: ‘GICC_BASE’ undeclared (first use in this function); did you mean ‘GIC_BASE’?
29 | gic_init(&gic_data, GICC_BASE, GICD_BASE);
| ^~~~~~~~~
| GIC_BASE

Fix it by defining GICC_BASE unconditionally as most platforms do.
The value is taken from the DTS file from the Linux kernel [1].

Fixes: 60801696667d ("plat: arm: refactor GIC initialization")
Link: [1] https://github.com/torvalds/linux/blob/v5.17/arch/arm64/boot/dts/rockchip/rk3399.dtsi#L542
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat: arm: fix refactor GIC initialization

Commit 60801696667d ("plat: arm: refactor GIC initialization") converts
functions gic_init_base_addr() and gic_init() to take physical addresses
instead of

plat: arm: fix refactor GIC initialization

Commit 60801696667d ("plat: arm: refactor GIC initialization") converts
functions gic_init_base_addr() and gic_init() to take physical addresses
instead of virtual, but only converts half the platforms. This causes
boot failure on all the others.

Convert the rest here.

Fixes: 60801696667d ("plat: arm: refactor GIC initialization")
Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: wrap lines >80 characters; cite commit using commonly used format]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: fix function definition when CFG_CAAM_NO_ITR=y

There is a bug in the CAAM JR interruption enablement logic. When
CFG_CAAM_NO_ITR=y, the JR interruptions are used and when
CFG_CAAM_NO_

drivers: caam: fix function definition when CFG_CAAM_NO_ITR=y

There is a bug in the CAAM JR interruption enablement logic. When
CFG_CAAM_NO_ITR=y, the JR interruptions are used and when
CFG_CAAM_NO_ITR=n, the JR interruptions are not used.

Even with this wrong logic, the CAAM is still able to enqueue jobs.
When no JR interruptions are received, the CAAM will manually dequeue
jobs from the jobring by checking the number of jobs done in the output
ring slots full register.

CAAM JR interruptions are not mandatory for the CAAM to work properly
but it makes the dequeuing faster than polling the output ring slot full
register.

To avoid confusion, replace CFG_CAAM_NO_ITR with CFG_CAAM_ITR. The
CFG_CAAM_ITR is enabled by default and platforms not using the JR
interruptions would have this flag disabled instead.

Fixes: 3f45afc31 ("drivers: caam: disable the use of interrupts for some platforms")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: dump TZASC state after lockdown

Call the TZASC configuration dump after the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.fo

drivers: imx: dump TZASC state after lockdown

Call the TZASC configuration dump after the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: tzc380: register TZC380 memory registers

Register TZASC memory registers for TZASC and eventually TZASC2.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissi

drivers: imx: tzc380: register TZC380 memory registers

Register TZASC memory registers for TZASC and eventually TZASC2.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...