core: imx: add UART4 base address for iMX8QM/QP

Some iMX8QM boards use the UART4.

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Clément Péron <peron.clem@gmail.com>

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gab

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this u

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this uImage requires:
- optee-os load address. This address is fetched in the tee.elf file
with readelf.
- mkimage u-boot-tools. This tool takes the load address and the
tee-raw.bin as an input to generate the uImage uTee.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this pag

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this page. This is done to make sure that no other data in
the same page as the original fdt is leaked to the SP.
After the SP is done initializing we free the page from the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by:

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <je

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC mani

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC manifest format.

The fdt will be appended to the SP image by adding a --manifest flag to
the scripts/ts_bin_to_c.py script.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pager: export __{text,rodata}_{init,pageable}_{start,end}

Add symbols __text_pageable_start, __text_pageable_end,
__rodata_pageable_start and __rodata_pageable_end. They will later be
used by

core: pager: export __{text,rodata}_{init,pageable}_{start,end}

Add symbols __text_pageable_start, __text_pageable_end,
__rodata_pageable_start and __rodata_pageable_end. They will later be
used by the attestation PTA.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: aslr: pass '-z text' linker option

On arm64, all the relocations in read-only segments have been fixed
in previous commits, pass the '-z text' linker option to detect if some
unexpected

core: arm64: aslr: pass '-z text' linker option

On arm64, all the relocations in read-only segments have been fixed
in previous commits, pass the '-z text' linker option to detect if some
unexpected relocations are introduced by mistake.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tag ops structures with __relrodata_unpaged

Global structures currently tagged with __rodata_unpaged need to use
__relrodata_unpaged instead because they contain pointers which are
subject to

core: tag ops structures with __relrodata_unpaged

Global structures currently tagged with __rodata_unpaged need to use
__relrodata_unpaged instead because they contain pointers which are
subject to relocation when CFG_CORE_ASLR=y. Doing so moves them out of
.rodata which will now stay unmodified even with ASLR turned on.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: compiler.h: introduce __relrodata_unpaged(x)

Introduce macro __relrodata_unpaged(x) to mark data that need to be
unpaged and are essentially read-only but may contain relocations when
ASLR is

core: compiler.h: introduce __relrodata_unpaged(x)

Introduce macro __relrodata_unpaged(x) to mark data that need to be
unpaged and are essentially read-only but may contain relocations when
ASLR is enabled, hence "relocatable read-only". When ASLR is turned off,
the macro is identical to __rodata_unpaged(x). When ASLR is on however,
the data is emitted in section .data.rel.ro.__unpaged.x which is later
gathered by the linker file into the output section .data.rel.ro which
is mapped read only at runtime (after relocations are processed) and
is also unpaged (when pager is enabled).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: move .scattered_array* into .data.rel.ro

Moves the symbols tagged with .scattered_array* from the .rodata output
section into a new output section: .data.rel.ro, which is also writ

core: kern.ld.S: move .scattered_array* into .data.rel.ro

Moves the symbols tagged with .scattered_array* from the .rodata output
section into a new output section: .data.rel.ro, which is also writeable
(hence the suppression of __SECTION_FLAGS_RODATA in scattered_array.h)
but placed in tee.elf to be mapped read-only after relocations are
applied. The new section is created only when core ASLR is enabled,
otherwise no relocation can occur and we can keep the previous code.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: move boot_mmu_config and cached_mem_end to .identity_map.data

boot_mmu_config and cached_mem_end need to be reachable from the
identity map, hence contained in .text, but they are not s

core: arm64: move boot_mmu_config and cached_mem_end to .identity_map.data

boot_mmu_config and cached_mem_end need to be reachable from the
identity map, hence contained in .text, but they are not strictly
read-only. Therefore move them to .identity_map.data.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add delimited area in .text to store data

A few variables such as boot_mmu_config are stored within the .text
section of tee.elf, because they need to be reachable from the identity
mapping wh

core: add delimited area in .text to store data

A few variables such as boot_mmu_config are stored within the .text
section of tee.elf, because they need to be reachable from the identity
mapping which covers a subset of .text. Having them here however is a
problem when one wants to measure (hash) the .text section because the
runtime content may be different from the content in the tee.elf. In
order to workaround this issue, allocate an area in the .text section
to gather the data that are modified at boot time. Symbols tagged with
.identity_map.data will be stored there. Two delimiters are introduced:
__text_data_start and __text_data_end.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

kernel/linker.h: export __text_end

Add __text_end to <kernel/linker.h>. Can be used for example to compute
a hash of the TEE executable code in a remote attestation scenario.

Signed-off-by: Jerome

kernel/linker.h: export __text_end

Add __text_end to <kernel/linker.h>. Can be used for example to compute
a hash of the TEE executable code in a remote attestation scenario.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rcar: suppress text relocations in romapi_call.S

Replace address loads from the literal pool (ldr xN, =sym), which are
subject to relocations, with a PC-relative address loads (adr_l xN, sym)
t

plat-rcar: suppress text relocations in romapi_call.S

Replace address loads from the literal pool (ldr xN, =sym), which are
subject to relocations, with a PC-relative address loads (adr_l xN, sym)
to which the TEE load offset is added. The adr_l macro is used because
the symbols may be far away.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this oc

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this occurs
when switching from the reduced kernel mapping to the full mapping, the
code offset needs to be loaded from somewhere readily accessible at that
point, that is the stack.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations in icache_inv_user_range()

When CFG_CORE_UNMAP_CORE_AT_EL0=y (default), icache_inv_user_range() uses
addresses from the literal pool (ldr xN, =label) to jump t

core: arm64: suppress text relocations in icache_inv_user_range()

When CFG_CORE_UNMAP_CORE_AT_EL0=y (default), icache_inv_user_range() uses
addresses from the literal pool (ldr xN, =label) to jump to/from the
reduced mapping. Use adr and apply the code offset instead to eliminate
the relocations when ASLR is turned on.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress some text relocations in thread_a64.S

A couple of locations in thread_a64.S use 'ldr xN, =symbol' to load
the address of 'symbol'. Doing so creates an entry in the literal pool

core: arm64: suppress some text relocations in thread_a64.S

A couple of locations in thread_a64.S use 'ldr xN, =symbol' to load
the address of 'symbol'. Doing so creates an entry in the literal pool
which is subject to relocaton. In these cases, it is unnecessary because
the code is already running in the relocated VA space, so the PC-relative
macro 'adr_l xN, symbol' would load the proper address. Use this syntax
instead.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations in thread_optee_smc_a64.S

The readjust_pc macro in thread_optee_smc_a64.S relies on loading the
address of a local label (1111f:) from the literal pool, knowin

core: arm64: suppress text relocations in thread_optee_smc_a64.S

The readjust_pc macro in thread_optee_smc_a64.S relies on loading the
address of a local label (1111f:) from the literal pool, knowing that
this address is modified when relocations are applied. It is a way of
converting PC addresses from the identity map to the "normal" VA space,
i.e. the one to which ASLR has been applied. However, this approach
creates a relocation inside the .text section (TEXTREL) which is
generally undesirable.

Replace the mechanism with a load using the 'adr' instruction, which
obtains an address in the identity map, then add the ASLR offset found
in the boot_mmu_config structure. This gets rid of 8 text relocations.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: suppress text relocation on stack_tmp_export

stack_tmp_export is a pointer so it is associated with a dynamic
relocation when position-independent code is generated (ASLR). Moreover,
this symb

core: suppress text relocation on stack_tmp_export

stack_tmp_export is a pointer so it is associated with a dynamic
relocation when position-independent code is generated (ASLR). Moreover,
this symbol is in the .identity_map section, which is part of .text after
the final link. To get rid of this TEXTREL, remove stack_tmp_export and
compute the corresponding value in assembly instead from stack_tmp and
constants defined in core/arch/arm/kernel/asm-defines.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add OPTEE_FFA_SEC_CAP_ARG_OFFSET

Adds the secure capability OPTEE_FFA_SEC_CAP_ARG_OFFSET to indicate that
OP-TEE with FF-A can support an argument struct at a non-zero offset into
a passed sha

core: add OPTEE_FFA_SEC_CAP_ARG_OFFSET

Adds the secure capability OPTEE_FFA_SEC_CAP_ARG_OFFSET to indicate that
OP-TEE with FF-A can support an argument struct at a non-zero offset into
a passed shared memory object.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add OPTEE_SMC_CALL_WITH_RPC_ARG

Adds OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG where
the struct optee_msg_arg to be used for RPC is appended in the memory
following the norm

core: add OPTEE_SMC_CALL_WITH_RPC_ARG

Adds OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG where
the struct optee_msg_arg to be used for RPC is appended in the memory
following the normal argument struct optee_msg_arg.
OPTEE_SMC_CALL_WITH_REGD_ARG only works with registered shared memory, a
cookie and an offset is used instead a physical address.

The presence OPTEE_SMC_CALL_WITH_RPC_ARG and
OPTEE_SMC_CALL_WITH_REGD_ARG is indicated by the new
OPTEE_SMC_SEC_CAP_RPC_ARG bit returned by
OPTEE_SMC_EXCHANGE_CAPABILITIES. OPTEE_SMC_EXCHANGE_CAPABILITIES also
reports the number of arguments that the RPC argument struct must have
room for.

OPTEE_SMC_CALL_WITH_RPC_ARG, OPTEE_SMC_CALL_WITH_ARG and
OPTEE_SMC_CALL_WITH_REGD_ARG can be used interleaved.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add missing imx6 SoC IDs to soc_is_imx6()

Add the following SoC IDs to soc_is_imx6()
- SOC_MX6SL
- SOC_MX6SLL
- SOC_MX6D

Fixes: 16e73240d ("core: imx: add CSU module")
Signed-off-by:

core: imx: add missing imx6 SoC IDs to soc_is_imx6()

Add the following SoC IDs to soc_is_imx6()
- SOC_MX6SL
- SOC_MX6SLL
- SOC_MX6D

Fixes: 16e73240d ("core: imx: add CSU module")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...