core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_o

core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_ops. This makes struct ts_ops less TA
specific.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_ctx for conversion to
struct ts_ctx where needed.

The struct ts_session is updated to keep a pointer to a struct ts_ctx
instead of the previous struct tee_ta_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct t

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct ts_session. All future sessions structs
(currently only struct tee_ta_session exists) should add this struct to
allow generic session operations.

With this struct comes new functions replacing previous struct
tee_ta_session oriented functions. The following functions are replaced
as:
tee_ta_get_current_session() -> ts_get_current_session()
tee_ta_push_current_session() -> ts_push_current_session()
tee_ta_pop_current_session() -> ts_pop_current_session()
tee_ta_get_calling_session() -> ts_get_calling_session()

ts_get_current_session() is changed compared to its predecessor to
panic() in case of failure to return a valid pointer.

A new function ts_get_current_session_may_fail() is added to handle an
eventual case where a return NULL session may be handled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace TA with user mode in abort handling

Renames enums, defines and functions related to abort handling to use
the name user mode instead of TA in order to be more generic.

Reviewed-by: Et

core: replace TA with user mode in abort handling

Renames enums, defines and functions related to abort handling to use
the name user mode instead of TA in order to be more generic.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix CFG_CORE_UNMAP_CORE_AT_EL0=y for non-default CFG_LPAE_ADDR_SPACE_BITS

Prior to this patch CORE_MMU_L1_TBL_OFFSET was calculated without taking
CFG_LPAE_ADDR_SPACE_BITS into account. This l

core: fix CFG_CORE_UNMAP_CORE_AT_EL0=y for non-default CFG_LPAE_ADDR_SPACE_BITS

Prior to this patch CORE_MMU_L1_TBL_OFFSET was calculated without taking
CFG_LPAE_ADDR_SPACE_BITS into account. This leads to a
COMPILE_TIME_ASSERT() in case CFG_LPAE_ADDR_SPACE_BITS is assigned
anything but 32. Fix this by adding CFG_LPAE_ADDR_SPACE_BITS in the
CORE_MMU_L1_TBL_OFFSET expression.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace CFG_LPAE_ADDR_SPACE_SIZE with CFG_LPAE_ADDR_SPACE_BITS

The CFG_LPAE_ADDR_SPACE_SIZE configuration variable is somewhat
inconvenient to use since it's a value larger than what fits in a

core: replace CFG_LPAE_ADDR_SPACE_SIZE with CFG_LPAE_ADDR_SPACE_BITS

The CFG_LPAE_ADDR_SPACE_SIZE configuration variable is somewhat
inconvenient to use since it's a value larger than what fits in a 32-bit
register. Instead replace it with CFG_LPAE_ADDR_SPACE_BITS which instead
tells the size in number of bits.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: do not print canary debug messages on boot

init_canaries() currently prints the following messages on boot:

...
D/TC:0 0 init_canaries:191 #Stack canaries for stack_abt[3] with top at 0xe19

core: do not print canary debug messages on boot

init_canaries() currently prints the following messages on boot:

...
D/TC:0 0 init_canaries:191 #Stack canaries for stack_abt[3] with top at 0xe19f6f8
D/TC:0 0 init_canaries:191 watch *0xe19f6fc
...

The above text is repeated for each CPU core for both stack_tmp and
stack_abt, as well as for each thread for stack_thread. This is quite
verbose, especially with modern SoCs supporting many cores (16 or 24
is not uncommon). The main purpose is to help with debugging stack
overflows when a debugger is available: when a dead canary is found,
the corrupt stack is shown which allows the developer to set a
watchpoint at the suitable address:

E/TC:0 0 Dead canary at end of 'stack_abt[3]'

In this example, one would set a watchpoint at *0xe19f6fc and re-run the
test to identify at which point the stack is corrupted.

This commit removes the initialization messages and prints the address
of the dead canary instead. The same debugging technique remains
possible.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mediatek: add support for MT8516 SoC

Add OP-TEE support for MT8516 SoC.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>

mediatek: enable CFG_ARM64_core by default

MediaTek platforms are most likely going to be built using ARM64, so
set the default value for CFG_ARM64_core to be 'y'.

Suggested-by: Jerome Forissier <j

mediatek: enable CFG_ARM64_core by default

MediaTek platforms are most likely going to be built using ARM64, so
set the default value for CFG_ARM64_core to be 'y'.

Suggested-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm architecture .align is number of low-order bits location
counter must have after advancement. While .balign always is advancement
to the next multiple of this number.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm_a32.S: add missing .cantunwind

Adds missing .cantunwind directives to the two alternative exception
vectors sm_vect_table_a15 and sm_vect_table_bpiall.

Reviewed-by: Jerome Forissier <jerom

core: sm_a32.S: add missing .cantunwind

Adds missing .cantunwind directives to the two alternative exception
vectors sm_vect_table_a15 and sm_vect_table_bpiall.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: correct alignment for exception vectors

The FUNC and LOCAL_FUNC macros changes section so specifying alignment
before the function will be lost. This may break for instance usage of
sm_vect_ta

core: correct alignment for exception vectors

The FUNC and LOCAL_FUNC macros changes section so specifying alignment
before the function will be lost. This may break for instance usage of
sm_vect_table, depending on configuration. Fix this by passing required
alignment as a parameter to the macro.

Fixes: a31e8303cf2e ("Remove '.section .text.<name>' and use function macros instead")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: deprecate register_dynamic_shm()

register_dynamic_shm() and register_ddr() does almost the same thing but
they cannot be used both in the same platform build. To straighten out
this confusion

core: deprecate register_dynamic_shm()

register_dynamic_shm() and register_ddr() does almost the same thing but
they cannot be used both in the same platform build. To straighten out
this confusion we're switching to use only register_ddr() which is a bit
more flexible than register_dynamic_shm() since the former automatically
creates holes in the memory map where there otherwise would be a fatal
conflict.

register_dynamic_shm() is deprecated and for backwards compatibility
reimplemented as a special variant of register_ddr().

MEM_AREA_RAM_NSEC is kept only as a way of establish a static map of
non-secure memory. For example CFG_BCM_ELOG_BASE for plat-bcm.

Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

early_ta: use scattered array helpers

Simplifies the core linker script by replacing the hard coded
.rodata.early_ta section with use of SCATTERED_ARRAY_DEFINE_PG_ITEM()
instead.

Reviewed-by: Jerom

early_ta: use scattered array helpers

Simplifies the core linker script by replacing the hard coded
.rodata.early_ta section with use of SCATTERED_ARRAY_DEFINE_PG_ITEM()
instead.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: zynqmp: use generic_ram_layout for defining dram layout

Switch to the generic generic_ram_layout header file for defining the
default dram layout. This allow allows the user to easily customiz

plat: zynqmp: use generic_ram_layout for defining dram layout

Switch to the generic generic_ram_layout header file for defining the
default dram layout. This allow allows the user to easily customize the
default dram base and size via CFG_TZDRAM_START/CFG_TZDRAM_SIZE.

Default values are still the same as previously set by platform_config.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: zynqmp: force disable core ALSR

Disable core ASLR for two reasons:
1. There is no source for ALSR seed, as ATF does not provide a
DTB to OP-TEE. Hardware RNG is also not currently supported

plat: zynqmp: force disable core ALSR

Disable core ASLR for two reasons:
1. There is no source for ALSR seed, as ATF does not provide a
DTB to OP-TEE. Hardware RNG is also not currently supported.
2. OP-TEE does not boot with enabled CFG_CORE_ASLR.

Further investigation is needed to see why enabled ASLR causes
OP-TEE to not boot properly.

Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: scmi: expose PWR regulators

Expose SoC PWR regulators as SCMI voltage domains to the non-secure
world. They are exposed to SCMI agent scmi0 that exposes SoC resources
used by non-secu

plat-stm32mp1: scmi: expose PWR regulators

Expose SoC PWR regulators as SCMI voltage domains to the non-secure
world. They are exposed to SCMI agent scmi0 that exposes SoC resources
used by non-secure world but controlled by secure world since RCC TZ
hardening configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: scmi: prepare platform SCMI voltage regulators

Define generic resources for stm32mp1 platform to support voltage
regulators exposed to SCMI agents through the voltage domain protocol.

plat-stm32mp1: scmi: prepare platform SCMI voltage regulators

Define generic resources for stm32mp1 platform to support voltage
regulators exposed to SCMI agents through the voltage domain protocol.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: introduce PWR regulators

Introduce a voltage regulator driver for the voltage controllers
driven through PWR interface of stm32mp1 SoCs.

Signed-off-by: Etienne Carriere <etienne.carr

plat-stm32mp1: introduce PWR regulators

Introduce a voltage regulator driver for the voltage controllers
driven through PWR interface of stm32mp1 SoCs.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Fix the FF-A version returned to Secure Partition

The current Firmware Framework(FF-A) specification defines the major
version of 0x1 and minor version of 0x0. Return these values when
re

core: ffa: Fix the FF-A version returned to Secure Partition

The current Firmware Framework(FF-A) specification defines the major
version of 0x1 and minor version of 0x0. Return these values when
requested through the FFA_VERSION call instead of returning the
FFA_VERSION function id

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor locking during PTA init

tee_ta_init_pseudo_ta_session() locks tee_ta_mutex only when needed.
This makes this function similar to sec_part_init_session() and
tee_ta_init_user_ta_sessio

core: refactor locking during PTA init

tee_ta_init_pseudo_ta_session() locks tee_ta_mutex only when needed.
This makes this function similar to sec_part_init_session() and
tee_ta_init_user_ta_session() in usage.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor locking during StMM load

sec_part_init_session() locks tee_ta_mutex only when needed. This avoids
a window where deadlock can occur in case pgt_alloc() goes to sleep.

Reviewed-by: Je

core: refactor locking during StMM load

sec_part_init_session() locks tee_ta_mutex only when needed. This avoids
a window where deadlock can occur in case pgt_alloc() goes to sleep.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() g

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() goes to sleep.

A new condition variable, tee_ta_init_cv, is added to signal that a TA
has changed state while initializing.

tee_ta_init_session_with_context waits for a TA context be fully
initialized before assigning it to another session.

This also simplifies tee_ta_try_set_busy() since it now doesn't have to
handle the case where it has to wait for a TA context to be fully
initialized.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Opensource <opensource@sequiturlabs.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CORE_MAX_SYSCALL_RECURSION

Adds CFG_CORE_MAX_SYSCALL_RECURSION to define the limit for the number
of levels TAs may call each other. If this number is too high we may run
over the thre

core: add CFG_CORE_MAX_SYSCALL_RECURSION

Adds CFG_CORE_MAX_SYSCALL_RECURSION to define the limit for the number
of levels TAs may call each other. If this number is too high we may run
over the thread stack in OP-TEE Core.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...