libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. N

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. Not sure it matters much, but in order to avoid any functional
change, CFG_WITH_STACK_CANARIES ?= n is added to plat-bcm/conf.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_C

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_CLF_TMP is not set or the opposite. In such cases,
get_stack_limits() would return invalid values. The consequence is a
debugging issue: no stack dump on core panic or abort.

This was found with the help of compiler instrumentation
(-finstrument-functions).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug). This is not done consistently, fix that.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <j

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates the deliverable for not much added
value (this can be done at a later time if required).

The U-Boot and Linux GPL code was initially used as a reference;
however due to the simpler OP-TEE use case requirements, the code was
later re-written following the reference manual [1].

This driver will not access addresses within a I2C slave map.

This driver must not be used while the Linux kernel is running unless
the following is guaranteed:
- that the I2C bus will not be suspended.
- that there will not be collisions with other bus masters.

Without those guarantees, please use a trampoline driver to route the
I2C requests to Linux.

Tested on imx8mm-lpddr4.

[1] i.MX 8M Mini Applications Processor Reference Manual
Document Number: IMX8MMMRM
Rev.2 08/2019

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io> (imx8mm)
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: call release_external_dt() via finalcalls

Calls release_external_dt() via finalcalls instead of a direct call
in paged_init_primary().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

core: call release_external_dt() via finalcalls

Calls release_external_dt() via finalcalls instead of a direct call
in paged_init_primary().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add call_finalcalls()

Adds call_finalcalls() called at the end of paged_init_primary() just
before switching to normal world boot. This allows separation of
initcalls and finalcalls needed by

core: add call_finalcalls()

Adds call_finalcalls() called at the end of paged_init_primary() just
before switching to normal world boot. This allows separation of
initcalls and finalcalls needed by virtualization.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call call_initcalls() directly

Now that init_teecore() is only a wrapper around call_initcalls(), drop
that function and call call_initcalls() directly from
init_tee_runtime().

Also move the

core: call call_initcalls() directly

Now that init_teecore() is only a wrapper around call_initcalls(), drop
that function and call call_initcalls() directly from
init_tee_runtime().

Also move the file to core/kernel/initcall.c since that's what it does.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call fobj_generate_authenc_key() via initcalls

Calls fobj_generate_authenc_key() via initcalls instead of a direct call
in init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@lina

core: call fobj_generate_authenc_key() via initcalls

Calls fobj_generate_authenc_key() via initcalls instead of a direct call
in init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call time_source_init() via initcalls

Calls time_source_init() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off

core: call time_source_init() via initcalls

Calls time_source_init() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call teecore_init_pub_ram() via initcalls

Calls teecore_init_pub_ram() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Si

core: call teecore_init_pub_ram() via initcalls

Calls teecore_init_pub_ram() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move tee_svc_uref_base to init_user_ta()

tee_svc_uref_base is only needed with user TAs so move initialization to
init_user_ta() in order to simplify init_teecore().

Reviewed-by: Etienne Carr

core: move tee_svc_uref_base to init_user_ta()

tee_svc_uref_base is only needed with user TAs so move initialization to
init_user_ta() in order to simplify init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add debug prints for initcall functions

Adds debug prints when calling function. Enabled with DMSG() prints and
gives an output like:
D/TC:0 0 call_initcalls:30 level 3 check_ta_store()
D/TC:0

core: add debug prints for initcall functions

Adds debug prints when calling function. Enabled with DMSG() prints and
gives an output like:
D/TC:0 0 call_initcalls:30 level 3 check_ta_store()
D/TC:0 0 check_ta_store:635 TA store: "REE"
D/TC:0 0 call_initcalls:30 level 3 init_user_ta()
D/TC:0 0 call_initcalls:30 level 3 verify_pseudo_tas_conformance()
D/TC:0 0 call_initcalls:30 level 3 mobj_mapped_shm_init()
D/TC:0 0 mobj_mapped_shm_init:447 Shared memory address range: e300000, 10300000
D/TC:0 0 call_initcalls:30 level 3 tee_cryp_init()
D/TC:0 0 call_initcalls:30 level 4 tee_fs_init_key_manager()
D/TC:0 0 call_initcalls:30 level 5 init_console_itr()
D/TC:0 0 gic_it_set_cpu_mask:251 cpu_mask: writing 0xff to 0x10d00828
D/TC:0 0 gic_it_set_cpu_mask:253 cpu_mask: 0xff
D/TC:0 0 gic_it_set_prio:266 prio: writing 0x1 to 0x10d00428
D/TC:0 0 call_initcalls:30 level 6 mobj_init()
D/TC:0 0 call_initcalls:30 level 6 default_mobj_init()
I/TC:0 0 init_teecore:73 Initialized

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix print_kernel_stack() outside normal thread context

print_kernel_stack() depends on thread_stack_start() and
thread_stack_size() to get information about the current stack and stop
unwindin

core: fix print_kernel_stack() outside normal thread context

print_kernel_stack() depends on thread_stack_start() and
thread_stack_size() to get information about the current stack and stop
unwinding outside of the expected range. These functions can only be
used in a thread context; they don't work during the early boot when a
temporary stack is used. Therefore, we often get truncated stack dumps
when an abort or panic() occurs during boot.

This commit introduces a new function: get_stack_limits(), which will
correctly identify cases when the temporary stack is used. Tested on
QEMU (32/64 bits) by calling panic() at various stages of the boot. A
complete call stack was printed on the console every time (note: with
optimization set to -O0 via CFG_CC_OPTIMIZE_FOR_SIZE=n).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize thread_core_local::curr_thread to -1

The struct thread_core_local for each CPU is global, hence initialized
to zero when .bss is cleared. So before threads are initialized we have
a

core: initialize thread_core_local::curr_thread to -1

The struct thread_core_local for each CPU is global, hence initialized
to zero when .bss is cleared. So before threads are initialized we have
a seemingly valid curr_thread value (0) when we should really have -1.
thread_get_id_may_fail() can return 0 although there is no current
thread.

Fix this by setting curr_thread to -1 earlier in the boot.

Note: this moves code out of thread_init_threads(), which is called by
virt_guest_created() when virtualization is enabled. I think it is the
right thing to do because I see no reason why the thread_core_local
structures should be cleared when a guest is added (the data belong to
.nex_bss).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
CC: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: clang: increase temporary stack size

When building for HiKey with Clang 10.0.0 and DEBUG=1 we get the
following panic:

D/TC:0 0 check_pa_matches_va:2120 va 0x3b000000 maps 0x3f200000,

core: arm64: clang: increase temporary stack size

When building for HiKey with Clang 10.0.0 and DEBUG=1 we get the
following panic:

D/TC:0 0 check_pa_matches_va:2120 va 0x3b000000 maps 0x3f200000, expect 0x0
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:2121 <check_pa_matches_va>

The root cause is an overflow of the temporary stack. DEBUG=1 sets
CFG_CC_OPTIMIZE_FOR_SIZE=n which in turn sets the optimization flags to
-O0 instead of -Os. In this configuration, Clang apparently needs much
more stack space (not something observed with GCC).

This commit increases the temporary stacks from approximately 2K per
core to approximately 4K per core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey620 AOSP)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <et

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make generic boot mandatory

The OP-TEE booting has since quite some time been unified in the sense
that all platforms use CFG_GENERIC_BOOT=y. Make this configuration option
mandatory and remov

core: make generic boot mandatory

The OP-TEE booting has since quite some time been unified in the sense
that all platforms use CFG_GENERIC_BOOT=y. Make this configuration option
mandatory and remove the CFG_GENERIC_BOOT flag.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove unused core/arch/arm/tee/svc_dummy.c

The function tee_svc_handler() doesn't exist any longer so no need for a
dummy implementation. Removes references to tee_svc_handler() and where
applicabl

Remove unused core/arch/arm/tee/svc_dummy.c

The function tee_svc_handler() doesn't exist any longer so no need for a
dummy implementation. Removes references to tee_svc_handler() and where
applicable adds references to user_ta_handle_svc() instead.

Fixes: 7c732ee481c6 ("core: get svc handler from the context of current session")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Disable CFG_SCTLR_ALIGNMENT_CHECK (SCTLR.A) by default

With ARM CPUs, unaligned accesses are forbidden in a number of cases
such as when the MMU is disabled, or when device memory is concerned,
or w

Disable CFG_SCTLR_ALIGNMENT_CHECK (SCTLR.A) by default

With ARM CPUs, unaligned accesses are forbidden in a number of cases
such as when the MMU is disabled, or when device memory is concerned,
or with atomic instructions. However in the general case [1] and for
all modern ARMv7-A and ARMv8-A processors, they do not really matter.
Compilers such as GCC and Clang will generate unaligned accesses by
default; a specific flag (-mstrict-align or --mno-unaligned-access) has
to be supplied to prevent such code from being output.

[1] Roughly speaking: LDR/STR instructions operating on normal cached
memory.

The SCTLR.A bit ("Alignment check enable") defines whether the CPU
should allow these unaligned accesses (when set to 0) or should trap
(when set to 1). Having SCTLR.A enabled by default can be annoying for
a couple of reasons that we have met in practice:

1. TAs linked against a third-party library. Since strict alignment
is not a compiler default, it is likely that a third party library does
not enforce it. With SCTLR.A == 1, such a library would have to be
recompiled in order to be used by a TA. Recompiling may or may not be
an easy task. Concrete example: libgcc_eh.a (the C++ exception handling
support library, part of the arm-linux-gnueabihf and aarch64-linux-gnu
toolchains).
2. Compiler bug. For example, Clang 9.0.1 and 10.0.0 may erroneously
replace memcmp() calls with inline code performing unaligned accesses
[2].

All things being considered, it seems preferable for SCTLR.A to be
cleared by default, i.e., CFG_SCTLR_ALIGNMENT_CHECK=n, which is what
this commit does. The configuration variable is kept just in case.
Note that the Linux kernel and the KVM hypervisor do not set SCTLR.A or
HSCTLR.A either.

Note regarding code running before the MMU is enabled: when SCTLR.M is
clear all accesses are treated as with DEVICE attribute and hence
SCTLR.A has no effect. It will trap unaligned accesses regardless. So
this patch will have no side effect.

Link: [2] http://lists.llvm.org/pipermail/llvm-dev/2020-June/141985.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: remove CFG_BOOT_SYNC_CPU

It is disabled by default, and no i.MX platform enables it anyway.

Signed-off-by: Gianguido Sorà <me@gsora.xyz>
Acked-by: Clement Faure <clement.faure@nxp.com>

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc us

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc using __getauxval(), which OP-TEE does not
implement.
This requires that the proper -mcpu is passed to GCC so that the code
can be correctly compiled to use either LSE or load-store-exclusive.

Fixes linker errors like the following when compiling with GCC 10:

aarch64-linux-ld.bfd: libgcc.a(lse-init.o):
in function `init_have_lse_atomics':
lse-init.c:44: undefined reference to `__getauxval'
core/arch/arm/kernel/link.mk:38:
recipe for target 'build/core/all_objs.o' failed

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
[jf: s/optee doesn't/OP-TEE does not/, replace ?= by := for immediate
evaluation]
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Allow use of cc-option in core/arch/arm/arm.mk

It can be useful to call the cc-option macro when setting flags in
core/arch/arm/arm.mk. Unfortunately cc-option is defined in
mk/compile.mk which is t

Allow use of cc-option in core/arch/arm/arm.mk

It can be useful to call the cc-option macro when setting flags in
core/arch/arm/arm.mk. Unfortunately cc-option is defined in
mk/compile.mk which is too late to be useful (core/arch/arm/arm.mk is
included by core/core.mk before mk/compile.mk).

This commit addresses the issue by moving the definition of cc-option
to its own file, mk/cc-option.mk, which is then included by
core/arch/arm/arm.mk. There is a dependency on the compiler definitions
(mk/gcc.mk or mk/clang.mk) and on $(arch-bit-$(sm)) so
core/arch/arm/arm.mk is modified accordingly.

Moving cc-option out of mk/compile.mk means that all non-core
submodules would lose the definition unless they include
mk/cc-option.mk; the TA dev kit is modified so that TAs can call
cc-option from within their sub.mk files. As for other submodules, they
are internal and do not use cc-options as of now so they are not
modified.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Make UART number configurable via CFG_CONSOLE_UART

This is analogous to plat-hikey and allows to select a different console
UART for the k3 platform as well during build. This is needed to

plat-k3: Make UART number configurable via CFG_CONSOLE_UART

This is analogous to plat-hikey and allows to select a different console
UART for the k3 platform as well during build. This is needed to enable
support for the IOT2050 device which uses the second UART.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Andrew F. Davis <afd@ti.com>

show more ...