plat-stm32mp1: platform driver for stpmic1

Implement STPMIC1 as PMIC (Power Management Integrated Circuit)
accessed through an I2C bus for stm32mp1 platforms. PMIC
configuration mandate device tree

plat-stm32mp1: platform driver for stpmic1

Implement STPMIC1 as PMIC (Power Management Integrated Circuit)
accessed through an I2C bus for stm32mp1 platforms. PMIC
configuration mandate device tree support as configuration
can be complex and specific per board.

At initialization Core looks for a PMIC I2C node in the FDT. If
found, it checks it can communicate with the PMIC and dump some
regulators for some debug support.

Save PMIC low power transition configuration as these information
will be needed from an unpaged execution context.

stm32mp_get_pmic()/stm32mp_put_pmic() helper functions are needed
to get/put PMIC resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: stm32mp_with_pmic() helper

Helper function stm32mp_with_pmic() tells if platform uses
a PMIC or not.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Fo

plat-stm32mp1: stm32mp_with_pmic() helper

Helper function stm32mp_with_pmic() tells if platform uses
a PMIC or not.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

imx: enable BLOB for i.MX SoCs

Unconditionally enable the BLOB driver to provide a HuK on i.MX
platforms.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <cle

imx: enable BLOB for i.MX SoCs

Unconditionally enable the BLOB driver to provide a HuK on i.MX
platforms.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: rename KEEP_INIT() and KEEP_PAGER()

The KEEP_INIT() and KEEP_PAGER() macros are quite often used in C files
immediately after the definition of a function or a structure without a
blank line i

core: rename KEEP_INIT() and KEEP_PAGER()

The KEEP_INIT() and KEEP_PAGER() macros are quite often used in C files
immediately after the definition of a function or a structure without a
blank line in between. This style mimics what the Linux kernel does for
a similar use cases: EXPORT_SYMBOL().

Unfortunately, the checkpatch.pl tool expects a blank line after
structure and function definitions, except for a few special cases such
as EXPORT_SYMBOL(). As a result we often get unwanted warnings when we
use KEEP_INIT() and KEEP_PAGER(). Among the exceptions are all words
starting with DECLARE_ or DEFINE_, so by renaming our macros we could
avoid the checkpatch warnings.

This commit renames KEEP_INIT() and KEEP_PAGER() to DECLARE_KEEP_INIT()
and DECLARE_KEEP_PAGER(), respectively. The assembler macros are also
renamed for consistency. No functional change is expected.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: clock: enable some secure clocks at initialization

With this change some system clocks are enabled by Core at
boot time and have a reference counter synchronized with
the clock hardwa

plat-stm32mp1: clock: enable some secure clocks at initialization

With this change some system clocks are enabled by Core at
boot time and have a reference counter synchronized with
the clock hardware state. RTCAPB must be enabled for secondary
cores to boot, if any.

This change also ensures these secure clocks are derived from
secure clocks.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: implement NXP CAAM Driver - HMAC

Add the NXP CAAM driver:
- HMAC

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: implement NXP CAAM Driver - HMAC

Add the NXP CAAM driver:
- HMAC

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: clock: fix MPUDIV support

Fix implementation that divides clock with a value that in fact is
a bit shift value.

Fix implementation for getting MPU clock: when PMUDIV is zero,
MPU clo

plat-stm32mp1: clock: fix MPUDIV support

Fix implementation that divides clock with a value that in fact is
a bit shift value.

Fix implementation for getting MPU clock: when PMUDIV is zero,
MPU clock is disabled.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm: remove #ifdef around CFG_SM_PLATFORM_HANDLER

Use IS_ENABLED() and weak attribute to remove conditional statement
at pre-compilation time. Keep IS_ENABLED(CFG_SM_PLATFORM_HANDLER)
in the de

core: sm: remove #ifdef around CFG_SM_PLATFORM_HANDLER

Use IS_ENABLED() and weak attribute to remove conditional statement
at pre-compilation time. Keep IS_ENABLED(CFG_SM_PLATFORM_HANDLER)
in the decision to ensure weak function is not even called when
CFG_SM_PLATFORM_HANDLER is disabled, for fast path consideration of
secure monitor traversal.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: sm: support SMCCC v1.1 specification

SMCCC v1.1 specification: support defined function IDs with weak
handlers platform can override, as other PSCI function handler.
We could state we support

core: sm: support SMCCC v1.1 specification

SMCCC v1.1 specification: support defined function IDs with weak
handlers platform can override, as other PSCI function handler.
We could state we support v1.2 but Linux kernel v5.7-rc1 expects
strict v1.1 support.

unsigned long arm_arch_version(void);
returns SMCCC_V_1_1

unsigned long arm_arch_feature(unsigned long a1);
default supports version only

unsigned long arm_arch_soc_id(void);
unsigned long arm_arch_workaround_1(void);
unsigned long arm_arch_workaround_2(void);
default return ARM_SMCCC_RET_NOT_SUPPORTED

This helper is needed by Linux kernel (U-Boot) drivers that rely on
arm_smccc_v1_1() supports.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_COR

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_CORE handling for
checkpatch issue so that both CPU_ON/CPU_OFF support are
bound to number of core.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obvi

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obviously device and peripheral drivers
are initialized. Therefore the platform sequence to seed the PRNG
locally handles RNG clock and reset without relying on clock and
reset device OP-TEE drivers as these are not yet initialized.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch/arm/kernel/generic_entry_a64.o
core/arch/arm/kernel/generic_entry_a64.S:426:2: error: changed section flags for .identity_map, expected: 0x6
.section .identity_map
^

Some information about this error can be found in the description for
LLVM commit [1] ("[MC][ELF] Error for sh_type, sh_flags or sh_entsize
change").

The ".section .identity_map" directive does not mention any flags so
since the section name is not a well-known one (.text etc.), the flags
default to none [2]. However, at this point in the source file we
already have emitted code into .text* which has flags "ax" (and type
%progbits), so the line does indeed change the flags, hence the compile
error.

This commit adds the missing flags and type.

Link: [2] https://sourceware.org/binutils/docs/as/Section.html "ELF Version"
Link: [1] https://github.com/llvm/llvm-project/commit/75af9da75572
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and relocations are applied. Clang (ld.lld) on Aarch64 needs a
special flag for this: --apply-dynamic-relocs. Without the flag the
R_AARCH64_RELATIVE places are initially filled with zeros.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carrie

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. Th

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. This
change removes this support as it simplifies BSEC initialization
structure.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of th

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of the bank.

Fixes: 68c4a16b37c7 ("stm32mp1: use phys_to_virt_io_secure() where expected")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_t

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_to_c.py to read the TA flags from its ELF file and store
it in the early TA description.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: minor edits to commit message and one comment]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

CC out/arm/core/arch/arm/kernel/ree_fs_ta.o
core/arch/arm/kernel/ree_fs_ta.c:325:40: warning: suggest braces around initialization of subobject [-Wmissing-braces]
struct shdr_bootstrap_ta hdr_entry = {0};
^
{}

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/product/akebi96/

Signed-off-by: Tetsuya Yoshizaki <yoshizaki.tetsuya@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree sp

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree specification which mandates that the total physical memory
should be passed in the memory nodes.
Remove the TA and TEE RAM from the passed in memory, reserved-memory
nodes are used to indicate that part of the RAM is not accessible to
Linux. Fixes the following warning on some i.MX platforms:

I/TC: Non-secure external DT found
E/TC:0 0 check_phys_mem_is_outside:330 Non-sec mem (0x10000000:0x40000000) overlaps map (type 2 0x4e000000:0x5d000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:334 <check_phys_mem_is_outside>
E/TC:0 0 TEE load address @ 0x4e000000
E/TC:0 0 Call stack:
E/TC:0 0 0x4e006fd1

Fixes https://github.com/OP-TEE/optee_os/issues/3567
Fixes https://github.com/OP-TEE/optee_os/issues/3710

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
t

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
to panic in a not obvious way when the out of bound address is accessed.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to
access (state, rate) but that can only be effectively accessed from
secure world due to the TZ secure hardening of the SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
harde

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
hardening of the system, are restricted to secure world accesses only.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...