core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to

core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to build this image and do not mark it a deprecated. The tee-pager.bin
and tee-pageable.bin are not used by these platforms and are properly
deprecated by the v2 versions, leave these images deprecated.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This value is
stored on OP-TEE entry in r5, previously we saved this value by moving
r5 to r3 then r3 to r4 basically just dodging getting overwritten by
functions we call. This can be simplified now as nothing clobbers r5,
so we can use it directly as the source for the non-secure context
pointer feed into init_sec_mon().

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: re

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: recipe for target 'out/core/tee.bin' failed

Introduce a special __get_tee_init_end to fix this and also avoid
confusion with __init_end used in the code for the pager case.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linar

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.ga

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: s/Load address @/TEE load address @/]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

Update Broadcom DRAM2 base and size

Update Broadcom DRAM2 base and size
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into s

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into secure ddr memory region

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jero

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encry

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encryption key is derived from hardware unique key which
can be overridden via platform specific encryption key.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called o

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called on the primary cpu.

In practice that's not a problem (except for plat-stm, more on that
later) since all the platform specific plat_cpu_reset_late() only does
something if get_core_pos() returns 0, that is on the primary cpu.

On plat-stm SCR is now updated in plat_cpu_reset_early() instead.

This patch is needed because ASLR may relocate OP-TEE to a virtual base
address which differs from the physical base address. This means that
it's not possible to execute C code before MMU has been enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: mx6: support for TZASC on 6UL/ULL

The i.MX6UL/ULL processors support only one instance of the TZC380 IP.
Use only one to setup the firewall mappings.

Signed-off-by: Rouven Czerwinski <r.c

plat-imx: mx6: support for TZASC on 6UL/ULL

The i.MX6UL/ULL processors support only one instance of the TZC380 IP.
Use only one to setup the firewall mappings.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted b

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted by gen_tee_bin.py and converted into a more compact data
structure which is stored in the embedded data region.

For each relocation, only one 32-bit offset is kept. Compared to the
standard ELF format, the size of the relocation table is either halved
(Rel32 type: two 32-bit words per entry) or divided by 6 (Rel64 type:
three 64-bit words per entry).

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is ini

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is initializing a struct boot_embdata is added. This
struct is populated gen_tee_bin.py and later interpreted by
assembly boot code and init_runtime().

Previous memory allocation for hashes in the linker script is replaced
by this new mechanism.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry_a64.S: fix boot_mmu_config alignment

Makes sure that boot_mmu_config is at a 8 byte aligned address.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Reviewed-by: J

core: generic_entry_a64.S: fix boot_mmu_config alignment

Makes sure that boot_mmu_config is at a 8 byte aligned address.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link.mk: deprecate tee{,-pager,-pageable}.bin

Deprecates the generated files tee.bin, tee-pager.bin and tee-pageable.bin.
The files can still be generated by supplying the complete output path

core: link.mk: deprecate tee{,-pager,-pageable}.bin

Deprecates the generated files tee.bin, tee-pager.bin and tee-pageable.bin.
The files can still be generated by supplying the complete output path as a
target to make.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link.mk: use gen_tee_bin.py

Uses gen_tee_bin.py instead of objcopy and gen_hashed_bin.py.

Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Reviewed-by: Jerome Forissier <jerome@f

core: link.mk: use gen_tee_bin.py

Uses gen_tee_bin.py instead of objcopy and gen_hashed_bin.py.

Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bcm_sotp: No ECC bits for Section 0 to Section 3

- Hardware does not support ECC bits for SOTP section_0 to
section_3, i.e ROWS_0 to ROWS_20.
- Remove magic number and use platform provid

drivers: bcm_sotp: No ECC bits for Section 0 to Section 3

- Hardware does not support ECC bits for SOTP section_0 to
section_3, i.e ROWS_0 to ROWS_20.
- Remove magic number and use platform provided
SOTP_NO_ECC_ROWS macro.

Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Signed-off-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: bcm: Add PTA for secure watchdog

Add PTA for secure watchdog.
A userspace application uses this PTA to carry out
below operations:
- Initialize and configure secure watchdog
- Set timeout val

pta: bcm: Add PTA for secure watchdog

Add PTA for secure watchdog.
A userspace application uses this PTA to carry out
below operations:
- Initialize and configure secure watchdog
- Set timeout value
- Start and
- Stop watchdog

Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-bcm: Add Broadcom platform specific err log support

Add Broadcom platform specific err logging support

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissie

plat-bcm: Add Broadcom platform specific err log support

Add Broadcom platform specific err logging support

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

trace: Add weak platform tracer function

Add weak platform tracer function
This would allow each platform to carry out
plat specific logging, possibly to some media
for post-mortem analysis

Signed-

trace: Add weak platform tracer function

Add weak platform tracer function
This would allow each platform to carry out
plat specific logging, possibly to some media
for post-mortem analysis

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: fix CFG_DRAM_BASE for i.MX7ulp

Change CFG_DRAM_BASE to 0x60000000 for i.MX7ulp

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.c

core: imx: fix CFG_DRAM_BASE for i.MX7ulp

Change CFG_DRAM_BASE to 0x60000000 for i.MX7ulp

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: disable CAAM driver for i.MX6SL

CAAM is not available on i.MX6SL.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by:

core: imx: disable CAAM driver for i.MX6SL

CAAM is not available on i.MX6SL.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...