core: imx: rename register files

Remove _regs from register header files. It is redundant since header
files are already in /registers folder.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
A

core: imx: rename register files

Remove _regs from register header files. It is redundant since header
files are already in /registers folder.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

imx: change imx8 prefixe to mx8

For consistency, change all imx8 prefixe to mx8.
This change affects:
* CFG_IMX8*
* platform flavors

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

imx: change imx8 prefixe to mx8

For consistency, change all imx8 prefixe to mx8.
This change affects:
* CFG_IMX8*
* platform flavors

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix check_mem_map() vs MEM_AREA_IDENTITY_MAP_RX

This patch updates check_mem_map() to recognize MEM_AREA_IDENTITY_MAP_RX
as part of secure only memory.

This fix is only needed with CFG_CORE_A

core: fix check_mem_map() vs MEM_AREA_IDENTITY_MAP_RX

This patch updates check_mem_map() to recognize MEM_AREA_IDENTITY_MAP_RX
as part of secure only memory.

This fix is only needed with CFG_CORE_ASLR=y and prevents an error like:
E/TC:0 0 check_mem_map:1166 Uhandled memtype 8
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:1167 <check_mem_map>

Fixes: 1385854b72c9 ("core: Add core memory type MEM_AREA_IDENTITY_MAP_RX")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for CFG_CORE_ASLR

Adds support for CFG_CORE_ASLR to load TEE Core at a random address.
ASLR makes the exploitation of memory corruption vulnerabilities more
difficult.

Paging is c

core: add support for CFG_CORE_ASLR

Adds support for CFG_CORE_ASLR to load TEE Core at a random address.
ASLR makes the exploitation of memory corruption vulnerabilities more
difficult.

Paging is currently not supported with CFG_CORE_ASLR=y.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm grow MAX_XLAT_TABLES with ASLR

If CFG_CORE_ASLR=y increase MAX_XLAT_TABLES to cater for the added
identity region and also less optimal alignment of mappings.

Acked-by: Jerome Forissier <

core: arm grow MAX_XLAT_TABLES with ASLR

If CFG_CORE_ASLR=y increase MAX_XLAT_TABLES to cater for the added
identity region and also less optimal alignment of mappings.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: make ctors/dtors contiguous with other relro sections

Fixes error when linking with clang:
ld.lld: error: section: .ctors is not contiguous with other relro sections
ld.lld: error:

core: kern.ld.S: make ctors/dtors contiguous with other relro sections

Fixes error when linking with clang:
ld.lld: error: section: .ctors is not contiguous with other relro sections
ld.lld: error: section: .dtors is not contiguous with other relro sections

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: make .got RO after relocation

Moves .got section to after .rodata section.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro

core: kern.ld.S: make .got RO after relocation

Moves .got section to after .rodata section.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: provide start/end of relocations

- Adds __rel_start and __rel_end for Rel type of relocations used by
ARM32.
- Adds __rela_end and __rela_start for Rela type of relocations used b

core: kern.ld.S: provide start/end of relocations

- Adds __rel_start and __rel_end for Rel type of relocations used by
ARM32.
- Adds __rela_end and __rela_start for Rela type of relocations used by
ARM64.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add core memory type MEM_AREA_IDENTITY_MAP_RX

Adds another memory type, MEM_AREA_IDENTITY_MAP_RX, to enum
teecore_memtypes. MEM_AREA_IDENTITY_MAP_RX is used to represent memory
which is addit

core: Add core memory type MEM_AREA_IDENTITY_MAP_RX

Adds another memory type, MEM_AREA_IDENTITY_MAP_RX, to enum
teecore_memtypes. MEM_AREA_IDENTITY_MAP_RX is used to represent memory
which is additionally identity mapped while OP-TEE is mapped at a
non-identity mapped location. This is needed to support CFG_CORE_ASLR=y.

The link script is updated to collect functions and read-only data in
between __identity_map_init_start and __identity_map_init_end.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: add enable_mmu()

Adds the assembly function enable_mmu() which as the name suggests enables
MMU. The function writes configuration which has previously been prepared
by core_ini

core: generic_entry: add enable_mmu()

Adds the assembly function enable_mmu() which as the name suggests enables
MMU. The function writes configuration which has previously been prepared
by core_init_mmu_regs().

The now obsolete assembly functions cpu_mmu_enable(),
cpu_mmu_enable_icache() and cpu_mmu_enable_dcache() are removed since
they are fully covered by enable_mmu().

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add relocatable VCORE_START_VA

Adds VCORE_START_VA which is relocated to the new virtual address of the
start of the OP-TEE memory in case ASLR is configured. This define
should be used instea

core: add relocatable VCORE_START_VA

Adds VCORE_START_VA which is relocated to the new virtual address of the
start of the OP-TEE memory in case ASLR is configured. This define
should be used instead of TEE_RAM_START after the initial translation
tables has been created.

thread_get_user_kcode() and thread_get_user_kdata() are updated
accordingly.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add get_aslr_seed()

Adds get_aslr_seed() which reads "kaslr-seed" from "/secure-chosen" in
FDT. The seed is intended to use as input to ASLR, also known as,
randomized address space layout.

O

core: add get_aslr_seed()

Adds get_aslr_seed() which reads "kaslr-seed" from "/secure-chosen" in
FDT. The seed is intended to use as input to ASLR, also known as,
randomized address space layout.

Once successfully read the seed is zeroed out in the FDT to minimize the
risk of leaking the seed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor core_init_mmu_map() and helpers

Breaks up core_init_mmu_map() and some of its helper functions in
multiple smaller functions to make it easier to follow and later extend
the code.

Th

core: refactor core_init_mmu_map() and helpers

Breaks up core_init_mmu_map() and some of its helper functions in
multiple smaller functions to make it easier to follow and later extend
the code.

There are no changes in behaviour with the exception of how the memory
map is sorted at different stages.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu.h: make page size and friends unsigned

Redefines mask and size for small pages (SMALL_PAGE_*),
CORE_MMU_USER_CODE_* and CORE_MMU_USER_PARAM_* to be of an unsigned
type in order to be

core: core_mmu.h: make page size and friends unsigned

Redefines mask and size for small pages (SMALL_PAGE_*),
CORE_MMU_USER_CODE_* and CORE_MMU_USER_PARAM_* to be of an unsigned
type in order to be compatible with vaddr_t and paddr_t.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix v7 core_mmu_entry_to_finer_grained()

The short descriptor table implementation of
core_mmu_entry_to_finer_grained() incorrectly assumes that allocated
translation tables are identity ma

core: bugfix v7 core_mmu_entry_to_finer_grained()

The short descriptor table implementation of
core_mmu_entry_to_finer_grained() incorrectly assumes that allocated
translation tables are identity mapped. That is fixed with this patch by
adding a missing virt_to_phys() on a newly allocated translation table.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reference count struct mobj

The mobj interface is changed to use reference counting of mobjs, the
direct mobj_free() call is replaced by mobj_put(). As expected a
mobj_get() is also added to h

core: reference count struct mobj

The mobj interface is changed to use reference counting of mobjs, the
direct mobj_free() call is replaced by mobj_put(). As expected a
mobj_get() is also added to handle multiple references to the same mobj.

This also changes already present reference counting in struct
mobj_reg_shm to use the reference counting mechanism now available in
struct mobj.

The VM_FLAG_EXCLUSIVE_MOBJ flag is removed since the referenced mobj is
put instead when a struct vm_region is removed.

Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: disable interrupt in thread_excp_vect_workaround

thread_excp_vect_workaround isn't interrupt safe because it use
the tpidr as a temporary register to save value of r0.
That means if a f

core: arm32: disable interrupt in thread_excp_vect_workaround

thread_excp_vect_workaround isn't interrupt safe because it use
the tpidr as a temporary register to save value of r0.
That means if a fiq happened when optee is processing a syscall,
the syscall argument r0 will be changed to unexpected value.

Move `write_tpidrprw r0` out of `vector_prologue_spectre` and add
`cpsid aif` before it to fix this issue.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Alix Wu <alix.wu@mediatek.com>
Reviewed-by: YJ Chiang <yj.chiang@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ack

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: compile assembler code with -marm by default

When CFG_FTRACE_SUPPORT=y, thumb mode should not be used in TA code,
because the ftrace code assumes arm instructions. Therefore we have to
pass t

arm32: compile assembler code with -marm by default

When CFG_FTRACE_SUPPORT=y, thumb mode should not be used in TA code,
because the ftrace code assumes arm instructions. Therefore we have to
pass the -marm switch to the compiler and assembler. This is correctly
done for the C compiler but not for the assembler. The same applies to
assembler files in the TEE core when CFG_SYSCALL_FTRACE=y.

More generally and for simplicity, we will assume that all _a32.S files
should be compiled in arm mode and therefore add -marm to
arm32-platform-aflags. Any exception can be handled via file-specific
flags in sub.mk.

Fixes a crash in the setjmp()/longjmp() test of xtest 1006 when Linaro's
GCC 6.2 is used to build the user space libutils.a (more precisely:
lib/libutils/isoc/arch/arm/setjmp_a32.S):

E/TC:? 0 User TA prefetch-abort at address 0x0 (translation fault)
E/TC:? 0 fsr 0x00000005 ttbr0 0x0e19206a ttbr1 0x0e18806a cidr 0x2
E/TC:? 0 cpu #1 cpsr 0x60000110
E/TC:? 0 r0 0x00000000 r4 0x00115780 r8 0x00000000 r12 0x00115658
E/TC:? 0 r1 0x00000001 r5 0x0011fb8c r9 0x00000000 sp 0x001156a0
E/TC:? 0 r2 0x00000000 r6 0x60000110 r10 0x00000000 lr 0x00000000
E/TC:? 0 r3 0x00000000 r7 0x00000000 r11 0x001156bc pc 0x00000000
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: arm
E/LD: region 0: va 0x00102000 pa 0x0e300000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x00104000 pa 0x0e302000 size 0x00a000 flags r-xs (ldelf)
E/LD: region 2: va 0x0010e000 pa 0x0e30c000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x0010f000 pa 0x0e30d000 size 0x003000 flags rw-s (ldelf)
E/LD: region 4: va 0x00112000 pa 0x0e310000 size 0x001000 flags r--s
E/LD: region 5: va 0x00113000 pa 0x0e444000 size 0x003000 flags rw-s (stack)
E/LD: region 6: va 0x0011b000 pa 0x00001000 size 0x024000 flags r-xs [0]
E/LD: region 7: va 0x0013f000 pa 0x00025000 size 0x10f000 flags rw-s [0]
E/LD: region 8: va 0x00266000 pa 0x00000000 size 0x003000 flags r-xs [1]
E/LD: region 9: va 0x00269000 pa 0x00002000 size 0x002000 flags rw-s [1]
E/LD: region 10: va 0x00300000 pa 0x40a67570 size 0x001000 flags rw-- (param)
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x0011b000
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x00266000
E/LD: Call stack:
E/LD: 0x00000000

Note: the crash is due to the fact that the compiler was configured for
-mthumb by default, whereas Arm's GCC 8.3 for instance defaults to
-marm. The compiler switches can be checked with:

$ echo 'void f() {};' | \
arm-linux-gnueabihf-gcc -frecord-gcc-switches -xc -c - -o test
$ readelf -p .GCC.command.line test

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-imx: add UART6 & 7 for i.MX6UL/L

The i.MX6UL/L variants contains additional UARTs which are not present
on the Cortex A9 variants. Add them to register file so they can be used
for new board de

plat-imx: add UART6 & 7 for i.MX6UL/L

The i.MX6UL/L variants contains additional UARTs which are not present
on the Cortex A9 variants. Add them to register file so they can be used
for new board definitions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadol

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: add rk3399 and px30 flavors

Add support for the both the 6-core rk3399 as well as the 4-core px30
Rockchip socs to be used as secure payload together with trusted firmware.

Signed-of

plat-rockchip: add rk3399 and px30 flavors

Add support for the both the 6-core rk3399 as well as the 4-core px30
Rockchip socs to be used as secure payload together with trusted firmware.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: use GENMASK instead of opencoding bitmask on rk322x platform

GENMASK is way better to describe a registers mask than 0xffff0000,
so switch to it for the existing rk322x platform code.

plat-rockchip: use GENMASK instead of opencoding bitmask on rk322x platform

GENMASK is way better to describe a registers mask than 0xffff0000,
so switch to it for the existing rk322x platform code.

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: split platform_init for ddr region protection

rk322x currently expects to be loaded from U-Boot-SPL directly and defines
one platform service to initialize security settings for its p

plat-rockchip: split platform_init for ddr region protection

rk322x currently expects to be loaded from U-Boot-SPL directly and defines
one platform service to initialize security settings for its purposes.

On all future platforms we will want to approach this differently in that
OP-TEE gets started out of Trusted Firmware which in turn already should
have done core security settings and inside OP-TEE we will only want to
protect OP-TEEs memory region against non-secure access.

So create a general service calling into a flavor-specific function to
protect the memory region but also leave rk322x its special init functon.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: cleanup build infrastructure to make room for more platforms

Most features used by rk322x really will be limited to it even in the
future as all other platforms will be a secure paylo

plat-rockchip: cleanup build infrastructure to make room for more platforms

Most features used by rk322x really will be limited to it even in the
future as all other platforms will be a secure payload together with
trusted firmware.

So clean up the make files accordingly.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...