core: pseudo_ta: Pass null memref as valid param

GlobalPlatform spec allows null memory reference parameters as valid.
So update copy_in_params for pseudo_ta accordingly.

Also add check for mobj pt

core: pseudo_ta: Pass null memref as valid param

GlobalPlatform spec allows null memory reference parameters as valid.
So update copy_in_params for pseudo_ta accordingly.

Also add check for mobj ptr being NULL before dereference as it causes
a data abort in case REE has passed NULL buffer ptr with size > 0 as
memref param.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix thread_excp_vect_end and literal pool

The two symbols thread_excp_vect and thread_excp_vect_end are used to
mark the part of the privileged code that still to be mapped in order to
transit

core: fix thread_excp_vect_end and literal pool

The two symbols thread_excp_vect and thread_excp_vect_end are used to
mark the part of the privileged code that still to be mapped in order to
transition between user mode and privileged mode when compiled with
CFG_CORE_UNMAP_CORE_AT_EL0=y.

Prior to this patch it was assumed that thread_excp_vect_end would mark
the end of the thread_excp_vect() assembly function including literals
emitted by the assembler. This assumption was wrong and an extra .pool
directive is added before the thread_excp_vect_end to guarantee that all
literals will be included in the section starting with thread_excp_vect
and ending with thread_excp_vect_end.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Reported-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: imx: add iMX7D PICO MBL board definition

This patch adds an OP-TEE port for the i.MX7D PICO for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {popul

arm: imx: add iMX7D PICO MBL board definition

This patch adds an OP-TEE port for the i.MX7D PICO for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {populates DTB overlay}
u-boot -> FIT {DTB, Kernel, initramfs}
Merges DTB and OPTEE DTB-overlay
Linux

CFG_NS_ENTRY_ADDR = 0x87800000 is the entry point of u-boot
CFG_DT_OVERLAY = y adds DTB overlay fragments to the passed DTB

make PLATFORM=mx7dpico_mbl

Signed-off-by: Jun Nie <jun.nie@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: benchmark: drop reference on freed memory

Add missing reset of the benchmark buffer mobj reference when
it is freed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by:

core: benchmark: drop reference on freed memory

Add missing reset of the benchmark buffer mobj reference when
it is freed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

synquacer: rng-pta: Add rng info invoke command

Add rng info invoke command to provide information like rng data-rate
and quality/entropy of output rng data.

Signed-off-by: Sumit Garg <sumit.garg@l

synquacer: rng-pta: Add rng info invoke command

Add rng info invoke command to provide information like rng data-rate
and quality/entropy of output rng data.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: psci: switch secondary boot cpu offline

Secondary boot core can be switched OFF from a functional view by
being reset. To get the core back on line, it shall be woken through
catching secu

stm32mp1: psci: switch secondary boot cpu offline

Secondary boot core can be switched OFF from a functional view by
being reset. To get the core back on line, it shall be woken through
catching secure SGI0 interrupt then proceeding to same sequence as
when getting the core online from a cold reset.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: stm32mp_bkpreg() returns the backup register address

Rename bckreg_address() into stm32mp_bkpreg()to get the address of the
32bit backup register specified by ID defined in boot_api.h.

Si

stm32mp1: stm32mp_bkpreg() returns the backup register address

Rename bckreg_address() into stm32mp_bkpreg()to get the address of the
32bit backup register specified by ID defined in boot_api.h.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: psci: implement affinity_info

This change implements PSCI_AFFINITY_INFO for platform stm32mp1.
The cores state are saved in a local array and accessed with SMP
locking protection. Note the

stm32mp1: psci: implement affinity_info

This change implements PSCI_AFFINITY_INFO for platform stm32mp1.
The cores state are saved in a local array and accessed with SMP
locking protection. Note these do not lock/unlock if executed with
the MMU disabled.

CPU shall call stm32mp_register_online_cpu() when online in the
secure world. GIC CPU interface initialization is used to register
online primary and secondary boot cores.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: internal change for GIC support

This change exports GIC CPU interfaces base address to the platform.

This change is needed by a later change where the platform needs
to specific GIC suppo

stm32mp1: internal change for GIC support

This change exports GIC CPU interfaces base address to the platform.

This change is needed by a later change where the platform needs
to specific GIC support not available through the GIC driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: RCC support

RCC if the SoC interface for clocks, reset and some low power features.
The drivers is very specific to the platform stm32mp1 hence located
next to the platform specific source

stm32mp1: RCC support

RCC if the SoC interface for clocks, reset and some low power features.
The drivers is very specific to the platform stm32mp1 hence located
next to the platform specific source files.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: move PSCI in pm/psci.c

Source file pm/psci.c will soon hold several PSCI functions and sequences.
Move now the existing PSCI_CPU_ON support to pm/psci.c.

Signed-off-by: Etienne Carriere <

stm32mp1: move PSCI in pm/psci.c

Source file pm/psci.c will soon hold several PSCI functions and sequences.
Move now the existing PSCI_CPU_ON support to pm/psci.c.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move io_pa_va support out of serial drivers

io_pa_or_va() is generic enough to be useful for non serial driver
matters. Move it to core_mem_prot.h.

Signed-off-by: Etienne Carriere <etienne.ca

core: move io_pa_va support out of serial drivers

io_pa_or_va() is generic enough to be useful for non serial driver
matters. Move it to core_mem_prot.h.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: timeout detection support

Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.

timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided micr

core: timeout detection support

Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.

timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided microsecond delay value from current time.

timeout_elapsed(reference) return true/false whether the reference
timeout is elapsed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Introduce CFG_USER_TA_TARGETS to select user mode architecture(s)

This change introduces CFG_USER_TA_TARGETS to allow the configuration
directives to select the architectures for which userspace TA

Introduce CFG_USER_TA_TARGETS to select user mode architecture(s)

This change introduces CFG_USER_TA_TARGETS to allow the configuration
directives to select the architectures for which userspace TA and TA
libraries shall be built. The only use case for the moment is to be able
to build only 32 or 64-bit libraries and TAs when the platform would
otherwise support both 32 and 64-bit. See the example below.

If CFG_USER_TA_TARGETS is undefined or empty, all the architectures
supported by the platform are built.

If CFG_USER_TA_TARGETS contains an unsupported value, the build will
report an error.

Examples:

$ make PLATFORM=hikey CFG_ARM64_core=y
# Builds both 32 and 64-bit userspace
$ make PLATFORM=hikey CFG_ARM64_core=y \
CFG_USER_TA_TARGETS="ta_arm32 ta_arm64"
# Same as above
$ make PLATFORM=hikey CFG_ARM64_core=y CFG_USER_TA_TARGETS=ta_arm32
# Builds only 32-bit userspace

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Platforms set supported TA targets as $(supported-ta-targets)

Rename $(ta-targets) to $(supported-ta-targets) in the platform
configuration files, in preparation for the next patch.

Suggested-by: J

Platforms set supported TA targets as $(supported-ta-targets)

Rename $(ta-targets) to $(supported-ta-targets) in the platform
configuration files, in preparation for the next patch.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Factor out ta-targets from platform config

Platforms use the same basic pattern again and again:

ta-targets = ta_arm32
ifeq ($(CFG_ARM64_core),y)
ta-targets += ta_arm64
endif

Let's move this p

Factor out ta-targets from platform config

Platforms use the same basic pattern again and again:

ta-targets = ta_arm32
ifeq ($(CFG_ARM64_core),y)
ta-targets += ta_arm64
endif

Let's move this pattern to core/arch/arm/arm.mk, make it the default, and
cleanup the platform configuration files.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

synquacer: Add RNG pseudo TA

This platform provides 7 on-chip thermal sensors accessible from secure
world only. So, using thermal noise from these sensors we have tried to
create an entropy source

synquacer: Add RNG pseudo TA

This platform provides 7 on-chip thermal sensors accessible from secure
world only. So, using thermal noise from these sensors we have tried to
create an entropy source as a pseudo TA.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

synquacer: Enable secure timer interrupt framework

Currently there is no means to perform background housekeeping in
secure world on Synquacer platforms. Use an (optional) periodic
timer to allow an

synquacer: Enable secure timer interrupt framework

Currently there is no means to perform background housekeeping in
secure world on Synquacer platforms. Use an (optional) periodic
timer to allow any housekeeping to be performed.

Although it could be expanded, at present the code is fairly simple
because we expect only a single PTA to exploit the timer interrupt.
The secure timer interrupt is configured to fire every 2ms.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: arm64: Add Secure EL1 physical timer framework

As an implementation of generic timer, arm64 platforms provides secure
EL1 physical timer. So enable corresponding framework. For more
informatio

core: arm64: Add Secure EL1 physical timer framework

As an implementation of generic timer, arm64 platforms provides secure
EL1 physical timer. So enable corresponding framework. For more
information refer to section: D6.1.5 Timers - ARMv8-A RM.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {po

arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {populates DTB overlay}
u-boot -> FIT {DTB, Kernel, initramfs}
Merges DTB and OPTEE DTB-overlay
Linux

The current warp7 port looks like
BootROM -> u-boot
u-boot -> Load {Kernel, OPTEE, DTB}
OPTEE
Linux

In order to support the ATF bootflow a new port of OP-TEE with slightly
tweaked parameters is added here.

CFG_NS_ENTRY_ADDR = 0x87800000 is the entry point of u-boot
CFG_DT_OVERLAY = y adds DTB overlay fragments to the passed DTB

make PLATFORM=imx-mx7swarp7_mbl

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't corrupted always save the
entire register file before modifying it. This is now the same behavior
on both ARMv8-A and ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disable

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disabled, is_unpaged() always returns true.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has b

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has been switched to
use SP_EL1. At this point, a synchronous exception would take the CPU to
the 0x200 offset in the exception vector, which corresponds to
[workaround_]el1_sync_sp1 and is an error-catching infinite loop. This
explains the behavior described in [1].

Add the requisite KEEP_PAGER so that the function is kept in the unpaged
area.

Fixes: [1] https://github.com/OP-TEE/optee_os/issues/2684
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even wo

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even working right now. Therefore, remove it.

- The reserved syscalls are still present, but return
TEE_ERROR_NOT_SUPPORTED
- The TEE_SE* functions (GlobalPlatform TEE Secure Element API,
GPD_SPE_024) are removed from libutee.a and the header file
tee_internal_se_api.h is removed as well

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...