core: imx: set CFG_INSECURE as y by default

The default value CFG_INSECURE ?= y is assigned in mk/config.mk.
But mk/config.mk is included after $(platform-dir)/conf.mk from
core/core.mk.
Since we ar

core: imx: set CFG_INSECURE as y by default

The default value CFG_INSECURE ?= y is assigned in mk/config.mk.
But mk/config.mk is included after $(platform-dir)/conf.mk from
core/core.mk.
Since we are making decision based on CFG_INSECURE in this file
so we need to set it early here also.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-d06: fix d06 platform bug

Delete unnecessary configuration information to prevent the failure of
correct value assignment.

Fixes: 4237855ad63e ("plat-d06: Add support for HIP08A")
Signed-off-b

plat-d06: fix d06 platform bug

Delete unnecessary configuration information to prevent the failure of
correct value assignment.

Fixes: 4237855ad63e ("plat-d06: Add support for HIP08A")
Signed-off-by: zhaozheng7 <zhaozheng96@outlook.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-qcom: Enable support for ARMv8 CE by default

Qcom platforms support ARMv8 Crypto Extensions (CE), so let's enable
it by default to optimize the crypto operations.

Reviewed-by: Jorge Ramirez-Or

plat-qcom: Enable support for ARMv8 CE by default

Qcom platforms support ARMv8 Crypto Extensions (CE), so let's enable
it by default to optimize the crypto operations.

Reviewed-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

plat-rockchip: increase FDT max size to 384KiB on all Aarch64 supported SoCs

Increase the maximum size of the FDT to 384KiB in sync with Trusted
Firmware-A since TF-A v2.13[1] (May 2025). This limit

plat-rockchip: increase FDT max size to 384KiB on all Aarch64 supported SoCs

Increase the maximum size of the FDT to 384KiB in sync with Trusted
Firmware-A since TF-A v2.13[1] (May 2025). This limit is applicable to
all Rockchip SoCs supported by TF-A.

Prior to that commit in TF-A, we had 0x20000 (double the default of the
current OP-TEE OS default) since v2.4[2] (Nov 2020).

This allows us to pass and parse the FDT within OP-TEE as the default
64KiB really isn't enough nowadays (especially if one takes into account
FDT with symbols enabled for FDTO support), otherwise OP-TEE OS panics
at:
E/TC:0 init_external_dt:827 Invalid Device Tree at 0x8a2690: error -3

We currently only allocate 2MiB for TZDRAM on rk322x (as opposed to
32MiB on other Rockchip SoCs; see CFG_TZDRAM_SIZE), so increasing the
FDT buffer size from 64KiB to 384KiB may not be the best idea,
especially considering I couldn't find someone with a device based on
rk322x to test this commit. Additionally, the sizes of the two FDTs for
RK322x boards in the upstream Linux kernel built with symbols enabled
(DTC_FLAGS=-@) only is almost 33KiB. In U-Boot, the FDT for the only
supported board compiles to less than 28KiB for U-Boot proper's and a
tiny bit above 2KiB for SPL's. Thus, there is no hurry to increase the
FDT buffer size on rk322x, especially without being able to test, so
leave rk322x FDT buffer at 64KiB for now.

This fixes OP-TEE OS panics on PX30 and RK3399.

Link: https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/ab99dce4b7c8473d5bcb8c833bd410ab87b1e801%5E%21/ [1]
Link: https://review.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/8109f738ffa79a63735cba29da26e7c2859977b5%5E%21/ [2]

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...

plat-d06: Add support for HIP08A

HIP08A is another form of the D06 development board and equipped by
Hisilicon.

Signed-off-by: zhaozheng7 <zhaozheng96@outlook.com>
Reviewed-by: Yuan Wang <wangyuan4

plat-d06: Add support for HIP08A

HIP08A is another form of the D06 development board and equipped by
Hisilicon.

Signed-off-by: zhaozheng7 <zhaozheng96@outlook.com>
Reviewed-by: Yuan Wang <wangyuan46@huawei.com>
Acked-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: stmm: Cleanup unused defines

commit aa6d7fc392b7 ("core: applies FF-A v1.2 features on StandaloneMm")
removed some MM code in favor of FF-A. However, some of the header
files were left untouch

core: stmm: Cleanup unused defines

commit aa6d7fc392b7 ("core: applies FF-A v1.2 features on StandaloneMm")
removed some MM code in favor of FF-A. However, some of the header
files were left untouched. Clean them up

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

show more ...

libutils: asan: skip global unpoison for bget-backed globals

Track ASan user-region type at map time and mark bget pool backing ranges
as ASAN_REG_MEM_POOL.

Global registration currently unpoisons

libutils: asan: skip global unpoison for bget-backed globals

Track ASan user-region type at map time and mark bget pool backing ranges
as ASAN_REG_MEM_POOL.

Global registration currently unpoisons globals via asan_tag_access().
For globals used as bget pool backing storage, this overwrites the initial
pool shadow state (ASAN_HEAP_RED_ZONE, heap-free) and breaks expected
allocator poisoning semantics.

Skip global unpoison for globals that contain a memory-pool backing range,
while keeping normal redzone handling for those globals. Update ASan
mapping call sites to pass region type (STACK, ELF, MEM_POOL, NO_TYPE).

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

asan: support trusted applications

Add CFG_TA_SANITIZE_KADDRESS and enable -fsanitize=kernel-address for TAs.
Extend ASan to map shadow regions in user space. Shadow memory for trusted
applications

asan: support trusted applications

Add CFG_TA_SANITIZE_KADDRESS and enable -fsanitize=kernel-address for TAs.
Extend ASan to map shadow regions in user space. Shadow memory for trusted
applications is now mapped during ldelf loading. CFG_TA_SANITIZE_KADDRESS
acts as a global flag and propagates to all internal and external TAs.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

asan: add ldelf support and user shadow mapping infrastructure

This commit enables ASan support in ldelf and introduces infrastructure
for mapping ASan shadow regions in user space. With these chang

asan: add ldelf support and user shadow mapping infrastructure

This commit enables ASan support in ldelf and introduces infrastructure
for mapping ASan shadow regions in user space. With these changes,
ASan built with CFG_CORE_SANITIZE_KADDRESS is no longer limited to
the core and can also operate in ldelf.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asan: support multiple shadow regions

Replace the single shadow range with a list of shadowed virtual regions.
Access validation is performed per-region: an access is considered inside
sha

libutils: asan: support multiple shadow regions

Replace the single shadow range with a list of shadowed virtual regions.
Access validation is performed per-region: an access is considered inside
shadow memory only if it is fully contained within a single registered
region. The access is considered out of shadow memory if it does not
intersect any registered shadow region.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: move ASan runtime and tests from core to libutils

This patch relocates the ASan runtime and its self-tests from the core
to libutils/ext. While ASan is still only enabled for the TEE core,

libutils: move ASan runtime and tests from core to libutils

This patch relocates the ASan runtime and its self-tests from the core
to libutils/ext. While ASan is still only enabled for the TEE core, this
refactoring removes core-specific placement and makes the code
available to other components.

The main benefit is that ASan support and the test helpers can now be
potentially reused by ldelf and TAs in the future, instead of being
tied to the core build. The existing ASan core behaviour is unchanged.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: fix mx8mpevk optee memory layout

Mostly all i.MX OP-TEE platforms place OP-TEE at the end of the
available memory. Since the i.MX8MP-EVK has 6GiB RAM we need to set
CFG_LPAE_ADDR_SPACE_BI

core: imx: fix mx8mpevk optee memory layout

Mostly all i.MX OP-TEE platforms place OP-TEE at the end of the
available memory. Since the i.MX8MP-EVK has 6GiB RAM we need to set
CFG_LPAE_ADDR_SPACE_BITS accordingly else OP-TEE uses 32-bit and can't
access the memory above.

The fix uses the same amount of bits as used for CFG_CORE_ARM64_PA_BITS.

Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

core: imx: relax CFG_DDR_SIZE decision

The overall NS DRAM size can be passed via DT if CFG_EXTERNAL_DT is
enabled. So don't throw an error in case no size was specified.

Reviewed-by: Sahil Malhotr

core: imx: relax CFG_DDR_SIZE decision

The overall NS DRAM size can be passed via DT if CFG_EXTERNAL_DT is
enabled. So don't throw an error in case no size was specified.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: document reconfiguration requirements

Document why the reconfiguration is required.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@

drivers: imx: tzc380: document reconfiguration requirements

Document why the reconfiguration is required.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add support to discover nsec_dram dynamically

Convert the driver to use the new core_mmu_for_each_nsec_ddr() to allow
dynamic configurations of the NS DRAM region(s). The DRAM

drivers: imx: tzc380: add support to discover nsec_dram dynamically

Convert the driver to use the new core_mmu_for_each_nsec_ddr() to allow
dynamic configurations of the NS DRAM region(s). The DRAM configuration
parsed by the OP-TEE core is either based on:
- manifest-dt
- external-dt
- internal/embedded-dt
- builtin compile-time defines

This logic allows the imx-tzc380 driver to use the runtime information
provided by an external DT. The compile-time builtin defines are used if
no external DT is found or the external DT doesn't contain any memory
information.

For plat-imx this mapps to register_ddr(CFG_DRAM_BASE, CFG_DDR_SIZE),
which is equivalent to
imx_tzc_auto_configure(CFG_DRAM_BASE, CFG_DDR_SIZE, TZC_ATTR_SP_NS_RW).

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: refactor region number handling

Move the region number handling into imx_tzc_auto_configure(), to make
it possible to call the helper without ext. required context.

This is re

drivers: imx: tzc380: refactor region number handling

Move the region number handling into imx_tzc_auto_configure(), to make
it possible to call the helper without ext. required context.

This is required for the upcoming dynamic ddr size configuration.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add support to check TZASC enable state

If OP-TEE is used the TZASC should be enabled to validate the memory
access. This adds the initial support for the i.MX6 and i.MX8M to c

drivers: imx: tzc380: add support to check TZASC enable state

If OP-TEE is used the TZASC should be enabled to validate the memory
access. This adds the initial support for the i.MX6 and i.MX8M to check
if the TZASC is enabled and throw a panic if not.

Once all platforms are covered this CFG_TZASC_CHECK_ENABLED should be
removed and the check should be done by default to enforce that the
TZASC is running.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add support to verify region0

There are platforms where memory aliasing can't be prevented, e.g. the
i.MX8M. If the previous running firmware configured region0, which
covers t

drivers: imx: tzc380: add support to verify region0

There are platforms where memory aliasing can't be prevented, e.g. the
i.MX8M. If the previous running firmware configured region0, which
covers the whole AXI address space, to be accessible from secure and
non-secure world the OP-TEE core memory would be accessible via memory
aliasing.

To prevent such attacks we need to ensure that region0 is accessible
from the secure world only.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add CFG_MX6QP TZASC2 configuration

The i.MX6DP/QP SoCs have a 2nd memory controller as well which must be
configured.

This commit covers only the i.MX6QP because there is no i

drivers: imx: tzc380: add CFG_MX6QP TZASC2 configuration

The i.MX6DP/QP SoCs have a 2nd memory controller as well which must be
configured.

This commit covers only the i.MX6QP because there is no i.MX6DP OP-TEE
platform yet.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Aksha

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services for user
applications, extending beyond accelerator-centric tasks.
Its firmware also exposes several software-based cryptographic
primitives, including:
- Key transfer
- RSA authentication (multiple padding schemes)
- HMAC
- Key Derivation Function (KDF)
- Key wrap / unwrap

Co-developed-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Increase mailbox timeout to 1000ms

Mailbox driver waits for 10ms to get a response from TIFS, before
flagging the transaction a failure. 10ms seems to be right at the edge,
since u

plat-k3: drivers: Increase mailbox timeout to 1000ms

Mailbox driver waits for 10ms to get a response from TIFS, before
flagging the transaction a failure. 10ms seems to be right at the edge,
since unrelated updates to other components in the boot chain are
causing the actual wait time to increase. Therefore increase the timeout
to 1000ms.

1000ms is chosen to keep uniformity with the mailbox driver in TF-A.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

plat-rockchip: px30: set CFG_CRYPTO_WITH_CE ?= y

Similarly to what's been done to RK3399 in commit 3ab148c8f4a0
("plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y"), we can enable
the Arm Cryptogr

plat-rockchip: px30: set CFG_CRYPTO_WITH_CE ?= y

Similarly to what's been done to RK3399 in commit 3ab148c8f4a0
("plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y"), we can enable
the Arm Cryptography Extensions by default for PX30 as Rockchip claims
they are supported in the datasheet[1].

Tested with:

xtest --aes-perf -m XTS -s 1000000 -n 1000

Before:
min=88574.2us max=91273us mean=88942.8us stddev=234.498us (cv 0.26365%) (10.7223MiB/s)

After:
min=3297.58us max=3655.75us mean=3464.66us stddev=59.7159us (cv 1.72357%) (275.258MiB/s)

Link: https://opensource.rock-chips.com/images/8/87/Rockchip_PX30_Datasheet_V1.4-20191227.pdf [1]
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...

core: arm: link.mk: Fix typo for python command line

Fix typo for python command line
$(q)scripts/gen_tee_bin.py => $(q)$(PYTHON3) scripts/gen_tee_bin.py

Signed-off-by: guan-gm.lin <guan-gm.lin@med

core: arm: link.mk: Fix typo for python command line

Fix typo for python command line
$(q)scripts/gen_tee_bin.py => $(q)$(PYTHON3) scripts/gen_tee_bin.py

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something al

plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something always work possibly without console output (e.g.
if no FDT is passed to OP-TEE OS) than crashing without information.

The user can still enable the console if they want to for debugging
sessions.

This fixes OP-TEE OS crashing on RK3399 Puma which uses UART0 instead of
default UART2.

I've tested on PX30 and RK3588 by specifying a UART controller different
from the one that can be used by the device.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...