core: prng: Don't lock a mutex from rpc_cmd_nolock()

Avoids a recursive indirect call to rpc_cmd_nolock() from
plat_prng_add_jitter_entropy_norpc() by not calling
plat_prng_add_jitter_entropy_norpc(

core: prng: Don't lock a mutex from rpc_cmd_nolock()

Avoids a recursive indirect call to rpc_cmd_nolock() from
plat_prng_add_jitter_entropy_norpc() by not calling
plat_prng_add_jitter_entropy_norpc() for RPC related to mutex
wait/wakeup.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (HiKey)
Fixes: 82f97f19fe2d ("prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mutex: owner of lock in debug prints

Include the owner of the mutex in debug print issued when waiting for a
mutex.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by:

core: mutex: owner of lock in debug prints

Include the owner of the mutex in debug print issued when waiting for a
mutex.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_socket: bugfix: avoid use after free

Avoids use after free by retrieving the instance id when the session is
opened instead of retrieving it again each time it's needed.

Reviewed-by: Jero

core: pta_socket: bugfix: avoid use after free

Avoids use after free by retrieving the instance id when the session is
opened instead of retrieving it again each time it's needed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: sm: fix PSCI reset

PSCI reset entry must call psci_system_reset(), not
psci_system_off().

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.or

core: arm: sm: fix PSCI reset

PSCI reset entry must call psci_system_reset(), not
psci_system_off().

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: Rebase, reword commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: plat_prng_add_jitter_entropy() logging

Changes the DMSG() logging to FMSG() to avoid flooding the logs when
debug logs are enabled.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

core: plat_prng_add_jitter_entropy() logging

Changes the DMSG() logging to FMSG() to avoid flooding the logs when
debug logs are enabled.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: prng: Don't try to read REE time when it's not possible

The commit referenced below extends entropy gathering to two locations
where it is unfortunately not OK to invoke Normal World through R

core: prng: Don't try to read REE time when it's not possible

The commit referenced below extends entropy gathering to two locations
where it is unfortunately not OK to invoke Normal World through RPC:

1. tee_ltc_prng_init(), because at this point the RPC subsystem has not
yet been initialized,
2. rpc_cmd_nolock(), because doing so would cause recursion and would
be inefficient (doubling the number of RPC calls).

The problem is: if CFG_SECURE_TIME_SOURCE_REE=y and if the platform
does not override plat_prng_add_jitter_entropy(), the function will end
up calling the RPC service where it's not permitted and the TEE will
crash.

This commit introduces plat_prng_add_jitter_entropy_norpc() and
provides a default implementation which does nothing if the time source
is the REE, thus fixing the issue while still allowing platform code to
implement a specific behavior.

Fixes: 82f97f19fe2d ("prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC")
Reported-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

[Review] core: prng: Don't try to read REE time when it's not possible

Remove useless return.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: remove obsolete FS key manager tests

Removes the now obsolete FS key manager tests. The FS hash tree interface
has taken over much och the FS key manager tasks.

Acked-by: Jerome Forissier <je

core: remove obsolete FS key manager tests

Removes the now obsolete FS key manager tests. The FS hash tree interface
has taken over much och the FS key manager tasks.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix pseudo TA debug trace

"Static TA" was recently banned from OP-TEE since 42fb5b2e937d.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander

core: fix pseudo TA debug trace

"Static TA" was recently banned from OP-TEE since 42fb5b2e937d.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: change IDs ordering in 'enum buf_is_attr'

This change modifies the ordering of IDs in enumerated types
'enum teecore_memtypes' and 'enum buf_is_attr'. Prior this change,
some IDs reflecting eq

core: change IDs ordering in 'enum buf_is_attr'

This change modifies the ordering of IDs in enumerated types
'enum teecore_memtypes' and 'enum buf_is_attr'. Prior this change,
some IDs reflecting equivalent memory attributes/types used the
very same ID numerical values. Hence bad use of the IDs failed to be
detected during non-regression tests.

A better approach would be to rely on the source code compiler to
assert the use of the right enumerated types. But tests showed that
even recent gcc versions do not (yet) fully verify such usage.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix inconsistency in mobj and memory attributes handling

Memory attribute field 'battr' in struct mobj refer to memory
access right IDs defined by 'enum buf_is_attr'. However
mobj_phys_alloc()

core: fix inconsistency in mobj and memory attributes handling

Memory attribute field 'battr' in struct mobj refer to memory
access right IDs defined by 'enum buf_is_attr'. However
mobj_phys_alloc() used to call phys_to_virt() using this attribute
whereas phys_to_virt() expect a memory area identification ID from
enum teecore_memtypes.

This change fixes this issue and restricts mobj_phys_alloc() to
allocation of memory object in either core memory (CORE_MEM_TEE_RAM),
external secure memory (CORE_MEM_TA_RAM) and non secure shared memory
(CORE_MEM_NSEC_SHM).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Rename the secure and non-secure interrupts

Currently, the secure interrupts are named as FIQ and the non-secure
interrupts are named as IRQ.

In GICv3 mode, the FIQ and IRQ have different definitio

Rename the secure and non-secure interrupts

Currently, the secure interrupts are named as FIQ and the non-secure
interrupts are named as IRQ.

In GICv3 mode, the FIQ and IRQ have different definitions.
* Secure Group 0 interrupts:
Handled by EL3 and triggered by FIQ when running at Secure EL0/1.
* Secure Group 1 interrupts:
Handled by optee_os and triggered by IRQ when running at Secure EL0/1.
* Non-secure Group1 interrupts:
Handled by the rich os and triggered by FIQ when running at Secure
EL0/1.

The "Secure Group 1" interrupts are the "native" interrupts handled by
optee_os. They are same as the "secure" interrupts used in optee_os
for now. But they are triggered by FIQ in GICv2 mode while by IRQ in
GICv3 mode.

The "Secure Group 0" and "Non-secure Group1" interrupts are the
"foreign" interrupts that will cause the exiting of optee_os. (e.g.
switch back to normal world) The "Non-secure Group1" interrupts are
same as the "non-secure"interrupts used in optee_os for now. But they
are triggered by IRQ in GICv2 mode while by FIQ in GICv3 mode.

This patch renames these interrupts to the generic names - "Foreign
interrupts" and "Native interrupts".
For the support of GICv3 mode in the future, we can redefine the macros
of "native interrupt" and "foreign interrupt" to IRQ and FIQ.

Signed-off-by: David Wang <david.wang@arm.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)

show more ...

plat-ti: Add AM57xx platform flavor

The AM57xx flavor is based on DRA7xx except that it uses a
different UART port. Add this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jerome Fo

plat-ti: Add AM57xx platform flavor

The AM57xx flavor is based on DRA7xx except that it uses a
different UART port. Add this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform.

The file 'api_monitor_index.h' is synced to a an out-of-tree file and
so we should ignore formatting. Add this exeption to checkpatch.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Daniel Allred <d-allred@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: pl022: Allow platforms to register CS control function

If a CS callback function is registered, the system provided one
will not be used.

Signed-off-by: Victor Chong <victor.chong@linaro.o

drivers: pl022: Allow platforms to register CS control function

If a CS callback function is registered, the system provided one
will not be used.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: spi: Make configure, start and end functions generic

Move configure, start and end functions from IP specific files into
spi_ops in spi.h to allow platforms to call and control them via
the

drivers: spi: Make configure, start and end functions generic

Move configure, start and end functions from IP specific files into
spi_ops in spi.h to allow platforms to call and control them via
the generic framework.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: spi: simplify code

1. SPI mandates that sizes of transmitted and received packet are of same
size [1]. As discussed in [2], this means that *num_rxpkts != num_txpkts
is not a valid use case

drivers: spi: simplify code

1. SPI mandates that sizes of transmitted and received packet are of same
size [1]. As discussed in [2], this means that *num_rxpkts != num_txpkts
is not a valid use case so there's no need for both and we can just merge
them and use num_pkts.

2. Remove tx{8,16} and rx{8,16} only functions as these are not
commonly used. If necessary, users can call just txrx{8,16} with
rdat or wdat as NULL for tx{8,16} and rx{8,16} respectively as
replacements. E.g.:

tx8:
txrx8(chip, wdat, NULL, num_pkts);

rx16:
txrx16(chip, NULL, rdat, num_pkts);

3. Remove unnecessary or repetitive enums and headers and line feeds

[1] http://www.quanser.com/products/quarc/documentation/spi_protocol.html
[2] https://github.com/OP-TEE/optee_os/pull/1215

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

hikey: spi: configure chip select pin as spi instead of gpio

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Ca

hikey: spi: configure chip select pin as spi instead of gpio

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

hikey: spi_test: Reduce speed to 10KHz and add missing initializer

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etie

hikey: spi_test: Reduce speed to 10KHz and add missing initializer

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

CFG_CORE_TZSRAM_EMUL_SIZE increase to 360KiB

Without increasing CFG_CORE_TZSRAM_EMUL_SIZE, build fails on vexpress with
many options like this:

readelf: Warning: Corrupt ARM compact model table ent

CFG_CORE_TZSRAM_EMUL_SIZE increase to 360KiB

Without increasing CFG_CORE_TZSRAM_EMUL_SIZE, build fails on vexpress with
many options like this:

readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
arm-linux-gnueabihf-ld: OP-TEE can't fit init part into available
physical memory
make: *** [out/arm-plat-vexpress/core/tee.elf] Error 1

The command "$make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y
CFG_SQL_FS=y CFG_DT=y CFG_PS2MOUSE=y CFG_PL050=y CFG_PL111=y
CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_CORE_DEBUG=y DEBUG=1" exited with 2.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC

This patch adds the new platform jitter collection API to be called first
at PRNG init, and subsequently on every RPC.

Signe

prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC

This patch adds the new platform jitter collection API to be called first
at PRNG init, and subsequently on every RPC.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bit

prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bits of entropy from the current time
expressed in 64 bits in ms each time. Most of this was in fact zeros or
unchanging for >256s. If you call it twice with 1ms, it actually
provides 0 bits of entropy.

The replacement scheme aims to get 2 bits of entropy from the counter,
which typically operates faster than 1MHz, greater than a thousand times
more precision than the old way, each time.

For backwards compatibility, the old scheme is retained as the default
or arches or platforms that did not provide an override to collect
jitter in a better way.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601
0xeaff3fdd7edb5dcc

things like eMMC async init from power up, interrupt jitter, branch
prediction misses, peripheral async clock drift, cache fill delays,
and so on accumulate in the counter at better than us resolution,
and make the exact count we reach the dump point differ, even in a
supposedly deterministic boot flow.

There appear to be ~12 bits of real entropy in the initial jitter, by
the time of the sample point which was at OP-TEE entry from a-t-f.

A new general jitter harvesting API is introduced
plat_prng_add_jitter_entropy(). The first time it is called on
PRNG init, 16 bits of CNTPCT are used as seed entropy. Thereafter
only the two LSB of CNTPCT are harvested each time, being provided
as entropy to the PRNG every time it reaches 8 bits.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-ti: Enable GIC driver support for DRA7xx

The DRA7xx platform contains a standard GICv2. Enable this driver.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklan

plat-ti: Enable GIC driver support for DRA7xx

The DRA7xx platform contains a standard GICv2. Enable this driver.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix traces in selftest pseudo TA

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissi

core: fix traces in selftest pseudo TA

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...