dts: stm32: declare RIFSC as an access-controller on stm32mp2 platforms

RIFSC is a firewall controller. Add the access-controllers property to
all RIFSC sub-nodes. Also add the "simple-bus" compatib

dts: stm32: declare RIFSC as an access-controller on stm32mp2 platforms

RIFSC is a firewall controller. Add the access-controllers property to
all RIFSC sub-nodes. Also add the "simple-bus" compatible for backward
compatibility and "#access-controllers-cells" to the RIFSC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAF support for the stm32mp257f-ev1 platform

Enable RISAF2/5 instances for this board that embeds PCIE ports and
some storage peripherals. Define a memory mapping and the RIF
confi

dts: stm32: add RISAF support for the stm32mp257f-ev1 platform

Enable RISAF2/5 instances for this board that embeds PCIE ports and
some storage peripherals. Define a memory mapping and the RIF
configuration of each memory region. Reorganize includes at board level
to avoid some build issues.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable RISAF on stm32mp2 platforms

Default enable RISAF on stm32mp2 platforms to apply the device tree
RIF configuration on enabled RISAF instances.

Signed-off-by: Gatien Che

plat-stm32mp2: default enable RISAF on stm32mp2 platforms

Default enable RISAF on stm32mp2 platforms to apply the device tree
RIF configuration on enabled RISAF instances.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAF nodes in the stm32mp251 SoC DT file

Add the RISAF1/2/4/5 nodes in the stm32mp251 SoC DT file. Default enable
RISAF4 that protects the DDR and the RISAF1 that protects the backu

dts: stm32: add RISAF nodes in the stm32mp251 SoC DT file

Add the RISAF1/2/4/5 nodes in the stm32mp251 SoC DT file. Default enable
RISAF4 that protects the DDR and the RISAF1 that protects the backup
RAM (BKPSRAM). Other RISAF instances should be enabled at board level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: add RISAF4 base address in platform config helper

Add RISAF4 base address in platform configuration helper.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-

plat-stm32mp2: add RISAF4 base address in platform config helper

Add RISAF4 base address in platform configuration helper.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32_gpio: add GPIO banks RIF configurations for stm32mp257f-ev1

Add initial RIF GPIO configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

dts: stm32_gpio: add GPIO banks RIF configurations for stm32mp257f-ev1

Add initial RIF GPIO configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add console support on USART2 for stm32mp257f-ev1

Populate USART2 node and enable console support on USART2 on
stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier

dts: stm32: add console support on USART2 for stm32mp257f-ev1

Populate USART2 node and enable console support on USART2 on
stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: plat-corstone1000: Increase TZDRAM size

Increased TZDRAM size using space.

NS_SHARED_RAM region is not used by Corstone1000 platform. It is
removed to create more space in secure RAM for BL32

core: plat-corstone1000: Increase TZDRAM size

Increased TZDRAM size using space.

NS_SHARED_RAM region is not used by Corstone1000 platform. It is
removed to create more space in secure RAM for BL32 image.
Thus, there is more space in the secure RAM that can be used by OP-TEE.

Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mm: core_mmu: add core_mmu_user_va_range_is_defined() for RISC-V

The function hasn't been implemented for RISC-V, so move the
core_mmu_user_va_range_is_defined() definition to generic
core_mmu

core: mm: core_mmu: add core_mmu_user_va_range_is_defined() for RISC-V

The function hasn't been implemented for RISC-V, so move the
core_mmu_user_va_range_is_defined() definition to generic
core_mmu.h and function implementations to arch-specific files.

Also, update the assertions where checks if user va range is defined.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routi

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routing it must know in advance that OP-TEE supports it.
By masking the capability the kernel will route all RPMB commands to
tee-supplicant.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTE

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTEE_RPC_CMD_RPMB_FRAMES.

OPTEE_RPC_CMD_RPMB_PROBE_RESET resets probing to a well known state and
returns the shared memory type needed when allocating shared memory for
communication with later RPMB functions.

OPTEE_RPC_CMD_RPMB_PROBE_NEXT selects the next RPMB device and returns
its device information. Later calls to OPTEE_RPC_CMD_RPMB will use this
selected device.

OPTEE_RPC_CMD_RPMB_FRAMES sends the raw RPMB frames to normal world for
further routing to the RPMB device.

tee_rpmb_reinit() is added to allow re-initializing the RPMB FS if a
boot stage has used RPMB.

Backwards compatibility is maintained by falling back to the old type of
initialization if OPTEE_RPC_CMD_RPMB_PROBE_RESET returns
TEE_ERROR_NOT_SUPPORTED.

Whether RPMB devices are probed by the kernel or tee-supplicant is
decided by the kernel driver where the shared memory type returned by
OPTEE_RPC_CMD_RPMB_PROBE_RESET plays a vital role.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in c

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in core/kernel/thread.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wikland

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layou

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layout each time.

CFG_CORE_ASLR_SEED requires CFG_INSECURE=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can de

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can detect if the required protection is not available.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etien

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Et

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries trie

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to get
random_stack_canaries which requires the TRNG driver to be setup. Since
it was being setup as part of driver_init, it lead to crash on K3
platforms.

Change driver_init to service_init_crypto which is meant to be used for
initialization of crypto operations. Also, for the TISCI services to be
available before service_init_crypto, change init_ti_sci invocation to
early_init_late.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on su

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on such event is platform-specific. Therefore, its definition must be
done at platform level.

Also add CFG_STM32_PANIC_ON_IAC_EVENT and CFG_STM32_PANIC_ON_SERC_EVENT
to choose if the platform should panic upon receiving an IAC or a
SERC event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatie

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...