plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge

plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.

The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))

The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partiti

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partition manifest and the SP binary are now stored at a 4k
aligned offset in the SP package. The main reasoning behind this is to
simplify the SP load process in other SPMC implementations (i.e.
Hafnium). OP-TEE already supports loading the manifest and the SP binary
from an arbitrary offset thus it is only necessary to allow the new
package version number on FIP SP load.

Link: [1] https://github.com/ARM-software/arm-trusted-firmware/commit/2e82874cc9b7922e000dd4d7718e3153e347b1d7
Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) an

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) and SCP firmware
SCMI library disabled (CFG_SCMI_SCPFW=n). The faulty fixed referenced
commit introduced this duplicated device memory registration when adding
support for SCP firmware SCMI library where this registration was added
in main.c but not removed from plat-stm32mp1/scmi-server.c.

Before this fix, the debug trace below was printed:
D/TC:0 add_phys_mem:649 Physical mem map overlaps 0x2ffff000

Fixes: 986fccc8150b ("plat-stm32mp1: support building with CFG_SCMI_SCPFW=y")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-cal

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-called product
configuration named "optee-fvp".

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg d

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg drivers and platform local scmi_server.c.

This change also default disables SCMI SiP SMC entries as the PTA is the
default SCMI commands entry point and ensures at least one of the SCMI
server implementation is default enabled, that is, if CFG_SCMI_SCPFW
is disabled then CFG_SCMI_MSG_DRIVERS is default enabled.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set
the SCP firmware target product with CFG_SCMI_SCPFW_PRODUCT and the
root path of the SCP-firmware source tree with CFG_SCP_FIRMWARE.

CFG_SCMI_SCPFW and CFG_SCMI_MSG_DRIVERS are exclusives alternate
implementations of SCMI services. The former implements almost all
the SCMI specification while the later implements only basic SCMI
services.

SCP-firmware is configured with CMake as an external project to
generate the embedded module resource source and header files to
be built with SCP-firmware.

This commit integrates the 2 SCP-firmware products designed for OP-TEE
in SCP-firmware source tree. Product optee-fvp targets platform vexpress
flavors FVP and Qemus. Product optee-stm32mp1 targets platform stm32mp1.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform confi

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform config.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms

STM32MP1x platforms now mandate an embedded device tree using
CFG_EMBED_DTB_SOURCE_FILE. This decision simplifies platform

plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms

STM32MP1x platforms now mandate an embedded device tree using
CFG_EMBED_DTB_SOURCE_FILE. This decision simplifies platform
configuration and complies with existing flavors that all define an
embedded DT. This change makes stm32mp157c-dk2.dts the default
embedded DTB when none is set.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: st,non-secure-otp-provisioning property

Implementation of a new "st,non-secure-provisioning-otp" property,
destined for non-secure OTP access with restrictions. At BSEC
initiali

drivers: stm32_bsec: st,non-secure-otp-provisioning property

Implementation of a new "st,non-secure-provisioning-otp" property,
destined for non-secure OTP access with restrictions. At BSEC
initialization, OTPs defined with this property will grant their access
to non-secure world only if the fuses are not permanently locked.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: move otp_stubs.c to core/kernel

otp_stubs.c is architecture-agnostic, therefore, move it
from core/arch/arm/kernel to core/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@

core: kernel: move otp_stubs.c to core/kernel

otp_stubs.c is architecture-agnostic, therefore, move it
from core/arch/arm/kernel to core/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: restore BSEC SIP services on STM32MP15

U-Boot and Linux kernel use BSEC OP-TEE services on STM32MP15 but do
not yet integrate BSEC PTA drivers for OTP accesses and still rely on
OP-TE

plat-stm32mp1: restore BSEC SIP services on STM32MP15

U-Boot and Linux kernel use BSEC OP-TEE services on STM32MP15 but do
not yet integrate BSEC PTA drivers for OTP accesses and still rely on
OP-TEE BSEC SMC SiP service. Therefore restore the service for STM32MP15
platform flavors. The service will be default disabled once U-Boot and
Linux kernel are ready.

Fixes: eab9487631cc ("plat-stm32mp1: deprecate BSEC SIP services")
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: delay: sort-out architecture-independant code from arch dir

This commit moves core/arch/arm/kernel/delay.c to core/kernel/delay.c.
Keeps architecture-dependant code in
core/arch/$ARCH/

core: kernel: delay: sort-out architecture-independant code from arch dir

This commit moves core/arch/arm/kernel/delay.c to core/kernel/delay.c.
Keeps architecture-dependant code in
core/arch/$ARCH/include/kernel/delay_arch.h and moves generic functions
to core/include/kernel/delay.h

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move tee_time.c and tee_time_ree.c to core/kernel

tee_time.c and tee_time_ree.c are architecture-independant code therefore
move them from core/arch/arm/kernel to core/kernel.

Signed-off-by:

core: move tee_time.c and tee_time_ree.c to core/kernel

tee_time.c and tee_time_ree.c are architecture-independant code therefore
move them from core/arch/arm/kernel to core/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_W

core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if C

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: remove stm32mp_is_closed_device()

Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().

S

plat-stm32mp1: remove stm32mp_is_closed_device()

Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: remove protection on debug configuration

Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSE

drivers: stm32_bsec: remove protection on debug configuration

Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSEC configuration registers.

CFG_STM32_BSEC_WRITE is now default enabled and not set to
CFG_TEE_CORE_DEBUG value.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: deprecate BSEC SIP services

As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.

It can be removed in few OP-TEE releases.

Signed-off-by: L

plat-stm32mp1: deprecate BSEC SIP services

As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.

It can be removed in few OP-TEE releases.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: stm32mp: enable BSEC PTA

Default enables the BSEC PTA for STM32MP15x and STM32MP13x.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.che

pta: stm32mp: enable BSEC PTA

Default enables the BSEC PTA for STM32MP15x and STM32MP13x.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: correct BSEC nodes compatible for stm32mp13

Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatibl

dts: stm32: correct BSEC nodes compatible for stm32mp13

Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatible = "st,stm32mp13-bsec".

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...