drivers: stm32_bsec: update for stm32mp13

Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.

Signed-off-by: Patrick Delaunay <patrick.delaunay@fos

drivers: stm32_bsec: update for stm32mp13

Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: add new generic interfaces

Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the

drivers: stm32_bsec: add new generic interfaces

Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the driver to enforce security when
trying to access a fuse.

It is a preliminary step for BSEC PTA introduction.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: fix reg address for secure PIO

The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.

Signed-off-by: Clément Léger <clement.leger@bootlin.c

dts: at91: fix reg address for secure PIO

The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set rstc, shdwc and rtc as secure

Set reset, shutdown and RTC controllers as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carri

dts: sama5d2: set rstc, shdwc and rtc as secure

Set reset, shutdown and RTC controllers as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set sckc as secure

The slow clock controller is not used anymore by Linux, set it as
secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etien

dts: sama5d2: set sckc as secure

The slow clock controller is not used anymore by Linux, set it as
secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set pmc as secure

The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.

Signed-off-by: Clément Léger <clement.leger

dts: sama5d2: set pmc as secure

The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set sfr as secure only

Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.

dts: sama5d2: set sfr as secure only

Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device unique
signatures per die. One signature is used for the key encryption key
(KEK) and one signature is used as an unique identification value.

The Unique ID is fully accessible and its value can be cleared
(hidden) and regenerated.

The KEK is never accessible and only usable from the AES-GCM engine.

https://github.com/Xilinx/embeddedsw

[1] TRM: https://docs.xilinx.com/r/en-US/am011-versal-acap-trm

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
A

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-b

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.s

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: J

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(),
have_rx_data() and getchar()) by adding comments to the struct and
making sure the code checks the pointer before using them.

With this it should be clear that drivers do not need to provide
stub functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
-

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
- The SFP driver should be able to:
- Read the entire SFP.
- Read the debug level.
- Read the Intent to Secure (ITS) and Secure Boot (SB) flags.
- Read individual OEM Unique Scratch Pad Fuse (OUID) registers.
- Read individual Super Root Key Hash (SRKH) registers.
- Set the debug level.
- Set the device to permanently program the fuse block by
setting the ITS and SB flags.
- Set individual OUID registers.
- Get the status of the SFP driver itself.
- Update fsl-lx2160a device tree with sfp and gpio nodes.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add support for compiler stack protector

This change add support for CFG_CORE_STACK_PROTECTOR{,_STRONG,_ALL}
and CFG_TA_STACK_PROTECTOR{,_STRONG,_ALL}. This flag enable the
compiler stack overflow p

Add support for compiler stack protector

This change add support for CFG_CORE_STACK_PROTECTOR{,_STRONG,_ALL}
and CFG_TA_STACK_PROTECTOR{,_STRONG,_ALL}. This flag enable the
compiler stack overflow protection feature -fstack-protector* and
also generate random stack canary value on kernel boot and TA entry.

Weak function plat_get_random_stack_canary() can be override by
platform to provide random stack canary value for the core kernel.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: reorder node in ST stm32mp15 board DTS files

Fixes node ordering in stm32mp15 DTS files where nodes shall be listed
in the alphabetical order of the node phandle labels.

Acked-by: Jerom

dts: stm32: reorder node in ST stm32mp15 board DTS files

Fixes node ordering in stm32mp15 DTS files where nodes shall be listed
in the alphabetical order of the node phandle labels.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: sync GPIO-z node name with linux stm32mp151.dtsi

Upgrades pinctrl-z DTS node name to Linux v5.19 stm32mp151.dtsi file.
This change updates a related platform function that was based on t

dts: stm32: sync GPIO-z node name with linux stm32mp151.dtsi

Upgrades pinctrl-z DTS node name to Linux v5.19 stm32mp151.dtsi file.
This change updates a related platform function that was based on the
old node string name. It is changed to look for target compatible node
instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: disable unused nodes in ST stm32mp15 boards DTS files

Disables nodes not consumed by OP-TEE for ST boards based on stm32mp15
devices.

Acked-by: Jerome Forissier <jerome.forissier@linaro

dts: stm32: disable unused nodes in ST stm32mp15 boards DTS files

Disables nodes not consumed by OP-TEE for ST boards based on stm32mp15
devices.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: remove commented out GPIO properties in stm32mp157c-ev1

Deletes DTS file lines related to DT node properties not embedded in
OP-TEE.

Acked-by: Jerome Forissier <jerome.forissier@linaro.

dts: stm32: remove commented out GPIO properties in stm32mp157c-ev1

Deletes DTS file lines related to DT node properties not embedded in
OP-TEE.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: fsl-lx2160a: add SecMon DTS node

Enable the secure-status property and disable the status property so
that the sec-mon node is only usable in the secure world.

Signed-off-by: Andrew Mustea <an

dts: fsl-lx2160a: add SecMon DTS node

Enable the secure-status property and disable the status property so
that the sec-mon node is only usable in the secure world.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: move trace_ext.c to core/kernel

Functions in trace_ext.c are architecture independent, therefore, code
could be moved to core/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubak

core: kernel: move trace_ext.c to core/kernel

Functions in trace_ext.c are architecture independent, therefore, code
could be moved to core/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: include: cache_helpers.h: allow reusing architecture-dependent code

To allow reuse of architecture-dependent code, divide original
cache_helpers.h into two separate header files
core/$arch/inc

core: include: cache_helpers.h: allow reusing architecture-dependent code

To allow reuse of architecture-dependent code, divide original
cache_helpers.h into two separate header files
core/$arch/include/kernel/cache_helpers_arch.h and
core/include/kernel/cache_helpers.h

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
[jf: set author to be same as Signed-off-by:]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: include: misc.h: divide into misc.h and misc_arch.h

get_core_pos() is architecture-independent function and could be re-used
by an arch implementation, therefore, move it to a separate header

core: include: misc.h: divide into misc.h and misc_arch.h

get_core_pos() is architecture-independent function and could be re-used
by an arch implementation, therefore, move it to a separate header file
core/include/kernel/misc.h, and, keep architecture-dependent code
in core/$arch/include/kernel/misc_arch.h

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: set author to be same as Signed-off-by:]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...