plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clem

plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wi

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.fau

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are expected to provide a
core/arch/arm/include/kernel/arch_scall.h with functions needed to deal
with the architecture specific struct thread_scall_regs usage in
core/kernel/scall.c.

New architectures are also expected to provide an implementation of
scall_save_panic_stack() called from scall_sys_return_helper().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide scall_save_panic_stack()

Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core

core: provide scall_save_panic_stack()

Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core/arch/arm/tee/arch_svc.c.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide arch_scall.h

Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal

core: provide arch_scall.h

Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal static functions in
core/arch/arm/tee/arch_svc.c.

This patch doesn't change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.

The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.

No files are renamed and removed at this stage. This patch doesn't
change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: entry.S: provide entry script

Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread poi

riscv: kernel: entry.S: provide entry script

Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread pointer (to thread_core_local), supervisor address
translation and protection register, clearing BSS...etc and calls to
appropriate functions to initialize the MMU and continue to boot flow
from boot.c.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: implement boot flow in boot.c

Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and

riscv: kernel: implement boot flow in boot.c

Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and helper functions. For now init_sec_mon() is kept to be replaced later
by a routine to initialize SBI implementation (to for example, probe for
available SBI extensions).

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable debug feature on non secure-closed chip

Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This

plat-stm32mp1: enable debug feature on non secure-closed chip

Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This feature is enabled when CFG_STM32_DEBUG_ACCESS is set to 'y'. It
defaults to CFG_TEE_CORE_DEBUG value.

By default, chip is secure open in order to make development and
allow debug purpose.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Increase size of high DDR memory region

With the addition of j784s4 in K3 devices, DRAM size is increased to
32GB.

Update the size of higher memory addresses to handle this.

Signed-off-by

plat-k3: Increase size of high DDR memory region

With the addition of j784s4 in K3 devices, DRAM size is increased to
32GB.

Update the size of higher memory addresses to handle this.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: program the FPGA during OP-TEE initialization

Users can program the FPGA image by placing it at
CFG_VERSAL_FPGA_DDR_ADDR.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-

plat-versal: program the FPGA during OP-TEE initialization

Users can program the FPGA image by placing it at
CFG_VERSAL_FPGA_DDR_ADDR.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: allow RPMB init only on secured boards

Allow writing the RPMB key only on secured boards.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.for

plat-versal: allow RPMB init only on secured boards

Allow writing the RPMB key only on secured boards.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge

plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.

The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))

The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partiti

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partition manifest and the SP binary are now stored at a 4k
aligned offset in the SP package. The main reasoning behind this is to
simplify the SP load process in other SPMC implementations (i.e.
Hafnium). OP-TEE already supports loading the manifest and the SP binary
from an arbitrary offset thus it is only necessary to allow the new
package version number on FIP SP load.

Link: [1] https://github.com/ARM-software/arm-trusted-firmware/commit/2e82874cc9b7922e000dd4d7718e3153e347b1d7
Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) an

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) and SCP firmware
SCMI library disabled (CFG_SCMI_SCPFW=n). The faulty fixed referenced
commit introduced this duplicated device memory registration when adding
support for SCP firmware SCMI library where this registration was added
in main.c but not removed from plat-stm32mp1/scmi-server.c.

Before this fix, the debug trace below was printed:
D/TC:0 add_phys_mem:649 Physical mem map overlaps 0x2ffff000

Fixes: 986fccc8150b ("plat-stm32mp1: support building with CFG_SCMI_SCPFW=y")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-cal

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-called product
configuration named "optee-fvp".

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg d

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg drivers and platform local scmi_server.c.

This change also default disables SCMI SiP SMC entries as the PTA is the
default SCMI commands entry point and ensures at least one of the SCMI
server implementation is default enabled, that is, if CFG_SCMI_SCPFW
is disabled then CFG_SCMI_MSG_DRIVERS is default enabled.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set
the SCP firmware target product with CFG_SCMI_SCPFW_PRODUCT and the
root path of the SCP-firmware source tree with CFG_SCP_FIRMWARE.

CFG_SCMI_SCPFW and CFG_SCMI_MSG_DRIVERS are exclusives alternate
implementations of SCMI services. The former implements almost all
the SCMI specification while the later implements only basic SCMI
services.

SCP-firmware is configured with CMake as an external project to
generate the embedded module resource source and header files to
be built with SCP-firmware.

This commit integrates the 2 SCP-firmware products designed for OP-TEE
in SCP-firmware source tree. Product optee-fvp targets platform vexpress
flavors FVP and Qemus. Product optee-stm32mp1 targets platform stm32mp1.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform confi

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform config.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...