core: Add new helper get_secure_dt()

Add new helper to query device tree considered secure for device driver
usage.

First priority is given to embedded device tree if present.

If system is configu

core: Add new helper get_secure_dt()

Add new helper to query device tree considered secure for device driver
usage.

First priority is given to embedded device tree if present.

If system is configured with secure external device tree location then
external device tree is returned.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Rami

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
inste

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
instead of platform configuration file.

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] ht

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-zynq7k: Configure platform needing NMFI workaround

Unfortunately Xilinx Zynq-7000's ARM Cortext-A9 core has been configured
with NMFI support. This causes problems for OP-TEE's atomic context
p

plat-zynq7k: Configure platform needing NMFI workaround

Unfortunately Xilinx Zynq-7000's ARM Cortext-A9 core has been configured
with NMFI support. This causes problems for OP-TEE's atomic context
protections rendering FIQ interrupt un-usable in the system designs.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: sm: Apply FIQ workaround if configured

On systems with Non-maskable FIQ (NMFI) support in OP-TEE's atomic
contexts when trying to mask FIQ it cannot be set leaving it non-masked.

This state

arm32: sm: Apply FIQ workaround if configured

On systems with Non-maskable FIQ (NMFI) support in OP-TEE's atomic
contexts when trying to mask FIQ it cannot be set leaving it non-masked.

This state is then carried back into sm_ctx structure thus causing next
call to SMC entry having incorrect FIQ masking configured.

This can represent itself as:

E/TC:0 assertion 'thread_get_exceptions() == THREAD_EXCP_ALL' failed at core/arch/arm/kernel/thread_optee_smc.c:50 <thread_handle_fast_smc>

As a workaround force FIQ to be masked before entering SMC entry handler.

Note: on systems having the issue -- FIQ is considered un-usable and
causes panic in OP-TEE if received.

Note2: If you have system without SCTLR.NMFI enabled and you do get that
assertion do not enable the workaround! Eg. fix the real problem.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: kernel: Add check whether core needs NMFI workaround

During the boot additional check is performed to verify if the core is
affected and if the CFG_CORE_WORKAROUND_ARM_NMFI has been configure

arm32: kernel: Add check whether core needs NMFI workaround

During the boot additional check is performed to verify if the core is
affected and if the CFG_CORE_WORKAROUND_ARM_NMFI has been configured
properly.

Affected system is greeted with:

I/TC: WARNING: This ARM core has NMFI enabled, please apply workaround!

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: kernel: Add common itr_core_handler() for NMFI workaround

Should we receive FIQ interrupt treat it always as panic to indicate to
platform developer that FIQ interrupts must be disabled in sy

arm32: kernel: Add common itr_core_handler() for NMFI workaround

Should we receive FIQ interrupt treat it always as panic to indicate to
platform developer that FIQ interrupts must be disabled in system level.

Function itr_core_handler() is defined without __weak to make sure that
there are no other function trying to handle the FIQ.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm.mk: Add CFG_CORE_WORKAROUND_ARM_NMFI for NMFI problem

If the ARMv7 Cortex-A core is configured with Non-maskable FIQ (NMFI)
support there are side effects that FIQ can only be masked during
exce

arm.mk: Add CFG_CORE_WORKAROUND_ARM_NMFI for NMFI problem

If the ARMv7 Cortex-A core is configured with Non-maskable FIQ (NMFI)
support there are side effects that FIQ can only be masked during
exception entry and once unmasked by software it cannot anymore be masked.

Side effects of this is that critical sections within the code cannot
re-enable FIQ mask.

FIQ is recommended to be masked during secure monitor execution.

ARMv8 architecture is not affected as the Non-maskable FIQ support is not
available in there.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: correct bit define for SCTLR.NMFI setting

In SCTLR register definition NMFI bit is 27th bit. Correct the define.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by:

arm32: correct bit define for SCTLR.NMFI setting

In SCTLR register definition NMFI bit is 27th bit. Correct the define.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: fix error flushing unused pgt's

With commit b1df82f10633 ("core: use set_um_region() to update
translation tables") a "populated" value is used for each pgt
(translation table) to tell if

core: mm: fix error flushing unused pgt's

With commit b1df82f10633 ("core: use set_um_region() to update
translation tables") a "populated" value is used for each pgt
(translation table) to tell if it's up to date or if
core_mmu_populate_user_map() should initialize it.

When a pgt becomes unused it must be marked as unused. Prior to this
patch an error in the logic prevented pgt's to be marked as unused
properly. This can prevent core_mmu_populate_user_map() from
initializing a pgt. This can cause some new mappings to not be
established properly.

So fix this by giving the correct arguments for pgt_flush_range() in
rem_um_region() and core_is_buffer_inside() in pgt_entry_matches().

Fixes: b1df82f10633 ("core: use set_um_region() to update translation tables")
Acked-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: am62x: add SA2UL and TRNG support

Add SA2UL and TRNG support for TI SoC AM62X through OP-TEE.

Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Acked-by: Jerome Forissier <jerome.forissie

plat-k3: am62x: add SA2UL and TRNG support

Add SA2UL and TRNG support for TI SoC AM62X through OP-TEE.

Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: Process manifest endpoint_id

The manifest can specify the endpoint ID for a SP. Process it and make
sure that 2 SPs don't have the same endpoint ID.
The sp_init_uuid() has been split into

core: ffa: Process manifest endpoint_id

The manifest can specify the endpoint ID for a SP. Process it and make
sure that 2 SPs don't have the same endpoint ID.
The sp_init_uuid() has been split into 2 functions (sp_init_uuid() and
sp_first_run()), this is needed to make sure that the SPs has the
correct endpoint ID during it's first run.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a u

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a unique per device secret to be fused: just a key
common to all devices.

The algorithm uses a 128 bit symmetric key stored as four 32 bit words
read from OTP fuses.

The HUK is calculated by AES-GCM encrypting the device UID (96 bits).

Since the UID is persistent - and so should be the key - the NONCE can
be reused and hold any value.

The OTP values must be secrets but don't need to be unique per-device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor O

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fallthrough macro instead of comment

Use fallthrough macro instead of /* Fall Through */ comments.
This addresses this checkpatch warning:
WARNING: Prefer 'fallthrough;' over fallthro

plat-stm32mp1: fallthrough macro instead of comment

Use fallthrough macro instead of /* Fall Through */ comments.
This addresses this checkpatch warning:
WARNING: Prefer 'fallthrough;' over fallthrough comment

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default enable CFG_EXTERNAL_DT for mp15

Changes stm32mp1 MP15 variant default configuration for
CFG_EXTERNAL_DT that is now default enabled. This is needed as
mainline U-Boot an

plat-stm32mp1: conf: default enable CFG_EXTERNAL_DT for mp15

Changes stm32mp1 MP15 variant default configuration for
CFG_EXTERNAL_DT that is now default enabled. This is needed as
mainline U-Boot and Linux may not yet define the necessary
optee nodes in their DT. Therefore prefer external DT be
accessed by default and let external OP-TEE configuration
disable the switch if desired.

This change does not modify MP13 variant default configuration
where CFG_EXTERNAL_DT is default disabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: entry_a64.S: add missing isb in init_pauth_per_cpu()

After updating sctlr_el1 to enable pointer authentication, the isb
instruction is needed to ensure that the subsequent code execution
is co

core: entry_a64.S: add missing isb in init_pauth_per_cpu()

After updating sctlr_el1 to enable pointer authentication, the isb
instruction is needed to ensure that the subsequent code execution
is correct.

Fixes: 93dc6b2960b9 ("core: add pointer authentication support")
Signed-off-by: Jason Li <jasl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: add () in commit subject]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: E

plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use t

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use this
external device tree. This change is useful on 32bits systems where
OP-TEE only needs to pass BL33 DTB base address provided by earlier
boot stage: TF-A BL2.

CFG_EXTERNAL_DT default value is defined by CFG_DT for backward
compatibility of OP-TEE default configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definitio

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definition.

Link: [1] 2380d70 ("core: mmu: fix overflow with high address in tee_mm_pool_t")
Signed-off-by: james.jiang <james.jiang@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.fori

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
[jf: wrap line >80 characters]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Car

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it is subject of
regular updates.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...