core: sp: map device regions from SP manifest

Map the device regions defined in the SP manifest file into the SP's
context. In the manifest fdt the device's PA is overwritten with the VA
after mappi

core: sp: map device regions from SP manifest

Map the device regions defined in the SP manifest file into the SP's
context. In the manifest fdt the device's PA is overwritten with the VA
after mapping. This fdt is passed to the SP on boot and can be used by
the SP to determine the VA of the device.

The content of the SP manifest is defined in the FF-A specification.
The devicetree binding for the SP manifest is defined at the link below.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...

core: sp_mem: add security attribute

Currently sp_mem only supports non-secure memory. This patch enables
using it for secure memory too.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed

core: sp_mem: add security attribute

Currently sp_mem only supports non-secure memory. This patch enables
using it for secure memory too.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...

core: sp_mem: add memory type attribute

Currently sp_mem only supports TEE_MATTR_MEM_TYPE_CACHE memory type.
This patch adds support for using it with any type so it can be used
for device memory to

core: sp_mem: add memory type attribute

Currently sp_mem only supports TEE_MATTR_MEM_TYPE_CACHE memory type.
This patch adds support for using it with any type so it can be used
for device memory too.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...

plat-stm32mp1: define backup register secure accesses

Implements access permissions for stm32mp1 backup registers accesses.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: E

plat-stm32mp1: define backup register secure accesses

Implements access permissions for stm32mp1 backup registers accesses.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: default embed stm32_tamp driver

Default enable CFG_STM32_TAMP in stm32mp1 platform configuration
with there is an embedded DTB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.or

plat-stm32mp1: default embed stm32_tamp driver

Default enable CFG_STM32_TAMP in stm32mp1 platform configuration
with there is an embedded DTB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: add UART4 base address for iMX8QM/QP

Some iMX8QM boards use the UART4.

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Clément Péron <peron.clem@gmail.com>

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gab

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this u

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this uImage requires:
- optee-os load address. This address is fetched in the tee.elf file
with readelf.
- mkimage u-boot-tools. This tool takes the load address and the
tee-raw.bin as an input to generate the uImage uTee.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this pag

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this page. This is done to make sure that no other data in
the same page as the original fdt is leaked to the SP.
After the SP is done initializing we free the page from the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by:

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <je

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC mani

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC manifest format.

The fdt will be appended to the SP image by adding a --manifest flag to
the scripts/ts_bin_to_c.py script.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pager: export __{text,rodata}_{init,pageable}_{start,end}

Add symbols __text_pageable_start, __text_pageable_end,
__rodata_pageable_start and __rodata_pageable_end. They will later be
used by

core: pager: export __{text,rodata}_{init,pageable}_{start,end}

Add symbols __text_pageable_start, __text_pageable_end,
__rodata_pageable_start and __rodata_pageable_end. They will later be
used by the attestation PTA.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: aslr: pass '-z text' linker option

On arm64, all the relocations in read-only segments have been fixed
in previous commits, pass the '-z text' linker option to detect if some
unexpected

core: arm64: aslr: pass '-z text' linker option

On arm64, all the relocations in read-only segments have been fixed
in previous commits, pass the '-z text' linker option to detect if some
unexpected relocations are introduced by mistake.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tag ops structures with __relrodata_unpaged

Global structures currently tagged with __rodata_unpaged need to use
__relrodata_unpaged instead because they contain pointers which are
subject to

core: tag ops structures with __relrodata_unpaged

Global structures currently tagged with __rodata_unpaged need to use
__relrodata_unpaged instead because they contain pointers which are
subject to relocation when CFG_CORE_ASLR=y. Doing so moves them out of
.rodata which will now stay unmodified even with ASLR turned on.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: compiler.h: introduce __relrodata_unpaged(x)

Introduce macro __relrodata_unpaged(x) to mark data that need to be
unpaged and are essentially read-only but may contain relocations when
ASLR is

core: compiler.h: introduce __relrodata_unpaged(x)

Introduce macro __relrodata_unpaged(x) to mark data that need to be
unpaged and are essentially read-only but may contain relocations when
ASLR is enabled, hence "relocatable read-only". When ASLR is turned off,
the macro is identical to __rodata_unpaged(x). When ASLR is on however,
the data is emitted in section .data.rel.ro.__unpaged.x which is later
gathered by the linker file into the output section .data.rel.ro which
is mapped read only at runtime (after relocations are processed) and
is also unpaged (when pager is enabled).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: move .scattered_array* into .data.rel.ro

Moves the symbols tagged with .scattered_array* from the .rodata output
section into a new output section: .data.rel.ro, which is also writ

core: kern.ld.S: move .scattered_array* into .data.rel.ro

Moves the symbols tagged with .scattered_array* from the .rodata output
section into a new output section: .data.rel.ro, which is also writeable
(hence the suppression of __SECTION_FLAGS_RODATA in scattered_array.h)
but placed in tee.elf to be mapped read-only after relocations are
applied. The new section is created only when core ASLR is enabled,
otherwise no relocation can occur and we can keep the previous code.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: move boot_mmu_config and cached_mem_end to .identity_map.data

boot_mmu_config and cached_mem_end need to be reachable from the
identity map, hence contained in .text, but they are not s

core: arm64: move boot_mmu_config and cached_mem_end to .identity_map.data

boot_mmu_config and cached_mem_end need to be reachable from the
identity map, hence contained in .text, but they are not strictly
read-only. Therefore move them to .identity_map.data.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add delimited area in .text to store data

A few variables such as boot_mmu_config are stored within the .text
section of tee.elf, because they need to be reachable from the identity
mapping wh

core: add delimited area in .text to store data

A few variables such as boot_mmu_config are stored within the .text
section of tee.elf, because they need to be reachable from the identity
mapping which covers a subset of .text. Having them here however is a
problem when one wants to measure (hash) the .text section because the
runtime content may be different from the content in the tee.elf. In
order to workaround this issue, allocate an area in the .text section
to gather the data that are modified at boot time. Symbols tagged with
.identity_map.data will be stored there. Two delimiters are introduced:
__text_data_start and __text_data_end.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

kernel/linker.h: export __text_end

Add __text_end to <kernel/linker.h>. Can be used for example to compute
a hash of the TEE executable code in a remote attestation scenario.

Signed-off-by: Jerome

kernel/linker.h: export __text_end

Add __text_end to <kernel/linker.h>. Can be used for example to compute
a hash of the TEE executable code in a remote attestation scenario.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rcar: suppress text relocations in romapi_call.S

Replace address loads from the literal pool (ldr xN, =sym), which are
subject to relocations, with a PC-relative address loads (adr_l xN, sym)
t

plat-rcar: suppress text relocations in romapi_call.S

Replace address loads from the literal pool (ldr xN, =sym), which are
subject to relocations, with a PC-relative address loads (adr_l xN, sym)
to which the TEE load offset is added. The adr_l macro is used because
the symbols may be far away.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this oc

core: arm64: suppress text relocations caused by restore_mapping macro

Suppress the text relocations caused by 'ldr x0, =1f' in macro
restore_mapping when CFG_CORE_UNMAP_CORE_AT_EL0=y. Since this occurs
when switching from the reduced kernel mapping to the full mapping, the
code offset needs to be loaded from somewhere readily accessible at that
point, that is the stack.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress text relocations in icache_inv_user_range()

When CFG_CORE_UNMAP_CORE_AT_EL0=y (default), icache_inv_user_range() uses
addresses from the literal pool (ldr xN, =label) to jump t

core: arm64: suppress text relocations in icache_inv_user_range()

When CFG_CORE_UNMAP_CORE_AT_EL0=y (default), icache_inv_user_range() uses
addresses from the literal pool (ldr xN, =label) to jump to/from the
reduced mapping. Use adr and apply the code offset instead to eliminate
the relocations when ASLR is turned on.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: suppress some text relocations in thread_a64.S

A couple of locations in thread_a64.S use 'ldr xN, =symbol' to load
the address of 'symbol'. Doing so creates an entry in the literal pool

core: arm64: suppress some text relocations in thread_a64.S

A couple of locations in thread_a64.S use 'ldr xN, =symbol' to load
the address of 'symbol'. Doing so creates an entry in the literal pool
which is subject to relocaton. In these cases, it is unnecessary because
the code is already running in the relocated VA space, so the PC-relative
macro 'adr_l xN, symbol' would load the proper address. Use this syntax
instead.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...