dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR A

dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR Avenger96 (stm32mp15xx-dhcor-avenger96.dtsi) ST ED1/EV1
(stm32mp157c-ed1.dts).

This change fixes a issue related to the integration of stm32_gpio
driver as a firewall controller, which is highlighted by ab error trace
message like:

E/TC:0 0 stm32_gpio_get_dt:837 node regulator-sd_switch requests secure GPIO F14 that cannot be secured
E/TC:0 0 Panic

Fixes: 4675225ed84f ("drivers: stm32_gpio: check secure state of consumed GPIOs")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guest

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guests

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in c

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in core/arch/arm/kernel/boot.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init_phys_mem() in init_tee_runtime().

Remove unused code in core_mmu_init_phys_mem() and the now unused
functions core_mmu_get_ta_range() and virt_get_ta_ram().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_save_mem_map() is added and called from
boot_init_primary_late() before the temporary memory is reused.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory internally when configured.
The non-pager configuration will unmap the memory and make it available
for TAs if needed.

__FLATMAP_PAGER_TRAILING_SPACE is removed from the link script,
collect_mem_ranges() in core/mm/core_mmu.c maps the memory following
VCORE_INIT_RO automatically.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm,pager: make __vcore_init_ro_start follow __vcore_init_rx_end

This concerns configurations with CFG_WITH_PAGER=y. Until this patch,
even if __vcore_init_ro_size (VCORE_INIT_RO_SZ) is 0 for

core: arm,pager: make __vcore_init_ro_start follow __vcore_init_rx_end

This concerns configurations with CFG_WITH_PAGER=y. Until this patch,
even if __vcore_init_ro_size (VCORE_INIT_RO_SZ) is 0 for
CFG_CORE_RODATA_NOEXEC=n, __vcore_init_ro_start was using some value
smaller than __vcore_init_rx_end. To simplify code trying to find the
end of VCORE_INIT_RX and VCORE_INIT_RO parts of the binary, make sure
that __vcore_init_ro_start follows right after __vcore_init_rx_end.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: core_mmu_v7.c: increase MAX_XLAT_TABLES by 2

Increase MAX_XLAT_TABLES by 2 to be able to map all TEE memory with 4k
pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: arm: core_mmu_v7.c: increase MAX_XLAT_TABLES by 2

Increase MAX_XLAT_TABLES by 2 to be able to map all TEE memory with 4k
pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But sec

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But secure read-only or execute core
memory is not covered as that would defeat the purpose of
CFG_CORE_RWDATA_NOEXEC.

Since the partition TA memory isn't accessed via MEM_AREA_TA_RAM any
longer, don't map it using the partition specific map.

This is needed later where unification of OP-TEE core and physical TA
memory is possible.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add VCORE_FREE_{PA,SZ,END_PA}

Add VCORE_FREE_{PA,SZ,END_PA} defines to identify the unused and free
memory range at the end of TEE_RAM_START..(TEE_RAM_START +
TEE_RAM_VA_SIZE).

VCORE_FREE_SZ

core: add VCORE_FREE_{PA,SZ,END_PA}

Add VCORE_FREE_{PA,SZ,END_PA} defines to identify the unused and free
memory range at the end of TEE_RAM_START..(TEE_RAM_START +
TEE_RAM_VA_SIZE).

VCORE_FREE_SZ is 0 in a pager configuration since all the memory is
used by the pager.

The VCORE_FREE range is excluded from the TEE_RAM_RW area for
CFG_NS_VIRTUALIZATION=y and instead put in a separate NEX_RAM_RW area.
This makes each partition use a bit less memory and leaves the
VCORE_FREE range available for the Nexus.

The VCORE_FREE range is added to the TEE_RAM_RW area for the normal
configuration with CFG_NS_VIRTUALIZATION=n and CFG_WITH_PAGER=n. It's in
practice unchanged behaviour in this configuration.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64: increase thread stack size for debug

Increase STACK_THREAD_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Foriss

core: arm64: increase thread stack size for debug

Increase STACK_THREAD_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: Add some trace message for TI-SCI calls

These could be good for debugging tracing of TI-SCI messages

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manor

plat-k3: drivers: Add some trace message for TI-SCI calls

These could be good for debugging tracing of TI-SCI messages

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Remove ti_sci_get_response function

Currently since all the code is under mutex, it makes sense to remove
this function and keep it all under ti_sci_do_xfer for easier
readability.

plat-k3: drivers: Remove ti_sci_get_response function

Currently since all the code is under mutex, it makes sense to remove
this function and keep it all under ti_sci_do_xfer for easier
readability.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Move message_sequence updates inside ti_sci_do_xfer

To avoid potential race condition, set the message_sequence inside
ti_sci_do_xfer itself as the send and receive paths are prote

plat-k3: drivers: Move message_sequence updates inside ti_sci_do_xfer

To avoid potential race condition, set the message_sequence inside
ti_sci_do_xfer itself as the send and receive paths are protected by a
mutex and avoid race conditions on message_sequence.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Add mutex lock for ti_sci_do_xfer

Current TI-SCI calls are not protected by any locks. OP-TEE running on
multiple threads can end up receiving different message response then
the o

plat-k3: drivers: Add mutex lock for ti_sci_do_xfer

Current TI-SCI calls are not protected by any locks. OP-TEE running on
multiple threads can end up receiving different message response then
the one they sent due to no queuing model.

*I/TC: Message with sequence ID <> is not expected

Add mutex lock to prevent such issues.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-rockchip: allow specifying DRAM via CFG options

It's currently not possible to use CFG_CORE_DYN_SHM with the Rockchip
platforms, because OP-TEE doesn't know what non-secure memory is
available;

plat-rockchip: allow specifying DRAM via CFG options

It's currently not possible to use CFG_CORE_DYN_SHM with the Rockchip
platforms, because OP-TEE doesn't know what non-secure memory is
available; Device tree is not used and no DDR ranges are registered.

This precludes interacting with OP-TEE from barebox and U-Boot, which
currently only implement OP-TEE communication with dynamic shared
memory.

Make it possible to use CFG_CORE_DYN_SHM=y by adding two sets of config
variables to register memory:

CFG_DRAM_BASE, CFG_DRAM_SIZE:
For the main memory in the first 4G up to the MMIO range beyond
the end of the first RAM bank

CFG_NSEC_DDR_1_BASE, CFG_NSEC_DDR_1_SIZE:
For the remainder of the main memory above the MMIO regions.

OP-TEE will take care to carve out the secure memory ranges.

This has been tested on an RK3399 with barebox using OP-TEE's HWRNG TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>

show more ...

plat-stm32mp1: shared_resources: remove pin/GPIO secure state management

Remove the pin and GPIO secure state management from shared_resources
platform driver since this is now managed using the fir

plat-stm32mp1: shared_resources: remove pin/GPIO secure state management

Remove the pin and GPIO secure state management from shared_resources
platform driver since this is now managed using the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: stm32mp1_stpmic: remove use of shared_resource for pinctrl

Remove use of shared_resources platform driver in STM32MP15 PMIC driver
to manage the secure state of the pins of a pinctrl

plat-stm32mp1: stm32mp1_stpmic: remove use of shared_resource for pinctrl

Remove use of shared_resources platform driver in STM32MP15 PMIC driver
to manage the secure state of the pins of a pinctrl state since this is
now managed using the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: shared_resources: do not manage pins secure state

Remove management of GPIO and pinctrl secure state since this is
now handled from STM32 ETZPC driver based through the firewall
frame

plat-stm32mp1: shared_resources: do not manage pins secure state

Remove management of GPIO and pinctrl secure state since this is
now handled from STM32 ETZPC driver based through the firewall
framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP25 secure/non-secure USART2 pinctrl states

Explicitly state that legacy pinctrl phandles usart2_pins_a
refer to non-secure USART2 pin muxing, used in STM32MP23 and
STM32MP2

dts: stm32: refine STM32MP25 secure/non-secure USART2 pinctrl states

Explicitly state that legacy pinctrl phandles usart2_pins_a
refer to non-secure USART2 pin muxing, used in STM32MP23 and
STM32MP25 based boards for OP-TEE console using a non-secure UART bus.

Define secure USART2 bus pinctrl states for board that needs
to use the USART2 bus in secure state.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP13 secure/non-secure USART4 pinctrl states

Explicitly state that legacy pinctrl phandles usart4_pins_a
refer to non-secure USART4 pin muxing, used in STM32MP13 based
boards

dts: stm32: refine STM32MP13 secure/non-secure USART4 pinctrl states

Explicitly state that legacy pinctrl phandles usart4_pins_a
refer to non-secure USART4 pin muxing, used in STM32MP13 based
boards for OP-TEE console using a non-secure UART bus.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP15 secure/non-secure I2C4 pinctrl states

Explicitly state that legacy pinctrl phandles i2c4_pins_a and
i2c4_sleep_pins_a refer to non-secure I2C4 pin muxing on STM32MP15
ba

dts: stm32: refine STM32MP15 secure/non-secure I2C4 pinctrl states

Explicitly state that legacy pinctrl phandles i2c4_pins_a and
i2c4_sleep_pins_a refer to non-secure I2C4 pin muxing on STM32MP15
based platforms.

Define secure I2C4 bus pinctrl states for boards that use the I2C4 bus
in secure state on STM32MP15 SoCs.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: most stm32mp15 UARTs pinctrl are non-secure

On STM32MP15 based devices, UART2/3/4/5/6/7/8 cannot be secured.
Explicitly state that in the pinctrl nodes. This change ease the use
of a non

dts: stm32: most stm32mp15 UARTs pinctrl are non-secure

On STM32MP15 based devices, UART2/3/4/5/6/7/8 cannot be secured.
Explicitly state that in the pinctrl nodes. This change ease the use
of a non-secure UART for OP-TEE output console on STM32MP15 based boards.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: define SoC GPIO banks that are firewall controllers

Add property #access-controller-cells to GPIO banks that register
to the firewall framework.

Signed-off-by: Etienne Carriere <etienne

dts: stm32: define SoC GPIO banks that are firewall controllers

Add property #access-controller-cells to GPIO banks that register
to the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...