plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something al

plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something always work possibly without console output (e.g.
if no FDT is passed to OP-TEE OS) than crashing without information.

The user can still enable the console if they want to for debugging
sessions.

This fixes OP-TEE OS crashing on RK3399 Puma which uses UART0 instead of
default UART2.

I've tested on PX30 and RK3588 by specifying a UART controller different
from the one that can be used by the device.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...

plat-mediatek: add support for MT7987 SoC

Add OP-TEE support for the MT7987 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-mediatek: add support for MT7981 SoC

Add OP-TEE support for the MT7981 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-mediatek: add support for MT7986 SoC

Add OP-TEE support for the MT7986 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: ffa: support fragmented memory transaction via S-EL2 SPMC

Add support to retrieve a fragmented memory transaction via an SPMC at
S-EL2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.or

core: ffa: support fragmented memory transaction via S-EL2 SPMC

Add support to retrieve a fragmented memory transaction via an SPMC at
S-EL2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@arm.com>

show more ...

core: ffa: harden memory transaction checks

Harden the checks for FF-A memory transaction operations. Check that
internal parts are well aligned and that we can handle fragmented
transactions.

Sign

core: ffa: harden memory transaction checks

Harden the checks for FF-A memory transaction operations. Check that
internal parts are well aligned and that we can handle fragmented
transactions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@arm.com>

show more ...

plat-qcom: Add support for lemans SoC

Add support for lemans SoC with platform support tested on lemans EVK
platform also known as Qualcomm Dragonwing IQ-9075. More information
regarding this platfo

plat-qcom: Add support for lemans SoC

Add support for lemans SoC with platform support tested on lemans EVK
platform also known as Qualcomm Dragonwing IQ-9075. More information
regarding this platform can be found here [1].

[1] https://www.qualcomm.com/internet-of-things/products/iq9-series/iq-9075

Reviewed-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: plat-imx: i.MX6 CA9 has no generic timer

The Cortex-A9 inside of the i.MX6Q/D/QP/DL/S/SL/SLL SoCs has no generic
timer support, but all variants should boot with 792Mhz out of the boot
rom. Se

core: plat-imx: i.MX6 CA9 has no generic timer

The Cortex-A9 inside of the i.MX6Q/D/QP/DL/S/SL/SLL SoCs has no generic
timer support, but all variants should boot with 792Mhz out of the boot
rom. Set the Generic Timer configuration variable to n and implement the
required plat_get_freq() call to support the udelay() calls.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

plat-corstone1000: swap GIC-600 for GIC-700 for Cortex-A320 variant

Switch the Cortex-A320 variant to use GIC-700 instead of GIC-600.
GIC-700 implements the Arm GICv4.1 architecture, so enable the
C

plat-corstone1000: swap GIC-600 for GIC-700 for Cortex-A320 variant

Switch the Cortex-A320 variant to use GIC-700 instead of GIC-600.
GIC-700 implements the Arm GICv4.1 architecture, so enable the
CFG_ARM_GICV4 compiler definition for the Corstone-1000 platform.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

gic: refactor implementation of GICv3 to add GICv4 support

Refactor the definitions of GICv3 to facilitate adding support for
GICv4 by:
* Add macro for registers frame sizes based on GIC versions.
*

gic: refactor implementation of GICv3 to add GICv4 support

Refactor the definitions of GICv3 to facilitate adding support for
GICv4 by:
* Add macro for registers frame sizes based on GIC versions.
* Add macro for number of frame count for GICR based on GICv3 or GICv4.
* Add single GICR region size definition (GIC_REDIST_REG_SIZE)
based on GIC version in platform independent include/drivers/gic.h
along with existing GIC_CPU_REG_SIZE and GIC_DIST_REG_SIZE
definitions.
* Amend usage of the now platform independent GIC_REDIST_REG_SIZE
as it no longer includes a multiplication by the number of core on
the target platform.
* Sort in ascending order the listing of GICR register definitions and
add comments to denote each definitions sections.
* Add definitions for each GICR frames.
* Ensure that all relevant code sections that compile for CFG_ARM_GICV3
also compile for CFG_ARM_GICV4.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-corstone1000: specify GIC version in plat specific conf.mk

The Generic Interrupt Controller architecture version is not core
specific. Therefore move the CFG_ARM_GICV3 definition from
cortex-a3

plat-corstone1000: specify GIC version in plat specific conf.mk

The Generic Interrupt Controller architecture version is not core
specific. Therefore move the CFG_ARM_GICV3 definition from
cortex-a320.mk file to the Corstone-1000 specific file.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Reviewed-by: Jerome Forissier <jerome.forissier@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-marvell: register DDR for dynamic shared memory

Register non-secure DDR memory region for Armada 7K/8K and Armada 3700
platforms to enable dynamic shared memory support.

Without this, U-Boot's

plat-marvell: register DDR for dynamic shared memory

Register non-secure DDR memory region for Armada 7K/8K and Armada 3700
platforms to enable dynamic shared memory support.

Without this, U-Boot's OP-TEE driver fails to probe with:
"OP-TEE capabilities mismatch"

The U-Boot OPTEE driver requires OPTEE_SMC_SEC_CAP_DYNAMIC_SHM capability,
which is advertised when core_mmu_nsec_ddr_is_defined() returns true.

The registered region starts after the reserved shared memory
(CFG_SHMEM_START + CFG_SHMEM_SIZE) and extends to the end of DRAM.
CFG_DDR_SIZE defaults to 2GB but can be overridden at build time for
boards with different memory configurations.

Signed-off-by: Vincent Jardin <vjardin@free.fr>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Set firewall for DTHEv2 RNG

Set firewall to protect DTHEv2 RNG from non-secure world.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: T Pratham <t-pratham@ti.com>
Review

plat-k3: drivers: Set firewall for DTHEv2 RNG

Set firewall to protect DTHEv2 RNG from non-secure world.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: T Pratham <t-pratham@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

plat-k3: drivers: Remove code to get firewall configs

The ti_crypto_init_rng_fwl() function gets firewall configurations
before setting new ones. This is pointless, since we are not using
the config

plat-k3: drivers: Remove code to get firewall configs

The ti_crypto_init_rng_fwl() function gets firewall configurations
before setting new ones. This is pointless, since we are not using
the configurations that we get anywhere. Therefore remove these blocks
of code.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Reviewed-by: T Pratham <t-pratham@ti.com>

show more ...

plat-k3: drivers: Refactor SA2UL RNG firewall setup

sa2ul_init() contains code to set firewall for SA2UL RNG. However,
almost the same code can also be used to firewall DTHEv2 RNG. Therefore
refacto

plat-k3: drivers: Refactor SA2UL RNG firewall setup

sa2ul_init() contains code to set firewall for SA2UL RNG. However,
almost the same code can also be used to firewall DTHEv2 RNG. Therefore
refactor this code into a separate function in the ti_sci driver.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: T Pratham <t-pratham@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

core: mm: add extra xlat table when core ASan is enabled

Enabling CFG_CORE_SANITIZE_KADDRESS increases MMU translation
table usage in multiple ways. In addition to ASan shadow regions,
the overall s

core: mm: add extra xlat table when core ASan is enabled

Enabling CFG_CORE_SANITIZE_KADDRESS increases MMU translation
table usage in multiple ways. In addition to ASan shadow regions,
the overall size of the core image grows, including code, data,
and stack mappings. This often leads to additional page table splits
and higher xlat table consumption.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: default enable CFG_STM32_DEBUG_ACCESS_PTA

In order to handle request on the debug configuration, default enable
CFG_STM32_DEBUG_ACCESS_PTA to embed the debug access PTA.

Signed-off-b

plat-stm32mp1: default enable CFG_STM32_DEBUG_ACCESS_PTA

In order to handle request on the debug configuration, default enable
CFG_STM32_DEBUG_ACCESS_PTA to embed the debug access PTA.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

core: arm: fix feat_pauth_implemented not consider QARMA3 algorithm

The feat_pauth_implemented function does not take
ID_AA64ISAR2_EL1.{GPA3,APA3} into account, which indicates the
processor support

core: arm: fix feat_pauth_implemented not consider QARMA3 algorithm

The feat_pauth_implemented function does not take
ID_AA64ISAR2_EL1.{GPA3,APA3} into account, which indicates the
processor supports the QARMA3.

According to Arm's documentation, ID_AA64ISAR1_EL1.{GPI,GPA,API,APA}
should be zero if ID_AA64ISAR2_EL1.{GPA3,APA3} are non-zero.
Therefore, OP-TEE wrongly reports that PAC is not available to TA
when the CPU uses QARMA3 algorithm.

This commit also introduces the register read function and related
definitions for ID_AA64ISAR2_EL1.

Signed-off-by: Leo Chen <shf.chen@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: atomic ftrace buffer map update

When switching sessions, that is, calling ts_push_current_session() or
ts_pop_current_session(), a foreign interrupt may save the current
thread. When this happ

core: atomic ftrace buffer map update

When switching sessions, that is, calling ts_push_current_session() or
ts_pop_current_session(), a foreign interrupt may save the current
thread. When this happens, the ftrace buffer mapping must be consistent
with the current session, or bad things, like OP-TEE core crashing or
corrupting TA memory, might occur. Fix this by masking foreign
interrupts while updating the linked list, and disable the ftrace buffer
while setting new TA mappings.

All mappings of a TA are removed if the TA crashes, even if user
mappings might still be active. Add checks in the functions accessing
the ftrace buffer that the buffer is accessible before accessing it to
avoid eventual OP-TEE core crashes.

Fixes: 17513217b24c ("ftrace: dump ftrace after every ta_entry")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>

show more ...

zynqmp: add platform_banner for ZynqMP

Add a platform_banner for zynqmp platforms.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by:

zynqmp: add platform_banner for ZynqMP

Add a platform_banner for zynqmp platforms.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

zynqmp: add flavors for kria starter kits

Add PLATFORM_FLAVOR for kd240, kr260 and kv260 kria starter kits.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Etienne Carriere <etienne.carr

zynqmp: add flavors for kria starter kits

Add PLATFORM_FLAVOR for kd240, kr260 and kv260 kria starter kits.

Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: riscv: kernel: simplify hartid query API

The thread_get_hartid_by_hartindex() function is removed as there
is no need to query remote hartids. Additionally, using this API
before secondary har

core: riscv: kernel: simplify hartid query API

The thread_get_hartid_by_hartindex() function is removed as there
is no need to query remote hartids. Additionally, using this API
before secondary hart initialization would return incorrect values.

Replace with the simpler thread_get_hartid() which returns the current
hart's ID reliably.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: kernel: add hart index sanity check

Add debug-only bounds checking in __get_core_pos() to prevent
out-of-bounds array access into per-core data structures.

Signed-off-by: Yu-Chien Pete

core: riscv: kernel: add hart index sanity check

Add debug-only bounds checking in __get_core_pos() to prevent
out-of-bounds array access into per-core data structures.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: pta: add Rockchip secure boot PTA

The S_OTP area for the Rockchip secure boot RSA hash and status register
is accessible only from the secure world. Thus, secure boot must be
enabled from the

core: pta: add Rockchip secure boot PTA

The S_OTP area for the Rockchip secure boot RSA hash and status register
is accessible only from the secure world. Thus, secure boot must be
enabled from the secure world on these board.

The PTA implements 3 functions:

1. Ask the TA from the non-secure world about the current status and hash
of the hardware. This allows to inspect the current status of secure
boot on a specific device.

2. Write an RSA hash into the OTP fuses. It's the responsibility of the
user to calculate the hash and ensure that it matches the key, which
will be used to sign the images.

3. Actually lockdown the device by enabling secure boot. This is a
separate step to allow the user to verify the setup before
potentially bricking a device.

With these functions, a user may use a client running in the normal
world (for example in a boot loader or operating system) to enable
secure boot on a Rockchip device.

Implementing secure boot setup as an OP-TEE PTA has the advantage that
secure boot can be enabled at any time during the device setup instead
of during early boot. This allows a developer/user or additional scripts
to interact with the secure boot setup process.

The hash of the root key is accepted and reported as calculated by
sha256sum and internally converted to the correct byte order that needs
to be burned into the fuses.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: rk3588: define more OTP indexes

The OTP area contains other values in addition to the HW_UNIQUE_KEY. For
example, the SECURE_BOOT_STATUS and the RSA_HASH, which are used by the
ROM co

plat-rockchip: rk3588: define more OTP indexes

The OTP area contains other values in addition to the HW_UNIQUE_KEY. For
example, the SECURE_BOOT_STATUS and the RSA_HASH, which are used by the
ROM code to verify booted images, are located there as well.

Define the index (in 32 bit words) and length (in 32 bit words) of these
values, too, to allow applications to read and write these locations.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...