dts: stm32: Add RIFSC configuration support for stm32mp257f-ev1

Defines RIFSC configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by:

dts: stm32: Add RIFSC configuration support for stm32mp257f-ev1

Defines RIFSC configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: enable RIFSC driver

Enable the RIFSC driver for STM32MP2x platforms

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carr

plat-stm32mp2: conf: enable RIFSC driver

Enable the RIFSC driver for STM32MP2x platforms

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support RIF driver

Default enable RIF driver for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.car

plat-stm32mp2: conf: support RIF driver

Default enable RIF driver for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: default enable SAES software fallback

Default enable SAES software fallback for 192bit keys support.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne

plat-stm32mp1: default enable SAES software fallback

Default enable SAES software fallback for 192bit keys support.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-hikey: Replace register_dynamic_shm() with register_ddr()

Use register_ddr() instead of register_dynamic_shm() that is
deprecated.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Jens Wik

plat-hikey: Replace register_dynamic_shm() with register_ddr()

Use register_ddr() instead of register_dynamic_shm() that is
deprecated.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-hikey: make DRAM1_BASE configurable

This commit introduces the CFG_DRAM1_BASE configuration switch
in the plat-hikey platform.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Etienne Carr

plat-hikey: make DRAM1_BASE configurable

This commit introduces the CFG_DRAM1_BASE configuration switch
in the plat-hikey platform.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookie

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookies.
Proper locking is needed to serialize access to the cookie list, replace
the interrupt masking with a cpu_spin_lock_xsave().

Fixes: a65dd3a6b64d ("core: spmc: support virtualization with SPMC at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dts: lx2160a: add memory region

With patch 8a6ca14 (core: arm: get DDR range from embedded DTB)
now DDR ranges are taken from Embedded DTB if enabled and will
ignore DDR ranges defined by regi

core: dts: lx2160a: add memory region

With patch 8a6ca14 (core: arm: get DDR range from embedded DTB)
now DDR ranges are taken from Embedded DTB if enabled and will
ignore DDR ranges defined by register_ddr().
Since Dynamic shared memory and Embedded DTB config is enabled
on LX2160A platforms, need to add the DDR ranges to the DTS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: fix integer overflow in generic_timer_{handler,start}()

In generic_timer_handler() and generic_timer_start(), read_cntfrq() can
return a pretty large 32-bit number, multiplying that with

core: arm: fix integer overflow in generic_timer_{handler,start}()

In generic_timer_handler() and generic_timer_start(), read_cntfrq() can
return a pretty large 32-bit number, multiplying that with a delay of
1000 ms can overflow. Fix that by casting the result from read_cntfrq()
to a uint64_t to avoid overflow during the calculation.

Fixes: ba6b29591828 ("core: arm64: Add Secure EL1 physical timer framework")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: use serial callbacks rx_intr_{en,dis}able()

Use the serial callbacks rx_intr_enable() and rx_intr_disable() to
enable and disable interrupts from the console.

Signed-off-by: Jens Wik

plat-vexpress: use serial callbacks rx_intr_{en,dis}able()

Use the serial callbacks rx_intr_enable() and rx_intr_disable() to
enable and disable interrupts from the console.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: fix internal AES-GCM counter implementation

We have several AES-GCM implementations in crypto libraries and
internal. The internal implementation comes in two flavours, with Arm
crypto

core: crypto: fix internal AES-GCM counter implementation

We have several AES-GCM implementations in crypto libraries and
internal. The internal implementation comes in two flavours, with Arm
crypto extensions (CFG_CRYPTO_WITH_CE=y) and a pure software
implementation.

Each block to be encrypted is xored with an encrypted counter block of
equal size (16 bytes). For each block the counter is increased.

Prior to this patch the entire counter block was increased as a 128-bit
integer, but that's not how AES-GCM is defined. In AES-GCM only the
least significant 32 bits of the counter block are increased, leaving
the rest untouched. The difference is only noticeable when the 32 bits
has reached 0xffffffff and wraps to 0x00000000 on next increment. With a
128-bit integer this would propagate into other parts of the block.

Fix this by only incrementing the last 32-bit word in the counter block,
both in the pure software implementation and when using Arm crypto
extensions.

Link: https://github.com/OP-TEE/optee_os/issues/6659
Fixes: 1fca7e269b13 ("core: crypto: add new AES-GCM implementation")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ls: correct CFG_CORE_ARM64_PA_BITS for LX2160A-RDB/QDS

Correct CFG_CORE_ARM64_PA_BITS for LX2160A-RDB/QDS

Fixes: a8a14b78eef6 ("core: ls: lx2160ardb: Add regions for dynamic shared memory")
F

core: ls: correct CFG_CORE_ARM64_PA_BITS for LX2160A-RDB/QDS

Correct CFG_CORE_ARM64_PA_BITS for LX2160A-RDB/QDS

Fixes: a8a14b78eef6 ("core: ls: lx2160ardb: Add regions for dynamic shared memory")
Fixes: 1a1214016d1c ("core: ls: add LX2160A-QDS platform")
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: add notifications with SPMC at S-EL2 or EL3

Adds support for asynchronous notifications via FF-A with SPMC at S-EL2
or EL3.

The SPMC is probed using FFA_FEATURES(FFA_NOTIFICATION_SET) to

core: ffa: add notifications with SPMC at S-EL2 or EL3

Adds support for asynchronous notifications via FF-A with SPMC at S-EL2
or EL3.

The SPMC is probed using FFA_FEATURES(FFA_NOTIFICATION_SET) to see if
the SPMC is support FF-A notifications.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: move hafnium.h into hfic.c

hafnium.h is only included from hfic.c so move the content into that
file instead. Comments trying to describe the paravirtualized interface
are removed and replaced

core: move hafnium.h into hfic.c

hafnium.h is only included from hfic.c so move the content into that
file instead. Comments trying to describe the paravirtualized interface
are removed and replaced by a link to official documentation.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: exit with native interrupts unmasked

When exiting using the main exit/re-entry loop in
ffa_msg_send_direct_resp(), unmask native interrupts before the SMC
instruction and mask them again

core: ffa: exit with native interrupts unmasked

When exiting using the main exit/re-entry loop in
ffa_msg_send_direct_resp(), unmask native interrupts before the SMC
instruction and mask them again on re-entry. This guarantees that native
(aka secure) interrupts are not pending during exit. This also means
that when entering with FFA_INTERRUPT the interrupt will be handled
before thread_spmc_msg_recv() so there is no need to call
interrupt_main_handler() from thread_spmc_msg_recv() any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64.h: add DAIFBIT_{NATIVE,FOREIGN}_INTR

Adds the two defines DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR based
on DAIFBIT_IRQ and DAIFBIT_FIQ analogous with how
THREAD_EXCP_FOREIGN_INTR an

core: arm64.h: add DAIFBIT_{NATIVE,FOREIGN}_INTR

Adds the two defines DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR based
on DAIFBIT_IRQ and DAIFBIT_FIQ analogous with how
THREAD_EXCP_FOREIGN_INTR and THREAD_EXCP_NATIVE_INTR are defined.

DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR can be used in assembly
instead of using #ifdef CFG_CORE_IRQ_IS_NATIVE_INTR.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: sec_proxy: increment while reading trail bytes

The trail bytes from the secure proxy driver were being overwritten,
increase the count each time to not overwrite the existing data

plat-k3: drivers: sec_proxy: increment while reading trail bytes

The trail bytes from the secure proxy driver were being overwritten,
increase the count each time to not overwrite the existing data and not
get the end data corrupted from secure proxy.

Fixes: cf20f0a4f77e ("plat-k3: drivers: Add secure proxy driver for communication with System Controller")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>

show more ...

plat-stm32mp2: default enable embedded test

Set CFG_ENABLE_EMBEDDED_TESTS to y for STM32MP2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carrier

plat-stm32mp2: default enable embedded test

Set CFG_ENABLE_EMBEDDED_TESTS to y for STM32MP2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: allow up to 8GB of external RAM

Default enable CFG_CORE_LARGE_PHYS_ADDR and set CFG_CORE_ARM64_PA_BITS
to 34 to allow external DDR sizes up to 8GB. This change does not permit
OP-TEE

plat-stm32mp2: allow up to 8GB of external RAM

Default enable CFG_CORE_LARGE_PHYS_ADDR and set CFG_CORE_ARM64_PA_BITS
to 34 to allow external DDR sizes up to 8GB. This change does not permit
OP-TEE to execute above 32bit virtual addresses but allows OP-TEE
to accept and map shared memories of physical addresses above 4GByte.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Add .sbss and .sdata sections to linker script

Currently, the unclean .sbss section in RISC-V binary could be
problematic. This is because variables such as puts_lock may have
non-zero

core: riscv: Add .sbss and .sdata sections to linker script

Currently, the unclean .sbss section in RISC-V binary could be
problematic. This is because variables such as puts_lock may have
non-zero initial values, leading to failures in cpu_spin_trylock().
To address this issue, merge .sbss into .bss so that it is properly
cleared on boot. Both OpenSBI [1] and Linux [2] follow this approach.

Also, to benefit from global pointer relaxation, add .sdata after the
__global_pointer$ symbol.

Link: https://github.com/riscv-software-src/opensbi/blob/bb90a9ebf6d9a2fe7726978d594e82cdbaad7799/firmware/fw_base.ldS#L84 [1]
Link: https://github.com/torvalds/linux/blob/296455ade1fdcf5f8f8c033201633b60946c589a/include/asm-generic/vmlinux.lds.h#L1146 [2]
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: shared_resource: disable MCKPROT if not needed

Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow
non-secure world to control Cortex-M coprocessor. This change is neede

plat-stm32mp1: shared_resource: disable MCKPROT if not needed

Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow
non-secure world to control Cortex-M coprocessor. This change is needed
when RCC secure hardening is enabled (RCC[TZEN] control bit) as it
also default enable RCC MCKPROT preventing non-secure world from
accessing some coprocessor SoC resources.

This change is needed when using in tree DTS files stm32mp15*-*-scmi.dts
and non-secure world is in charge of loading and managing the
remote processor firmware.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: default enable RNG and RNG PTA

Default enable RNG and RNG PTA for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carr

plat-stm32mp2: conf: default enable RNG and RNG PTA

Default enable RNG and RNG PTA for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: E

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-T

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-TEE.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to

arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to
be present on board before booting rest of the system.

If non-virtualized variant is present and user tries to boot a
hypervisor, hypervisor can (and should) detect that OP-TEE does not
provide OPTEE_SMC_SEC_CAP_VIRTUALIZATION capability and fail
gracefully.

On other hand, when virtualized variant of OP-TEE is booted, but user
then boots directly into Linux (or any other OS), OP-TEE crashes:

E/TC:0 0 0 Core data-abort at address 0xffffffffffffffa0 (translation fault)
E/TC:0 0 0 esr 0x96000044 ttbr0 0x4418d000 ttbr1 0x00000000 cidr 0x0
E/TC:0 0 0 cpu #0 cpsr 0x00000184
E/TC:0 0 0 x0 0000000032000004 x1 0000000000000004
E/TC:0 0 0 x2 000000008183c000 x3 0000000000000000
E/TC:0 0 0 x4 0000000000000000 x5 0000000000000000
E/TC:0 0 0 x6 0000000000000000 x7 0000000000000000
E/TC:0 0 0 x8 0000000000000000 x9 0000000000000000
E/TC:0 0 0 x10 0000000000000000 x11 0000000000000000
E/TC:0 0 0 x12 0000000000000000 x13 0000000000000000
E/TC:0 0 0 x14 0000000000000000 x15 0000000000000000
E/TC:0 0 0 x16 0000000000000000 x17 0000000000000000
E/TC:0 0 0 x18 0000000000000000 x19 0000000000000000
E/TC:0 0 0 x20 0000000000000000 x21 0000000000000000
E/TC:0 0 0 x22 0000000000000000 x23 0000000000000000
E/TC:0 0 0 x24 0000000000000000 x25 0000000000000000
E/TC:0 0 0 x26 0000000000000000 x27 0000000000000000
E/TC:0 0 0 x28 0000000000000000 x29 0000000000000000
E/TC:0 0 0 x30 0000000044103ce4 elr 0000000044106314
E/TC:0 0 0 sp_el0 0000000000000000
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44106314 thread_handle_std_smc at core/arch/arm/kernel/thread_optee_smc.c:62
E/TC:0 0 0 Panic 'unhandled pageable abort' at core/arch/arm/kernel/abort.c:584 <abort_handler>
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44107e14 print_kernel_stack at core/arch/arm/kernel/unwind_arm64.c:89
E/TC:0 0 0 0x44114ffc __do_panic at core/kernel/panic.c:73
E/TC:0 0 0 0x44107050 get_fault_type at core/arch/arm/kernel/abort.c:500

This crash happens because virtualization code has special case for
guest_id == HYP_CLNT_ID. This case is needed to allow hypervisor to
call fast SMCs, so it can check OP-TEE version, capabilities and ask
OP-TEE to create/destroy guest partitions. Problem is that
thread_handle_std_smc() assumes that virt_set_guest() really sets the
guest partition, which does not happen in this special case.

This patch removes this special case from virt_set_guest(). Instead
thread_handle_fast_smc() function checks for HYP_CLNT_ID explicitly.

If hypervisor really want to be able to issue STD calls, it should
create a partition for itself using OPTEE_SMC_VM_CREATED call.

With this patch applied, virtualized variant of OP-TEE does not crash
anymore when users tries to boot into a baremetal setup.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...