core: spmc: handle missing FFA_MSG_SEND_VM_DESTROYED

Handles the previously missing FFA_MSG_SEND_VM_DESTROYED message used to
signal the destruction of a non-secure guest. This is the counter part
o

core: spmc: handle missing FFA_MSG_SEND_VM_DESTROYED

Handles the previously missing FFA_MSG_SEND_VM_DESTROYED message used to
signal the destruction of a non-secure guest. This is the counter part
of FFA_MSG_SEND_VM_CREATED that is used to signal the creation of a
non-secure guest.

Fixes: a65dd3a6b64d ("core: spmc: support virtualization with SPMC at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: main: Print the provisioned key information

During provisioning these values are fused using the signing
certificate.

The maximum value of Key Count is 2 (when BMPK is used).

Signed-off-b

plat-k3: main: Print the provisioned key information

During provisioning these values are fused using the signing
certificate.

The maximum value of Key Count is 2 (when BMPK is used).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: add TISCI call to retrieve the Keycnt and Keyrev

Add TISCI call to retrieve the key count and key revision fused during
provisioning.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@fou

plat-k3: drivers: add TISCI call to retrieve the Keycnt and Keyrev

Add TISCI call to retrieve the key count and key revision fused during
provisioning.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: main: coding standard consistency

The coding standard requires a line between function definitions.

Add such a line to make it visually consistent with the recently added
secure_boot_infor

plat-k3: main: coding standard consistency

The coding standard requires a line between function definitions.

Add such a line to make it visually consistent with the recently added
secure_boot_information(void).

This commit also removes a duplicated include directive.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: main: Print the revision of the Secure Board Configuration

If the board is booting with hardware authentication, print the software
revision.

The Software Revision is the value written to

plat-k3: main: Print the revision of the Secure Board Configuration

If the board is booting with hardware authentication, print the software
revision.

The Software Revision is the value written to the OTP eFuse during board
provisioning and it is only available in HS boards.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: add TISCI call to retrieve the SWREV

This call is only available to OTP_REV_ID_SEC_BRDCFG

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerom

plat-k3: drivers: add TISCI call to retrieve the SWREV

This call is only available to OTP_REV_ID_SEC_BRDCFG

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: add OTP revision read/write message descriptions

Add the TISCI message identifiers required for reading and writing
Software Revision and Key Revision to/from eFuses.

Signed-off-b

plat-k3: drivers: add OTP revision read/write message descriptions

Add the TISCI message identifiers required for reading and writing
Software Revision and Key Revision to/from eFuses.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc: implement FFA_CONSOLE_LOG

Add FFA_CONSOLE_LOG interface support for enabling debug messages from
SPs as defined in FF-A v1.2. The message string is packed into the
registers of the call

core: spmc: implement FFA_CONSOLE_LOG

Add FFA_CONSOLE_LOG interface support for enabling debug messages from
SPs as defined in FF-A v1.2. The message string is packed into the
registers of the call so it doesn't require the existence of a shared
memory between the SPMC and the SPs. This makes it ideal for early debug
messages, however the length of the message is limited.
The received messages are forwarded to OP-TEE's trace output.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded cana

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded canary value on the right location to bypass the overflow
detection.

To add extra layer of security, redefine the canary value as variable,
such that the canary can be initialized during runtime.

The canaries are initialized with static values from thread_init_canaries()
during the early boot stage. The plat_get_random_stack_canaries() is
refactored to support arbitrary-length random numbers, and a new function
called thread_update_canaries() is created to fetch the random values and
update the thread canaries. For CFG_NS_VIRTUALIZATION=y, the updated
function is disabled.

Signed-off-by: Vincent Chuang <Vincent.Chuang@mediatek.com>
Signed-off-by: Randy Hsu <Randy-CY.Hsu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Use standard ABI Mnemonic for frame pointer

Some older toolchain might not recognize "fp". To fix it, we use
standard ABI Mnemonic "s0" instead of "fp".

Signed-off-by: Alvin Chang <alv

core: riscv: Use standard ABI Mnemonic for frame pointer

Some older toolchain might not recognize "fp". To fix it, we use
standard ABI Mnemonic "s0" instead of "fp".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Update saving panic registers from _utee_panic()

The _utee_panic() function only saves ra and s0(fp) onto stack. So we
only get them from the stack and save them as epc and s0 as abort

core: riscv: Update saving panic registers from _utee_panic()

The _utee_panic() function only saves ra and s0(fp) onto stack. So we
only get them from the stack and save them as epc and s0 as abort
registers.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Add TA compiler flags for stack unwinding

When the CFG_UNWIND is enabled, the frame pointer should not be omitted
by compiler. Add "-fno-omit-frame-pointer" compiler flag when we enable

core: riscv: Add TA compiler flags for stack unwinding

When the CFG_UNWIND is enabled, the frame pointer should not be omitted
by compiler. Add "-fno-omit-frame-pointer" compiler flag when we enable
the CFG_UNWIND to let compiler not to omit the frame pointer when it
builds TA.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

plat-stm32mp1: restore SYSRAM for SCMI message on STM32MP13

Restores use of SYSRAM last page for STM32MP13 for SCMI communication
as U-Boot and Linux kernel device trees are not yet updated to use O

plat-stm32mp1: restore SYSRAM for SCMI message on STM32MP13

Restores use of SYSRAM last page for STM32MP13 for SCMI communication
as U-Boot and Linux kernel device trees are not yet updated to use OP-TEE
native shared memory instead.

Fixes: 89ba3422ee80 ("plat-stm32mp1: scmi_server: default use OP-TEE shared memory")
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp13: update stm32mp13 SoC and board DTS files

Updates STM32MP13* SoC DTSI files and STM32MP135F-DK board DTS file
and related DT binding header files.

Acked-by: Gatien Chevallier <gatien

dts: stm32mp13: update stm32mp13 SoC and board DTS files

Updates STM32MP13* SoC DTSI files and STM32MP135F-DK board DTS file
and related DT binding header files.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: allow use of SRAMs as TZSRAM

Allows CFG_TZSRAM_BASE/_SIZE to cover SRAM1, SRAM2, SRAM3 and SRAM4
to enlarge pager page pool and enhance pager performances. When so,
the SRAMs which TZ

plat-stm32mp1: allow use of SRAMs as TZSRAM

Allows CFG_TZSRAM_BASE/_SIZE to cover SRAM1, SRAM2, SRAM3 and SRAM4
to enlarge pager page pool and enhance pager performances. When so,
the SRAMs which TZSRAM lie in are registered as secure.

Using these internal memory requires SCMI communication to not use
SYSRAM last page for example by using OP-TEE native shared memory instead.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: shared_resources: consider SRAMs

Adds SRAMs to the STM32MP15 shared resources.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.ca

plat-stm32mp1: shared_resources: consider SRAMs

Adds SRAMs to the STM32MP15 shared resources.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: default use OP-TEE shared memory

Adds configuration switch CFG_STM32MP1_SCMI_SHM_SYSRAM that is default
disabled. When disabled, CFG_STM32MP1_SCMI_SHM_BASE defaults to 0

plat-stm32mp1: scmi_server: default use OP-TEE shared memory

Adds configuration switch CFG_STM32MP1_SCMI_SHM_SYSRAM that is default
disabled. When disabled, CFG_STM32MP1_SCMI_SHM_BASE defaults to 0
which means OP-TEE SMCI server uses OP-TEE native shared memory
registered by clients. When CFG_STM32MP1_SCMI_SHM_SYSRAM is enabled
CFG_STM32MP1_SCMI_SHM_BASE is force the base address of the SYRAM
last 4KByte page.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: support use of OP-TEE shared memory

Updates scmi_server configuration and implementation for the platform
to use OP-TEE native shared memory instead of device memory mapp

plat-stm32mp1: scmi_server: support use of OP-TEE shared memory

Updates scmi_server configuration and implementation for the platform
to use OP-TEE native shared memory instead of device memory mapped
SRAM for SCMI messages transfer. With this change, configuring
CFG_STM32MP1_SCMI_SHM_BASE to 0 allows such setup.

This change moves registration of CFG_STM32MP1_SCMI_SHM_BASE as
non-secure mapped device memory from main.c to scmi_server.c
to have all SCMI related platform resources defined from that
source file.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: add missing braces in IO compensation function

Adds missing braces in stm32mp_syscfg_enable_io_compensation().

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gati

plat-stm32mp1: add missing braces in IO compensation function

Adds missing braces in stm32mp_syscfg_enable_io_compensation().

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: fix timeout initializations

Fixes timeout initialization to ensure timeout monitoring starts
only once PWR regulator is enabled in stm32mp1_pwr driver and
once IO compensation is enab

plat-stm32mp1: fix timeout initializations

Fixes timeout initialization to ensure timeout monitoring starts
only once PWR regulator is enabled in stm32mp1_pwr driver and
once IO compensation is enabled in stm32mp1_syscfg driver.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: Rename "mva" to "va" for TLB operations

The terminology "mva" is specific for older ARM architecture which has
FCSE extension. To support multiple architecture, it would be good to
rename

core: mm: Rename "mva" to "va" for TLB operations

The terminology "mva" is specific for older ARM architecture which has
FCSE extension. To support multiple architecture, it would be good to
rename "mva" to common terminology, such as "va". This PR renames "mva"
to "va" in TLB operations for ARM64 and RISC-V. For ARM32, "mva" is
reserved because it is really defined in ARM32's documentations.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: Introduce next_level field of struct core_mmu_table_info

The address translation rule is architecture specific, e.g., ARM adopts
increasing style while the address is translated to finer-g

core: mm: Introduce next_level field of struct core_mmu_table_info

The address translation rule is architecture specific, e.g., ARM adopts
increasing style while the address is translated to finer-grained table,
while RISC-V adopts decreasing style. Therefore, we add a "next_level"
field into the struct core_mmu_table_info, which represents the next
finer-grained translation level. By doing this, we can decouple the
core address translation rule from architecture specific manner.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Introduce core_mmu_level_in_range()

Since the checking of the valid translation level is architecture
specific, the core_mmu_level_in_range() is introduced and every
architecture could imp

core: mm: Introduce core_mmu_level_in_range()

Since the checking of the valid translation level is architecture
specific, the core_mmu_level_in_range() is introduced and every
architecture could implement the function with their own translation
rules.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Fix misuse of cppflags

The -mxxx and -Wxxx are not preprocessor flags. Fix it by defining them
as C flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jerome Foriss

core: riscv: Fix misuse of cppflags

The -mxxx and -Wxxx are not preprocessor flags. Fix it by defining them
as C flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sp: implement FF-A v1.1 boot protocol

Implement passing the boot info to Secure Partitions in the new format
defined by FF-A v1.1. The change is backwards compatible by keeping the
already exi

core: sp: implement FF-A v1.1 boot protocol

Implement passing the boot info to Secure Partitions in the new format
defined by FF-A v1.1. The change is backwards compatible by keeping the
already existing FF-A v1.0 format too. Which format to use is decided
based on the "ffa-version" field in the SP's manifest. The register to
use for passing the boot info blob's address is based on the
"gp-register-num" field.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html#partition-properties
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...