drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL

drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
-

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
- The SFP driver should be able to:
- Read the entire SFP.
- Read the debug level.
- Read the Intent to Secure (ITS) and Secure Boot (SB) flags.
- Read individual OEM Unique Scratch Pad Fuse (OUID) registers.
- Read individual Super Root Key Hash (SRKH) registers.
- Set the debug level.
- Set the device to permanently program the fuse block by
setting the ITS and SB flags.
- Set individual OUID registers.
- Get the status of the SFP driver itself.
- Update fsl-lx2160a device tree with sfp and gpio nodes.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <j

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: elliptic curve cryptography driver

This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked

crypto: versal: elliptic curve cryptography driver

This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_C

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_CALLEE_DONE()
to record that the function was indeed called and a redundant copy of
the return value.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal w

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal world
request [1].

The rotation configuration that can be built-in in the driver allows
the algorithm to rotate to a HUK based secret key or back to the
factory based keys.

[1] https://u-boot.readthedocs.io/en/latest/usage/cmd/scp03.html

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set
when CFG_STM32MP15_HUK is enable.

When CFG_STM32MP15_HUK_BSEC_KEY is enabled, HUK is HUK fuses raw content.
When CFG_STM32MP15_HUK_BSEC_DERIVE_UID is enabled, HUK is the derivation
of HUK fuses content derived with device UID fuses content.

The platform default enables CFG_STM32MP15_HUK_BSEC_KEY when
CFG_STM32MP15_HUK is enable.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by:

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one bein

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one being used to the console for
informational purposes.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk_dt: Switch to use get_secure_dt()

This adds support for both embedded and external secure device trees so
that clock driver and system configuration information can be fetched from
ther

drivers: clk_dt: Switch to use get_secure_dt()

This adds support for both embedded and external secure device trees so
that clock driver and system configuration information can be fetched from
there.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Rami

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
inste

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
instead of platform configuration file.

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] ht

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device.

When selected registers in IP core are only accessible by TrustZone device
needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access
be made with AWPROT[1] and ARPROT[1] bits configured properly.

This adds new argument for dt_map_dev() to enable forcing mapping to be
secure or non-secure.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: SCP03 enabled only session.

The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.

To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is d

crypto: se050: SCP03 enabled only session.

The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.

To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is described in crypto.mk.

Some information regarding the SE050F device below [1]

[1] https://www.nxp.com/docs/en/application-note/AN12436.pdf

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: se050: add support for the SE050F

Add the SCP03 keys to support the NXP SE050F device

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@li

crypto: se050: add support for the SE050F

Add the SCP03 keys to support the NXP SE050F device

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: se050: fix SE050F2 identifier

Used the wrong identifier for the SE050F2 board. This would cause the
SCP03 symmetric keys to be rejected by the Secure Element and so the
secure session could

crypto: se050: fix SE050F2 identifier

Used the wrong identifier for the SE050F2 board. This would cause the
SCP03 symmetric keys to be rejected by the Secure Element and so the
secure session could not be started.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto-api: rsa: pass algorithm to implementation

This is required for drivers that might only support some
of the algorithms and want to delegate the operation to
their software implementatio

core: crypto-api: rsa: pass algorithm to implementation

This is required for drivers that might only support some
of the algorithms and want to delegate the operation to
their software implementations

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending inte

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending interrupts to be served faster in REE side as getting
new random might not be that important. At the same time it gives more
time for random number generation to complete and not just performing
spinning and waiting.

It was originally recommended by TRNG vendor not to cache previous partial
results in memory. TRNG itself is rather fast so there should
be always fresh bytes available for consumption. Thus to simplify the code
remove the FIFO construct.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a u

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a unique per device secret to be fused: just a key
common to all devices.

The algorithm uses a 128 bit symmetric key stored as four 32 bit words
read from OTP fuses.

The HUK is calculated by AES-GCM encrypting the device UID (96 bits).

Since the UID is persistent - and so should be the key - the NONCE can
be reused and hold any value.

The OTP values must be secrets but don't need to be unique per-device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor O

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...