core: imx: move PSCI SNVS operation to the driver

Create imx_snvs_shutdown() to use during psci_system_off() call.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jen

core: imx: move PSCI SNVS operation to the driver

Create imx_snvs_shutdown() to use during psci_system_off() call.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit show

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit shows if the board boots from internal
ROM. This bit will reset to 1 for a board in the field
and 0 for a test chip.

The read of this bit is out of scope of the snvs_get_security_cfg()
purpose which is to return the system security configuration.
The SYS_SECURE_BOOT bit (msb) can be discarded.

Fixes: 5cd93c5a75 (drivers: imx_snvs: fix SNVS security configuration values)
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_snvs: fix the is_otpmk_valid() logic

The logic wanted was the inverse of the one implemented.

Fixes: ea4f7ad67d ("drivers: imx_snvs: add master key selection")
Signed-off-by: Franck LE

drivers: imx_snvs: fix the is_otpmk_valid() logic

The logic wanted was the inverse of the one implemented.

Fixes: ea4f7ad67d ("drivers: imx_snvs: add master key selection")
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_snvs: fix SNVS register read operation

A coding mistake in the precedence order of C operators is causing
an incorrect read of the SNVS register. This error would return a wrong
board l

drivers: imx_snvs: fix SNVS register read operation

A coding mistake in the precedence order of C operators is causing
an incorrect read of the SNVS register. This error would return a wrong
board lifecycle state by snvs_get_security_cfg().

Fixes: 5cd93c5a ("drivers: imx_snvs: fix SNVS security configuration values")
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_snvs: use snvs_is_device_closed() for RPMB key status

Call the function snvs_is_device_closed() to know if the platform is
closed or not in plat_rpmb_key_is_ready() instead of reading t

drivers: imx_snvs: use snvs_is_device_closed() for RPMB key status

Call the function snvs_is_device_closed() to know if the platform is
closed or not in plat_rpmb_key_is_ready() instead of reading the
platform security configuration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_snvs: fix SNVS_SSM_MODE_SECURE value

The value for SNVS_SSM_MODE_SECURE is 15 instead of 14.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.for

drivers: imx_snvs: fix SNVS_SSM_MODE_SECURE value

The value for SNVS_SSM_MODE_SECURE is 15 instead of 14.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_snvs: fix SNVS security configuration values

The SYS_SECURITY_CFG field values of the HPSR register are different on
imx8m platforms. Also, this bit field is 4 bits wide on imx8m platfo

drivers: imx_snvs: fix SNVS security configuration values

The SYS_SECURITY_CFG field values of the HPSR register are different on
imx8m platforms. Also, this bit field is 4 bits wide on imx8m platforms
and 3 bits wide on the imx6/7 platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_snvs: add master key selection

Select the OTPMK as the SNVS master key when the platforms is in closed
state.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Fori

drivers: imx_snvs: add master key selection

Select the OTPMK as the SNVS master key when the platforms is in closed
state.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: merge i.MX SNVS driver files

Move the implementation of plat_rpmb_key_is_ready() from
plat-imx/drivers/imx_snvs.c to drivers/imx_snvs.c

Signed-off-by: Clement Faure <clement.faure@nx

core: drivers: merge i.MX SNVS driver files

Move the implementation of plat_rpmb_key_is_ready() from
plat-imx/drivers/imx_snvs.c to drivers/imx_snvs.c

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core_mmu: fix phys_to_virt() to check length

phys_to_virt() function without length parameter doesn`t
always have ability to find the correct mapping for
requested physical address. This is because

core_mmu: fix phys_to_virt() to check length

phys_to_virt() function without length parameter doesn`t
always have ability to find the correct mapping for
requested physical address. This is because physical
address can be mapped in the same time in different virtual
regions with different length. So the first found region
which contains the requested physical address possibly
doesn`t have enough mapped data. This is fixed by adding
the length parameter to phys_to_virt() function. Length
parameter can be set to 1 if caller knows that requested
(pa + len) doesn`t cross mapping granule boundary.

core_mmu_get_va() and io_pa_or_va() functions now are
take length parameter too as they based on phys_to_virt()
in case of MMU enabled.

Signed-off-by: Anton Rybakov <a.rybakov@omp.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-157C_DK2)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qpsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qxpmek)

show more ...

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signe

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: upgrade from write32() to io_write32() and friends

Replace use of readX() and writeX() with io_readX() and io_writeX().
The former function are about to be deprecated in favor to the later.

T

core: upgrade from write32() to io_write32() and friends

Replace use of readX() and writeX() with io_readX() and io_writeX().
The former function are about to be deprecated in favor to the later.

This change upgrades core generic code and drivers.
At some place, io_clrbitsX(), io_setbitsX() and io_clrsetbitsX()
replace the writeX(readX() ...) operations when obvious.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation repla

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.

Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.

plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.

The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.

plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.

[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

drivers: add snvs srtc support

Introduce i.MX SNVS SRTC support. The SRTC works with 32.768KHz.
The SRTC is in SNVS_LP domain. The SNVS_LP is a data storage
subsystem with enhanced security capabili

drivers: add snvs srtc support

Introduce i.MX SNVS SRTC support. The SRTC works with 32.768KHz.
The SRTC is in SNVS_LP domain. The SNVS_LP is a data storage
subsystem with enhanced security capabilities. Its purpose is to store
and protect system data, regardless of the main system power state.
SNVS_LP is in the always-powered-up domain, which is a separate power
domain with its own power supply. When the chip power supply domain
loses power, SNVS_LP continues to operate normally.

Since OP-TEE does not care about calendar time, there is no need
to update calendar time, we only need to read the counter and
get out the time.

The plat_prng_add_jitter_entropy is reused from tee_time_arm_cntpct.c.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...