drivers: qcom: ramblur: configure pIMEM access

Configure memory access to enable execution of Trusted Applications.

OP-TEE and its Trusted Applications execute from pIMEM, a region protected
by the

drivers: qcom: ramblur: configure pIMEM access

Configure memory access to enable execution of Trusted Applications.

OP-TEE and its Trusted Applications execute from pIMEM, a region protected
by the RAMBLUR IP block.

RAMBLUR provides anti-rollback protection as well as confidentiality and
integrity guarantees for the memory region under its control.

Any agent accessing the pIMEM-protected region performs normal reads or
writes to the pIMEM address range in the SNoC. The SNoC routes these
transactions to the pIMEM slave port, and pIMEM remasters them to DDR.

For write transactions, pIMEM applies the required cryptographic
operations before committing data to DDR.

For read transactions, pIMEM applies the corresponding cryptographic
operations before returning the data from DDR to the requesting master.

The reserved DDR region used by pIMEM to store cryptographically
processed data and associated cryptographic state is referred to as the
pIMEM vault.

With the current U-Boot (tag 2026.01-rc3), the pIMEM Vault DDR
reservation is derived from the TZ node in U-Boot’s built-in device tree
(specifically the trusted_apps_mem reserved-memory node).

U-Boot uses this node to construct the EFI memory map that is later
passed to the kernel.

A future update will remove this dependency on the built-in device tree.
Instead, U-Boot will obtain the memory configuration directly from SMEM.
Because of this transition, the current version of the driver does not
generate a DT overlay for U-Boot to consume.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Tony Hamilton <tonyh@qti.qualcomm.com>

show more ...

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens W

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
[SG: cleaned up the driver]
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

Extract the OTP write and read support to a separate driver to make it
available for other modules.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

drivers: add stm32 EXTI support

The stm32 EXTI peripheral is an interrupt controller that routes
the incoming interrupts to the GIC parent interrupt controller.
The EXTI can trigger the wake-up of t

drivers: add stm32 EXTI support

The stm32 EXTI peripheral is an interrupt controller that routes
the incoming interrupts to the GIC parent interrupt controller.
The EXTI can trigger the wake-up of the system on the incoming
interrupts.

Signed-off-by: Antonio Borneo <antonio.borneo@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: amd: Add PS GPIO Support

Add PS GPIO Driver support for AMD Platforms.

The PS GPIO Controller is managed through the PS subsystem and
can operate in either the Secure World or the Non-Secu

drivers: amd: Add PS GPIO Support

Add PS GPIO Driver support for AMD Platforms.

The PS GPIO Controller is managed through the PS subsystem and
can operate in either the Secure World or the Non-Secure World.
The driver utilizes the Device Tree Blob (DTB) to determine whether the
PS GPIO Controller should be supported in the Secure World.

Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

show more ...

drivers: stm32_omm: add OSPI Memory Manager driver

This patch adds OSPI Memory Manager driver.
It handles:
- IOM configuration
- OSPIs address mapping
- IOM sub-system firewall configuration

Signed

drivers: stm32_omm: add OSPI Memory Manager driver

This patch adds OSPI Memory Manager driver.
It handles:
- IOM configuration
- OSPIs address mapping
- IOM sub-system firewall configuration

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Co-developed-by: Christophe Kerello <christophe.kerello@foss.st.com>
Signed-off-by: Christophe Kerello <christophe.kerello@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: drivers: support SiFive UART

Add sifive uart support.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Zong Li <zo

core: drivers: support SiFive UART

Add sifive uart support.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Zong Li <zong.li@sifive.com>
Acked-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add stm32 CPU DVFS driver

drivers/cpu_opp.c implements dynamic voltage and frequency
scaling for the CPU.
It is used at boot time to set an higher operating point than
the one used to boot.

drivers: add stm32 CPU DVFS driver

drivers/cpu_opp.c implements dynamic voltage and frequency
scaling for the CPU.
It is used at boot time to set an higher operating point than
the one used to boot.
It will be used by the SCMI performance service.

Signed-off-by: Pascal Paillet <p.paillet@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: ele: move ELE to a dedicated directory

Created a new folder in core/drivers/crypto named ele
and moved ele.c in that folder.
This is done for making the base for further crypto driver
based

drivers: ele: move ELE to a dedicated directory

Created a new folder in core/drivers/crypto named ele
and moved ele.c in that folder.
This is done for making the base for further crypto driver
based on ELE.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: add RISC-V APLIC interrupt driver

The RISC-V Advanced Interrupt Architecture (AIA) specification introduces
the APLIC, which can serve as a new external interrupt controller to
replace the

drivers: add RISC-V APLIC interrupt driver

The RISC-V Advanced Interrupt Architecture (AIA) specification introduces
the APLIC, which can serve as a new external interrupt controller to
replace the original Platform-Level Interrupt Controller (PLIC) or as a
device to convert wired interrupts into message-signaled interrupts
(MSIs) and forward them to the Incoming MSI Controller (IMSIC).

The APLIC driver supports both "direct delivery mode" and
"MSI delivery mode." Use the `CFG_RISCV_APLIC` flag to enable the
APLIC driver in "direct delivery mode," and use the
`CFG_RISCV_APLIC_MSI` flag to enable the APLIC driver in "MSI
delivery mode" when selecting `CFG_RISCV_IMSIC`.

APLIC initialization can be done through the device tree.

For more details, see: https://github.com/riscv/riscv-aia

Signed-off-by: Huang Borong <huangborong@bosc.ac.cn>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add RISC-V IMSIC interrupt driver

The RISC-V Advanced Interrupt Architecture (AIA) specification introduces
the IMSIC as a new external interrupt controller. An IMSIC receives and
records i

drivers: add RISC-V IMSIC interrupt driver

The RISC-V Advanced Interrupt Architecture (AIA) specification introduces
the IMSIC as a new external interrupt controller. An IMSIC receives and
records incoming message-signaled interrupts (MSIs).

This commit enables the initialization of the IMSIC based on the device
tree and adds control and status registers (CSRs) for indirect access to
the IMSIC as well as for reading interrupt identities.

Use the `CFG_RISCV_IMSIC` flag to control whether to build this driver.

For more details, see: https://github.com/riscv/riscv-aia

Signed-off-by: Huang Borong <huangborong@bosc.ac.cn>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: counter: stm32_stgen: add STGEN driver

STGEN is the platform timer. It generates a time-count value that provides
a consistent view of time for multiple processors and other blocks in a
dev

drivers: counter: stm32_stgen: add STGEN driver

STGEN is the platform timer. It generates a time-count value that provides
a consistent view of time for multiple processors and other blocks in a
device. It is physically linked to the ARM generic timer.

Add the STGEN driver that is in charge of configuring the ARM generic
timer source and send an SMC to the BL31 monitor to update the CP15
register. This driver is only compatible for 64bits platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rtc: introduce STM32 RTC driver

Driver interface allows to read date&time from RTC device, generate
RTC timestamps and compute time delta between RTC date & time values.

The RTC is a

drivers: stm32_rtc: introduce STM32 RTC driver

Driver interface allows to read date&time from RTC device, generate
RTC timestamps and compute time delta between RTC date & time values.

The RTC is a firewall-aware peripheral. It means that the RTC driver is
in charge of configuring its own firewall restrictions and that the RTC
has dedicated firewall configuration registers.

The RTC provide APIs with time structure compatible with linux kernel
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Clément Le Goffic <clement.legoffic@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-telechips: Add initial support for Telechips platform (TCC805x)

This is the initial support for Telechips Platform (TCC805x).

* xtest results (-l 15):
| 334474 subtests of which 0 failed
| 108

plat-telechips: Add initial support for Telechips platform (TCC805x)

This is the initial support for Telechips Platform (TCC805x).

* xtest results (-l 15):
| 334474 subtests of which 0 failed
| 108 test cases of which 0 failed
| 0 test cases were skipped
| TEE test application done!

* Compiled with:
| make PLATFORM=telechips-tcc805x

Signed-off-by: Sungmin Han <sungminhan@telechips.com>
Signed-off-by: GY Hwang <gy.hwang@telechips.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: microchip_pit: add driver for sama7g54's pit64b

Add support for the peripheral PIT64B in sama7g54. In the driver the clocks
are initialized for PIT64B.

Signed-off-by: Tony Han <tony.han@mi

drivers: microchip_pit: add driver for sama7g54's pit64b

Add support for the peripheral PIT64B in sama7g54. In the driver the clocks
are initialized for PIT64B.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Che

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall

core: firewall: add firewall framework

Add a generic firewall controller framework. The goal of this framework
is to offer access control and configuration APIs, that are implemented
in the firewall controllers drivers, to the firewall consumers. This
framework requires an embedded device tree.

A firewall controller is an access controller [1]. It should register
itself as a provider to the framework. Firewall controllers have the
possibility to populate their bus according to defined firewall accesses
defined in the "access-controllers" property in each of the device's
node.

Any device that consumes one or more firewall should refer it/them in
their "access-controllers" property. Arguments can be passed along with
the phandle of the firewall controller(s).

Link: https://patchwork.kernel.org/project/linux-media/patch/20240105130404.301172-2-gatien.chevallier@foss.st.com/ [1]
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: Add FFA_CONSOLE based console driver for log

This console driver uses FFA_CONSOLE ABI to write the trace logs.

If CFG_FFA_CONSOLE is enabled, OP-TEE will try to initialize the console
driv

drivers: Add FFA_CONSOLE based console driver for log

This console driver uses FFA_CONSOLE ABI to write the trace logs.

If CFG_FFA_CONSOLE is enabled, OP-TEE will try to initialize the console
driver that uses FFA interface to print trace logs.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards v

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards via the seed CSR.

Note that this driver cannot be used unless access is explicitly
granted by M-mode, e.g. OpenSBI have to set mseccfg.SSEED for
OP-TEE OS.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restric

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restrictions and that the IPCC has dedicated RIF configuration
registers.

RIF configuration data is part of the ipcc_pdata structure.

CID filtering is applied to the entirety of the channels of a processor.
When CID filtering is enabled for a processor, it enables the filtering and
the IPCC interrupt routing for all of its IPCC channels.

However, security and privilege configuration granularity go as far as
configuration for each IPCC channel.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add RIF support driver for HSEM

This driver implements RIF configuration for HSEM, which is a RIF
aware IP. It means that the HSEM driver is in charge of configuring its
own RIF restriction

drivers: add RIF support driver for HSEM

This driver implements RIF configuration for HSEM, which is a RIF
aware IP. It means that the HSEM driver is in charge of configuring its
own RIF restrictions and that the HSEM has dedicated RIF configuration
registers.

HSEM has two types of CID filtering registers.
-For processor filtering : HSEM_CnCIDCFGR
When CFEN is enabled: processor[n] CID filtering enabled for HSEM_(S)CnIER,
HSEM_(S)CnICR, HSEM_(S)CnISR, and HSEM_(S)CnMISR registers and for allowed
list filter usage in HSEM_GpCIDCFGR.SEM_WLIST_Cn. The CID is put in the
CID bitfield.

-For semaphore group filtering : HSEM_GpCIDCFGR
Used to apply CID filtering over a group of semaphore. The same policy
applies to all semaphores present in the group. This register handles
what are the processor's CID who are white-listed for the group in the
SEM_WLIST_C bitfield.

Therefore, both these registers are interconnected.

Security and privilege configuration granularity expands to each individual
semaphore.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add HPDMA driver with RIF support

This driver implements RIF configuration for HPDMA, which is a RIF aware
IP. It means that the HPDMA driver is in charge of configuring its own RIF
restric

drivers: add HPDMA driver with RIF support

This driver implements RIF configuration for HPDMA, which is a RIF aware
IP. It means that the HPDMA driver is in charge of configuring its own RIF
restrictions and that the HPDMA has dedicated RIF configuration registers.

RIF configuration is possible when the executing context is TDCID.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add FMC driver with RIF support

This driver implements RIF configuration for FMC, which is a RIF aware IP.
It means that the FMC driver is in charge of configuring its own RIF
restrictions

drivers: add FMC driver with RIF support

This driver implements RIF configuration for FMC, which is a RIF aware IP.
It means that the FMC driver is in charge of configuring its own RIF
restrictions and that the FMC has dedicated RIF configuration registers.

Additional check on RIF configuration is added for this IP when debug is
on.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: Implement semihosting based console driver for log

Implement a simple console driver which uses semihosting operations to
read/write the trace messages. There are two paths to output the tr

drivers: Implement semihosting based console driver for log

Implement a simple console driver which uses semihosting operations to
read/write the trace messages. There are two paths to output the trace
messages:
- If the caller of semihosting_console_init() provides the path of the
file, the driver will try to open that file, and output the log to
that host side file.
- If the caller of semihosting_console_init() does not provide the path
of the file, the driver will connect the console to the host debug
console directly.

If CFG_SEMIHOSTING_CONSOLE is enabled, OP-TEE will try to initialize the
semihosting console driver by given CFG_SEMIHOSTING_CONSOLE_FILE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32MP25xx hardware resources, like memories and peripherals.

The RIF manages security and privilege levels as well as compartment
filtering. Each compartment is identified by a Compartment ID (CID).

Therefore, the access filtering can be, depending on the case:
• restricted to none, one or more than one CID
• secure-only, non-secure only, or both
• privileged-only or privileged/unprivileged
• read-only, write-only, or read/write

Add a firewall driver folder that contains firewall drivers.
This RIF driver contains generic features shared between all drivers
managing RIF configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...