drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os bui

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os build requires the
CFG_LS_SEC_MON flag.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and an hardware abstraction layer
for low level MU functions.

The MU driver implements the HAL for the following platforms:
- mx8ulpevk
- mx8qmmek/imx8qxpmek

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Defaul

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Default enable CFG_STM32_SHARED_IO.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: smccc_trng: get entropy from secure monitor

Implements random noise generation interface from Arm SMCCC TRNG
specification. Configuration switch CFG_ARM_SMCCC_TRNG must be enabled
to embed

drivers: smccc_trng: get entropy from secure monitor

Implements random noise generation interface from Arm SMCCC TRNG
specification. Configuration switch CFG_ARM_SMCCC_TRNG must be enabled
to embed the RNG driver that use this interface.

When CFG_ARM_SMCCC_TRNG is enable and CFG_WITH_SOFTWARE_PRNG is
disable, use SMCCC TRNG driver as entropy source. When
both CFG_ARM_SMCCC_TRNG and CFG_WITH_SOFTWARE_PRNG are enable, seed
OP-TEE PRNG with 32byte of TRNG entropy.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: add timer clock driver

Add support for the TCB block that are present on the samad2. This
series add support for the TCB as a time source and register it using
REGISTER_TIME_SOURCE(). More

plat-sam: add timer clock driver

Add support for the TCB block that are present on the samad2. This
series add support for the TCB as a time source and register it using
REGISTER_TIME_SOURCE(). Moreover, on Linux, the tick is done using the
TCB since the sama5d2 does not have the ARM architected timers. Since
the time source used for the tick clocksource is probed early in the
boot process, the SCMI clock support which uses a platform driver is
not yet probed and thus the TCB can't be probe properly. To workaround
that problem, this driver enables the TCB clocks and the Linux
device-tree is modified to use "fixed-clock" clock instead of the TCB
SCMI ones.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: atmel_piobu: add driver

Add piobu driver which handle secumod GPIOs. This driver also handle
tampering interrupts on GPIOs which are configured as input with the
device-tree. For instance,

drivers: atmel_piobu: add driver

Add piobu driver which handle secumod GPIOs. This driver also handle
tampering interrupts on GPIOs which are configured as input with the
device-tree. For instance, the following device-tree excerpt allows to
set an input as an intrusion detection pin:

gpios = <0 PIOBU_PIN_INPUT(1, 1, PIOBU_PIN_PULL_DOWN,
PIOBU_PIN_DEF_LEVEL_LOW, PIOBU_PIN_WAKEUP_ENABLE)>;

In case of a tamper event, the source of the tampering will be
displayed.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: xiphera_trng: Add support for XIP8001B TRNG

Adds support for Xiphera's XIP8001B true random number generator.

XIP8001B is a FPGA IP core that can be synthesized in FPGA devices to
provide

drivers: xiphera_trng: Add support for XIP8001B TRNG

Adds support for Xiphera's XIP8001B true random number generator.

XIP8001B is a FPGA IP core that can be synthesized in FPGA devices to
provide TRNG source for device where it is missing like Xilinx Zynq-7000
and Xilinx Zynq MPSoC.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Atte Tommiska <atte.tommiska@xiphera.com>
Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers/tpm2: Add basic TPM2 support in OP-TEE

TPM2 driver introduced in this commit is based on TPM TCG
specification [1] & [2].

The APIs exposed allows to send commands and receive response
from

drivers/tpm2: Add basic TPM2 support in OP-TEE

TPM2 driver introduced in this commit is based on TPM TCG
specification [1] & [2].

The APIs exposed allows to send commands and receive response
from a TPM2 chip.

[1] TCG PC Client Platform TPM Profile Specification for TPM 2.0
Vesrion 1.0.5 Revision 14
[2] TCG PC Client Device Driver Design Principles for TPM 2.0
Version 1.1 Revision 0.04

Co-developed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_iwdg: implementation of independent watchdog

Implements independent watchdog (IWDG) driver to help detecting
malfunctions due to software or hardware failures. IWDG instances
are cloc

drivers: stm32_iwdg: implementation of independent watchdog

Implements independent watchdog (IWDG) driver to help detecting
malfunctions due to software or hardware failures. IWDG instances
are clocked by an independent clock and stays active if the main
clock fails.

The driver mandates IWDG instances configuration from an embedded DTB.

For the list of features, refer to the reference manuals at:
https://wiki.st.com/stm32mpu/wiki/STM32MP15_resources

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

drivers: add stm32 tamper domain driver

Adds stm32_tamp driver for stm32mp1 TAMP sub-system. The implementation
only covers probing of the driver upon embedded DTB content and enabling
some secure c

drivers: add stm32 tamper domain driver

Adds stm32_tamp driver for stm32mp1 TAMP sub-system. The implementation
only covers probing of the driver upon embedded DTB content and enabling
some secure configuration.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to

driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to be secured, in order to still allow the RTC to be
used from non-secure world, add a driver for the RTC which will be
registered as the system RTC. The RTc PTA will then used this RTC to
set/get time from Linux using a RTC driver that uses the TEE subsystem.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@l

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: atmel_wdt: add atmel watchdog timer driver

Add a driver to handle the atmel watchdog timer that is present on the
sama5d2. This driver allows to use an interrupt handler that for the
moment

drivers: atmel_wdt: add atmel watchdog timer driver

Add a driver to handle the atmel watchdog timer that is present on the
sama5d2. This driver allows to use an interrupt handler that for the
moment does nothing but display the watchdog error.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: wdt: add watchdog interface

Add necessary code to register a system watchdog. This watchdog will
then used for generic watchdog usage using a new simple watchdog interface.
This interface w

drivers: wdt: add watchdog interface

Add necessary code to register a system watchdog. This watchdog will
then used for generic watchdog usage using a new simple watchdog interface.
This interface will be used by SMC handler which will allow handling SMC
coming from the arm-smc-wdt compatible driver present in Linux.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: atmel_saic: add SAIC driver

Add a driver to handle interrupt that are targeting the secure
interrupt controller. This driver will be used to handle watchdog and
matrix interrupts.

Acked-by

drivers: atmel_saic: add SAIC driver

Add a driver to handle interrupt that are targeting the secure
interrupt controller. This driver will be used to handle watchdog and
matrix interrupts.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: pm: sam: add suspend support

Add suspend support for sama5d2 platform. This support allows to use
all the available modes of suspend present on the sama5d2 platform:
- STANDBY
- ULP0
- ULP0

drivers: pm: sam: add suspend support

Add suspend support for sama5d2 platform. This support allows to use
all the available modes of suspend present on the sama5d2 platform:
- STANDBY
- ULP0
- ULP0 Fast
- ULP1
- BACKUP

By default, STANDBY mode is used as default suspend mode.
This support is meant to be used by PSCI.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: add reset controller framework

Adds a common reset controller framework rstctrl for interfacing
reset controllers exposed by a platform.

Reset controller consumers can act on relate reset

drivers: add reset controller framework

Adds a common reset controller framework rstctrl for interfacing
reset controllers exposed by a platform.

Reset controller consumers can act on relate reset level with
rstctrl_assert(), rstctrl_deassert() and friends.

Reset controller consumers can claim exclusive access to the reset
level woth rstctrl_get_exclusive(), rstctrl_put_exclusive().

Reset controller provider drivers call rstctrl_register_provider()
to allow other drivers to get a reset control reference from
a devicetree reference. Reset controller driver are identified with
type DT_DRIVER_RSTCTRL.

A reset controller provider exposes struct rstctrl instances made of
an opaque private reference (a private data pointer or an unsigned
integer identifier), an reset controller operators reference and
the exclusive claim state.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code is restricted to single core system since it rely
on the fact that no other cores can invalidate the TLB or the
I-cache. This driver will be used by PSCI to shutdown the SoC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver to communicate with the security
controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel-rstc: add support for reset controller

This reset controller will be used by PSCI to reset the SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j

drivers: atmel-rstc: add support for reset controller

This reset controller will be used by PSCI to reset the SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...