zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-of

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).

Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: add generic clock framework

In order to ease clock support in OP-TEE, add a generic clock framework
which allows to add clocks driver and handle clock hierarchy.
This clock framework p

drivers: clk: add generic clock framework

In order to ease clock support in OP-TEE, add a generic clock framework
which allows to add clocks driver and handle clock hierarchy.
This clock framework provides various functions to enable/disable clock
and to get their rate. Some basic behavior are supported such as gating
when parent or rate is set. This option is enabled using
CFG_DRIVERS_CLK which is disabled by default.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: imx: add OCOTP driver

Add OCOTP driver for imx6, imx7, imx7ulp and imx8m platforms.
The implementation only supports the read of OCOTP shadow registers.
It also implements the tee_otp_get_d

drivers: imx: add OCOTP driver

Add OCOTP driver for imx6, imx7, imx7ulp and imx8m platforms.
The implementation only supports the read of OCOTP shadow registers.
It also implements the tee_otp_get_die_id() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_rngb: random number generator

Add support for the RNG(B) as described in the i.MX 6ULL Applications
Processor Reference Manual, Rev 1, 11/2017.

Tested on an imx6ull based board.

Signe

drivers: imx_rngb: random number generator

Add support for the RNG(B) as described in the i.MX 6ULL Applications
Processor Reference Manual, Rev 1, 11/2017.

Tested on an imx6ull based board.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: Add DSPI driver for NXP LS Platforms

This patch adds DSPI driver for Layerscape Platforms.
DSPI compilation is enabled by default for LX2160A-QDS and LX2160A-RDB.

Signed-off-by: Carl Lamb

plat-ls: Add DSPI driver for NXP LS Platforms

This patch adds DSPI driver for Layerscape Platforms.
DSPI compilation is enabled by default for LX2160A-QDS and LX2160A-RDB.

Signed-off-by: Carl Lamb <calamb@microsoft.com>
Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-ls: Add GPIO driver for NXP LS Platforms

This patch adds GPIO driver for Layerscape Platforms.
GPIO compilation is enabled by default for LX2160A-QDS and LX2160A-RDB.

Signed-off-by: Manish Tom

plat-ls: Add GPIO driver for NXP LS Platforms

This patch adds GPIO driver for Layerscape Platforms.
GPIO compilation is enabled by default for LX2160A-QDS and LX2160A-RDB.

Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Acked-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens W

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC a

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC algorithm
- SRAM key storage
- HUK generation

This driver adds DCP support for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates the deliverable for not much added
value (this can be done at a later time if required).

The U-Boot and Linux GPL code was initially used as a reference;
however due to the simpler OP-TEE use case requirements, the code was
later re-written following the reference manual [1].

This driver will not access addresses within a I2C slave map.

This driver must not be used while the Linux kernel is running unless
the following is guaranteed:
- that the I2C bus will not be suspended.
- that there will not be collisions with other bus masters.

Without those guarantees, please use a trampoline driver to route the
I2C requests to Linux.

Tested on imx8mm-lpddr4.

[1] i.MX 8M Mini Applications Processor Reference Manual
Document Number: IMX8MMMRM
Rev.2 08/2019

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io> (imx8mm)
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers/scmi-msg: driver for processing scmi messages

This change introduces drivers to allow a platform to create a SCMI
service and register handlers for client request (SCMI agent) on
system reso

drivers/scmi-msg: driver for processing scmi messages

This change introduces drivers to allow a platform to create a SCMI
service and register handlers for client request (SCMI agent) on
system resources. This is the first piece of the drivers: an entry
function, the SCMI base protocol support and helpers for create
the response message.

With this change, scmi_process_message() is the entry function to
process an incoming SCMI message. The function expect the message
is already copied from shared memory into secure memory. The message
structure stores message reference and output buffer reference where
response message shall be stored.

scmi_process_message() calls the SCMI protocol driver according to
the protocol ID in the message. The SCMI protocol driver will call
defined platform handlers according to the message content.

This change introduces only the SCMI base protocol as defined in
SCMI specification v2.0 [1]. Not all the messages defined
in the specification are supported.

SCMI resource in this implementation are dumped or inspired by the
SCP-firmware implementation [2] of the SCMI protocol, server side.

Link: [1] http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
Link: [2] https://github.com/ARM-software/SCP-firmware.git

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l 15):
| 44074 subtests of which 0 failed
| 96 test cases of which 0 failed
| 0 test cases were skipped
| TEE test application done!

* Compiled with:
| make PLATFORM=amlogic

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Carlo Caione <ccaione@baylibre.com>

show more ...

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadol

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Get rid of option -Wno-suggest-attribute=noreturn

The GCC option -Wno-suggest-attribute=noreturn is not supported by
Clang. Instead of playing with compiler options, let's fix the code
according to

Get rid of option -Wno-suggest-attribute=noreturn

The GCC option -Wno-suggest-attribute=noreturn is not supported by
Clang. Instead of playing with compiler options, let's fix the code
according to the following rules:
- If a function is know to never return, it should have the __noreturn
attribute in the header file.
- If only some implementation of a function never returns, __noreturn
shall be applied to that particular implementation in the .c file.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface i

core: driver: generic resources for crypto device driver

Add a generic cryptographic driver interface connecting
TEE Crypto generic APIs to HW driver interface

The Generic Crypto Driver interface in the core/driver/crypto/crypto_api
is implemented to be able to use a HW driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_lpuart: add i.MX lpuart driver

add new lpuart driver
This driver is used by the i.MX 7ulp SoC

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@li

drivers: imx_lpuart: add i.MX lpuart driver

add new lpuart driver
This driver is used by the i.MX 7ulp SoC

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: wdt: Add arm SP805 watchdog driver

Add sp805 watchdog driver with following functionality:
- start/reload watchdog with specified timeout
- stop watchdog
- ping watchdog (clear watchdog int

drivers: wdt: Add arm SP805 watchdog driver

Add sp805 watchdog driver with following functionality:
- start/reload watchdog with specified timeout
- stop watchdog
- ping watchdog (clear watchdog interrupt and reload it)
- register watchdog interrupt handler

Signed-off-by: Abhishek Shah <abhishek.shah@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: introduce STPMIC1 driver

STPMIC1 is a power management chip for the stm32mp1 platform. It is
accessed through an I2C bus. STPMIC1 provides regulators and other
features as interrupt sources an

core: introduce STPMIC1 driver

STPMIC1 is a power management chip for the stm32mp1 platform. It is
accessed through an I2C bus. STPMIC1 provides regulators and other
features as interrupt sources and watchdogs.

STPMIC1 configuration is expected from a secure device tree blob, that
currently is the embedded DTB.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@lin

stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

drivers: bcm_gpio: add IPROC GPIO driver

low level driver for Broadcom IPROC GPIO controller.

Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Etienne Carriere <etienne.car

drivers: bcm_gpio: add IPROC GPIO driver

low level driver for Broadcom IPROC GPIO controller.

Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>

show more ...

drivers: bcm_sotp: add SOTP driver

low level driver for Broadcom SOTP controller.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Si

drivers: bcm_sotp: add SOTP driver

low level driver for Broadcom SOTP controller.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Rahul Gupta <rahul.gupta@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>

show more ...

drivers: bcm_hwrng: add HWRNG driver

low level driver for Broadcom random number generator IP.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.g

drivers: bcm_hwrng: add HWRNG driver

low level driver for Broadcom random number generator IP.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>

show more ...

stm32_rng: driver for STM32 RNG

Drivers is embedded upon CFG_STM32_RNG=y.

The driver main API functions are:
- stm32_rng_read() to get a buffer of random bytes,
- stm32_rng_read_raw() to get a buff

stm32_rng: driver for STM32 RNG

Drivers is embedded upon CFG_STM32_RNG=y.

The driver main API functions are:
- stm32_rng_read() to get a buffer of random bytes,
- stm32_rng_read_raw() to get a buffer of random bytes assuming the
RNG hardware is ready, i.e clock enabled.

The device driver is initialized from DT resource when a secure DTB,
currently the embedded DTB, is found.

STM32 RNG driver assumes the platform supports at most RNG instance
in the secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...