drivers: caam: fix CFG_CORE_BIGNUM_MAX_BITS

CFG_CORE_BIGNUM_MAX_BITS should be 4576
4096 (RSA Max key size) +
8 * 60 (Header serialization and Black blob overhead in bytes)

Signed-off-by: Sahil Mal

drivers: caam: fix CFG_CORE_BIGNUM_MAX_BITS

CFG_CORE_BIGNUM_MAX_BITS should be 4576
4096 (RSA Max key size) +
8 * 60 (Header serialization and Black blob overhead in bytes)

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se05x: improve object deletion logs

For SE05x, only private keys are stored in the secure element: the
OP-TEE secure storage REE/RPMB retains the full public key but just a
handle to the pri

crypto: se05x: improve object deletion logs

For SE05x, only private keys are stored in the secure element: the
OP-TEE secure storage REE/RPMB retains the full public key but just a
handle to the private key.

If the secure element's persistent storage is erased, but OP-TEE's
secure storage remains, the public key can still be accessed while the
private key is inaccessible. However, in such cases, the 'key' will
still appear as present in the PKCS#11 database.

When CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR is enabled (not by default)
and the key pointed to by the handle is not present in the secure
element, OP-TEE PKCS#11 clients will encounter an error when attempting
to delete the private key information held in the OP-TEE secure
storage.

If the setting is disabled, the PKCS#11 storage clears the
private key handle without errors.

This commit removes some ambiguity, so users do not see error messages
when operations complete successfully.

It also fails on sss_se05x_key_object_init errors unconditionally since
a failure on this function can only signify some form of stack
corruption.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: shared_resource stops checking clock dependencies

Remove management of STM32MP15 secure clock support from the
platform specific share_resource.c driver. It is not needed STM32
ETZPC

plat-stm32mp1: shared_resource stops checking clock dependencies

Remove management of STM32MP15 secure clock support from the
platform specific share_resource.c driver. It is not needed STM32
ETZPC and RCC platform drivers now checks these dependencies.

Therefore the change removes stm32mp_register_clock_parents_secure()
and its related and ensures stm32mp_register_[non_]secure_xxx()
(from shared_resource.c driver) is not used for a clock (here PLL3).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: clk: stm32mp15: default disable mckprot hardening

Default disable RCC MCKPROT hardening configuration for STM32MP15
platforms since remoteproc driver enables it when required.

Remove disab

drivers: clk: stm32mp15: default disable mckprot hardening

Default disable RCC MCKPROT hardening configuration for STM32MP15
platforms since remoteproc driver enables it when required.

Remove disabling of RCC MCKPROT from STM32MP15 shared_resource driver
since this is now done from the STM32MP15 clock driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: remoteproc: stm32mp15: check Cortex-M isolation

Set Cortex-M RCC isolation (MCKPROT) configuration when STM32MP15
remote processor secure loading is embedded in the platform.

Signed-off-by

drivers: remoteproc: stm32mp15: check Cortex-M isolation

Set Cortex-M RCC isolation (MCKPROT) configuration when STM32MP15
remote processor secure loading is embedded in the platform.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

firewall: stm32_etzpc: check consistency of RCC vs DECPROT secure config

Ensures that when an ETZPC DECPROT configuration is secure (resp.
MCU isolated) that SoC RCC is also secure (resp. MCKPROT is

firewall: stm32_etzpc: check consistency of RCC vs DECPROT secure config

Ensures that when an ETZPC DECPROT configuration is secure (resp.
MCU isolated) that SoC RCC is also secure (resp. MCKPROT isolated).

This change helps to remove dependency on shared_resource.c driver
that is no longer needed since integration of the firewall framework.

By the way, fix include files order.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienn

drivers: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA regi

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA register values were taken from i.MX6 Security Reference
Manual rev 0.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled throu

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled through OP-TEE remoteproc secure services.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Et

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Car

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: caam: Update comments in ECC driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: Update comments in RSA driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ET

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ETZPC
related code.

While there, revert commit 326382a059a8 ("drivers: stm32_rng: MP15 RNG is
non-secure when PRNG is enable") and prefer to use ETZPC API.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as a firewall provider.

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions for
which no firewall operations will be done when CFG_INSECURE is set.
This allows, for example, to share a console with the non-secure world
for development purposes.

The ETZPC driver register the following ops:
-set_conf
-acquire_access
-acquire_memory_access

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Che

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device tree to
get it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some incl

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some includes to fix the path errors.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot, OP-TEE and TF-A set the JR0 to the non-secure
domain that leads to a HAB failure when trying to decrypt the kernel.

To fix the issue, this commit introduces CFG_JR_HAB_INDEX that specifies
which JR the HAB uses. OPTEE will skip the initialization of
CFG_JR_HAB_INDEX and leave it as secure.

It will also disable its usage in the device tree to inform the kernel.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configur

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configuration
has been delegated, configures the firewall attributes necessary to
access a page.

Each RISAB is dedicated to a internal memory and can cover 128KBytes of
data, separated in 32 pages of 4 KBytes, containing 8 blocks each.

It is possible to align a RISAB secure and privilege regions
allocations with an ARM Cortex M, which defines in its address space
configurable regions with a 256Bytes granularity. The configuration
would be 512Bytes block-based in order to align the two.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: MP15 RNG is non-secure when PRNG is enable

Register stm32_rng device as non-secure when software PRNG is enabled
instead of testing the firewall configuration that is applied fro

drivers: stm32_rng: MP15 RNG is non-secure when PRNG is enable

Register stm32_rng device as non-secure when software PRNG is enabled
instead of testing the firewall configuration that is applied from
stm32mp1_init_final_shres() at driver_init_late initcall level, far
after RNG initialization.

Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: gic: accept GIC version 4 if CFG_ARM_GICV3 is enabled

GIC v4 is backwards compatible with GIC v3, Accept GIC
version 4 if CFG_ARM_GICV3 is enabled.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy

core: gic: accept GIC version 4 if CFG_ARM_GICV3 is enabled

GIC v4 is backwards compatible with GIC v3, Accept GIC
version 4 if CFG_ARM_GICV3 is enabled.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
cloc

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
clock gates with a disable init state overflow the gate refcount to -1
and clock gates with a enable init state take a refcount that is never
released.

For this purpose, add stm32_gate_set_init_state() function in
stm32 clock core driver for STM32MP13 gate clocks initialization
expects to set some clock gate hardware state (enabled or disabled)
before any refcount is considered.

Fixes: 2b028a2ba197 ("clk: implement multi-gate management at core level")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...