drivers: stm32_rng: override plat_rng_init() if hardware RNG

Avoids useless operations by overriding plat_rng_init() and do nothing.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

drivers: stm32_rng: override plat_rng_init() if hardware RNG

Avoids useless operations by overriding plat_rng_init() and do nothing.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: implement late seed error detection

As per STM32MP1x specification, rare seed error conditions must be
considered when random value read from DR register is zero.

Signed-off-by:

drivers: stm32_rng: implement late seed error detection

As per STM32MP1x specification, rare seed error conditions must be
considered when random value read from DR register is zero.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: pm callbacks

Implements power management (suspend/resume) functions in stm32_rng
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

drivers: stm32_rng: pm callbacks

Implements power management (suspend/resume) functions in stm32_rng
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: support clock error detection

Adds clock error detection configuration when the clock-error-detect
property is set in the RNG node in the device tree.

Signed-off-by: Gatien Chev

drivers: stm32_rng: support clock error detection

Adds clock error detection configuration when the clock-error-detect
property is set in the RNG node in the device tree.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: support conditional reset

Implements a RNG variant error concealment named conditional reset
that requires a software sequence before RNG being able to deliver
again random bytes

drivers: stm32_rng: support conditional reset

Implements a RNG variant error concealment named conditional reset
that requires a software sequence before RNG being able to deliver
again random bytes. It is supported by STM32MP13

RNG peripherals that are supporting conditional reset can dynamically
customize their configuration. Adds support for RNG clock frequency
restraint and NIST configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: call conceal_seed_error() on error cases

Changes conceal_seed_error() implementation to be called only upon
error conditions. This change will ease next integration of
STM32MP13

drivers: stm32_rng: call conceal_seed_error() on error cases

Changes conceal_seed_error() implementation to be called only upon
error conditions. This change will ease next integration of
STM32MP13 variant error concealment implementation.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: cleanup and change sample read timeout to 10ms

10ms timeout is sufficient when reading samples from RNG subsystem
when log level is below TRACE_FLOW log level. This changes renam

drivers: stm32_rng: cleanup and change sample read timeout to 10ms

10ms timeout is sufficient when reading samples from RNG subsystem
when log level is below TRACE_FLOW log level. This changes renames
the timeout value macro to RNG_READY_TIMEOUT_US.

This change also renames the reset timeout value for clarity,
from RNG_TIMEOUT_US_1MS to RNG_RESET_TIMEOUT_US.

Moves RNG_FIFO_BYTE_DEPTH macro definition to source file beginning.
Uses U() macro to define IOMEM registers offsets.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount

drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount field from stm32_rng_instance structure as it is now
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function st

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function stm32_rng_init() is replaced with
a FDT helper function stm32_rng_parse_fdt() and a DT_DRIVER probe
function stm32_rng_probe().

Changes stm32_rng driver initialization sequence to reset, if configured,
the RNG hardware subsystem at driver initialization.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acke

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error since EM.data value is checked along
EM_gen.data value later.
Check EM.data and EM_gen.data values separately to make Coverity happy.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being
retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into
a bignum and back to its original binary value.

This will cause cryptographic operations to fail as the secured keys
and objects become not addressable.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.

The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))

The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: rstctrl: differentiate error codes if items not found

Differentiates error codes in rstctrl_dt_get_by_name() if reset-names
property does not exist by returning TEE_ERROR_ITEM_NOT_FOUND.
Ad

drivers: rstctrl: differentiate error codes if items not found

Differentiates error codes in rstctrl_dt_get_by_name() if reset-names
property does not exist by returning TEE_ERROR_ITEM_NOT_FOUND.
Add comment for rstctrl_dt_get_by_index() that can now return
TEE_ERROR_ITEM_NOT_FOUND.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: add support for clk_get_rates_array

In order to query rates from clients, add get_rates_array() which
returns a supported rate array.

Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>

drivers: clk: add support for clk_get_rates_array

In order to query rates from clients, add get_rates_array() which
returns a supported rate array.

Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform confi

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform config.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: st,non-secure-otp-provisioning property

Implementation of a new "st,non-secure-provisioning-otp" property,
destined for non-secure OTP access with restrictions. At BSEC
initiali

drivers: stm32_bsec: st,non-secure-otp-provisioning property

Implementation of a new "st,non-secure-provisioning-otp" property,
destined for non-secure OTP access with restrictions. At BSEC
initialization, OTPs defined with this property will grant their access
to non-secure world only if the fuses are not permanently locked.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: fix use of stm32mp_is_closed_device()

This function is no more defined because it was superseded by BSEC
driver API function stm32_bsec_get_state().

Implements use of the ne

drivers: stm32mp15_huk: fix use of stm32mp_is_closed_device()

This function is no more defined because it was superseded by BSEC
driver API function stm32_bsec_get_state().

Implements use of the new API.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fix visibility of stm32_bsec_shadow_register()

Makes stm32_bsec_shadow_register() function a visible driver API
function as it is needed when CFG_STM32_BSEC_SIP is enabled.
Fixed comm

plat-stm32mp1: fix visibility of stm32_bsec_shadow_register()

Makes stm32_bsec_shadow_register() function a visible driver API
function as it is needed when CFG_STM32_BSEC_SIP is enabled.
Fixed commit made it a local function which was wrong.

Fixes: a638030bce84 ("drivers: stm32_bsec: remove unused functions")
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@found

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might l

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might lead to a build
error.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signe

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...