drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] ht

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device.

When selected registers in IP core are only accessible by TrustZone device
needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access
be made with AWPROT[1] and ARPROT[1] bits configured properly.

This adds new argument for dt_map_dev() to enable forcing mapping to be
secure or non-secure.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: SCP03 enabled only session.

The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.

To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is d

crypto: se050: SCP03 enabled only session.

The SE050F FIPS 140-2 certified device makes SCP03 mandatory from
boot.

To support this use case, we introduce CFG_CORE_SCP03_ONLY. Its
functionality is described in crypto.mk.

Some information regarding the SE050F device below [1]

[1] https://www.nxp.com/docs/en/application-note/AN12436.pdf

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: se050: add support for the SE050F

Add the SCP03 keys to support the NXP SE050F device

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@li

crypto: se050: add support for the SE050F

Add the SCP03 keys to support the NXP SE050F device

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: se050: fix SE050F2 identifier

Used the wrong identifier for the SE050F2 board. This would cause the
SCP03 symmetric keys to be rejected by the Secure Element and so the
secure session could

crypto: se050: fix SE050F2 identifier

Used the wrong identifier for the SE050F2 board. This would cause the
SCP03 symmetric keys to be rejected by the Secure Element and so the
secure session could not be started.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto-api: rsa: pass algorithm to implementation

This is required for drivers that might only support some
of the algorithms and want to delegate the operation to
their software implementatio

core: crypto-api: rsa: pass algorithm to implementation

This is required for drivers that might only support some
of the algorithms and want to delegate the operation to
their software implementations

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending inte

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending interrupts to be served faster in REE side as getting
new random might not be that important. At the same time it gives more
time for random number generation to complete and not just performing
spinning and waiting.

It was originally recommended by TRNG vendor not to cache previous partial
results in memory. TRNG itself is rather fast so there should
be always fresh bytes available for consumption. Thus to simplify the code
remove the FIFO construct.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a u

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a unique per device secret to be fused: just a key
common to all devices.

The algorithm uses a 128 bit symmetric key stored as four 32 bit words
read from OTP fuses.

The HUK is calculated by AES-GCM encrypting the device UID (96 bits).

Since the UID is persistent - and so should be the key - the NONCE can
be reused and hold any value.

The OTP values must be secrets but don't need to be unique per-device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor O

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the re

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the recommended interface uses
the MBOX driver to the PLM.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key duri

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.

The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.

- This commit avoids scanning objects larger than that length.

This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.

The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.

Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_i2c: optimize the master receive path

Early error detection prevents an invalid read request made to the
device from blocking the bus for the whole transfer timeout.

Signed-off-by: J

drivers: stm32_i2c: optimize the master receive path

Early error detection prevents an invalid read request made to the
device from blocking the bus for the whole transfer timeout.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

se050: glue: i2c_stm32

To add support in the device tree - since the NXP SE05x device node
has not been agreed yet - the user must provide an alias to the bus
where the device is located.

Once the

se050: glue: i2c_stm32

To add support in the device tree - since the NXP SE05x device node
has not been agreed yet - the user must provide an alias to the bus
where the device is located.

Once the SE05X node has been agreed, support will be added to all
OP-TEE supported platforms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_i2c: fix read operations on I2C_MODE_MASTER mode

One of the valid conditions that leads to the generation of a NACK
is when the controller-receiver signals the end of the transfer
to

drivers: stm32_i2c: fix read operations on I2C_MODE_MASTER mode

One of the valid conditions that leads to the generation of a NACK
is when the controller-receiver signals the end of the transfer
to the target transmitter.

The code being fixed - not clearing the NACK - was causing subsequent
write operations to fail.

This has been validated using the NXP SE050 device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os bui

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os build requires the
CFG_LS_SEC_MON flag.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows erro

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows errors from the
platform SCMI server implementation to be propagated to the REE.

The implementation for stm32mp1 is updated to handle at least some
possible errors.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Eliasson <anton.eliasson@axis.com>

show more ...

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: rework the SC API to make compatible with the new MU driver

Rework the SC API to leverage the common MU driver.
This re-work implies the deletion of duplicate functions that are now
im

core: driver: rework the SC API to make compatible with the new MU driver

Rework the SC API to leverage the common MU driver.
This re-work implies the deletion of duplicate functions that are now
implemented in the MU driver instead

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and an hardware abstraction layer
for low level MU functions.

The MU driver implements the HAL for the following platforms:
- mx8ulpevk
- mx8qmmek/imx8qxpmek

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx-i2c: add support for imx8mn

Add i2c support for imx8mn platforms

Signed-off-by: Gerard Koskamp <gerard.koskamp@nedap.com>
Reviewed-by: Robert Krikke <robert.krikke@nedap.com>
Acked-by:

drivers: imx-i2c: add support for imx8mn

Add i2c support for imx8mn platforms

Signed-off-by: Gerard Koskamp <gerard.koskamp@nedap.com>
Reviewed-by: Robert Krikke <robert.krikke@nedap.com>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

show more ...

crypto_api: acipher: correct ECC NIST-P521 key size

NIST P521 uses 521-bit private keys.

This change might impact platforms that expect a certain alignment
on the key size (i.e. CAAM)

Signed-off-b

crypto_api: acipher: correct ECC NIST-P521 key size

NIST P521 uses 521-bit private keys.

This change might impact platforms that expect a certain alignment
on the key size (i.e. CAAM)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: ecc: key size must be a multiple of 8

Enforce the alignment required by the CAAM hardware.

Notice that the NIST-P521 curve uses a 521 bit private key
hence why this change is needed.

drivers: caam: ecc: key size must be a multiple of 8

Enforce the alignment required by the CAAM hardware.

Notice that the NIST-P521 curve uses a 521 bit private key
hence why this change is needed.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx: dcp: fix compilation address error

hwkey->data will never be null because it is an array

struct tee_hw_unique_key {
uint8_t data[HW_UNIQUE_KEY_LENGTH];
};

Fix the following w

drivers: imx: dcp: fix compilation address error

hwkey->data will never be null because it is an array

struct tee_hw_unique_key {
uint8_t data[HW_UNIQUE_KEY_LENGTH];
};

Fix the following with gcc12:

| core/drivers/imx/dcp/dcp_huk.c: In function 'tee_otp_get_hw_unique_key':
| core/drivers/imx/dcp/dcp_huk.c:71:23: error: the comparison will always evaluate as 'true' for the address of 'data' will never be NULL [-Werror=address]
| 71 | if (!hwkey || !hwkey->data) {
| | ^

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

crypto-api: rsassa: pass algorithm to implementation

This is required for drivers that might only support some of the
algorithms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

crypto-api: rsassa: pass algorithm to implementation

This is required for drivers that might only support some of the
algorithms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...