crypto: drivers: se050: rsa: decrypt_es, validate the output buffer

The size of the decrypted output is not known until decryption has
happened.

Use an intermediate buffer large enough to guarantee

crypto: drivers: se050: rsa: decrypt_es, validate the output buffer

The size of the decrypted output is not known until decryption has
happened.

Use an intermediate buffer large enough to guarantee that the
decrypted message will fit.

This allows the driver to validate the size of the output buffer
passed in the interface.

Fixes: xtest pkcs11_1023

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: rsa: fix OAEP and revert regression

Revert a regression introduced in the encrypt operation when swapping
buffers (fixes part of 'commit e1c70d7c88ab ("crypto: drivers: se050

crypto: drivers: se050: rsa: fix OAEP and revert regression

Revert a regression introduced in the encrypt operation when swapping
buffers (fixes part of 'commit e1c70d7c88ab ("crypto: drivers: se050:
fix rsa encrypt/decrypt")'

Fix misuse of the hash_algo field during OAEP encrypt/decrypt.

All tests passing
* xtest -t regression 4006

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: rsa: add RSA_NOPAD enc/dec support

Commit 8563cdc537a9 ("drivers: crypto: se050: limitations to RSA
crypto") removed RSA_NOPAD support based on the Plug And Trust MW
document

crypto: drivers: se050: rsa: add RSA_NOPAD enc/dec support

Commit 8563cdc537a9 ("drivers: crypto: se050: limitations to RSA
crypto") removed RSA_NOPAD support based on the Plug And Trust MW
documentation, Release v02,14,00 (Apr 03, 2020).

That documentation was incorrect as RSA_NOPAD is indeed supported by
the secure element as described in the SE050 APDU specification [1],
section 4.3.14, table 32.

This commit restores the functionality and fixes previous bugs.

Validated on xtest 4006 and 4011.

[1] https://www.nxp.com/docs/en/application-note/AN12413.pdf

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: stm32mp1: fix index ordering parent clock array

Fix order in stm32mp1_clk_parent_name[].

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etie

drivers: clk: stm32mp1: fix index ordering parent clock array

Fix order in stm32mp1_clk_parent_name[].

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: stm32mp1: fix HCLK6 parent clock

Fix get_parent_id_parent() the return HCLK6 parent clock that previous
implementation forbade.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com

drivers: clk: stm32mp1: fix HCLK6 parent clock

Fix get_parent_id_parent() the return HCLK6 parent clock that previous
implementation forbade.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: stm32mp1: fix BRSRAM parent clock reference

Fix reference to BKPSRAM parent clock for platform stm32mp1. No
functional change as parent clock reference used prior the change
(_PCLK5) l

drivers: clk: stm32mp1: fix BRSRAM parent clock reference

Fix reference to BKPSRAM parent clock for platform stm32mp1. No
functional change as parent clock reference used prior the change
(_PCLK5) led to the same parent clock rate value.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: stm32mp15: support RTC and MPU clocks

Add RTC and MPU clocks support to platform stm32mp1.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <et

drivers: clk: stm32mp15: support RTC and MPU clocks

Add RTC and MPU clocks support to platform stm32mp1.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: stm32mp15: split oscillator and parent clock IDs

Use specific identifiers for root oscillators (prefixed OSC_) while
parent clock IDs are left unchanged.

Reviewed-by: Lionel Debieve <

drivers: clk: stm32mp15: split oscillator and parent clock IDs

Use specific identifiers for root oscillators (prefixed OSC_) while
parent clock IDs are left unchanged.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add imx8ulp CAAM HAL

Add imx8ulp CAAM HAL functions.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

drivers: caam: disable the use of interrupts for some platforms

On some i.MX platforms, all CAAM JRs share the same line of interrupts.
To avoid conflicts with the other job ring owners, skip the
en

drivers: caam: disable the use of interrupts for some platforms

On some i.MX platforms, all CAAM JRs share the same line of interrupts.
To avoid conflicts with the other job ring owners, skip the
enable/disable of job ring interruptions in OP-TEE CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: ecc sign/verify padding

Pad small messages with zeroes during sign/verify.

Fixes xtest pkcs11_1019.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienn

crypto: drivers: se050: ecc sign/verify padding

Pad small messages with zeroes during sign/verify.

Fixes xtest pkcs11_1019.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: build Plug-and-Trust using the TEE makefiles

Building the Plug-and-Trust library required building OP-TEE first in
order to get some architecture specific definitions.
This m

drivers: crypto: se050: build Plug-and-Trust using the TEE makefiles

Building the Plug-and-Trust library required building OP-TEE first in
order to get some architecture specific definitions.
This makes the integration with yocto metas unnecessarily complex.

The following commit simplifies the build sequence: the user would
need to clone the Plug-and-Trust tree [1] to an accessible location in
the filesystem and then build OP-TEE as usual passing the path to the
Plug-and-Trust tree in CFG_NXP_SE05X_PLUG_AND_TRUST.

[1] https://github.com/foundriesio/plug-and-trust.git

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_wdog: fix compilation warning on watchdog driver

$ make PLATFORM=imx-mx7ulpevk CFG_DT=n
core/drivers/imx_wdog.c:42:13: warning: ext_reset_output defined but not used [-Wunused-variable]

drivers: imx_wdog: fix compilation warning on watchdog driver

$ make PLATFORM=imx-mx7ulpevk CFG_DT=n
core/drivers/imx_wdog.c:42:13: warning: ext_reset_output defined but not used [-Wunused-variable]
42 | static bool ext_reset_output;
| ^~~~~~~~~~~~~~~~

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix aligned buffer allocation for DMA

For aligned memory buffer and DMA CAAM access, the allocated buffer size
must be rounded up to a certain value depending of the DMA behaviour on

drivers: caam: fix aligned buffer allocation for DMA

For aligned memory buffer and DMA CAAM access, the allocated buffer size
must be rounded up to a certain value depending of the DMA behaviour on
the platform.
For the imx8qm/qxp, the allocated aligned buffer size must be rounded up
to 4 bytes.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: clk: move stm32mp1 clock driver to clock drivers directory

Moves stm32mp15 clock driver to core/drivers/clk and adds configuration
switch CFG_STM32MP15_CLK to embed or not the driver. Platf

drivers: clk: move stm32mp1 clock driver to clock drivers directory

Moves stm32mp15 clock driver to core/drivers/clk and adds configuration
switch CFG_STM32MP15_CLK to embed or not the driver. Platform stm32mp1
mandates CFG_STM32MP15_CLK=y.

Reviewed-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: add reset controller framework

Adds a common reset controller framework rstctrl for interfacing
reset controllers exposed by a platform.

Reset controller consumers can act on relate reset

drivers: add reset controller framework

Adds a common reset controller framework rstctrl for interfacing
reset controllers exposed by a platform.

Reset controller consumers can act on relate reset level with
rstctrl_assert(), rstctrl_deassert() and friends.

Reset controller consumers can claim exclusive access to the reset
level woth rstctrl_get_exclusive(), rstctrl_put_exclusive().

Reset controller provider drivers call rstctrl_register_provider()
to allow other drivers to get a reset control reference from
a devicetree reference. Reset controller driver are identified with
type DT_DRIVER_RSTCTRL.

A reset controller provider exposes struct rstctrl instances made of
an opaque private reference (a private data pointer or an unsigned
integer identifier), an reset controller operators reference and
the exclusive claim state.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: define DT drivers using scattered arrays

Replace the specific mechanism used to define and enumerate DT drivers
with scattered arrays. Doing so simplifies the TEE linker file a bit.

Signed-of

core: define DT drivers using scattered arrays

Replace the specific mechanism used to define and enumerate DT drivers
with scattered arrays. Doing so simplifies the TEE linker file a bit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

By default, the secure element does not store all the possible EC
curves in its internal memory; however attempting to inject a keypair
when the curve is not in the secure element would cause the injection
to fail.

This commit addresses that situation by generating those curves in the
SE whenever they are not available.

Tested with TEE_ALG_ECDH_P192, TEE_ALG_ECDH_P224, TEE_ALG_ECDH_P256
and TEE_ALG_ECDH_P384 and TEE_ALG_ECDH_P521 (xtest 4009 passing)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jor

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following re

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following resources/peripherals:
- RNG
- Peripheral owernership
- Clocks

To allocate and initialize the CAAM, the driver relies on the
MU driver and a secure controller API to communicate with the
security controller.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT code for CAAM RNG initialization status.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \
-in data -pubin -out data.crypt

pkcs11-tool --module /usr/lib/libckteec.so.0.1 \
--pin 87654321 --decrypt --id 01 \
--token-label fio --mechanism RSA-PKCS \
--input-file data.crypt > data.decrypted

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

The user we can continue to define its value so that the OP-TEE driver
only works when such OEFID is available.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mecha

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mechanism to request extra bytes to handle the
DER format.

To address this situation, this patch allocates a temporary buffer to
get the signature from the Plug-and-Trust subsystem; then, upon doing
the DER to binary conversion, copies the resulting data to the output
buffer.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...