core: arm: Rename main_secondary_init_intc() to boot_secondary_init_intc()

main_secondary_*() is an ambiguous name since it conveys no meaning
relative to the purpose of the function. Fix it by rena

core: arm: Rename main_secondary_init_intc() to boot_secondary_init_intc()

main_secondary_*() is an ambiguous name since it conveys no meaning
relative to the purpose of the function. Fix it by renameing to
boot_secondary_init_intc(), since interrupt controllers are always
initialized in boot stage.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_gpio: move definitions to source file

Moves macros and structures definitions from stm32_gpio.h header file
to the driver source file as these definition do not need to be
visible fro

drivers: stm32_gpio: move definitions to source file

Moves macros and structures definitions from stm32_gpio.h header file
to the driver source file as these definition do not need to be
visible from other drivers thank to pin control abstraction.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_i2c: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_uart: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

drivers: stm32_gpio: remove cases when CFG_DRIVERS_PINCTRL is disabled

Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1
platform configuration enforces the switch is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL

Updates stm32_i2c driver for when CFG_DRIVERS_PINCTRL is enabled making
I2C driver to get pin control configuration using the generic pin
control fram

drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL

Updates stm32_i2c driver for when CFG_DRIVERS_PINCTRL is enabled making
I2C driver to get pin control configuration using the generic pin
control framework. When enabled, stm32_i2c driver get the active and
sleep pin control configuration from the device tree. Sleep pinctrl
configuration is optional.

SE050 and STM32MP1 PMIC drivers that use the stm32_i2c bus are both
updated accordingly.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: support CFG_DRIVERS_PINCTRL

Updates stm32_uart driver for when CFG_DRIVERS_PINCTRL is enabled making
UART driver to get pin control configuration using the generic pin
control f

drivers: stm32_uart: support CFG_DRIVERS_PINCTRL

Updates stm32_uart driver for when CFG_DRIVERS_PINCTRL is enabled making
UART driver to get pin control configuration using the generic pin
control framework.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: add helper function stm32_pinctrl_set_secure_cfg()

Adds helper function stm32_pinctrl_set_secure_cfg() to set the
GPIO pin secure state (secure or non-secure) for each pin refer

drivers: stm32_gpio: add helper function stm32_pinctrl_set_secure_cfg()

Adds helper function stm32_pinctrl_set_secure_cfg() to set the
GPIO pin secure state (secure or non-secure) for each pin referenced
by a pin control state.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: add helper function stm32_gpio_pinctrl_bank_pin()

Adds helper function stm32_gpio_pinctrl_bank_pin() to get an array
of bank and pin IDs related to a pin control state.

Acked-b

drivers: stm32_gpio: add helper function stm32_gpio_pinctrl_bank_pin()

Adds helper function stm32_gpio_pinctrl_bank_pin() to get an array
of bank and pin IDs related to a pin control state.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_gpio: support CFG_DRIVERS_PINCTRL

Changes stm32_gpio driver to support generic pin control framework
(CFG_DRIVERS_PINCTRL=y).

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.c

drivers: stm32_gpio: support CFG_DRIVERS_PINCTRL

Changes stm32_gpio driver to support generic pin control framework
(CFG_DRIVERS_PINCTRL=y).

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: driver: implement platform-level interrupt controller (PLIC) driver

An initial implementation of RISC-V PLIC driver conforming
to the specification. CFG_RISCV_PLIC flag allows building it
or

riscv: driver: implement platform-level interrupt controller (PLIC) driver

An initial implementation of RISC-V PLIC driver conforming
to the specification. CFG_RISCV_PLIC flag allows building it
or not for platforms with custom PLIC IP.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: rename interrupt controller functions

This commit renames interrupt controller function names
to be more generic:
- Rename main_init_gic() to primary_init_intc()
- Rename secondary_init_gic()

core: rename interrupt controller functions

This commit renames interrupt controller function names
to be more generic:
- Rename main_init_gic() to primary_init_intc()
- Rename secondary_init_gic() to secondary_init_intc()

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_bsec: implement the get otp by phandle

Add a new interface stm32_bsec_find_otp_by_phandle() to retrieve
localization of an OTP from a given node phandle.

When the node phandle is abs

drivers: stm32_bsec: implement the get otp by phandle

Add a new interface stm32_bsec_find_otp_by_phandle() to retrieve
localization of an OTP from a given node phandle.

When the node phandle is absent in the NVMEM node, layout_cell->phandle = 0
and reference to this OTP with this API function is not possible.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: add support for bits property in the DT

Adds the possibility to specify the number of managed bit in the NVMEM
cell device tree description, using the optional bits property
and

drivers: stm32_bsec: add support for bits property in the DT

Adds the possibility to specify the number of managed bit in the NVMEM
cell device tree description, using the optional bits property
and removes restriction on aligned NVMEM cell on 32-bit word by supporting
bit offset in stm32_bsec_find_otp_in_nvmem_layout().

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: keep stm32_bsec_permanent_lock_otp() under flag

Keep the function to access the OTP lock under the CFG_STM32_BSEC_WRITE
flag to align with the write function.

Reviewed-by: Etie

drivers: stm32_bsec: keep stm32_bsec_permanent_lock_otp() under flag

Keep the function to access the OTP lock under the CFG_STM32_BSEC_WRITE
flag to align with the write function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>

show more ...

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt has its own
error codes and they are useful for debug.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture into "core/kernel/dt.c", including external DT descriptor,
DT overlay, external DT initialization, API for adding DT child nodes
and reserved-memory nodes. Since "core/kernel/dt.c" is dependent with
CFG_DT, other functions which are independent with CFG_DT are put into
new file "core/kernel/boot.c".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seon

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Review

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(),

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(), bb_free(), and bb_reset() are added to manage memory
allocation from the bounce buffer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

arm64: Introduce permissive PAN implementation

Privileged Access Never (PAN) is a part of ARMv8.1 extension that
restricts accesses to unprivileged memory from privileged mode
in order to prevent un

arm64: Introduce permissive PAN implementation

Privileged Access Never (PAN) is a part of ARMv8.1 extension that
restricts accesses to unprivileged memory from privileged mode
in order to prevent unintended accesses to potentially malicious
memory.

This introduces configuration of PAN and helper functions
enter_user_access() and exit_user_access() that toggles PSTATE.PAN
that controls the behavior of PAN.

Current OP-TEE impelmentation is not ready to apply strict PAN policy
due to missing user-access function uses, etc.

Hence, this patch takes a very permissive approach (yet better
than nothing), where PAN is deactivated in the entire lifetime of
thread_svc_handler (i.e., system call).

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: J

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: Jihwan Park <jihwp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded cana

core: thread: Add support for canary value randomization

Currently hardcoded magic number is used as thread stack canary,
an attacker with full control over the overflow can embed the
hardcoded canary value on the right location to bypass the overflow
detection.

To add extra layer of security, redefine the canary value as variable,
such that the canary can be initialized during runtime.

The canaries are initialized with static values from thread_init_canaries()
during the early boot stage. The plat_get_random_stack_canaries() is
refactored to support arbitrary-length random numbers, and a new function
called thread_update_canaries() is created to fetch the random values and
update the thread canaries. For CFG_NS_VIRTUALIZATION=y, the updated
function is disabled.

Signed-off-by: Vincent Chuang <Vincent.Chuang@mediatek.com>
Signed-off-by: Randy Hsu <Randy-CY.Hsu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp13: update stm32mp13 SoC and board DTS files

Updates STM32MP13* SoC DTSI files and STM32MP135F-DK board DTS file
and related DT binding header files.

Acked-by: Gatien Chevallier <gatien

dts: stm32mp13: update stm32mp13 SoC and board DTS files

Updates STM32MP13* SoC DTSI files and STM32MP135F-DK board DTS file
and related DT binding header files.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...