core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device.

When selected registers in IP core are only accessible by TrustZone device
needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access
be made with AWPROT[1] and ARPROT[1] bits configured properly.

This adds new argument for dt_map_dev() to enable forcing mapping to be
secure or non-secure.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rsa: support the crypto driver

Provide an explicit interface to software cryptographic operations to
allow accessing them whenever the Crypto driver API is enabled.

Signed-off-by: Jorge Ramir

core: rsa: support the crypto driver

Provide an explicit interface to software cryptographic operations to
allow accessing them whenever the Crypto driver API is enabled.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor O

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the re

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the recommended interface uses
the MBOX driver to the PLM.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key duri

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.

The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.

- This commit avoids scanning objects larger than that length.

This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.

The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.

Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-editor.org/rfc/rfc8420.html
A.1. ASN.1 Object for Ed25519

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
ar

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
are available in struct user_mode_ctx so pass a pointer to that struct
instead. This saves a few function arguments and also makes it a bit
more clear how a function can be used.

pgt_clear_ctx_range(), pgt_flush_ctx_range() and pgt_flush_ctx() are
renamed to drop the "_ctx" part in their names since it's not relevant
any longer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struc

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struct
vm_region. The translation tables will be kept available for the S-EL0
context as long at the mappings are unchanged.

Secure Partitions (SPs) can depend on translation tables always being
available and avoid having to wait for translation tables.

Memory for the translation tables is allocated from the same memory as
used for TAs and SPs. The number of available translation tables are
limited by the amount of TA/SP memory available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This m

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This matches better how page tables are managed since pgt_put_all()
doesn't free the tables, they are just put in a cache list from which
they later can be free or re-allocated.

pgt_alloc() to pgt_get_all():
pgt_get_all() may actually not allocate a new table, not if it can be
found in the cache list.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too.

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too. The purpose of this is to allow core_mmu_populate_user_map() to
skip already initialized translation tables.

Add two helper functions pgt_pop_from_cache_list() and
pgt_push_to_cache_list() to be used when updating the translation tables
currently in the cache list.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs wa

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs was enabled this parameter was always true. So simplify the logic by
removing this parameter and where used internally always do as if
save_ctx was true. This means that pgts used for paging will always
first be pushed to the cache list to later be reclaimed by other means.

This patch does not change the de facto behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each priv

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each privileged thread has its own APIA key. There are also a
separate APIA key for each physical core used when handling an abort or
when using the tmp stack.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os bui

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os build requires the
CFG_LS_SEC_MON flag.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

dt-bindings: define system reset controller for stm32mp1 flavors

Define DT binding ID related to system reset controller, for both
STM32MP15 and STM32MP13 variants.

Acked-by: Jens Wiklander <jens.w

dt-bindings: define system reset controller for stm32mp1 flavors

Define DT binding ID related to system reset controller, for both
STM32MP15 and STM32MP13 variants.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows erro

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows errors from the
platform SCMI server implementation to be propagated to the REE.

The implementation for stm32mp1 is updated to handle at least some
possible errors.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Eliasson <anton.eliasson@axis.com>

show more ...

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and an hardware abstraction layer
for low level MU functions.

The MU driver implements the HAL for the following platforms:
- mx8ulpevk
- mx8qmmek/imx8qxpmek

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: zynqmp_huk: Add AES eFuse and HUK seed support

When AES eFuse is used to encrypt boot loaders and bitstreams then PUF
functionality is not available for use. When AES eFuse based encryption

drivers: zynqmp_huk: Add AES eFuse and HUK seed support

When AES eFuse is used to encrypt boot loaders and bitstreams then PUF
functionality is not available for use. When AES eFuse based encryption is
in use AES eFuse key becomes device key instead of PUF generated key.

In order to re-plenish additional device specific entropy that PUF would
provide utilize selected set of User programmable eFuses.

Selected user eFuses should be programmed during device manufacturing with
cryptographically good random numbers.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: zymqmp_pm: add USER eFuse support

Adds necessary defines for accessing USER eFuses.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.car

drivers: zymqmp_pm: add USER eFuse support

Adds necessary defines for accessing USER eFuses.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: zynqmp_pm: Add eFuse programming support

Add support to program eFuses utiling functionality found in PMU firmware.

If eFuse programming functionality has been disabled in PMU firmware the

drivers: zynqmp_pm: Add eFuse programming support

Add support to program eFuses utiling functionality found in PMU firmware.

If eFuse programming functionality has been disabled in PMU firmware then
programming will fail.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...