core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top half runs in secure interrupt context and a
notifications tells normal world to schedule a yielding call to do the
bottom half processing.

The protocol is defined in optee_msg.h optee_rpc_cmd.h and optee_smc.h.

A notification consists of a 32-bit value which normal world can
retrieve using a fastcall into secure world. OP-TEE is currently only
supporting the value 0-63 where 0 has a special meaning. When 0 is sent
it means that normal world is supposed to make a yielding call
OPTEE_MSG_CMD_DO_BOTTOM_HALF.

The notification framework in OP-TEE defines an interface where drivers
can register a callback which is called on each yielding bottom half
call.

Notification capability is negotiated with the normal world while it
initializes its driver. If both sides supports these notifications then
they are enabled.

CFG_CORE_ASYNC_NOTIF_GIC_INTID is added to define the hardware interrupt
used to notify normal world. This is added to the DTB in case OP-TEE can
is configured with CFG_DT=y. Other cases requires the normal world DTB
to be kept in sync with this.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICA

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICATION in order to match the new interface.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerom

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will b

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will be used
when creating mapping for user space.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code is restricted to single core system since it rely
on the fact that no other cores can invalidate the TLB or the
I-cache. This driver will be used by PSCI to shutdown the SoC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: sam: add at91_ddr.h file with DDR register definition

This file will be used by multiple drivers and PM support.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

drivers: sam: add at91_ddr.h file with DDR register definition

This file will be used by multiple drivers and PM support.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: clk: change clk_dt_get_by_*() prototype

Changes clk_dt_get_by_idx() and clk_dt_get_by_name() to return a
the TEE_Result code and use an output argument to pass back
clock reference rather t

drivers: clk: change clk_dt_get_by_*() prototype

Changes clk_dt_get_by_idx() and clk_dt_get_by_name() to return a
the TEE_Result code and use an output argument to pass back
clock reference rather than the opposite. This change makes
clk_dt_get_by_*() function more consistent with the other
OP-TEE core API functions.

Also renames clk_dt_get_by_idx() to clk_dt_get_by_index().

Updates sama5d2_clk.c and atmel_trng.c accordingly.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_c

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_cryp_init() is changed to call dt_driver_crypt_init_complete() once
crypt layer initialization completes.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver to communicate with the security
controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel-rstc: add support for reset controller

This reset controller will be used by PSCI to reset the SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j

drivers: atmel-rstc: add support for reset controller

This reset controller will be used by PSCI to reset the SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: dt: prevent build failure when CFG_DT is disabled

Fixes dt.h to prevent build failure when dt_driver.h is pre-compiled
while CFG_DT is disabled. Below are examples of such build error traces:

core: dt: prevent build failure when CFG_DT is disabled

Fixes dt.h to prevent build failure when dt_driver.h is pre-compiled
while CFG_DT is disabled. Below are examples of such build error traces:

core/include/kernel/dt_driver.h:61:29: warning: ‘enum dt_driver_type’ declared inside parameter list will not be visible outside of this definition or declaration
61 | void *data, enum dt_driver_type type);
| ^~~~~~~~~~~~~~
core/include/drivers/clk_dt.h: In function ‘clk_dt_register_clk_provider’:
core/include/drivers/clk_dt.h:101:15: error: ‘DT_DRIVER_CLK’ undeclared (first use in this function); did you mean ‘CFG_DRIVERS_CLK’?
101 | data, DT_DRIVER_CLK);
| ^~~~~~~~~~~~~

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: move functions from tee_svc_storage.c to tee_rpmb_fs.c

tee_svc_storage_create_filename() and tee_svc_storage_create_dirname() are
only used in core/tee/tee_rpmb_fs.c, so move them there and ma

core: move functions from tee_svc_storage.c to tee_rpmb_fs.c

tee_svc_storage_create_filename() and tee_svc_storage_create_dirname() are
only used in core/tee/tee_rpmb_fs.c, so move them there and make them
static. Since they now have file scope they may as well be given shorter
names.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a

core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a
shorter name: create_filename().

Fundamentally, this function is needed when CFG_REE_FS=y but the whole
file core/tee/tee_svc_storage.c (which is the current location of this
function) essentially defines the storage syscalls for TAs and is
therefore not needed when CFG_WITH_USER_TA=n. If we want to later be
able to exclude it from the build while still providing secure storage
to kernel code, the function has to move.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driv

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driver provider
references when a single DT node relates to several driver providers
that are of different type by DT binding definition. For example, a DT
node may describe a device that acts both as a clock provider and a reset
controller, for which two driver references are needed in the driver
provider list.

Updates dt_driver_device_from_node_idx_prop() accordingly.

Fixes: f498c4042931 ("core: dt_driver: factorize clk_get_provider_by_*()")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etien

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,
when they have been initialized in OP-TEE is possible that the SCP03
secret keys are only available in the Trusted World and therefore APDU
requests must be handled in OP-TEE.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03 is a global protocol supported by
most SEs and not NXP SE05X specific. Use this commit to reflect this
fact.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: removed useless definition

Currently, if this file is included before at91_pmc.h, this leads to
multiple definitions of some defines. Moreover, these defines are not
the value expected by

dts: at91: removed useless definition

Currently, if this file is included before at91_pmc.h, this leads to
multiple definitions of some defines. Moreover, these defines are not
the value expected by the driver but probably some leftover of previous
bindings.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 addres

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 address usage.
The size must be used rather than the high address to
avoid this overflow issue. Update the corresponding files due
to API modification.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add initcall level 7 to release initialization resources

Drivers willing to release resources once all core intializations
are completed can use release_init_resource initcall level.

Reviewed

core: add initcall level 7 to release initialization resources

Drivers willing to release resources once all core intializations
are completed can use release_init_resource initcall level.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver probe sequence

Add a driver_init initcall function to parse DT from root node and
probe devices for which a compatible driver is registered in the
dt_driver list. When a matching dri

core: dt_driver probe sequence

Add a driver_init initcall function to parse DT from root node and
probe devices for which a compatible driver is registered in the
dt_driver list. When a matching driver is found, its probe function
is called to initialize the device.

Driver probe function returns TEE_SUCCESS or successful initialization,
TEE_ERROR_DEFER_DRIVER_INIT if waiting for a dependent device, otherwise
another TEE_Result error code. In the later case, the probe function
panics.

The probe sequence uses 2 lists: a list of the device DT nodes for which
a driver shall be probed (probe list) and a list of devices that were
successfully probed and initialized (ready list). Since at least clock
framework and dt_driver do both parse DT for matching nodes, we must
centralized successfully probed devices to not add them twice in the
probe list.

Note that a DT node can probe several drivers, one per driver type,
as defined by dt_driver_type enumerated type.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: get return code when querying a device

Change dt_driver_device_from_provider_prop() function and friends to
output return a TEE_Result code if failing to find target device
instance

core: dt_driver: get return code when querying a device

Change dt_driver_device_from_provider_prop() function and friends to
output return a TEE_Result code if failing to find target device
instance. Return code TEE_ERROR_DEFER_DRIVER_INIT reports that requested
device is not yet registered and initialized in the dt_driver provider
list.

This change will be used to probed device drivers and allow probe
deferral when a device depends on another device driver that is
not yet initialized.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference o

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference or a valid string pointer. When pager
is enabled, the registration ensures the name lies in an unpaged section,
possibly allocating heap for that purpose.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gatien Chevallier <gatien.chevallier@st.com>

show more ...

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Ni

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider data

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider database reference dt_driver_provider can now be internal
to dt_driver.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...