core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a

core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a
shorter name: create_filename().

Fundamentally, this function is needed when CFG_REE_FS=y but the whole
file core/tee/tee_svc_storage.c (which is the current location of this
function) essentially defines the storage syscalls for TAs and is
therefore not needed when CFG_WITH_USER_TA=n. If we want to later be
able to exclude it from the build while still providing secure storage
to kernel code, the function has to move.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driv

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driver provider
references when a single DT node relates to several driver providers
that are of different type by DT binding definition. For example, a DT
node may describe a device that acts both as a clock provider and a reset
controller, for which two driver references are needed in the driver
provider list.

Updates dt_driver_device_from_node_idx_prop() accordingly.

Fixes: f498c4042931 ("core: dt_driver: factorize clk_get_provider_by_*()")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etien

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,
when they have been initialized in OP-TEE is possible that the SCP03
secret keys are only available in the Trusted World and therefore APDU
requests must be handled in OP-TEE.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03 is a global protocol supported by
most SEs and not NXP SE05X specific. Use this commit to reflect this
fact.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: removed useless definition

Currently, if this file is included before at91_pmc.h, this leads to
multiple definitions of some defines. Moreover, these defines are not
the value expected by

dts: at91: removed useless definition

Currently, if this file is included before at91_pmc.h, this leads to
multiple definitions of some defines. Moreover, these defines are not
the value expected by the driver but probably some leftover of previous
bindings.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 addres

core: mmu: fix overflow with high address in tee_mm_pool_t

In case of TA_RAM defined at the end of address range,
the high address will be defined outside the paddr_t limits
which ends in a 0 address usage.
The size must be used rather than the high address to
avoid this overflow issue. Update the corresponding files due
to API modification.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add initcall level 7 to release initialization resources

Drivers willing to release resources once all core intializations
are completed can use release_init_resource initcall level.

Reviewed

core: add initcall level 7 to release initialization resources

Drivers willing to release resources once all core intializations
are completed can use release_init_resource initcall level.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver probe sequence

Add a driver_init initcall function to parse DT from root node and
probe devices for which a compatible driver is registered in the
dt_driver list. When a matching dri

core: dt_driver probe sequence

Add a driver_init initcall function to parse DT from root node and
probe devices for which a compatible driver is registered in the
dt_driver list. When a matching driver is found, its probe function
is called to initialize the device.

Driver probe function returns TEE_SUCCESS or successful initialization,
TEE_ERROR_DEFER_DRIVER_INIT if waiting for a dependent device, otherwise
another TEE_Result error code. In the later case, the probe function
panics.

The probe sequence uses 2 lists: a list of the device DT nodes for which
a driver shall be probed (probe list) and a list of devices that were
successfully probed and initialized (ready list). Since at least clock
framework and dt_driver do both parse DT for matching nodes, we must
centralized successfully probed devices to not add them twice in the
probe list.

Note that a DT node can probe several drivers, one per driver type,
as defined by dt_driver_type enumerated type.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: get return code when querying a device

Change dt_driver_device_from_provider_prop() function and friends to
output return a TEE_Result code if failing to find target device
instance

core: dt_driver: get return code when querying a device

Change dt_driver_device_from_provider_prop() function and friends to
output return a TEE_Result code if failing to find target device
instance. Return code TEE_ERROR_DEFER_DRIVER_INIT reports that requested
device is not yet registered and initialized in the dt_driver provider
list.

This change will be used to probed device drivers and allow probe
deferral when a device depends on another device driver that is
not yet initialized.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference o

core: pm: add a name to registered pm_callback_handle

Adds an argument to register a name (string debug identifier) for
PM handlers registered to PM framework.

Caller can provide a NULL reference or a valid string pointer. When pager
is enabled, the registration ensures the name lies in an unpaged section,
possibly allocating heap for that purpose.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gatien Chevallier <gatien.chevallier@st.com>

show more ...

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Ni

drivers: crypto: implement crypto driver - AUTHENC

Add a generic cryptographic Authenticated Encryption driver interface
connecting TEE Crypto generic APIs to HW driver interface.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider data

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider database reference dt_driver_provider can now be internal
to dt_driver.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_dt_node_clock_probe_driver()

Move/rename clk_dt_get_from_provider() to dt_driver_probe_device_by_node()
and local helper clk_get_compatible_driver() to probe_device_by

core: dt_driver: factorize clk_dt_node_clock_probe_driver()

Move/rename clk_dt_get_from_provider() to dt_driver_probe_device_by_node()
and local helper clk_get_compatible_driver() to probe_device_by_compat().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: move probe callback to dt_driver

Move ::probe field from struct dt_driver_setup to struct dt_driver
and remove struct dt_driver_setup.

Acked-by: Jerome Forissier <jerome@forissier.

core: dt_driver: move probe callback to dt_driver

Move ::probe field from struct dt_driver_setup to struct dt_driver
and remove struct dt_driver_setup.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_dt_get_from_provider()

Implement dt_driver_device_from_node_idx_prop() for
clk_dt_get_by_idx_prop() to get target reference instance.

Move/rename clk_dt_get_from_prov

core: dt_driver: factorize clk_dt_get_from_provider()

Implement dt_driver_device_from_node_idx_prop() for
clk_dt_get_by_idx_prop() to get target reference instance.

Move/rename clk_dt_get_from_provider() to
dt_driver_device_from_provider_prop()

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_get_provider_by_*()

Move rename clk_get_provider_by_{node|phandle}() to
dt_driver_get_provider_by_*().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clé

core: dt_driver: factorize clk_get_provider_by_*()

Move rename clk_get_provider_by_{node|phandle}() to
dt_driver_get_provider_by_*().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize DT cells helper functions

Move/rename fdt_clock_cells() to fdt_get_dt_driver_cells().
and clk_dt_register_clk_provider() to dt_driver_register_provider().

Add helper func

core: dt_driver: factorize DT cells helper functions

Move/rename fdt_clock_cells() to fdt_get_dt_driver_cells().
and clk_dt_register_clk_provider() to dt_driver_register_provider().

Add helper function dt_driver_provider_cells() to get ::provider_cells
from a registered provider reference.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize DT phandle util resources

Move struct clk_dt_phandle_args and struct clk_dt_provider from clk_dt.h
to dt_driver.h and rename them to struct dt_driver_phandle_args and
stru

core: dt_driver: factorize DT phandle util resources

Move struct clk_dt_phandle_args and struct clk_dt_provider from clk_dt.h
to dt_driver.h and rename them to struct dt_driver_phandle_args and
struct dt_driver_provider.

Introduce type get_of_device_func for callback functions used to
retrieve a device instance reference from a DT phandle possible with
arguments.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_i2c: use reg_size to map virtual addresses

Use directly the register map size from the dt_node_info
structure to call the io_pa_or_va() function.

Signed-off-by: Lionel Debieve <lione

drivers: stm32_i2c: use reg_size to map virtual addresses

Use directly the register map size from the dt_node_info
structure to call the io_pa_or_va() function.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address ra

core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address range.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error cod

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error code DT_INFO_INVALID_REG_SIZE as
return in prototype. Update the current users according to this change.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...