core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_ctx for conversion to
struct ts_ctx where needed.

The struct ts_session is updated to keep a pointer to a struct ts_ctx
instead of the previous struct tee_ta_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct t

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct ts_session. All future sessions structs
(currently only struct tee_ta_session exists) should add this struct to
allow generic session operations.

With this struct comes new functions replacing previous struct
tee_ta_session oriented functions. The following functions are replaced
as:
tee_ta_get_current_session() -> ts_get_current_session()
tee_ta_push_current_session() -> ts_push_current_session()
tee_ta_pop_current_session() -> ts_pop_current_session()
tee_ta_get_calling_session() -> ts_get_calling_session()

ts_get_current_session() is changed compared to its predecessor to
panic() in case of failure to return a valid pointer.

A new function ts_get_current_session_may_fail() is added to handle an
eventual case where a return NULL session may be handled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: scmi: expose PWR regulators

Expose SoC PWR regulators as SCMI voltage domains to the non-secure
world. They are exposed to SCMI agent scmi0 that exposes SoC resources
used by non-secu

plat-stm32mp1: scmi: expose PWR regulators

Expose SoC PWR regulators as SCMI voltage domains to the non-secure
world. They are exposed to SCMI agent scmi0 that exposes SoC resources
used by non-secure world but controlled by secure world since RCC TZ
hardening configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: scmi: prepare platform SCMI voltage regulators

Define generic resources for stm32mp1 platform to support voltage
regulators exposed to SCMI agents through the voltage domain protocol.

plat-stm32mp1: scmi: prepare platform SCMI voltage regulators

Define generic resources for stm32mp1 platform to support voltage
regulators exposed to SCMI agents through the voltage domain protocol.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() g

core: refactor locking during user TA load

tee_ta_init_user_ta_session() unlocks tee_ta_mutex while loading ldelf
and the user TA. This avoids a window where deadlock can occur in case
pgt_alloc() goes to sleep.

A new condition variable, tee_ta_init_cv, is added to signal that a TA
has changed state while initializing.

tee_ta_init_session_with_context waits for a TA context be fully
initialized before assigning it to another session.

This also simplifies tee_ta_try_set_busy() since it now doesn't have to
handle the case where it has to wait for a TA context to be fully
initialized.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Opensource <opensource@sequiturlabs.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use vaddr_t instead of uint32_t for object IDs

Some function incorrectly use uint32_t for object identifiers:
tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum().
Those obje

core: use vaddr_t instead of uint32_t for object IDs

Some function incorrectly use uint32_t for object identifiers:
tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum().
Those object IDs are actually virtual addresses so they need to be of
type vaddr_t.

Link: https://github.com/OP-TEE/optee_os/issues/4035#issuecomment-680037072
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: scmi-msg: add SCMI Voltage Domain protocol

SCMI Voltage Domain protocol in defined in the SCMI specification
since its version 3 [1]. This protocol allows a SCMI server to expose
voltage re

drivers: scmi-msg: add SCMI Voltage Domain protocol

SCMI Voltage Domain protocol in defined in the SCMI specification
since its version 3 [1]. This protocol allows a SCMI server to expose
voltage regulator control services. The current specification defines
services to discover the exposed regulators, to enable/disable them
and to set/get the regulator voltage level.

The protocol driver is embedded upon configuration switch
CFG_SCMI_MSG_VOLTAGE_DOMAIN.

Link: [1] https://developer.arm.com/documentation/den0056/c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: use SCMI reset to manage MCU hold boot

Adding the MCU hold boot management through a SCMI dedicated
reset domain. MCU hold boot controls the MCU reboot sequence together
with MCU rese

plat-stm32mp1: use SCMI reset to manage MCU hold boot

Adding the MCU hold boot management through a SCMI dedicated
reset domain. MCU hold boot controls the MCU reboot sequence together
with MCU reset controller already exposed to SCMI agent 0.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stpmic1: add stpmic1_regulator_is_valid()

Add driver helper API function stpmic1_regulator_is_valid() to
check if a regulator name identifier references a STPMIC1 regulator.

Signed-off-by:

drivers: stpmic1: add stpmic1_regulator_is_valid()

Add driver helper API function stpmic1_regulator_is_valid() to
check if a regulator name identifier references a STPMIC1 regulator.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stpmic1: API functions to query regulators levels

Add API function in STPMIC1 driver to allow Core to query the
regulators supported voltage levels. This change is needed by
coming SCMI Vol

drivers: stpmic1: API functions to query regulators levels

Add API function in STPMIC1 driver to allow Core to query the
regulators supported voltage levels. This change is needed by
coming SCMI Voltage Domain for regulator resource discovery
services.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: scmi-msg: fix clock rates query

Fix implementation of the clock rate query platform functions to
consider rates start index which was missing.

Fixes: a7a9e3ba71dd ("drivers/scmi-msg: suppo

drivers: scmi-msg: fix clock rates query

Fix implementation of the clock rate query platform functions to
consider rates start index which was missing.

Fixes: a7a9e3ba71dd ("drivers/scmi-msg: support for clock protocol")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dt: fix inline description for _fdt_get_status()

Fix _fdt_get_status() inline desciption comment as the function
never returns a negative value reporting some kind of error case.

Signed-off-b

core: dt: fix inline description for _fdt_get_status()

Fix _fdt_get_status() inline desciption comment as the function
never returns a negative value reporting some kind of error case.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: Repair type in _fdt_reg_size()

The function returns ssize_t , while DT_INFO_INVALID_REG is paddr_t,
fix the type.

Fixes: c0cfb36c ("core: dt: introduce _fdt_fill_device_info()")
Signed-of

core: dt: Repair type in _fdt_reg_size()

The function returns ssize_t , while DT_INFO_INVALID_REG is paddr_t,
fix the type.

Fixes: c0cfb36c ("core: dt: introduce _fdt_fill_device_info()")
Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: remove VM_FLAG_LDELF from VM_FLAGS_NONPRIV

In order for tee_mmu_check_access_rights() to be able to identify ldelf
mappings as TA private remove VM_FLAG_LDELF from VM_FLAGS_NONPRIV. This
is ne

core: remove VM_FLAG_LDELF from VM_FLAGS_NONPRIV

In order for tee_mmu_check_access_rights() to be able to identify ldelf
mappings as TA private remove VM_FLAG_LDELF from VM_FLAGS_NONPRIV. This
is needed for the more strict check of the memory location of ret_orig
in syscall_open_ta_session() and syscall_invoke_ta_command().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add copy_{to,from}_private()

Adds the copy_{to,from}_private() functions which checks that the user
mode buffer resides in TA private memory and not non-secure shared
memory for instance.

Rev

core: add copy_{to,from}_private()

Adds the copy_{to,from}_private() functions which checks that the user
mode buffer resides in TA private memory and not non-secure shared
memory for instance.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: separate copy_from_user() and friends

Removes the tee_svc_ prefix and moves tee_svc_copy_from_user() and
friends into <kernel/user_access.h> and core/kernel/user/access.c

Reviewed-by: Jerome

core: separate copy_from_user() and friends

Removes the tee_svc_ prefix and moves tee_svc_copy_from_user() and
friends into <kernel/user_access.h> and core/kernel/user/access.c

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: add function to free rsa keypair

There was no function to proper free a rsa kepair from inside a PTA.
Now there is crypto_acipher_free_rsa_keypair().

Signed-off-by: Elias von Däniken <elias

crypto: add function to free rsa keypair

There was no function to proper free a rsa kepair from inside a PTA.
Now there is crypto_acipher_free_rsa_keypair().

Signed-off-by: Elias von Däniken <elias.vondaeniken@bluewin.ch>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add a parameter to vm_map_pad() to specify alignment requirement

There are cases where the virtual address returned for a requested
mapping needs to satisfy certain alignment requirements. All

core: Add a parameter to vm_map_pad() to specify alignment requirement

There are cases where the virtual address returned for a requested
mapping needs to satisfy certain alignment requirements. Allow the
calling functions to specify the required alignment as a parameter
to vm_map_pad().

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: load stmm via secure partition

Secure variable storage for EFI variables is critical for enabling and
protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and
SPM are mutually e

core: load stmm via secure partition

Secure variable storage for EFI variables is critical for enabling and
protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and
SPM are mutually exclusive, we can't run StMM from EDK2 and OP-TEE.
An advantage of doing so is that different firmware implementations
can leverage EDK2's StandAloneMM and in cooperation with OP-TEE RPMB
APIs can store UEFI variables in a secure storage.
This makes the variable storage quite generic in any device with an RPMB
partition.

Using a well debugged application is preferable over rewriting the whole
application as a TA. Another advantage is that this inherits the Fault
Tolerant Writes (FTW) functionality built-in on StMM to protect
variables against corruptions during writing. Considering the FFA
changes of the future Arm architectures using an SP that includes
everything seems like a better choice at the moment.
The 'SPM emulation' currently added into OP-TEE only supports
a single SP to be launched. This means that the StMM embedded
application has the RPMB driver built in at the moment. In the future we
can add code (evolving FFA) to launch multiple SPs. So the StMM variable
handling can be decoupled from the RPMB driver, which will reside in a
different SP.

So let's add a user mode secure partition context and support loading
"Standalone MM" of EDK2 into it. A separate syscall handling is added to
serve as different kind of ABI and syscall IDs. The secure partition has
a TA like interface towards normal world, but requests are routed into
the StMM partition instead.

CFG_STMM_PATH is assigned the path of BL32_AP_MM.fd, for instance:
CFG_STMM_PATH=...Build/QemuVirtMmStandalone/DEBUG_GCC5/FV/BL32_AP_MM.fd

Since this is quite tricky to compile and test you can use this [1].
Just clone the repo and run ./build.sh. The script will pick up edk2,
edk2-platforms, op-tee, atf and U-boot and compile all the necessary
binaries for QEMU. A patch (awful hack) has been added to U-boot to
allow RPMB emulation through it's supplicant, since QEMU RPMB emulation
is not yet available.
After compiling and launching QEMU the usual U-boot commands for EFI
variable management will store the variables on an RPMB device.

[1] https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Co-developed-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Co-developed-by: Miklos Balint <Miklos.Balint@arm.com>
Signed-off-by: Miklos Balint <Miklos.Balint@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add vm_get_prot()

A following commit, related to the StMM functionality needs to read
the current page attributes before modifying them.
So let's add a function to retrieve the current attribu

core: add vm_get_prot()

A following commit, related to the StMM functionality needs to read
the current page attributes before modifying them.
So let's add a function to retrieve the current attributes.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: ns16550: Allow customizable serial IO config

Add io_width and reg_shift configurable parameters to struct ns16550_data
in order to support 32 bit register read/write.

Signed-off-by: Sumit

drivers: ns16550: Allow customizable serial IO config

Add io_width and reg_shift configurable parameters to struct ns16550_data
in order to support 32 bit register read/write.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add tee_pobj_create_final()

Adds tee_pobj_create_final() which finalized a create operation. Until
tee_pobj_create_final() has been called the struct pobj cannot be shared
with any other objec

core: add tee_pobj_create_final()

Adds tee_pobj_create_final() which finalized a create operation. Until
tee_pobj_create_final() has been called the struct pobj cannot be shared
with any other object.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_storage_next_enum() use live pobj

Instead of using a fake pobj in syscall_storage_next_enum() retrieve the
shared pobj instead in order to get the flags of an already opened
object.

T

core: syscall_storage_next_enum() use live pobj

Instead of using a fake pobj in syscall_storage_next_enum() retrieve the
shared pobj instead in order to get the flags of an already opened
object.

TEE_POBJ_USAGE_ENUM is supplied to tee_pobj_get() to avoid checking for
conflicts with how the pobj is already used.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pobj_get() takes an enum tee_pobj_usage

Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a
bool temporary.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signe

core: tee_pobj_get() takes an enum tee_pobj_usage

Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a
bool temporary.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct tee_obj::flags

struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the
same meaning as the flags field in struct tee_obj. To avoid the two
fields getting out of sy

core: remove struct tee_obj::flags

struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the
same meaning as the flags field in struct tee_obj. To avoid the two
fields getting out of sync remove struct tee_obj::flags and only use
TEE_ObjectInfo::handleFlags.

Additional checks are added in syscall_storage_obj_open() and
syscall_storage_obj_create() to make sure that no undefined flags are
added to TEE_ObjectInfo::handleFlags.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...