mm - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
00338334	31-Oct-2024	Jens Wiklander <jens.wiklander@linaro.org>	core: support dynamic protected memory lending With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending. A new internal struct mobj_ffa_rsm is added to handle dynamic protected memory f core: support dynamic protected memory lending With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending. A new internal struct mobj_ffa_rsm is added to handle dynamic protected memory for FF-A. A new internal struct mobj_protmem is add to handle dynamic protected memory without FF-A. Lending non-secure memory to OP-TEE to use it as protected memory means that it should to become inaccessible by the normal world as part of the process. This part is currently not supported, since it must be done in a platform specific way for platforms that support that. QEMU don't support that. Adding two platform specific functions, plat_get_protmem_config() and plat_set_protmem_range() for dynamic protected memory. The functions has __weak implementation to allow easier testing. However, plat_set_protmem_range() requires CFG_INSECURE=y since it doesn't change memory protection. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-rpi5/conf.mk /optee_os/core/arch/arm/plat-rpi5/main.c /optee_os/core/arch/arm/plat-rpi5/platform_config.h /optee_os/core/arch/arm/plat-rpi5/sub.mk /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/include/mm/mobj.h /optee_os/core/include/optee_msg.h core_mmu.c mobj.c mobj_dyn_shm.c /optee_os/core/tee/entry_std.c /optee_os/mk/config.mk
e06a9ea5	26-Jul-2024	Volodymyr Babchuk <volodymyr_babchuk@epam.com>	mmu: ignore VA spaces in core_mmu_get_type_by_pa VA spaces have no valid PA addresses stored in memory map, so they are not valid return values for core_mmu_get_type_by_pa() function. This issues w mmu: ignore VA spaces in core_mmu_get_type_by_pa VA spaces have no valid PA addresses stored in memory map, so they are not valid return values for core_mmu_get_type_by_pa() function. This issues was discovered when OP-TEE tried to access a device tree that was stored at the very beginning of physical address space. In may case it had PA address 0x112C0, which was "covered" by RES_VASPACE: D/TC:0 0 dump_mmap_table:838 type RES_VASPACE va 0x1d800000..0x1e1fffff pa 0x00000000..0x009fffff size 0x00a00000 (pgdir) Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx95.h /optee_os/core/arch/arm/plat-qcom/conf.mk /optee_os/core/arch/arm/plat-qcom/main.c /optee_os/core/arch/arm/plat-qcom/platform_config.h /optee_os/core/arch/arm/plat-qcom/sub.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/drivers/crypto/ele/ele.c /optee_os/core/drivers/imx/mu/imx_mu_8ulp_9x.c /optee_os/core/drivers/imx/mu/sub.mk /optee_os/core/drivers/qcom_geni_uart.c /optee_os/core/drivers/regulator/regulator.c /optee_os/core/drivers/regulator/regulator_dt.c /optee_os/core/drivers/rockchip_otp.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/imx_mu.h /optee_os/core/include/drivers/qcom_geni_uart.h /optee_os/core/include/drivers/regulator.h /optee_os/core/include/drivers/rockchip_otp.h core_mmu.c /optee_os/core/pta/device.c /optee_os/core/tee/fs_htree.c /optee_os/mk/config.mk /optee_os/scripts/ci-host-cleanup.sh /optee_os/ta/pkcs11/src/processing_rsa.c /optee_os/ta/remoteproc/src/remoteproc_core.c
c0b4fb69	29-Sep-2025	Martin Nyhus <martin@nyhus.dev>	core: mm: fix zero-length access check inconsistency Fix vm_check_access_rights() so it handles zero-length memory ranges consistently. Previously, the function had inconsistent behavior for zero-le core: mm: fix zero-length access check inconsistency Fix vm_check_access_rights() so it handles zero-length memory ranges consistently. Previously, the function had inconsistent behavior for zero-length checks: - For page-aligned addresses: Would skip the page checking loop entirely and return TEE_SUCCESS. - For unaligned addresses: Would round uaddr down to page boundary and return a result based on that page. With this change flags = SECURE \| NON_SECURE will still fail to preserve the sanity checking, but all other zero-length ranges result in TEE_SUCCESS. Specifically this was required due to an interaction between OP-TEE and Rust where Keymint [0] would call the Teaclave [1] wrapper around TEE_MACComputeFinal with an empty temporary slice (pointer + length pair) as the final message (&[]). Rust always requires the pointer to be non-null, but allows it to dangle when length is zero. As a result the arguments passed to TEE_MACComputeFinal were message=(void *)1, messageLen=0. These arguments are passed unmodified to vm_check_access_rights regardless of the length and presumably relied on the page-aligned case to handle NULL + 0. [0] https://android.googlesource.com/tee/optee/ta/keymint/ [1] https://github.com/apache/teaclave-trustzone-sdk Signed-off-by: Martin Nyhus <martin@nyhus.dev> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.github/workflows/stales.yml /optee_os/.gitignore /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/crypto/aes-gcm-ce.c /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/dts/stm32mp21-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp213.dtsi /optee_os/core/arch/arm/dts/stm32mp215.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk.dts /optee_os/core/arch/arm/dts/stm32mp21xc.dtsi /optee_os/core/arch/arm/dts/stm32mp21xf.dtsi /optee_os/core/arch/arm/dts/stm32mp23-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp231.dtsi /optee_os/core/arch/arm/dts/stm32mp233.dtsi /optee_os/core/arch/arm/dts/stm32mp235.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk.dts /optee_os/core/arch/arm/dts/stm32mp23xc.dtsi /optee_os/core/arch/arm/dts/stm32mp23xf.dtsi /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk.dts /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/generic_timer.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/plat-automotive_rd/conf.mk /optee_os/core/arch/arm/plat-automotive_rd/main.c /optee_os/core/arch/arm/plat-automotive_rd/platform_config.h /optee_os/core/arch/arm/plat-automotive_rd/rd1ae_core_pos.S /optee_os/core/arch/arm/plat-automotive_rd/sub.mk /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/dthev2.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.h /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/sub.mk /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/riscv_elf.h /optee_os/core/arch/riscv/include/rpmi.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/include/sbi_mpxy.h /optee_os/core/arch/riscv/include/sbi_mpxy_rpmi.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/sbi_mpxy.c /optee_os/core/arch/riscv/kernel/sbi_mpxy_rpmi.c /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/crypto/aes-gcm.c /optee_os/core/drivers/amd/gpio_common.c /optee_os/core/drivers/amd/gpio_private.h /optee_os/core/drivers/amd/ps_gpio_driver.c /optee_os/core/drivers/amd/sub.mk /optee_os/core/drivers/clk/clk-stm32mp21.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/sub.mk /optee_os/core/drivers/ffa_console.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/gpio/gpio.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/regulator/regulator_fixed.c /optee_os/core/drivers/regulator/regulator_gpio.c /optee_os/core/drivers/rstctrl/stm32mp21_rstctrl.c /optee_os/core/drivers/rstctrl/stm32mp25_rstctrl.c /optee_os/core/drivers/rstctrl/sub.mk /optee_os/core/drivers/stm32_exti.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/gpio.h /optee_os/core/include/drivers/rtc.h /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/drivers/stm32_rtc.h /optee_os/core/include/drivers/stm32mp21_rcc.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/include/dt-bindings/clock/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/clock/stm32mp21-clksrc.h /optee_os/core/include/dt-bindings/firewall/stm32mp21-rifsc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/dt-bindings/reset/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/tamper/st,stm32-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp13-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp21-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp25-tamp.h /optee_os/core/include/kernel/asan.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/kernel/asan.c /optee_os/core/kernel/boot.c /optee_os/core/kernel/console.c /optee_os/core/kernel/panic.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/tpm.c /optee_os/core/kernel/transfer_list.c /optee_os/core/kernel/user_ta.c vm.c /optee_os/core/pta/rtc.c /optee_os/core/pta/tests/dt_driver_test.c /optee_os/core/pta/tests/misc.c /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/dhm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecjpake.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/lms.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cookie.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ticket.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crt.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_csr.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/asn1write.c /optee_os/lib/libmbedtls/mbedtls/library/base64.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/lmots.c /optee_os/lib/libmbedtls/mbedtls/library/lms.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_mac.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.h /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509_create.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/lib/libutee/include/pta_rtc.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/user_ta_entry.c /optee_os/lib/libutils/isoc/arch/arm/setjmp_a32.S /optee_os/lib/libutils/isoc/arch/arm/setjmp_a64.S /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/lib/libutils/isoc/newlib/strchr.c /optee_os/lib/libutils/isoc/newlib/strcmp.c /optee_os/lib/libutils/isoc/newlib/strcpy.c /optee_os/lib/libutils/isoc/newlib/strlen.c /optee_os/mk/config.mk /optee_os/ta/link.mk /optee_os/ta/remoteproc/src/remoteproc_core.c /optee_os/ta/user_ta_header.c
2cd578ba	23-May-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: fix asan for CFG_WITH_PAGER=n Some fixes are needed to make CFG_CORE_SANITIZE_KADDRESS=y work both with and without CFG_DYN_CONFIG=y. Sanitizing stack addresses aren't supported with CFG_DYN_ core: fix asan for CFG_WITH_PAGER=n Some fixes are needed to make CFG_CORE_SANITIZE_KADDRESS=y work both with and without CFG_DYN_CONFIG=y. Sanitizing stack addresses aren't supported with CFG_DYN_CONFIG=y since it requires extensive changes in the ASAN framework. The VCORE_FREE area is moved right before the .asan_shadow area. init_asan() calls boot_mem_init_asan() to tag access to already allocated boot memory. entry_a32.S is updated to skip allowing access to stacks in the .asan_shadow area for CFG_DYN_CONFIG=y since stacks are stored elsewhere in that configuration. entry_a64.S is updated to initialize the .asan_shadow area in the same way as in entry_a32.S. The .asan_shadow area is mapped explicitly in collect_mem_ranges() instead of relying on the now non-existent coverage of MEM_AREA_TEE_RAM_RW. CFG_DYN_CONFIG=y and CFG_WITH_PAGER=y is not yet known to work. Fixes: 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/core.mk core_mmu.c
bd8bea6f	23-May-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: boot_mem: enable asan support Add boot_mem_init_asan() to tag all allocated memory with asan_tag_access(). Allocations with boot_mem_alloc() and boot_mem_alloc_tmp() are tagged with asan_tag_ core: boot_mem: enable asan support Add boot_mem_init_asan() to tag all allocated memory with asan_tag_access(). Allocations with boot_mem_alloc() and boot_mem_alloc_tmp() are tagged with asan_tag_access(). boot_mem_foreach_padding() temporarily allow access to paddings for the callback and restores no-access if the callback returns false to tell that the padding wasn't consumed. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/drivers/stm32mp25_syscfg.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/drivers/stm32_omm.c /optee_os/core/drivers/sub.mk /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/dt-bindings/scmi/scmi-clock.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/boot.c /optee_os/core/kernel/thread.c /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp2.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/scmi_agent_configuration.h /optee_os/core/lib/scmi-server/include/scmi_clock_consumer.h /optee_os/core/lib/scmi-server/include/scmi_reset_consumer.h /optee_os/core/lib/scmi-server/scmi_clock_consumer.c /optee_os/core/lib/scmi-server/scmi_reset_consumer.c /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/scmi_server_scpfw.c /optee_os/core/lib/scmi-server/sub.mk boot_mem.c /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/mk/clang.mk /optee_os/mk/config.mk
26685a91	15-Mar-2025	Yu-Chien Peter Lin <peter.lin@sifive.com>	core: mm: factor out virtual address range validation to arch code Move virtual address range validation into architecture-specific code since different architectures have different constraints on v core: mm: factor out virtual address range validation to arch code Move virtual address range validation into architecture-specific code since different architectures have different constraints on valid VA ranges: - For ARM, addresses must be within the VA width supported by the MMU - For RISC-V, additional checks are needed on RV64 to ensure addresses are canonically valid Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h core_mmu.c
232f1cde	08-Mar-2025	Yu-Chien Peter Lin <peter.lin@sifive.com>	core: mm: refactor ASLR mapping for architecture support To allow adding RISC-V ASLR support, add arch_aslr_base_addr() which will be used to apply architecture specific ASLR base calculation. Sign core: mm: refactor ASLR mapping for architecture support To allow adding RISC-V ASLR support, add arch_aslr_base_addr() which will be used to apply architecture specific ASLR base calculation. Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Suggested-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Alvin Chang <alvinga@andestech.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/crypto/signed_hdr.c /optee_os/core/drivers/crypto/caam/include/caam_ae.h /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/stm32_hpdma.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/wdt/watchdog_sm.c /optee_os/core/include/drivers/wdt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/thread_private.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/thread.c core_mmu.c /optee_os/keys/default.pem /optee_os/mk/config.mk
6a2e17e9	20-Mar-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: shared xlat tables for NEX_DYN_VASPACE Mappings in MEM_AREA_NEX_DYN_VASPACE belong to the nexus and are must to be the same for all partitions. Since these mappings must be updated in the core: mm: shared xlat tables for NEX_DYN_VASPACE Mappings in MEM_AREA_NEX_DYN_VASPACE belong to the nexus and are must to be the same for all partitions. Since these mappings must be updated in the partitions after the MMU has been enabled. Partitions share translation tables for this mappings, so we only need to update in one translation table when adding or removing mappings. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/CHANGELOG.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-ti/a9_plat_init.S /optee_os/core/arch/arm/sm/pm_a32.S /optee_os/core/arch/arm/tests/ffa_lsp.c /optee_os/core/arch/arm/tests/sub.mk /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/core.mk /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/crypto/stm32/stm32_saes.c /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/thread_private.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/boot.c /optee_os/core/kernel/dt.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/transfer_list.c /optee_os/core/lib/libefi/hob.c /optee_os/core/lib/libefi/include/efi/efi_types.h /optee_os/core/lib/libefi/include/efi/hob.h /optee_os/core/lib/libefi/include/efi/hob_guid.h /optee_os/core/lib/libefi/include/efi/mmram.h /optee_os/core/lib/libefi/include/efi/mpinfo.h /optee_os/core/lib/libefi/sub.mk core_mmu.c /optee_os/core/pta/tests/invoke.c /optee_os/core/pta/tests/misc.c /optee_os/core/pta/tests/misc.h /optee_os/core/pta/tests/sub.mk /optee_os/core/pta/tests/transfer_list.c /optee_os/core/tee/fs_htree.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/SECURITY.md /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/debug.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/error.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/gcm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net_sockets.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/psa_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/threading.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_config.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_sizes.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.h /optee_os/lib/libmbedtls/mbedtls/library/bignum_core_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/ccm.c /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/constant_time_impl.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_core.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_ecp.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_storage.h /optee_os/lib/libmbedtls/mbedtls/library/psa_util.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_server.c /optee_os/lib/libmbedtls/mbedtls/library/threading.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutils/compiler-rt/LICENSE.TXT /optee_os/lib/libutils/compiler-rt/README.txt /optee_os/lib/libutils/compiler-rt/lib/builtins/ashlti3.c /optee_os/lib/libutils/compiler-rt/lib/builtins/int_div_impl.inc /optee_os/lib/libutils/compiler-rt/lib/builtins/int_endianness.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_lib.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_types.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_util.h /optee_os/lib/libutils/compiler-rt/lib/builtins/sub.mk /optee_os/lib/libutils/compiler-rt/lib/builtins/udivmodti4.c /optee_os/lib/libutils/compiler-rt/lib/builtins/udivti3.c /optee_os/lib/libutils/compiler-rt/lib/sub.mk /optee_os/lib/libutils/compiler-rt/sub.mk /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/sub.mk /optee_os/mk/clang.mk /optee_os/mk/config.mk
7d5b298b	09-Apr-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: fix discovered ns-mem check When discovering or assigning available non-secure physical memory it's checked against overlaps with other memory types. Memory types reserving virtual memory spac core: fix discovered ns-mem check When discovering or assigning available non-secure physical memory it's checked against overlaps with other memory types. Memory types reserving virtual memory space should be excluded including the two recently added types MEM_AREA_NEX_DYN_VASPACE and MEM_AREA_TEE_DYN_VASPACE. This was missed when the memory types where added so add the check to exclude them now. This fixes an error like: E/TC:0 check_phys_mem_is_outside:455 Non-sec mem (0:0x60000000) overlaps map (type 10 0:0x100000) E/TC:0 Panic at core/mm/core_mmu.c:459 <check_phys_mem_is_outside> Fixes: 96f43358c593 ("core: add nex_dyn_vaspace and tee_dyn_vaspace areas") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtsi /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-sifive/main.c /optee_os/core/arch/riscv/plat-sifive/platform_config.h /optee_os/core/arch/riscv/plat-sifive/sub.mk /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/imx_csu.c /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/perf_domain.c /optee_os/core/drivers/scmi-msg/perf_domain.h /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/sifive_uart.c /optee_os/core/drivers/stm32_cpu_opp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/sifive_uart.h /optee_os/core/include/drivers/stm32_cpu_opp.h /optee_os/core/include/kernel/boot.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c core_mmu.c /optee_os/core/pta/tests/misc.c /optee_os/ldelf/ldelf.mk /optee_os/ldelf/link.mk /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/include/pta_stats.h /optee_os/lib/libutee/tcb.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/ext/ubsan.c /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/checkpatch.sh /optee_os/scripts/checkpatch_inc.sh /optee_os/scripts/sign_rproc_fw.py /optee_os/ta/link.mk /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/pkcs11/scripts/dump_ec_curve_params.sh /optee_os/ta/pkcs11/scripts/verify-helpers.sh /optee_os/ta/ta.mk
809e0744	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: add virt_page_alloc() Add virt_page_alloc() to allocate memory from physical pool and map it in a virtual address pool. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed- core: mm: add virt_page_alloc() Add virt_page_alloc() to allocate memory from physical pool and map it in a virtual address pool. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/include/mm/page_alloc.h page_alloc.c sub.mk /optee_os/lib/libutils/isoc/include/malloc_flags.h
1baf19de	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: add phys_mem_alloc_flags() Add phys_mem_alloc_flags() taking MAF_* flags to control memory allocation. The new flag MAF_CORE_MEM behaves like {nex_,}phys_mem_core_alloc(), if the flag is core: mm: add phys_mem_alloc_flags() Add phys_mem_alloc_flags() taking MAF_* flags to control memory allocation. The new flag MAF_CORE_MEM behaves like {nex_,}phys_mem_core_alloc(), if the flag is absent it becomes {nex_,}phys_mem_ta_alloc(). The MAF_NEX flag selects Nexus memory. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/include/mm/phys_mem.h phys_mem.c /optee_os/lib/libutils/isoc/include/malloc_flags.h
5f76bc75	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: add tee_mm_alloc_flags() Add tee_mm_alloc_flags() taking a flags field to passed to malloc_flags() when allocating the tee_mm_entry_t. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org core: add tee_mm_alloc_flags() Add tee_mm_alloc_flags() taking a flags field to passed to malloc_flags() when allocating the tee_mm_entry_t. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/include/mm/tee_mm.h tee_mm.c
fe8de805	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: tee_mm.c: use malloc_flags() and free_flags() Use malloc_flags() and free_flags() to simplify memory allocations with regards to the MAF_NEX/TEE_MM_POOL_NEX_MALLOC flag. Signed-off-by: Jens W core: tee_mm.c: use malloc_flags() and free_flags() Use malloc_flags() and free_flags() to simplify memory allocations with regards to the MAF_NEX/TEE_MM_POOL_NEX_MALLOC flag. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/include/mm/tee_mm.h tee_mm.c /optee_os/lib/libutils/isoc/include/malloc_flags.h
96f43358	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: add nex_dyn_vaspace and tee_dyn_vaspace areas Add MEM_AREA_NEX_DYN_VASPACE and MEM_AREA_TEE_DYN_VASPACE areas for dynamic Nexus and TEE memory mapping. This will be used to map additional heap core: add nex_dyn_vaspace and tee_dyn_vaspace areas Add MEM_AREA_NEX_DYN_VASPACE and MEM_AREA_TEE_DYN_VASPACE areas for dynamic Nexus and TEE memory mapping. This will be used to map additional heap and the stacks in later patches. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/riscv/riscv.mk /optee_os/core/include/mm/core_mmu.h core_mmu.c
d5f3d146	26-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mmu: fix dynamic VA region dummy mapping The commit 873f5f6c7201 ("core: mmu: Add dynamic VA regions' mapping to page table") populated page tables so all are available later when needed. Howe core: mmu: fix dynamic VA region dummy mapping The commit 873f5f6c7201 ("core: mmu: Add dynamic VA regions' mapping to page table") populated page tables so all are available later when needed. However, it also mapped physical address 0 in all those ranges. So fix this by setting attributes to 0 when the physical address is 0. Fixes: 873f5f6c7201 ("core: mmu: Add dynamic VA regions' mapping to page table") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/drivers/clk/sam/at91_clk.h /optee_os/core/drivers/clk/sam/clk-sam9x60-pll.c /optee_os/core/drivers/clk/sam/sama7g5_clk.c /optee_os/core/drivers/crypto/stm32/common.h /optee_os/core/drivers/crypto/stm32/crypto.mk /optee_os/core/drivers/crypto/stm32/hash.c /optee_os/core/drivers/crypto/stm32/hmac.c /optee_os/core/drivers/crypto/stm32/stm32_hash.c /optee_os/core/drivers/crypto/stm32/stm32_hash.h /optee_os/core/drivers/crypto/stm32/sub.mk /optee_os/core/drivers/remoteproc/stm32_remoteproc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/kernel/boot.h core_mmu.c /optee_os/ldelf/link.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libutils/ext/include/asm.S /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py /optee_os/ta/link.mk /optee_os/ta/link_shlib.mk /optee_os/ta/ta.mk
bea90f04	03-Mar-2025	Alvin Chang <alvinga@andestech.com>	core: Implicitly enable CFG_BOOT_MEM Now both ARM and RISC-V architectures support and enable CFG_BOOT_MEM by default. It's unnecessary to define CFG_BOOT_MEM. This commit removes CFG_BOOT_MEM and r core: Implicitly enable CFG_BOOT_MEM Now both ARM and RISC-V architectures support and enable CFG_BOOT_MEM by default. It's unnecessary to define CFG_BOOT_MEM. This commit removes CFG_BOOT_MEM and relevant dead code. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx93.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/aplic_direct.c /optee_os/core/drivers/aplic_msi.c /optee_os/core/drivers/aplic_priv.c /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/crypto/ele/crypto.mk /optee_os/core/drivers/crypto/ele/ele.c /optee_os/core/drivers/crypto/ele/include/ele.h /optee_os/core/drivers/crypto/ele/include/memutils.h /optee_os/core/drivers/crypto/ele/memutils.c /optee_os/core/drivers/crypto/ele/sub.mk /optee_os/core/drivers/crypto/sub.mk /optee_os/core/drivers/firewall/stm32_serc.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/imsic.c /optee_os/core/drivers/imx/mu/imx_mu.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/plic.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/aplic.h /optee_os/core/include/drivers/aplic_priv.h /optee_os/core/include/drivers/imsic.h /optee_os/core/include/drivers/stm32_serc.h /optee_os/core/include/initcall.h /optee_os/core/include/kernel/abort.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/initcall.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/thread.c /optee_os/core/lib/scmi-server/conf-optee-fvp.mk core_mmu.c sub.mk /optee_os/mk/config.mk
873f5f6c	12-Feb-2025	Mark Zhang <markz@nvidia.com>	core: mmu: Add dynamic VA regions' mapping to page table When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and MEM_AREA_SHM_VASPACE should be added into page tables and replicated to al core: mmu: Add dynamic VA regions' mapping to page table When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and MEM_AREA_SHM_VASPACE should be added into page tables and replicated to all CPU cores too. This fixes an issue when the VA of MEM_AREA_RES_VASPACE or MEM_AREA_SHM_VASPACE is not in a same 1GB region with other memory regions. Link: https://github.com/OP-TEE/optee_os/issues/7275 Signed-off-by: Mark Zhang <markz@nvidia.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/riscv/mm/core_mmu_arch.c core_mmu.c
be4e7607	11-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: fix carve_out_phys_mem() carve_out_phys_mem() is prior to this patch not handling cases where the memory to be carved out isn't covered entirely by the physical memory. So fix carve_out_ph core: mm: fix carve_out_phys_mem() carve_out_phys_mem() is prior to this patch not handling cases where the memory to be carved out isn't covered entirely by the physical memory. So fix carve_out_phys_mem() to handle carving out memory that may only overlap partially with the physical memory. Add debug prints in core_mmu_set_discovered_nsec_ddr() to list the non-secure RAM areas. Fixes: 941dec3a7f6f ("core: adjust nsec ddr memory size correctly") Fixes: 490c50dfdb33 ("core: assign non-sec DDR configuration from DT") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core_mmu.c
a7aaad05	11-Feb-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: fix panic with TEE_SDP_TEST_MEM The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This conflicts with TEE_SD core: mm: fix panic with TEE_SDP_TEST_MEM The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This conflicts with TEE_SDP_TEST_MEM where MEM_AREA_SEC_RAM_OVERALL covers TEE_SDP_TEST_MEM and triggers a panic in verify_special_mem_areas(). The commit 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory") changed to use vaddr_to_phys() to find the physical address for TEE_SDP_TEST_MEM_BASE. This isn't right since it refers to physical memory only. So fix these problems. Fixes: 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") Fixes: 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/drivers/dra7_rng.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/firewall/stm32_risaf.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/initcall.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/otp_stubs.c core_mmu.c /optee_os/core/pta/tests/misc.c /optee_os/core/tee/tee_cryp_utl.c /optee_os/mk/compile.mk
34150464	24-Jan-2025	Jens Wiklander <jens.wiklander@linaro.org>	core: fix partially unmapped MEM_AREA_TEE_RAM_RW The commit 06a258064a92 ("core: mm: allow unmapping VCORE_FREE") allows unmapping pages from the VCORE_FREE virtual memory range, but no bookkeeping core: fix partially unmapped MEM_AREA_TEE_RAM_RW The commit 06a258064a92 ("core: mm: allow unmapping VCORE_FREE") allows unmapping pages from the VCORE_FREE virtual memory range, but no bookkeeping is added apart from what's recorded in the translation tables. Later, the commit 7c9b85432343 ("core: allow partially unmapped MEM_AREA_TEE_RAM_RW") does lookups the translation tables using arch_va2pa_helper() to find out if pages in the VCORE_FREE virtual memory range are mapped. This works well on arm, but not on riscv which must traverse the translation tables in software and then is caught in an infinite recursive loop. Fix this problem by updating the memory regions in the struct memory_map (splitting, shrinking, and removing) as needed. Reported-by: Huang Borong <huangborong@bosc.ac.cn> Closes: https://github.com/OP-TEE/optee_os/issues/7237 Fixes: 06a258064a92 ("core: mm: allow unmapping VCORE_FREE") Fixes: 7c9b85432343 ("core: allow partially unmapped MEM_AREA_TEE_RAM_RW") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp13xc.dtsi /optee_os/core/arch/arm/dts/stm32mp13xf.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcom-som.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-som.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/drivers/atmel_rtc.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/counter/stm32_stgen.c /optee_os/core/drivers/counter/sub.mk /optee_os/core/drivers/crypto/stm32/common.h /optee_os/core/drivers/crypto/stm32/crypto.mk /optee_os/core/drivers/crypto/stm32/ecc.c /optee_os/core/drivers/crypto/stm32/stm32_pka.c /optee_os/core/drivers/crypto/stm32/stm32_pka.h /optee_os/core/drivers/crypto/stm32/sub.mk /optee_os/core/drivers/rtc/rtc.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/rtc.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_stgen.h /optee_os/core/include/dt-bindings/clock/stm32mp13-clksrc.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/kernel/transfer_list.c /optee_os/core/lib/libtomcrypt/src/modes/ctr/ctr_encrypt.c core_mmu.c /optee_os/core/pta/stats.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/lib/libutee/include/pta_stats.h
9b941cd7	23-Jan-2025	Sungbae Yoo <sungbaey@nvidia.com>	core: mmu: fix memory regions found from ff-a manifest Fix the 5th parameter of add_phys_mem() in collect_device_mem_ranges() that has to be the size of memory region and not the end address of the core: mmu: fix memory regions found from ff-a manifest Fix the 5th parameter of add_phys_mem() in collect_device_mem_ranges() that has to be the size of memory region and not the end address of the region. Fixes: b8ef8d0b6ff4 ("core: mm: introduce struct memory_map") Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/drivers/gic.c /optee_os/core/include/drivers/gic.h core_mmu.c /optee_os/core/pta/device.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/include/malloc_flags.h /optee_os/ta/ta.mk
ef0d00c1	10-Jul-2024	Jens Wiklander <jens.wiklander@linaro.org>	core: mm: extend temporary dummy memory map core_init_mmu_map() uses a temporary dummy memory map for the virt_to_phys() and phys_to_virt() conversions to avoid asserting while setting up translatio core: mm: extend temporary dummy memory map core_init_mmu_map() uses a temporary dummy memory map for the virt_to_phys() and phys_to_virt() conversions to avoid asserting while setting up translation tables before the MMU is enabled. CFG_DYN_CONFIG will need a larger range of memory since translation tables might not be allocated from .nozi memory only. So for CFG_DYN_CONFIG extend of end of the unused memory range that the boot_mem_*() functions allocate memory from. Introduce CFG_DYN_CONFIG, enabled by default if CFG_BOOT_MEM is enabled and CFG_WITH_PAGER disabled. CFG_DYN_CONFIG conflicts with CFG_WITH_PAGER since the pager uses a different mechanism for memory allocation. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/arch/arm/kernel/boot.c core_mmu.c /optee_os/mk/config.mk
c62a7972	16-Sep-2024	Jens Wiklander <jens.wiklander@linaro.org>	core: boot_mem: keep track of padding When boot_mem_alloc() allocates memory up to alignment - 1 number of bytes may have be skipped to satisfy the required alignment of the returned pointer. If the core: boot_mem: keep track of padding When boot_mem_alloc() allocates memory up to alignment - 1 number of bytes may have be skipped to satisfy the required alignment of the returned pointer. If the skipped bytes, or padding, is large enough, it's recorded in a list of padding. The list of paddings can be processed and consumed with boot_mem_foreach_padding(). This allows sufficiently large paddings to be added to for instance the heap instead of being wasted. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/core/include/kernel/boot.h boot_mem.c
6b61de6c	16-Sep-2024	Jens Wiklander <jens.wiklander@linaro.org>	core: boot_mem: allow NULL pointers while relocating In boot_mem_relocate() when relocating registered pointers, allow the pointer to be NULL. NULL pointers are not relocated. Signed-off-by: Jens W core: boot_mem: allow NULL pointers while relocating In boot_mem_relocate() when relocating registered pointers, allow the pointer to be NULL. NULL pointers are not relocated. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... boot_mem.c
7c9b8543	16-Sep-2024	Jens Wiklander <jens.wiklander@linaro.org>	core: allow partially unmapped MEM_AREA_TEE_RAM_RW Add special checks in phys_to_virt_tee_ram() to see that a virtual address indeed is mapped before return the address if the memory area is MEM_ARE core: allow partially unmapped MEM_AREA_TEE_RAM_RW Add special checks in phys_to_virt_tee_ram() to see that a virtual address indeed is mapped before return the address if the memory area is MEM_AREA_TEE_RAM_RW since the VCORE_FREE may be unmapped. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md core_mmu.c /optee_os/mk/config.mk
12 3 4 5 6 7