core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory f

core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory for FF-A.

A new internal struct mobj_protmem is add to handle dynamic protected
memory without FF-A.

Lending non-secure memory to OP-TEE to use it as protected memory means
that it should to become inaccessible by the normal world as part of the
process. This part is currently not supported, since it must be done in
a platform specific way for platforms that support that. QEMU don't
support that.

Adding two platform specific functions, plat_get_protmem_config() and
plat_set_protmem_range() for dynamic protected memory. The functions has
__weak implementation to allow easier testing. However,
plat_set_protmem_range() requires CFG_INSECURE=y since it doesn't change
memory protection.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: E

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewe

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than
TEE_NUM_PARAMS copy_in_params() will return an error and
cleanup_shm_refs() is called to clean up.

This leads to accessing uint64_t saved_attr[TEE_NUM_PARAMS] in
entry_invoke_command() or entry_open_session() out of bounds and
possibly also the u[TEE_NUM_PARAMS] array in struct tee_ta_param.

So fix this by capping num_params TEE_NUM_PARAMS in cleanup_shm_refs().

Fixes: b05cd886e06d ("core: enable non-contiguous temporary reference parameters")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: change TEE_MATTR_CACHE_ to TEE_MATTR_MEM_TYPE_

Some extra memory types will be added. This patch renames all
TEE_MATTR_CACHE_ defines to TEE_MATTR_MEM_TYPE_. This will make the next
patches ea

core: change TEE_MATTR_CACHE_ to TEE_MATTR_MEM_TYPE_

Some extra memory types will be added. This patch renames all
TEE_MATTR_CACHE_ defines to TEE_MATTR_MEM_TYPE_. This will make the next
patches easier to understand.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: change return type for tee_entry_std() TEE_Result

Changes the return type for the function tee_entry_std() to TEE_Result
in order to make it independent of optee_smc.h. tee_entry_std() is also

core: change return type for tee_entry_std() TEE_Result

Changes the return type for the function tee_entry_std() to TEE_Result
in order to make it independent of optee_smc.h. tee_entry_std() is also
called from yielding_call_with_arg() and it doesn't make sense for that
function to return values based on the SMC ABI.

With this we're doing an ABI change for FF-A, but that should not make a
difference for the driver since that only test for 0 or !0. In addition
if !0 is returned the communication has broken down completely so there
not much left to recover from. Note that this patch does not require
changes in the Linux kernel driver.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove references to OPTEE_SMC_SHM_CACHED

Removes references to OPTEE_SMC_SHM_CACHED in architecture independent
code, the references are replaces by TEE_MATTR_CACHE_CACHED which is
more accur

core: remove references to OPTEE_SMC_SHM_CACHED

Removes references to OPTEE_SMC_SHM_CACHED in architecture independent
code, the references are replaces by TEE_MATTR_CACHE_CACHED which is
more accurate.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top half runs in secure interrupt context and a
notifications tells normal world to schedule a yielding call to do the
bottom half processing.

The protocol is defined in optee_msg.h optee_rpc_cmd.h and optee_smc.h.

A notification consists of a 32-bit value which normal world can
retrieve using a fastcall into secure world. OP-TEE is currently only
supporting the value 0-63 where 0 has a special meaning. When 0 is sent
it means that normal world is supposed to make a yielding call
OPTEE_MSG_CMD_DO_BOTTOM_HALF.

The notification framework in OP-TEE defines an interface where drivers
can register a callback which is called on each yielding bottom half
call.

Notification capability is negotiated with the normal world while it
initializes its driver. If both sides supports these notifications then
they are enabled.

CFG_CORE_ASYNC_NOTIF_GIC_INTID is added to define the hardware interrupt
used to notify normal world. This is added to the DTB in case OP-TEE can
is configured with CFG_DT=y. Other cases requires the normal world DTB
to be kept in sync with this.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Fix warning in register_shm()

Fixes a -Wdeclaration-after-statement warning in register_shm():
core/tee/entry_std.c:491:2: error: ISO C90 forbids mixed declarations and code [-Werror=declarati

core: Fix warning in register_shm()

Fixes a -Wdeclaration-after-statement warning in register_shm():
core/tee/entry_std.c:491:2: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
struct optee_msg_param_tmem *tmem = &arg->params[0].u.tmem;
^~~~~~

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: FF-A ABI updates

Updates structs and definitions to follow FF-A version 1.0.

Use the special hard coded UUID (486178e0-e7f8-11e3-bc5e-0002a5d5c51b)
for the SP OP-TEE is when compiled fo

core: spmc: FF-A ABI updates

Updates structs and definitions to follow FF-A version 1.0.

Use the special hard coded UUID (486178e0-e7f8-11e3-bc5e-0002a5d5c51b)
for the SP OP-TEE is when compiled for FF-A.

Updates the FF-A OP-TEE message ABI to make room for struct
optee_msg_arg to be used for RPC for OPTEE_FFA_YIELDING_CALL_WITH_ARG.

struct thread_ctx::rpc_arg for the current thread will always hold a
pointer to the struct optee_msg_arg to be used for RPC.

With this allocation of shared memory can be pushed up one layer and be
done via the struct optee_msg_arg so the
OPTEE_FFA_YIELDING_CALL_RETURN_ALLOC_*_SHM and
OPTEE_FFA_YIELDING_CALL_RETURN_FREE_*_SHM can be removed making the FF-A
ABI a bit less complicated.

Changes OPTEE_FFA_UNREGISTER_SHM to be a blocking call instead of a
yielding call.

Removes the unused OPTEE_FFA_YIELDING_CALL_REGISTER_SHM.

Updates the return values from yielding calls to use the TEE_Result
values instead of FF-A one to use the error code from the correct layer.

Defines OPTEE_MSG_FMEM_INVALID_GLOBAL_ID to 0xffffffffffffffffff which
is used as an invalid global id instead of 0.

This is an ABI breakage which must be done in sync with the FF-A v4
patchset in the Linux kernel.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee: move entry_std.c to core/tee

entry_std.* are not architecture-specific codes, therefore move
entry_std.c to core/tee and entry_std.h to core/include/tee.

Signed-off-by: Marouene Boubakri

core: tee: move entry_std.c to core/tee

entry_std.* are not architecture-specific codes, therefore move
entry_std.c to core/tee and entry_std.h to core/include/tee.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...