dt-bindings: add RIF to default bindings config for stm32mp25

Add a list of default bindings for STM32MP25 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: E

dt-bindings: add RIF to default bindings config for stm32mp25

Add a list of default bindings for STM32MP25 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: firewall: add RIF bindings

Add defines for Resource Isolation Framework (RIF) sub-system
configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Et

dt-bindings: firewall: add RIF bindings

Add defines for Resource Isolation Framework (RIF) sub-system
configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32

drivers: firewall: add stm32_rif driver for common RIF features

The resource isolation framework (RIF) is a comprehensive set of
hardware blocks designed to enforce and manage the isolation of
STM32MP25xx hardware resources, like memories and peripherals.

The RIF manages security and privilege levels as well as compartment
filtering. Each compartment is identified by a Compartment ID (CID).

Therefore, the access filtering can be, depending on the case:
• restricted to none, one or more than one CID
• secure-only, non-secure only, or both
• privileged-only or privileged/unprivileged
• read-only, write-only, or read/write

Add a firewall driver folder that contains firewall drivers.
This RIF driver contains generic features shared between all drivers
managing RIF configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: io: fix IO_READ32_POLL_TIMEOUT() when delay is 0us

Fix detection of timeout condition in IO_READ32_POLL_TIMEOUT() that was
never triggered when delay argument is 0us. Indeed 0 is not a useful

core: io: fix IO_READ32_POLL_TIMEOUT() when delay is 0us

Fix detection of timeout condition in IO_READ32_POLL_TIMEOUT() that was
never triggered when delay argument is 0us. Indeed 0 is not a useful
increment value for a timeout counter.

Fixes: 97ea199a2ae8 ("core: io: IO_READ32_POLL_TIMEOUT()")
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: default enable SAES software fallback

Default enable SAES software fallback for 192bit keys support.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne

plat-stm32mp1: default enable SAES software fallback

Default enable SAES software fallback for 192bit keys support.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32_saes: fallback to software on 192bit AES keys

Implement AES software operation for 192 bits keys as these are not
supported by the STM32 SAES peripheral. For that purpose ciph

drivers: crypto: stm32_saes: fallback to software on 192bit AES keys

Implement AES software operation for 192 bits keys as these are not
supported by the STM32 SAES peripheral. For that purpose ciphering final,
context copy and context freeing operations common functions are split
into CRYP/SAES peripheral specific functions.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: cleanup cipher operation structure

Move cryp_ops definition in the source file to have it defined right
next to the CRYP ciphering operation handlers.

Add missing static key

drivers: crypto: stm32: cleanup cipher operation structure

Move cryp_ops definition in the source file to have it defined right
next to the CRYP ciphering operation handlers.

Add missing static keyword in CRYP and SAES operation handlers
structures that are local to the source file.

No functional changes.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: move context allocation/free functions

Move cipher context allocation and free functions to place them
next to each other for CRYP and SAES support to ease their maintenance

drivers: crypto: stm32: move context allocation/free functions

Move cipher context allocation and free functions to place them
next to each other for CRYP and SAES support to ease their maintenance
as the context free sequence is the counter part of the context
allocation sequence. No functional changes.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: clean function references

Remove useless & operator in function references of stm32 crypto drivers.
No functional changes.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss

drivers: crypto: stm32: clean function references

Remove useless & operator in function references of stm32 crypto drivers.
No functional changes.

Reviewed-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-hikey: Replace register_dynamic_shm() with register_ddr()

Use register_ddr() instead of register_dynamic_shm() that is
deprecated.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Jens Wik

plat-hikey: Replace register_dynamic_shm() with register_ddr()

Use register_ddr() instead of register_dynamic_shm() that is
deprecated.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-hikey: make DRAM1_BASE configurable

This commit introduces the CFG_DRAM1_BASE configuration switch
in the plat-hikey platform.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Etienne Carr

plat-hikey: make DRAM1_BASE configurable

This commit introduces the CFG_DRAM1_BASE configuration switch
in the plat-hikey platform.

Signed-off-by: Wen Bin <a1231512a@163.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: sam: update to support slow clock for sama7g5

Add CLK_DT_DECLARE for sama7g5's slow clock.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissie

drivers: clk: sam: update to support slow clock for sama7g5

Add CLK_DT_DECLARE for sama7g5's slow clock.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: sam: add PMC definitions for sama7g5

Add PMC definitions to "at91_pmc.h" for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@lin

drivers: clk: sam: add PMC definitions for sama7g5

Add PMC definitions to "at91_pmc.h" for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: sam: add UTMI clocks for sama7g5 USB PHY

Add functions for configuring UTMI clocks for sama7g5 USB PHY.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <je

drivers: clk: sam: add UTMI clocks for sama7g5 USB PHY

Add functions for configuring UTMI clocks for sama7g5 USB PHY.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: sam: update UTMI clock for sama7g5

The frequency of the parent clock for UTMI is different with sama5d2.
The control of UTMI clock is different with sama5d2.

Signed-off-by: Tony Han <

drivers: clk: sam: update UTMI clock for sama7g5

The frequency of the parent clock for UTMI is different with sama5d2.
The control of UTMI clock is different with sama5d2.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

driver: crypto: hisilicon: fix error handling

When qm_set_vft_common() fails to configure, qm_set_xqc_vft() is
called with the num argument as zero to disable the device. Update
qm_set_xqc_vft() to

driver: crypto: hisilicon: fix error handling

When qm_set_vft_common() fails to configure, qm_set_xqc_vft() is
called with the num argument as zero to disable the device. Update
qm_set_xqc_vft() to handle this error path.

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: notif_register_driver() assert ndrv is nexus memory

Notification drivers defined by struct notif_driver are processed from
the nexus when non-secure virtualization is enabled. Add an assert in

core: notif_register_driver() assert ndrv is nexus memory

Notification drivers defined by struct notif_driver are processed from
the nexus when non-secure virtualization is enabled. Add an assert in
notif_register_driver() to check that the passed driver struct is
located in nexus memory.

Move all notif global state variables into nexus memory. The mutex used
for yielding notifications is the exception since notif_deliver_event()
is called from a partition outside of the nexus.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move _time_source into __nex_bss

To make tee_time_get_sys_time() work reliably with
CFG_NS_VIRTUALIZATION=y move _time_source into nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@

core: move _time_source into __nex_bss

To make tee_time_get_sys_time() work reliably with
CFG_NS_VIRTUALIZATION=y move _time_source into nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add nex_*init-calls

Add nex_*init-calls for drivers and services that resides in the nexus
in case of virtualization. In case of virtualization the init-calls are
based on final calls, while o

core: add nex_*init-calls

Add nex_*init-calls for drivers and services that resides in the nexus
in case of virtualization. In case of virtualization the init-calls are
based on final calls, while otherwise are the same as the non-nex
counterpart.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move multi_core_panic_handler into __nex_data

Multi core panic interrupts are delivered on all cores on panic. For
this to work reliably with CFG_NS_VIRTUALIZATION=y make sure that
multi_core_

core: move multi_core_panic_handler into __nex_data

Multi core panic interrupts are delivered on all cores on panic. For
this to work reliably with CFG_NS_VIRTUALIZATION=y make sure that
multi_core_panic_handler is located in nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add is_nexus() and refactor is_unpaged()

Add the function is_nexus() to tell if an address is an address
available to the nexus when non-secure virtualization is enabled
(CFG_NS_VIRTUALIZATION

core: add is_nexus() and refactor is_unpaged()

Add the function is_nexus() to tell if an address is an address
available to the nexus when non-secure virtualization is enabled
(CFG_NS_VIRTUALIZATION=y). The function is stubbed to return true for
non-null arguments if non-secure virtualization isn't enabled, else
false.

Make the argument for is_unpaged() const void * for consistency with the
is_nexus() function. The stubbed version of is_unpaged() when paging
isn't enabled is updated to perform a NULL check on the argument.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: se050: fix default configuration for the SE applet

Invalid character was merged in the fixed commit.

Fixes: fb559031c25f ("drivers: se050: allow configuring the Secure Element applet")
Sig

drivers: se050: fix default configuration for the SE applet

Invalid character was merged in the fixed commit.

Fixes: fb559031c25f ("drivers: se050: allow configuring the Secure Element applet")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
S

core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Niklas Kirschall <niki.nice1203@gmail.com>

show more ...

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookie

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookies.
Proper locking is needed to serialize access to the cookie list, replace
the interrupt masking with a cpu_spin_lock_xsave().

Fixes: a65dd3a6b64d ("core: spmc: support virtualization with SPMC at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
fun

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
function label.

Fixes: 5516c6cd78da ("core: ecc: support the crypto driver")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...