core: dt: provide stubbed dt_getprop_as_number()

When compiled with CFG_DT=n link the following error can occur:
aarch64-linux-gnu-ld.bfd: out/arm/core/arch/arm/kernel/boot.o: in function `get_sec_m

core: dt: provide stubbed dt_getprop_as_number()

When compiled with CFG_DT=n link the following error can occur:
aarch64-linux-gnu-ld.bfd: out/arm/core/arch/arm/kernel/boot.o: in function `get_sec_mem_from_manifest':
core/arch/arm/kernel/boot.c:1511: undefined reference to `dt_getprop_as_number'
aarch64-linux-gnu-ld.bfd: core/arch/arm/kernel/boot.c:1519: undefined reference to `dt_getprop_as_number'
aarch64-linux-gnu-ld.bfd: out/arm/core/mm/core_mmu.o: in function `collect_device_mem_ranges':
core/mm/core_mmu.c:982: undefined reference to `dt_getprop_as_number'
aarch64-linux-gnu-ld.bfd: core/mm/core_mmu.c:993: undefined reference to `dt_getprop_as_number'

Fix this by adding a stubbed version of dt_getprop_as_number() when
CFG_DT=n.

Link: https://github.com/OP-TEE/optee_os/issues/6537
Fixes: 4e45454a85d3 ("core: add dt_getprop_as_number()")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: add notifications with SPMC at S-EL2 or EL3

Adds support for asynchronous notifications via FF-A with SPMC at S-EL2
or EL3.

The SPMC is probed using FFA_FEATURES(FFA_NOTIFICATION_SET) to

core: ffa: add notifications with SPMC at S-EL2 or EL3

Adds support for asynchronous notifications via FF-A with SPMC at S-EL2
or EL3.

The SPMC is probed using FFA_FEATURES(FFA_NOTIFICATION_SET) to see if
the SPMC is support FF-A notifications.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: hfic: fix HF_INTERRUPT HVC calls

The HF_INTERRUPT HVC calls has until now not been completely correct.
HF_INTERRUPT_ENABLE is used to enable/disable a virtual interrupt on the
current CPU whil

core: hfic: fix HF_INTERRUPT HVC calls

The HF_INTERRUPT HVC calls has until now not been completely correct.
HF_INTERRUPT_ENABLE is used to enable/disable a virtual interrupt on the
current CPU while HF_INTERRUPT_RECONFIGURE is used to globally enable a
physical interrupt. So update the HFIC callbacks accordingly.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: move hafnium.h into hfic.c

hafnium.h is only included from hfic.c so move the content into that
file instead. Comments trying to describe the paravirtualized interface
are removed and replaced

core: move hafnium.h into hfic.c

hafnium.h is only included from hfic.c so move the content into that
file instead. Comments trying to describe the paravirtualized interface
are removed and replaced by a link to official documentation.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: exit with native interrupts unmasked

When exiting using the main exit/re-entry loop in
ffa_msg_send_direct_resp(), unmask native interrupts before the SMC
instruction and mask them again

core: ffa: exit with native interrupts unmasked

When exiting using the main exit/re-entry loop in
ffa_msg_send_direct_resp(), unmask native interrupts before the SMC
instruction and mask them again on re-entry. This guarantees that native
(aka secure) interrupts are not pending during exit. This also means
that when entering with FFA_INTERRUPT the interrupt will be handled
before thread_spmc_msg_recv() so there is no need to call
interrupt_main_handler() from thread_spmc_msg_recv() any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64.h: add DAIFBIT_{NATIVE,FOREIGN}_INTR

Adds the two defines DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR based
on DAIFBIT_IRQ and DAIFBIT_FIQ analogous with how
THREAD_EXCP_FOREIGN_INTR an

core: arm64.h: add DAIFBIT_{NATIVE,FOREIGN}_INTR

Adds the two defines DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR based
on DAIFBIT_IRQ and DAIFBIT_FIQ analogous with how
THREAD_EXCP_FOREIGN_INTR and THREAD_EXCP_NATIVE_INTR are defined.

DAIFBIT_NATIVE_INTR and DAIFBIT_FOREIGN_INTR can be used in assembly
instead of using #ifdef CFG_CORE_IRQ_IS_NATIVE_INTR.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: sec_proxy: increment while reading trail bytes

The trail bytes from the secure proxy driver were being overwritten,
increase the count each time to not overwrite the existing data

plat-k3: drivers: sec_proxy: increment while reading trail bytes

The trail bytes from the secure proxy driver were being overwritten,
increase the count each time to not overwrite the existing data and not
get the end data corrupted from secure proxy.

Fixes: cf20f0a4f77e ("plat-k3: drivers: Add secure proxy driver for communication with System Controller")
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>

show more ...

plat-stm32mp2: default enable embedded test

Set CFG_ENABLE_EMBEDDED_TESTS to y for STM32MP2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carrier

plat-stm32mp2: default enable embedded test

Set CFG_ENABLE_EMBEDDED_TESTS to y for STM32MP2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: allow up to 8GB of external RAM

Default enable CFG_CORE_LARGE_PHYS_ADDR and set CFG_CORE_ARM64_PA_BITS
to 34 to allow external DDR sizes up to 8GB. This change does not permit
OP-TEE

plat-stm32mp2: allow up to 8GB of external RAM

Default enable CFG_CORE_LARGE_PHYS_ADDR and set CFG_CORE_ARM64_PA_BITS
to 34 to allow external DDR sizes up to 8GB. This change does not permit
OP-TEE to execute above 32bit virtual addresses but allows OP-TEE
to accept and map shared memories of physical addresses above 4GByte.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_rstc: add the function to control sama7g5's USB reset

In sama7g5, USB POR is controlled by register RSTC_GRSTR.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Fori

drivers: atmel_rstc: add the function to control sama7g5's USB reset

In sama7g5, USB POR is controlled by register RSTC_GRSTR.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_tcb: update to compatible with sama7g5

Update the clocks for sama7g5's TC.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
A

drivers: atmel_tcb: update to compatible with sama7g5

Update the clocks for sama7g5's TC.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_pio: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
Add configuration for PIOE as it is available for sama7g5.

Signed-off-by: Tony Han

drivers: atmel_pio: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
Add configuration for PIOE as it is available for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_shdwc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As SHDWC is always secure for sama7g5 no need to configure
its security through m

drivers: atmel_shdwc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As SHDWC is always secure for sama7g5 no need to configure
its security through matrix.
To process DDR controller for sama7g5 pm later.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

driver: crypto: hisilicon: update qm init configs

1. add qm_disable_clock_gate for QM_HW_V3
2. set doorbell timeout to QM_DB_TIMEOUT_SET ns

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: J

driver: crypto: hisilicon: update qm init configs

1. add qm_disable_clock_gate for QM_HW_V3
2. set doorbell timeout to QM_DB_TIMEOUT_SET ns

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Add .sbss and .sdata sections to linker script

Currently, the unclean .sbss section in RISC-V binary could be
problematic. This is because variables such as puts_lock may have
non-zero

core: riscv: Add .sbss and .sdata sections to linker script

Currently, the unclean .sbss section in RISC-V binary could be
problematic. This is because variables such as puts_lock may have
non-zero initial values, leading to failures in cpu_spin_trylock().
To address this issue, merge .sbss into .bss so that it is properly
cleared on boot. Both OpenSBI [1] and Linux [2] follow this approach.

Also, to benefit from global pointer relaxation, add .sdata after the
__global_pointer$ symbol.

Link: https://github.com/riscv-software-src/opensbi/blob/bb90a9ebf6d9a2fe7726978d594e82cdbaad7799/firmware/fw_base.ldS#L84 [1]
Link: https://github.com/torvalds/linux/blob/296455ade1fdcf5f8f8c033201633b60946c589a/include/asm-generic/vmlinux.lds.h#L1146 [2]
Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: shared_resource: disable MCKPROT if not needed

Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow
non-secure world to control Cortex-M coprocessor. This change is neede

plat-stm32mp1: shared_resource: disable MCKPROT if not needed

Disable RCC MCKPROT if not needed on STM32MP15 platforms to allow
non-secure world to control Cortex-M coprocessor. This change is needed
when RCC secure hardening is enabled (RCC[TZEN] control bit) as it
also default enable RCC MCKPROT preventing non-secure world from
accessing some coprocessor SoC resources.

This change is needed when using in tree DTS files stm32mp15*-*-scmi.dts
and non-secure world is in charge of loading and managing the
remote processor firmware.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: sm2 operation fallback

Fallback to software operations for SM2.

Reverts the temporary solution implemented in commit '3489781e9072
("drivers: caam: disable CFG_CRYPTO_SM2_* when ECC

drivers: caam: sm2 operation fallback

Fallback to software operations for SM2.

Reverts the temporary solution implemented in commit '3489781e9072
("drivers: caam: disable CFG_CRYPTO_SM2_* when ECC CAAM driver is
enabled")'.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: add caam_hal_rng_pr_enabled() for 8QX, 8DX platforms

The SECO firmware enables the RNG prediction resistance by default.
There is no need to read the CAAM RNG status registers.

Signe

drivers: caam: add caam_hal_rng_pr_enabled() for 8QX, 8DX platforms

The SECO firmware enables the RNG prediction resistance by default.
There is no need to read the CAAM RNG status registers.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat-stm32mp2: conf: default enable RNG and RNG PTA

Default enable RNG and RNG PTA for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carr

plat-stm32mp2: conf: default enable RNG and RNG PTA

Default enable RNG and RNG PTA for STM32MP2 platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: print RNG version at driver probe time

Print the RNG version that is read from RNG_VERR at driver probe time.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Re

drivers: stm32_rng: print RNG version at driver probe time

Print the RNG version that is read from RNG_VERR at driver probe time.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: put max noise freq in compatible data

Define max noise clock frequency in the compatible data structure.
This avoids having configuration flags in the driver.

While there, updat

drivers: stm32_rng: put max noise freq in compatible data

Define max noise clock frequency in the compatible data structure.
This avoids having configuration flags in the driver.

While there, update STM32MP13/15 max RNG clock frequency to 48MHz
to align with latest certifications.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: move RNG configuration to compat data

Register values cannot be part of the device tree.
As choosing another RNG configuration that is not the default
NIST-certified one should b

drivers: stm32_rng: move RNG configuration to compat data

Register values cannot be part of the device tree.
As choosing another RNG configuration that is not the default
NIST-certified one should be uncommon, it is acceptable to define
it in the compatible data and require to re-compile OP-TEE to change
the RNG configuration.

Also adds support for RNG V4.1 and above. These versions have a power
optimization and a modification of the seed error concealment. New
health tests and noise source registers are configurable and are part
of the RNG configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: add stm32mp25 support

Add stm32mp25 platform support in stm32_rng driver.
On this platform, a security clock is shared between some hardware
blocks. For the RNG, it is the RNG ke

drivers: stm32_rng: add stm32mp25 support

Add stm32mp25 platform support in stm32_rng driver.
On this platform, a security clock is shared between some hardware
blocks. For the RNG, it is the RNG kernel clock. Therefore, the
clock gate is no more shared between the RNG bus and kernel clocks as
on STM32MP1x platforms and the bus clock has to be managed on its own.

Define the number of clock in the compatible data.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: E

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-T

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-TEE.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...