drivers: nvmem: add atmel_sfc driver

This driver handles the secure fuse controller that is present on the
sama5d2 series. It allows to read a 544 bits user defined area of fuses.
Content is exposed

drivers: nvmem: add atmel_sfc driver

This driver handles the secure fuse controller that is present on the
sama5d2 series. It allows to read a 544 bits user defined area of fuses.
Content is exposed through 17 32 bits registers. Rather than adding
complicated logic in atmel_sfc_read() for individual bytes, read all
the 16 registers at once (which are loaded at SoC startup from fuses)
and store them in an array convenient for copying from it to buffers.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: nvmem: add API for nvmem controllers

Add a nvmem API to access nvmem cells using device-tree description. This
API allows to register nvmeme provider and obtain nvmem cells for consumer.
Mu

drivers: nvmem: add API for nvmem controllers

Add a nvmem API to access nvmem cells using device-tree description. This
API allows to register nvmeme provider and obtain nvmem cells for consumer.
Much like other subsystem, this one relies on the generic dt_driver
mechanism.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: add DT_DRIVER_NVMEM support

Handle DT_DRIVER_NVMEM the same way that DT_DRIVER_PINCTRL is handled.
Indeed, it uses the same kind of DT references (phandle to a subnode of a
controll

core: dt_driver: add DT_DRIVER_NVMEM support

Handle DT_DRIVER_NVMEM the same way that DT_DRIVER_PINCTRL is handled.
Indeed, it uses the same kind of DT references (phandle to a subnode of a
controller) to get a nvmem cell.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.cheval

drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in memcpy().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int (32 bits, signed),
then sign-extended to type unsigned long (64 bits, unsigned).

If memtag_get_tag(kaddr) << uref_tag_shift is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.

Cast memtag_get_tag(kaddr) to vaddr_t to avoid implicit sign extension.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined acc

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined according to the
C99 standard:

6.5.7 Bitwise shift operators
The integer promotions are performed on each of the operands. The type
of the result is that of the promoted left operand. If the value of
the right operand is negative or is greater than or equal to the width
of the promoted left operand, the behavior is undefined.

Skip the shift operation if the shift value is 0.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@fo

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Review

core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may con

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may continue to read and write
the free memory.
To solve the problem, we alloc buffer which has the same
lifecycle with qm.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the reserved
fields are zero as it is stated in the FF-A spec. With FF-A v1.1 the
memory transaction descriptor's 4 byte field at offset 24 has changed
from reserved (MBZ) to Endpoint memory access descriptor size
(non-zero). With the reserved field not cleared in the v1.0 descriptor,
the caller cannot verify if it got the right version of the memory
transaction descriptor.

This issue only affects the FFA_MEM_RETRIEVE_RESP call at the
S-EL1 <-> S-EL0 interface, in all other cases the descriptors are
cleared properly.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Registe

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Register, which is only 40 bytes long.
From there, it is copied into the PKHA.
If HASH is more than 40bytes, extra bytes become zero, which is not
proper message representative,so signatures generation/verification
go wrong.

This makes a limitation when the hash size is longer than 40 bytes
and the signature component/private key size is longer than 40 bytes
As a workaround when the input is marked as a message representative,
then a different path is taken to bring the value into CAAM,
and the value stays intact.

CFG_NXP_CAAM_C2_CTX_REG_WA config flag is added to enable/disable
this workaround.
Currently it is enabled by default for i.MX8M platforms.

Fixes: 4b383f736e9e ("drivers: caam: implement NXP CAAM Driver - DSA")
Fixes: 503b5c013761 ("drivers: caam: implement NXP CAAM Driver - ECC")
Link: https://github.com/OP-TEE/optee_os/issues/6492
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gat

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etie

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:
- Secure access: The data in the cache is only affected by the
the operation if it is secure.
- Non-secure access: The data in the cache is only affected by the
operation if it is non-secure.

Depending on the buffer location, use the secure or non-secure PL310
base address to do physical address based cache operation on the
buffer.

Link: https://developer.arm.com/documentation/ddi0246/a/programmer-s-model/register-descriptions/register-7--cache-maintenance-operations
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to ma

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to match the previous behavior where only the secure
base address was returned.

It is up to the platform to implement that function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in r

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in reset state, and it has to be
re-initialized if in reset state.

Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp:

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp: add new remoteproc PTA")
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Include kernel/interrupt.h for thread_arch.c

Otherwise, the compiler can not find the declaration of
interrupt_main_handler().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-

core: riscv: Include kernel/interrupt.h for thread_arch.c

Otherwise, the compiler can not find the declaration of
interrupt_main_handler().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add missing initial value for read_tp()

The stack variable "tp" should have its initial value.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wikland

core: riscv: Add missing initial value for read_tp()

The stack variable "tp" should have its initial value.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: plic: Fix parameter type of plic_op_raise_sgi()

The commit ec740b9fe95e ("core: interrupt_raise_sgi() updates") changes
the cpu_mask parameter to a uint32_t. Apply this change onto
plic_op_

drivers: plic: Fix parameter type of plic_op_raise_sgi()

The commit ec740b9fe95e ("core: interrupt_raise_sgi() updates") changes
the cpu_mask parameter to a uint32_t. Apply this change onto
plic_op_raise_sgi().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...