dts: add stm32mp15*-scmi.dts files for when RCC is secure

For legacy reason and compatibility with existing platforms embedding
OP-TEE with RCC secure hardening being disabled, introduce -scmi.dts f

dts: add stm32mp15*-scmi.dts files for when RCC is secure

For legacy reason and compatibility with existing platforms embedding
OP-TEE with RCC secure hardening being disabled, introduce -scmi.dts for
the 4 ST boards STM32MP15x: DK1, DK2, ED1 and EV1 where we enable RCC
security require non-secure world to use SCMI resources. Add platform
flavors 157x_XXX_SCMI to ease DTS selection.

stm32mp15*-<board>.dts applies an insecure RCC configuration.
stm32mp15*-<board>-scmi.dts applies the secure RCC configuration.
This better reflects the configurations supported in the Linux kernel
and U-Boot source trees.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk_dt: include missing clk.h header file

clk resources are used in this file. Add missing include.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Foriss

drivers: clk_dt: include missing clk.h header file

clk resources are used in this file. Add missing include.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain the remote processor
resource table and trace buffer,
- update reset to align declaration with the Linux devicetree

To enable the load of the coprocessor firmware by OP-TEE, user have
to update the m4_rproc node compatible property:
-"st,stm32mp1-m4": the load is managed by Linux or U-boot,
-"st,stm32mp1-m4-tee": the load is managed by OP-TEE.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: Add the remoteproc TA in early TA list

On the stm32mp1 platform, it is possible to load firmware during the
bootloader stage, for instance, by U-boot. To enable this feature,
The remo

plat-stm32mp1: Add the remoteproc TA in early TA list

On the stm32mp1 platform, it is possible to load firmware during the
bootloader stage, for instance, by U-boot. To enable this feature,
The remoteproc TA should be added to the list of early-TAs.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: stm32mp: add new remoteproc PTA

Add remoteproc PTA for the stm32mp1 platform.
The PTA relies on the stm32_remoteproc driver for the remoteproc
management.
It is charge of providing interface fo

pta: stm32mp: add new remoteproc PTA

Add remoteproc PTA for the stm32mp1 platform.
The PTA relies on the stm32_remoteproc driver for the remoteproc
management.
It is charge of providing interface for authenticating firmware images
and managing the remote processor live cycle.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: Add stm32mp1 remoteproc driver

This driver is responsible for configuring the registers and memories of
the remote processor.
- It stores information about memories assigned to the remote p

drivers: Add stm32mp1 remoteproc driver

This driver is responsible for configuring the registers and memories of
the remote processor.
- It stores information about memories assigned to the remote processor
based on the device tree.
- It ensures consistency between the registered memory and the addresses
of the firmware segments to be loaded.
- Additionally, it is responsible for starting and stopping the remote
processor core.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possi

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possible as the CAAM is TrustZone aware and provides multiple separate
job rings.

For complete isolation, however, access to CAAM reset and clocks need to
be managed as well. This could be done in theory by restricting access
to the reset and clock controller peripherals to the secure world and
exporting limited access to some resources via SCMI. There is no such
support yet for the i.MX and thus some setups may prefer to avoid using
the CAAM in OP-TEE to stay safe from normal world inducing glitches.

These setups may still need random numbers in OP-TEE. Therefore, access
so have them
access the CAAM only once at startup to initialize OP-TEE's PRNG and
defer subsequent use of the CAAM to the normal world, whenever
CFG_WITH_SOFTWARE_PRNG=y.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resi

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resistance"),
but did not make use of it for random number generation with the reason
explained inside the commit message:

Note: current patch does not deal with RNG state handles that have
already been initialized, but without PR support (this could happen if
U-boot would run before OP-TEE etc.). In this case, RNG state handle
would have to be deinstantiated first, and then reinstantiated with
PR support.

There is a simpler workaround than deinstantiation however: Check if the
state handles have been initialized with prediction resistance (whether
from OP-TEE or outside) and if they were, just set the prediction
resistance bit.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: support querying whether prediction resistance was setup

CAAM shared descriptors initialization may happen inside OP-TEE or
beforehand, either in the bootloader or system controller.

drivers: caam: support querying whether prediction resistance was setup

CAAM shared descriptors initialization may happen inside OP-TEE or
beforehand, either in the bootloader or system controller.

As it's not known at compile-time whether the shared descriptors were
initialized with prediction resistance or not, OP-TEE use of the CAAM
for random number generation omitted requesting prediction resistance.

In preparation for changing that, provide a caam_hal_rng_pr_enabled()
function that queries the state of the PR bits in the shared descriptors.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

core: fixup of transfer list header size

Add 4 reserved bytes at the tail of the transfer list header.
This fixes a non-8-bytes aligned header when "flags" was introduced
into the header.

Fixes: 50

core: fixup of transfer list header size

Add 4 reserved bytes at the tail of the transfer list header.
This fixes a non-8-bytes aligned header when "flags" was introduced
into the header.

Fixes: 508e2476b232 ("core: update transfer list header and signature")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: fix an issue of multiple tasks using the same qp

Flag in the qp structure is used to indicate whether
the qp is occupied.The new task can find an unused qp
and use it.

Fi

driver: crypto: hisilicon: fix an issue of multiple tasks using the same qp

Flag in the qp structure is used to indicate whether
the qp is occupied.The new task can find an unused qp
and use it.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unused deprecated gic_cpu_init()

Remove the unused deprecated function gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.

core: remove unused deprecated gic_cpu_init()

Remove the unused deprecated function gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-zynq7k: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-ti: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Andrew Davis <afd@ti.com>

plat-sunxi: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-stm: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etien

plat-stm: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <

plat-stm32mp2: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <

plat-stm32mp1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rzn1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@li

plat-rzn1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-rockchip: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-rcar: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <vol

plat-rcar: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

plat-ls: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sahil Malhotra <sahil.ma

plat-ls: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

plat-k3: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Andrew Davis <afd@ti.com>

plat-imx: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Clement Faure <clement.fau

plat-imx: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qsabresd, imx-mx6ulevk, imx-mx8qmmek, imx-mx8mnevk)

show more ...

plat-corstone1000: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>