plat-stm32mp1: conf: fix order for CFG_REGULATOR_FIXED

Changes CFG_REGULATOR_FIXED config setting location to match alphabetical
order.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
S

plat-stm32mp1: conf: fix order for CFG_REGULATOR_FIXED

Changes CFG_REGULATOR_FIXED config setting location to match alphabetical
order.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: conf: enable support for GPIO regulators

Enables support for GPIO regulators on platform stm32mp1 when
CFG_STM32_GPIO is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.

plat-stm32mp1: conf: enable support for GPIO regulators

Enables support for GPIO regulators on platform stm32mp1 when
CFG_STM32_GPIO is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: GPIO controlled regulator

Implements a GPIO controlled regulators driver compliant with DT nodes
compatible with regulator-gpio. These regulators use GPIO pins to select
the volt

drivers: regulator: GPIO controlled regulator

Implements a GPIO controlled regulators driver compliant with DT nodes
compatible with regulator-gpio. These regulators use GPIO pins to select
the voltage level. The implementation supports only dual voltage level
selection using a single pin. The DT bindings allows more pins to
select between more voltages but no known platform currently requires
that so we preferred the simplified case.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

B

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

By the way, fix specifier for res argument that is a uint32_t.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: allow CFG_TZSRAM_START being defined when pager is disabled

Fixes case when a platform configuration defines CFG_TZSRAM_START but
does not use the pager. CFG_TZSRAM_START defines the base

core: arm: allow CFG_TZSRAM_START being defined when pager is disabled

Fixes case when a platform configuration defines CFG_TZSRAM_START but
does not use the pager. CFG_TZSRAM_START defines the based address
of the memory used for resident memory and page pool when CFG_WITH_PAGER
is enabled.

Since below mentioned commit, TZSRAM_BASE being defined makes core_mmu.c
to assume there are 2 secure memories for OP-TEE core internal use. This
change ensures that when CFG_WITH_PAGER is disabled, TZSRAM is not
defined even if the platform configuration sets CFG_TZSRAM_START.

An example of such issues is when testing an STM32MP15 variant of
platform stm32mp1 with pager being disabled. Before this change,
OP-TEE boot sequence fails with a error trace message like:
E/TC:0 0 Panic 'Unexpected TZC configuration on secure region' at core/arch/arm/plat-stm32mp1/plat_tzc400.c:102 <init_stm32mp1_tzc>

Indeed debug trace messages can show that an invalid physical memory
area has been registered by core as TEE_RAM_RO, as shown below. Note that
for that platform, internal secure SYSRAM range is [0x2ffc000 0x30000000]:
D/TC:0 add_phys_mem:667 ram_start type TEE_RAM_RO 0x2ffc0000 size 0xae040000

Fixes: e09739a8a6a1 ("core: core_mmu.c: use secure_only[] where possible")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: report invalid regulator state request

Changes the SCMI return code from SCMI_GENERIC_ERROR to
SCMI_INVALID_PARAMETERS when the requested state is not one of
the 2 suppor

plat-stm32mp1: scmi_server: report invalid regulator state request

Changes the SCMI return code from SCMI_GENERIC_ERROR to
SCMI_INVALID_PARAMETERS when the requested state is not one of
the 2 supported SCMI voltage domain states
(SCMI_VOLTAGE_DOMAIN_CONFIG_ARCH_ON or
SCMI_VOLTAGE_DOMAIN_CONFIG_ARCH_OFF).

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integr

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integrated the regulator
framework in stm32mp1 scmi_server. On the mentioned boards, the
PWR USB3.3V regulator, exposed through SCMI to Linux/U-Boot, is
supplied by a PMIC regulator (named vdd_usb). The PMIC is connected
on an I2C bus currently assigned to non-secure world as used by mainline
Linux kernel and U-Boot for these boards. Therefore, OP-TEE can
access the PMIC at boot time to enable that PMIC regulator but not
at runtime as it could conflict with Linux kernel/U-Boot accesses on
that bus. Setting that PMIC regulator always-on on OP-TEE side
prevents OP-TEE from accessing the I2C bus to disable PMIC vdd_usb
regulator at runtime when Linux or U-Boot disable the PWR USB-3.3V
regulator using PWR regulator service exposed through SMCI.

On these boards, Linux and U-Boot are not expected to disable this
PMIC regulator. If so, the effect would be that SCMI requests to
enable to enable PWR USB-3.3V would simply return a failure code
and Linux/U-Boot USB stack to not be functional. OP-TEE core itself
does not use any USB resources on these platforms.

A ideal solution would be to assign that I2C bus to OP-TEE
(harden its secure configuration) but mainline Linux and U-Boot
packages are not yet ready for this due to legacy configuration
of these components for the devices connected on these boards. This
will come once mainline Linux kernel and U-Boot are ready.

Fixes: 23e200628dad ("plat-stm32mp1: scmi_server: use registered regulators")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: fix regulator framework integration

Fixes the return value when an SCMI regulator is already in
the expected state. Prior this change the implementation returned
SCMI_GEN

plat-stm32mp1: scmi_server: fix regulator framework integration

Fixes the return value when an SCMI regulator is already in
the expected state. Prior this change the implementation returned
SCMI_GENERIC_ERROR instead of SCMI_SUCCESS.

Fixes: 23e200628dad ("plat-stm32mp1: scmi_server: use registered regulators")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: fix inline comment on async notif interrupt

Fixes the inline comment that describes allowed values for
CFG_CORE_ASYNC_NOTIF_GIC_INTID that can be a SPI or a secure PPI.

Fixes: 9439728550

core: arm: fix inline comment on async notif interrupt

Fixes the inline comment that describes allowed values for
CFG_CORE_ASYNC_NOTIF_GIC_INTID that can be a SPI or a secure PPI.

Fixes: 943972855082 ("core: notif: allow GIC_PPI usage for async notif")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: CFG_INSECURE=y allows insecure RCC configuration

Changes STM32MP1 shared resources to allow insecure RCC protection
with peripherals assigned to secure world when CFG_INSECURE is
enab

plat-stm32mp1: CFG_INSECURE=y allows insecure RCC configuration

Changes STM32MP1 shared resources to allow insecure RCC protection
with peripherals assigned to secure world when CFG_INSECURE is
enabled. This means for example that some SoC resources can be assigned
to OP-TEE without their clock and reset controllers being effectively
protected from non-secure accesses. Such configuration can be useful
for development and test purposes.

This change does not affect devices provisioned with secret that are
in so-called SEC_CLOSED state (BSEC fuses). Indeed this device state
currently requires RCC protection to be enabled as already implemented
in function check_rcc_secure_configuration().

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

tree wide: CFG_INSECURE deprecates CFG_WARN_INSECURE

Replaces configuration switch CFG_WARN_INSECURE with CFG_INSECURE
The new name is better because the switch not only warns but also
change the OP

tree wide: CFG_INSECURE deprecates CFG_WARN_INSECURE

Replaces configuration switch CFG_WARN_INSECURE with CFG_INSECURE
The new name is better because the switch not only warns but also
change the OP-TEE core behavior as, for example, allowing absence
of secure storage rollback protection.

Suggested-by: Jérôme Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: fix mem reclaim error reporting

Until now handle_mem_reclaim() was incorrectly returning the error value
in a1 instead of a2 as mandated by the specification. Successful returns
are not a

core: ffa: fix mem reclaim error reporting

Until now handle_mem_reclaim() was incorrectly returning the error value
in a1 instead of a2 as mandated by the specification. Successful returns
are not affected by this since they use the FFA_SUCCESS_32 FID. So fix this
by supplying the error value in the right register.

Fixes: 1b302ac09816 ("core: enable FF-A with SPM Core at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: check for NULL mobj before thread_rpc_free()

In the SMC and FF-A ABIs check that a mobj representing a shared memory
object isn't NULL before doing an RPC to free it in the normal world
t

core: arm: check for NULL mobj before thread_rpc_free()

In the SMC and FF-A ABIs check that a mobj representing a shared memory
object isn't NULL before doing an RPC to free it in the normal world
too. For the FF-A ABI it's harmless without this check, but the SMC ABI
may cause an NULL pointer dereference in the OP-TEE kernel driver.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other cores when panicking on fvp, juno, qemu_virt and
qemu_armv8a platforms.

Signed-off-by: Gatien Chevallier <gatien.chevalli

plat-vexpress: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other cores when panicking on fvp, juno, qemu_virt and
qemu_armv8a platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (vexpress-qemu_armv8a)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (vexpress-qemu_virt)

show more ...

plat-stm32mp2: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt other cores when panicking on STM32MP25x platforms. SGI15
is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.cheval

plat-stm32mp2: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt other cores when panicking on STM32MP25x platforms. SGI15
is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other core when panicking on STM32MP15x platforms.
SGI15 is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.che

plat-stm32mp1: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other core when panicking on STM32MP15x platforms.
SGI15 is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (stm32mp1-157C_DK2)

show more ...

core: interrupt: halt other cores when one is panicking

When one core panics, send an SGI (CFG_CORE_HALT_CORES_ON_PANIC_SGI)
to halt other cores if CFG_CORE_HALT_CORES_ON_PANIC is enabled.

Signed-o

core: interrupt: halt other cores when one is panicking

When one core panics, send an SGI (CFG_CORE_HALT_CORES_ON_PANIC_SGI)
to halt other cores if CFG_CORE_HALT_CORES_ON_PANIC is enabled.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt_raise_sgi() updates

Adds ITR_CPU_MASK_TO_THIS_CPU and ITR_CPU_MASK_TO_OTHER_CPUS to simplify
targeting CPUs in some use cases. The cpu_mask parameter is changed to a
uint32_t to make

core: interrupt_raise_sgi() updates

Adds ITR_CPU_MASK_TO_THIS_CPU and ITR_CPU_MASK_TO_OTHER_CPUS to simplify
targeting CPUs in some use cases. The cpu_mask parameter is changed to a
uint32_t to make room for the two new flags.

The gic driver is updated to support this new flag.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: print current guest ID in logs

If CFG_NS_VIRTUALIZATION is enabled include the current guest ID on each
log line. A number is added before the core number identifying the
currently set guest I

core: print current guest ID in logs

If CFG_NS_VIRTUALIZATION is enabled include the current guest ID on each
log line. A number is added before the core number identifying the
currently set guest ID, for example:
D/TC:2 0 0 call_initcalls:40 level 1 teecore_init_pub_ram()

Where the "2" indicates that this is done with guest ID 2 active.

Update the symbolize.py script accordingly to recognize and ignore an
eventual guest ID in a log entry.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: attestation: fix calls to tee_pobj_get()

Fixes calls to tee_pobj_get() that use boolean value false as argument
where an enum tee_pobj_usage argument is expected.

Between OP-TEE release

core: pta: attestation: fix calls to tee_pobj_get()

Fixes calls to tee_pobj_get() that use boolean value false as argument
where an enum tee_pobj_usage argument is expected.

Between OP-TEE release tags 2.4.0 and 3.11.0, tee_pobj_get() used to
take a boolean @temporary argument. The function prototype changed in
commit 6885abf2f7ef ("core: tee_pobj_get() takes an enum tee_pobj_usage")
and was merged in release tag 3.11.0 but attestation PTA initial
implementation of StMM sadly used the old prototype, using false (0)
instead of TEE_POBJ_USAGE_OPEN (0).

Fixes: 7e05ec25bd68 ("core: pta: add remote attestation PTA")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: stmm_sp: fix calls to tee_pobj_get()

Fixes calls to tee_pobj_get() that use boolean value false as argument
where an enum tee_pobj_usage argument is expected.

Between OP-TEE release tags

core: arm: stmm_sp: fix calls to tee_pobj_get()

Fixes calls to tee_pobj_get() that use boolean value false as argument
where an enum tee_pobj_usage argument is expected.

Between OP-TEE release tags 2.4.0 and 3.11.0, tee_pobj_get() used to
take a boolean @temporary argument. The function prototype changed in
commit 6885abf2f7ef ("core: tee_pobj_get() takes an enum tee_pobj_usage")
and was merged in release tag 3.11.0 but initial implementation of StMM
support [1] and its related source file renaming [2] sadly used the
old prototype, using false (0) instead of TEE_POBJ_USAGE_OPEN (0).

Fixes: 42471ecf25b7 ("core: load stmm via secure partition") [1]
Fixes: f9cd31c5310d ("core: rename secure_partition to stmm_sp") [2]
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add support for transfer list

Add supports for Transfer List on both aarch32/64.
Fetch arguments from {x,r}{0-3} and check if a valid Transfer List
exists, which compliant to the Firmware Hand

core: add support for transfer list

Add supports for Transfer List on both aarch32/64.
Fetch arguments from {x,r}{0-3} and check if a valid Transfer List
exists, which compliant to the Firmware Handoff specification.
The Transfer List will be mapped during early initialization and
unmapped before exiting to next boot stage.
DTB and pagable address will be parsed from the Transfer List if
they exist as Transfer Entries.
If Transfer List does not exist or is invalid, legacy argument
handoff is backwards compatible.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add transfer list API

Introduce Transfer List API into kernel to implement Firmware
Handoff specification

Link: https://github.com/FirmwareHandoff/firmware_handoff
Signed-off-by: Raymond Mao

core: add transfer list API

Introduce Transfer List API into kernel to implement Firmware
Handoff specification

Link: https://github.com/FirmwareHandoff/firmware_handoff
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add memory area for transfer list

Adding a new area to map a transfer list if it is handed over
from previous boot stage

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jens

core: add memory area for transfer list

Adding a new area to map a transfer list if it is handed over
from previous boot stage

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: enable async notif on stm32mp13

Enables async notif using GIC PPI 15 as non-secure interrupt notifier
for STM32MP13 variants.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.s

plat-stm32mp1: enable async notif on stm32mp13

Enables async notif using GIC PPI 15 as non-secure interrupt notifier
for STM32MP13 variants.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...