core: remove unused mobj_seccpy_shm_alloc()

Removes the now unused mobj_seccpy_shm_alloc(), struct mobj_seccpy_shm,
and friends.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by:

core: remove unused mobj_seccpy_shm_alloc()

Removes the now unused mobj_seccpy_shm_alloc(), struct mobj_seccpy_shm,
and friends.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove temp memory allocation for TA invoke

Remove the temporary memory allocation used if a TA invokes another TA
with a private memory buffer. This has not been in used with TAs
compiled sin

core: remove temp memory allocation for TA invoke

Remove the temporary memory allocation used if a TA invokes another TA
with a private memory buffer. This has not been in used with TAs
compiled since commit ef305e54eac8 ("libutee: allocate temp secmem for
invoke") or OP-TEE version 3.6.0.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: lower verbosity on SAES use

Changes SAES context allocation/release trace message from debug level
to flow level otherwise each access to the secure storage emits debug
messa

drivers: crypto: stm32: lower verbosity on SAES use

Changes SAES context allocation/release trace message from debug level
to flow level otherwise each access to the secure storage emits debug
messages.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: consider DT property regulator-boot-on

Defines regulator flag REGULATOR_BOOT_ON for regulators with the
regulator-boot-on property in their DT node.

Acked-by: Gatien Chevallier

drivers: regulator: consider DT property regulator-boot-on

Defines regulator flag REGULATOR_BOOT_ON for regulators with the
regulator-boot-on property in their DT node.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped

core: fix data abort during ftrace

With commit c10e3fa93d24 ("core: fix race in handling TA panic") the
resources of a panicked TAs are released as early as possible, including
the user space mapped ftrace buffer. However, the pointer to the ftrace
buffer is stored in the ts_session for quick and easy access. The ftrace
buffer is always retrieved with get_fbuf() that already have a few other
checks to see if the buffer is currently available. So add a check to
see that the TA hasn't panicked also.

Fixes: c10e3fa93d24 ("core: fix race in handling TA panic")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: riscv: Fix logic of thread_{get/set}_exceptions()

In ARM, the bits in DAIF register are used to mask the interrupts. While
in RISC-V, the bits in CSR XIE are used to enable(unmask) correspondi

core: riscv: Fix logic of thread_{get/set}_exceptions()

In ARM, the bits in DAIF register are used to mask the interrupts. While
in RISC-V, the bits in CSR XIE are used to enable(unmask) corresponding
interrupt sources.

To not modify the function of thread_get_exceptions(), we invert the
bits after reading the value of CSR XIE, as mask.

To not modify the function of thread_set_exceptions(), we invert the
bits in given "exceptions" before writing "exceptions" into CSR
XIE. Therefore, the intended masked exception bits will be cleared
when we write the final value into CSR XIE to mask those interrupts.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Register thread_vector_table in primary CPU initialization

When primary CPU has initialized everything, it registers the address
of thread_vector_table into higher privileged software v

core: riscv: Register thread_vector_table in primary CPU initialization

When primary CPU has initialized everything, it registers the address
of thread_vector_table into higher privileged software via a1 register.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Implement thread_vector_table for ABI and FIQ entries

Implement thread_vector_table which only includes entries for standard
ABI, fast ABI, and foreign interrupts. Most of code is refer

core: riscv: Implement thread_vector_table for ABI and FIQ entries

Implement thread_vector_table which only includes entries for standard
ABI, fast ABI, and foreign interrupts. Most of code is referenced from
ARM architecture. The thread_vector_table will be registered into higher
privileged software, such as M-mode firmware. The higher privileged
software can jump(mret) to OP-TEE based on this vector table.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Implement SBI based protocol

Rename thread_return_from_nsec_call() to thread_return_to_ree() for more
general behavior, since TEE might not only be called by REE, but also
do something

core: riscv: Implement SBI based protocol

Rename thread_return_from_nsec_call() to thread_return_to_ree() for more
general behavior, since TEE might not only be called by REE, but also
do something on its own initiative (e.g., handle secure interrupts).

This commit also implements SBI based protocol used to return control to
REE. The register a7 encodes SBI TEE extension ID, which is temporarily
defined here. We may have ratified SBI TEE extension in the future and
we can apply ratified ID at that time. The register a6 is unused and
encoded as 0. The returned arguments are encoded into registers a0~a5
and should be provided by the caller.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Implement panic_at_abi_return as guard of ABI call

The ABI call to REE domain should not return. We implement
panic_at_abi_return macro as guard of ABI call. When the ABI call return
il

core: riscv: Implement panic_at_abi_return as guard of ABI call

The ABI call to REE domain should not return. We implement
panic_at_abi_return macro as guard of ABI call. When the ABI call return
illegally, the system will enter panic or an infinite loop.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: use FFA_NORMAL_WORLD_RESUME

Prior to this FFA_INTERRUPT was always completed using FFA_MSG_WAIT,
but at S-EL1 FFA_NORMAL_WORLD_RESUME should be used instead. So fix this
by completing a s

core: ffa: use FFA_NORMAL_WORLD_RESUME

Prior to this FFA_INTERRUPT was always completed using FFA_MSG_WAIT,
but at S-EL1 FFA_NORMAL_WORLD_RESUME should be used instead. So fix this
by completing a secure interrupt that has preempted the normal world with
FFA_NORMAL_WORLD_RESUME if configured with SPMC at S-EL1.

Fixes: 67fec989b586 ("core: ffa: correct response to FFA_INTERRUPT")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: fix FFA_MEM_RECLAIM checks

Currently it is assumed that a NS endpoint's ID is always 0. This is not
true if multiple VMs are present in the NWd, so the check will fail when
reclaiming shar

core: sp: fix FFA_MEM_RECLAIM checks

Currently it is assumed that a NS endpoint's ID is always 0. This is not
true if multiple VMs are present in the NWd, so the check will fail when
reclaiming shared memory from an SP. Fix this by removing the owner ID
check if the reclaim call comes from NWd, in this case the necessary
checks are done by the hypervisor.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: optee_ffa.h: fix a spell error in ABI description

Fixes a spell error in the comment describing OPTEE_FFA_UNREGISTER_SHM ABI.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-b

core: optee_ffa.h: fix a spell error in ABI description

Fixes a spell error in the comment describing OPTEE_FFA_UNREGISTER_SHM ABI.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: return an error on unknown blocking calls

Until now we have panicked on unknown blocking calls. The caller can't
recover from that so return an error instead.

Signed-off-by: Jens Wikland

core: ffa: return an error on unknown blocking calls

Until now we have panicked on unknown blocking calls. The caller can't
recover from that so return an error instead.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: fix race in mobj_put() and ffa_inactivate()

Prior to this patch there was a race condition when mobj_put()
is calling ffa_inactivate().
D/TC:0 0 ffa_inactivate:525 cookie 0x100000000000
D

core: ffa: fix race in mobj_put() and ffa_inactivate()

Prior to this patch there was a race condition when mobj_put()
is calling ffa_inactivate().
D/TC:0 0 ffa_inactivate:525 cookie 0x100000000000
D/TC:0 1 mobj_ffa_get_by_cookie:401 cookie 0x100000000000 active: refc 1
D/TC:? 1 read_console:114 got 0xd
D/TC:0 1 ffa_inactivate:525 cookie 0x100000000000
D/TC:0 0 ffa_inactivate:525 cookie 0x100000000000
E/TC:0 0 Panic at core/arch/arm/mm/mobj_ffa.c:527 <ffa_inactivate>
E/TC:0 0 TEE load address @ 0xe100000
E/TC:0 0 Call stack:
E/TC:0 0 0x0e108c0c print_kernel_stack at ??:?
E/TC:0 0 0x0e115b8c __do_panic at core/kernel/panic.c:24
E/TC:0 0 0x0e10a238 ffa_inactivate at mobj_ffa.c:?
E/TC:0 0 0x0e107318 __thread_std_smc_entry at ??:?

As now explained in ffa_inactivate():
/*
* pop_from_list() can fail to find the mobj if we had just
* decreased the refcount to 0 in mobj_put() and was going to
* acquire the shm_lock but another thread found this mobj and
* reinitialized the refcount to 1. Then before we got cpu time the
* other thread called mobj_put() and deactivated the mobj again.
* ...
*/

If our thread is delayed even further we may even inactivate an
unrelated mobj that happened to reuse the same piece of memory.

Fix this by adding another guarding condition so that the mobj is
guaranteed to be valid until ffa_inactivate() has returned. By adding a
new member in struct mobj_ffa, inactive_refs, we keep track of
references even when the mobj have been moved to the inactive list.

Adds a comment describing the non-trivial life cycle of struct mobj_ffa.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: saic: remove stubbed functions

With the commit b2d6db21ec5e ("core: interrupt: helper function for
raise_pi, raise_sgi, set_affinity") the struct itr_ops .raise_pi,
.raise_sgi, and .set_aff

drivers: saic: remove stubbed functions

With the commit b2d6db21ec5e ("core: interrupt: helper function for
raise_pi, raise_sgi, set_affinity") the struct itr_ops .raise_pi,
.raise_sgi, and .set_affinity are now optional so remove the stubbed
functions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: hfic: remove stubbed functions

With the commit b2d6db21ec5e ("core: interrupt: helper function for
raise_pi, raise_sgi, set_affinity") the struct itr_ops .raise_pi,
.raise_sgi, and .set_aff

drivers: hfic: remove stubbed functions

With the commit b2d6db21ec5e ("core: interrupt: helper function for
raise_pi, raise_sgi, set_affinity") the struct itr_ops .raise_pi,
.raise_sgi, and .set_affinity are now optional so remove the stubbed
functions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: imx: mu: add support for mx8dxl

Add MU support for mx8dxl platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by:

drivers: imx: mu: add support for mx8dxl

Add MU support for mx8dxl platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: add support for mx8dxl

Add support for mx8dxl platforms.
The HAL support is identical to mx8qm/qxp platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Fo

drivers: caam: add support for mx8dxl

Add support for mx8dxl platforms.
The HAL support is identical to mx8qm/qxp platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: imx: fix the DDR configuration of the mx8dxl

Add base address and size of the second DDR size.
Set the physical address size to 40 bits instead of 32 bits. This is
required for platforms with

core: imx: fix the DDR configuration of the mx8dxl

Add base address and size of the second DDR size.
Set the physical address size to 40 bits instead of 32 bits. This is
required for platforms with more and 4G of DDR.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: imx: allow CAAM driver compilation on mx8dxl

Allow the compilation of the CAAM driver for mx8dxl platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <je

core: imx: allow CAAM driver compilation on mx8dxl

Allow the compilation of the CAAM driver for mx8dxl platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: stm32mp1_pmic: register to DT_DRIVER

Initialize stm32mp1_pmic device driver from DT_DRIVER instead of
fixed initcall level. This change requires stm32_i2c bus driver
to also be probed

plat-stm32mp1: stm32mp1_pmic: register to DT_DRIVER

Initialize stm32mp1_pmic device driver from DT_DRIVER instead of
fixed initcall level. This change requires stm32_i2c bus driver
to also be probed from the DT_DRIVER framework.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: stm32mp1_pmic: allocate I2C handle

Allocates I2C handle in stm32mp1_pmic driver. This changes prepares
at later change replacing initcall initialization for dt_driver probing
initiali

plat-stm32mp1: stm32mp1_pmic: allocate I2C handle

Allocates I2C handle in stm32mp1_pmic driver. This changes prepares
at later change replacing initcall initialization for dt_driver probing
initialization.

By the way, remove unused variables and reorder included header files.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: stm32mp1_pmic: save DT status once for all

Saves PMIC DT node status during initialization. This changes prepares
at later change replacing initcall initialization for dt_driver probi

plat-stm32mp1: stm32mp1_pmic: save DT status once for all

Saves PMIC DT node status during initialization. This changes prepares
at later change replacing initcall initialization for dt_driver probing
initialization.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...