drivers: ele: update struct get_info_rsp{} fields

There has been an addition of PQC related fields in
Get Info Command response for i.MX95.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Ac

drivers: ele: update struct get_info_rsp{} fields

There has been an addition of PQC related fields in
Get Info Command response for i.MX95.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: ele: enable getting HUK/RNG from ELE on imx95

Enable support of getting HUK and RNG from ELE on imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.

drivers: ele: enable getting HUK/RNG from ELE on imx95

Enable support of getting HUK and RNG from ELE on imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable MU and ELE drivers for imx95

Enable both MU and ELE driver for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: add MU_BASE and MU_SIZE for imx95

Add MU Base address and MU size for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: imx: mu: add support for imx95

Add MU driver support for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.ma

drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by:

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens W

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
[SG: cleaned up the driver]
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

show more ...

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in a hash tree with an incomplete header and a counter value of 0.
If attempting to read this file subsequently leads to a
TEE_ERROR_CORRUPT_OBJECT error.

Instead of returning TEE_ERROR_CORRUPT_OBJECT, continue the
initialization flow to support subsequent functionality.

Link: https://github.com/OP-TEE/optee_os/issues/7512
Fixes: 50a814981d8b ("core: provide a hash tree for secure storage")

Signed-off-by: Ox Yeh <ox.yeh@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling tha

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling that interrupt.

The RTC interrupt line is only used if the RTC is set as a wakeup source
or RTC is secured by the RIF (only for STM32MP2x) and RTC PTA and
async notif are enabled.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Clément Le Goffic <legoffic.clement@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourg

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

S

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read w

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read will return that no HUK was present and generate a new key.
The previous all-zero HUK may already have been used, which violates the
assumption that a HUK doesn't change.

Since a HUK that consists of all zeros is likely an error in the TRNG,
reject the generated HUK, report an error and let upper layers handle
the error.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This i

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This issue is circumvented by reading the HUK once and caching it in
memory for later use. As a side-effect, this reduces the accesses/reads
from the OTP area.

Unfortunately, I don't know the root cause for the timeout while reading
the fuses. I guess that there is a disabled clock which prevents the
read, but I didn't look further, since caching works fine.

While the documentation recommends to never process the HUK in software,
it is read and processed anyway if it can be read from the fuses. Thus,
I don't think that caching has an effect on the security of the HUK.
The caching is inspired by the HUK handling implemented in the nvmem
driver.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

Extract the OTP write and read support to a separate driver to make it
available for other modules.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: add new API to erase SRAM3

Add new API TEE_Result stm32mp_syscfg_erase_sram3(void);
to be able to erase SRAM3 by hardware request.

Signed-off-by: Nicolas Toromanoff <nicolas.toromano

plat-stm32mp1: add new API to erase SRAM3

Add new API TEE_Result stm32mp_syscfg_erase_sram3(void);
to be able to erase SRAM3 by hardware request.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: syscfg: add dsb in syscfg driver

Add dsb in syscfg driver to guarantee that the request operations
are performed in SYSCFG register when the external API are called
and before to retu

plat-stm32mp1: syscfg: add dsb in syscfg driver

Add dsb in syscfg driver to guarantee that the request operations
are performed in SYSCFG register when the external API are called
and before to return to caller:
- stm32mp1_iocomp() in init sequence
- stm32mp_set_vddsd_comp_state() and stm32mp_set_hslv_state()
called by PWR driver

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: syscfg: set SYSCFG_CMPCR_READY_TIMEOUT_US to 10ms

CHange timeout to 10 ms instead of 1 ms.
On stm32mp13 we measure 1.5ms delay to have CMPCR_READY equal to 1.
Use 10 ms to be aligned

plat-stm32mp1: syscfg: set SYSCFG_CMPCR_READY_TIMEOUT_US to 10ms

CHange timeout to 10 ms instead of 1 ms.
On stm32mp13 we measure 1.5ms delay to have CMPCR_READY equal to 1.
Use 10 ms to be aligned with TF-A timeout.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: fix zero-length access check inconsistency

Fix vm_check_access_rights() so it handles zero-length memory ranges
consistently. Previously, the function had inconsistent behavior for
zero-le

core: mm: fix zero-length access check inconsistency

Fix vm_check_access_rights() so it handles zero-length memory ranges
consistently. Previously, the function had inconsistent behavior for
zero-length checks:
- For page-aligned addresses: Would skip the page checking loop entirely
and return TEE_SUCCESS.
- For unaligned addresses: Would round uaddr down to page boundary and
return a result based on that page.

With this change flags = SECURE | NON_SECURE will still fail to preserve
the sanity checking, but all other zero-length ranges result in
TEE_SUCCESS.

Specifically this was required due to an interaction between OP-TEE and
Rust where Keymint [0] would call the Teaclave [1] wrapper around
TEE_MACComputeFinal with an empty temporary slice (pointer + length
pair) as the final message (&[]). Rust always requires the pointer to be
non-null, but allows it to dangle when length is zero. As a result the
arguments passed to TEE_MACComputeFinal were message=(void *)1,
messageLen=0. These arguments are passed unmodified to
vm_check_access_rights regardless of the length and presumably relied
on the page-aligned case to handle NULL + 0.

[0] https://android.googlesource.com/tee/optee/ta/keymint/
[1] https://github.com/apache/teaclave-trustzone-sdk

Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: fix AES-GCM in-place decryption order

Fix AES-GCM in-place decryption to ensure GHASH always uses the original
ciphertext. Previously, plaintext could overwrite ciphertext before GHASH

core: crypto: fix AES-GCM in-place decryption order

Fix AES-GCM in-place decryption to ensure GHASH always uses the original
ciphertext. Previously, plaintext could overwrite ciphertext before GHASH,
causing authentication failures. Now GHASH is processed before decryption,
so in-place and non in-place decryption both work correctly without extra
buffering or conditional checks.

Tested with both in-place and non in-place decryption; all cases now
produce correct authentication tags.

Fixes: 1fca7e269b13 ("core: crypto: add new AES-GCM implementation")
Signed-off-by: Rayan Hu <rayan.hu@mediatek.com>
Reviewed-by: Menson Chen <menson.chen@mediatek.com>
Reviewed-by: ChingMing Chen <chingming.chen@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: move compatible of agent1 as the first line of the node

Move compatible of agent1 as the first line of the node to be aligned
with stm32mp23-st-scmi-cfg.dtsi

Signed-off-by: Thomas Bourg

dts: stm32: move compatible of agent1 as the first line of the node

Move compatible of agent1 as the first line of the node to be aligned
with stm32mp23-st-scmi-cfg.dtsi

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rifsc: add support of stm32mp23

Add support of stm32mp23 platform in RIFSC driver.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne

drivers: stm32_rifsc: add support of stm32mp23

Add support of stm32mp23 platform in RIFSC driver.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...