core: map manifest using MEM_AREA_MANIFEST_DT

Maps the manifest using MEM_AREA_MANIFEST_DT and unmap it at the end of
boot. The manifest DT has a life cycle similar to an external DT, except
that it

core: map manifest using MEM_AREA_MANIFEST_DT

Maps the manifest using MEM_AREA_MANIFEST_DT and unmap it at the end of
boot. The manifest DT has a life cycle similar to an external DT, except
that it's mapped read-only and always secure. It's not available once
exiting after the initial boot

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename tos_fw_config_dt to manifest_dt

Renames tos_fw_config_dt to manifest_dt as a preparation for coming
patches to let it represent all device tree manifests provided in an
FF-A configurati

core: rename tos_fw_config_dt to manifest_dt

Renames tos_fw_config_dt to manifest_dt as a preparation for coming
patches to let it represent all device tree manifests provided in an
FF-A configuration.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add MEM_AREA_MANIFEST_DT

Adds MEM_AREA_MANIFEST_DT for mapping an FF-A manifest FDT.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by:

core: add MEM_AREA_MANIFEST_DT

Adds MEM_AREA_MANIFEST_DT for mapping an FF-A manifest FDT.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

crypto: stm32: fix SAES reset at probe time

Uses SAES internal reset sequence only when external reset controller
is not available. This change fixes a non-systematic SAES error
seen when SAES inter

crypto: stm32: fix SAES reset at probe time

Uses SAES internal reset sequence only when external reset controller
is not available. This change fixes a non-systematic SAES error
seen when SAES internal reset is triggered right after external reset
sequence. Whereas a fix could be to add a delay between external reset
and internal reset sequences, this change simplifies the sequence as
internal reset sequence is not needed when SAES instance is reset using
its external reset controller.

Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

driver: gic: support sgi raise for gicv3

Use write_icc_sgi1r() and write_icc_asgi1r() to raise SGI
for gicv3.
And move the assertion from gic_it_raise_sgi() to
the caller function to improve the rea

driver: gic: support sgi raise for gicv3

Use write_icc_sgi1r() and write_icc_asgi1r() to raise SGI
for gicv3.
And move the assertion from gic_it_raise_sgi() to
the caller function to improve the readability
of gic_it_raise_sgi().

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm.h: Add MPIDR definition for aff3 field

Adds define MPIDR_AFF3_SHIFT and MPIDR_AFF3_MASK.
And extend MPIDR_AFFLVL_MASK to 64 bits to support
the 64-bit MPIDR_EL1 on aarch64.

Signed-off-by:

core: arm.h: Add MPIDR definition for aff3 field

Adds define MPIDR_AFF3_SHIFT and MPIDR_AFF3_MASK.
And extend MPIDR_AFFLVL_MASK to 64 bits to support
the 64-bit MPIDR_EL1 on aarch64.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: Add write_icc_sgi1r() and write_icc_asgi1r()

Adds the wrapper function write_icc_sgi1r() and write_icc_asgi1r()
to write ICC_SGI1R and ICC_ASGI1R to generate group 1 SGIs for
the secure

core: arm64: Add write_icc_sgi1r() and write_icc_asgi1r()

Adds the wrapper function write_icc_sgi1r() and write_icc_asgi1r()
to write ICC_SGI1R and ICC_ASGI1R to generate group 1 SGIs for
the secure and non-secure state CPU.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: imx: add DEK blob

Add DEK blob PTA to generate CAAM DEK blobs.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: caam: add DEK blob support

The CAAM can generate a specific key blob called DEK blob - Data
Encryption Key blob. It encapsulates and encrypts the plain text key used
to encrypt the boot ima

drivers: caam: add DEK blob support

The CAAM can generate a specific key blob called DEK blob - Data
Encryption Key blob. It encapsulates and encrypts the plain text key used
to encrypt the boot image. This blob is decapsulated by the HAB - High
Assurance boot at boot to decrypt the boot image.

The DEK blob is a specific CAAM blob as it requires a header and the key
must be encapsulated from the CAAM secure memory.

Enable the CAAM DEK blob support on imx8m platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM secure memory driver

Add CAAM secure memory support. The CAAM secure memory is an embedded
memory within the CAAM used for data protection and special operations.

Enable the

drivers: caam: add CAAM secure memory driver

Add CAAM secure memory support. The CAAM secure memory is an embedded
memory within the CAAM used for data protection and special operations.

Enable the allocation of secure memory pages and partitions used by job
rings as input/output for special cryptographic operations.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add HAL for secure memory driver

Add hardware abstraction layer for CAAM secure memory registers. The
majority of the implementation is common to all i.MX platforms.
Only the secure m

drivers: caam: add HAL for secure memory driver

Add hardware abstraction layer for CAAM secure memory registers. The
majority of the implementation is common to all i.MX platforms.
Only the secure memory physical address retrieve method is platform
specific.
In this commit, this method is implemented for imx8m platforms only.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@lina

core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR address
space.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wik

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16 bit
of W1. First of all this register should only be set at the NS virtual
FF-A instance. Secondly W1 was not set correctly when an error happened
in ffa_handle_sp_direct_req and ffa_handle_sp_direct_resp. This could
cause sending FFA_ERROR messages to the wrong FF-A endpoint. The patch
clears up the faulty destination handling across all these functions.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-ze

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-zero for new "clock_idx" assert(false) will happen.

Signed-off-by: Tony Han <tony.han@microchip.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

Removes calls to memtag_strip_tag() for input buffer to
bb_memdup_user_private() since that's also dealt with internally by that
function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
R

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to use a
bouncer buffer instead of the heap to hold user supplied data when
deriving the TA unique key now that we have bb_free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wikland

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more prob

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more probe
to defer, the probe_dt_drivers() does not panic().

Fix and simplify the error handling to panic if a probe has failed.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...