core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@lina

core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR address
space.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wik

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16 bit
of W1. First of all this register should only be set at the NS virtual
FF-A instance. Secondly W1 was not set correctly when an error happened
in ffa_handle_sp_direct_req and ffa_handle_sp_direct_resp. This could
cause sending FFA_ERROR messages to the wrong FF-A endpoint. The patch
clears up the faulty destination handling across all these functions.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-ze

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-zero for new "clock_idx" assert(false) will happen.

Signed-off-by: Tony Han <tony.han@microchip.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

Removes calls to memtag_strip_tag() for input buffer to
bb_memdup_user_private() since that's also dealt with internally by that
function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
R

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to use a
bouncer buffer instead of the heap to hold user supplied data when
deriving the TA unique key now that we have bb_free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wikland

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more prob

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more probe
to defer, the probe_dt_drivers() does not panic().

Fix and simplify the error handling to panic if a probe has failed.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible ne

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible need to be released early. release_state() is a
subset of the destroy() callback. When the destroy() is called
eventually it will free the entire state of the TA regardless if
release_state() has been called before or not. This allows freeing
resources while there are still open sessions to the TA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: vm_info_final(): clear vm_info.asid only

vm_info_final() was prior to this patch clearing the entire
uctx->vm_info when clearing uctx->vm_info.asid only is enough. So fix
that by clearing uctx

core: vm_info_final(): clear vm_info.asid only

vm_info_final() was prior to this patch clearing the entire
uctx->vm_info when clearing uctx->vm_info.asid only is enough. So fix
that by clearing uctx->vm_info.asid only.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64: write_64bit_pair()

Implement write_64bit_pair that write two 64 bits data together.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linar

core: arm64: write_64bit_pair()

Implement write_64bit_pair that write two 64 bits data together.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc_cryp.c: replace get_used_bits()

Prior to this patch was get_used_bits() called in
tee_svc_cryp_obj_populate_type() to check that a bignum isn't too large.
While the code works it's mor

core: tee_svc_cryp.c: replace get_used_bits()

Prior to this patch was get_used_bits() called in
tee_svc_cryp_obj_populate_type() to check that a bignum isn't too large.
While the code works it's more complicated than necessary. The bignum
has just been imported so the normal bignum functions can be used
directly instead of copying the user space buffer again and feed it to
bit_ffs(). So replace the call to get_used_bits() with a call to
crypto_bignum_num_bits() on the newly imported bignum.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use BB_MEMDUP_USER() where needed

Uses BB_MEMDUP_USER() instead of bb_memdup_user() where the destination
buffer isn't a void * in order to avoid using a extra void * variable to
handle the ou

core: use BB_MEMDUP_USER() where needed

Uses BB_MEMDUP_USER() instead of bb_memdup_user() where the destination
buffer isn't a void * in order to avoid using a extra void * variable to
handle the output pointer from bb_memdup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ldelf: apply finer-grained PAN

Prior to this commit, PAN was disabled when executing ldelf syscalls.
With the new user buffer aware ts_store API we can now enable
finer-grained PAN in ldelf sy

core: ldelf: apply finer-grained PAN

Prior to this commit, PAN was disabled when executing ldelf syscalls.
With the new user buffer aware ts_store API we can now enable
finer-grained PAN in ldelf syscalls.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are nor

core: update ts_store API with user space buffer

Updates the read() function pointer in struct ts_store_ops to take an
user space buffer in addition to the previous core buffer. Core buffers
are normal secure memory while user space buffers should only be accessed
using the user_access.h functions.

The different TA storage implementations are updated accordingly.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE()

Adds BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE() wrapper macros to
allow non-void pointer destination.

Signed-off-by: Jens Wiklander <jens.

core: add BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE()

Adds BB_MEMDUP_USER() and BB_MEMDUP_USER_PRIVATE() wrapper macros to
allow non-void pointer destination.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@li

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: free resource upon sgtbuf initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_input_sgtbuf() failure
to free buffer allocated by caam_dmaobj_input_sgtbuf().

Signed-off-b

drivers: caam: free resource upon sgtbuf initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_input_sgtbuf() failure
to free buffer allocated by caam_dmaobj_input_sgtbuf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add definitions of CLINT for platform spike

Add definitions for base address of CLINT, otherwise build failure
occurs for platform spike.

Signed-off-by: Alvin Chang <alvinga@andestech.

core: riscv: Add definitions of CLINT for platform spike

Add definitions for base address of CLINT, otherwise build failure
occurs for platform spike.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...