plat-sam: enable CFG_DRIVERS_I2C and CFG_ATMEL_I2C for wlsom1 board

Enable these options to embed the I2C driver when using the wlsom1
board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com

plat-sam: enable CFG_DRIVERS_I2C and CFG_ATMEL_I2C for wlsom1 board

Enable these options to embed the I2C driver when using the wlsom1
board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: wlsom1_ek1: set i2c0 bus as secure

This bus holds the PMIC which is going to be used by OP-TEE to handle
suspend.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerom

dts: at91: wlsom1_ek1: set i2c0 bus as secure

This bus holds the PMIC which is going to be used by OP-TEE to handle
suspend.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel_i2c: add new driver

Add a driver for the atmel I2C controller that can be found on sama5d2
platforms. This driver allows to execute standard I2C requests as well
as SMBus protocol com

drivers: atmel_i2c: add new driver

Add a driver for the atmel I2C controller that can be found on sama5d2
platforms. This driver allows to execute standard I2C requests as well
as SMBus protocol commands.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: i2c: add a simple framework to handle i2c devices

Add simple i2c support which provides support for I2C controllers and
devices using the generic DT mechanisms that already exists. I2C
cont

drivers: i2c: add a simple framework to handle i2c devices

Add simple i2c support which provides support for I2C controllers and
devices using the generic DT mechanisms that already exists. I2C
controllers needs to implement i2c_ctrl_ops to provide i2c operations
such as read, write and smbus commands depending on their capabilities.
I2C devices driver can then be defined using DEFINE_I2C_DEV_DRIVER().
This macros will use a default i2c probe function (__i2c_probe()) which
will then call the I2C device probe function by passing a i2c_dev struct
that can be used to communicate with the I2C device defined in the
device-tree.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: add support for DT_DRIVER_I2C

Integrating I2C support within the dt_driver mechanism require to change
the way controller are retrieved. Indeed, when using i2c, the children are
loc

core: dt_driver: add support for DT_DRIVER_I2C

Integrating I2C support within the dt_driver mechanism require to change
the way controller are retrieved. Indeed, when using i2c, the children are
located under a parent I2C controller node. This implies to use another
method to parse node heriarchy and ignore the case when the provider
has no phandle.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: remove early return if no phandle is found for provider

This case now happens for various subsystems which do not uses direct
phandles to the controller but rather phandles to child

core: dt_driver: remove early return if no phandle is found for provider

This case now happens for various subsystems which do not uses direct
phandles to the controller but rather phandles to child of the controller.
For such description, the controller itself might not have any "phandle"
property since there is no reference to it.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: add phandle node and fdt to dt_driver_phandle_args

With pinctrl, it is necessary for the provider to access the node which
will need to be apply since it contains custom controller

core: dt_driver: add phandle node and fdt to dt_driver_phandle_args

With pinctrl, it is necessary for the provider to access the node which
will need to be apply since it contains custom controller properties
that need to be parsed. In order to integrate pinctrl with the existing
dt_driver generic support, add these members and fill them when invoking
the get_of_device() callback.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: disable CFG_CRYPTO_SM2_* when ECC CAAM driver is enabled

Disable CFG_CRYPTO_SM2_PKE and CFG_CRYPTO_SM2_KEP as ECC CAAM driver
does not support ECC encryption.
Disable CFG_CRYPTO_SM2_D

drivers: caam: disable CFG_CRYPTO_SM2_* when ECC CAAM driver is enabled

Disable CFG_CRYPTO_SM2_PKE and CFG_CRYPTO_SM2_KEP as ECC CAAM driver
does not support ECC encryption.
Disable CFG_CRYPTO_SM2_DSA as ECC CAAM driver does not support ECC SM2
signature.

This is a temporary fix until a proper software crypto fallback
is implemented.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: give the platform configuration a higher priority

The platform crypto configuration should always have a higher priority
than the generic crypto configuration.

Signed-off-by: Clement

core: crypto: give the platform configuration a higher priority

The platform crypto configuration should always have a higher priority
than the generic crypto configuration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TZASC: Allow 32KB region size

According to the ARM TZC-380 Technical Reference Manual, 32KB is the
minimum region size [1]. But before this patch, tzc_auto_configure()
allowed only 64KB as minimum.

TZASC: Allow 32KB region size

According to the ARM TZC-380 Technical Reference Manual, 32KB is the
minimum region size [1]. But before this patch, tzc_auto_configure()
allowed only 64KB as minimum.

(pow > 15) implies the following:
region_size = (1ULL << pow) = (2^pow) > 32KB

After this patch, (pow >= 15) gives us region_size >= 32KB.

Tested on i.MX6UL.

Link: [1] https://developer.arm.com/documentation/ddi0431/c/programmers-model/register-descriptions/region-attributes--n--register?lang=en
Signed-off-by: Philip Oberfichtner <pro@denx.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-zynqmp: fixes interrupt controller

Updates GICC_OFFSET to account for the already-offset GIC_BASE.
Additionally initializes the interrupt controller with a pointer
to the interrupt chip.

Signe

plat-zynqmp: fixes interrupt controller

Updates GICC_OFFSET to account for the already-offset GIC_BASE.
Additionally initializes the interrupt controller with a pointer
to the interrupt chip.

Signed-off-by: Zachary Clark <zach.clark@dornerworks.com>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffe

core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffer overflow when
iterating dump_ctx.

Solution: Correct the allocation size to
sizeof(struct tee_ta_dump_ctx) * ta_count.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

drivers: caam: fix MP abstraction layer functions

Compile manufacturing HAL functions only if the platform supports it.

Fixes: d538d2936c22 ("drivers: caam: add manufacturing protection feature")
S

drivers: caam: fix MP abstraction layer functions

Compile manufacturing HAL functions only if the platform supports it.

Fixes: d538d2936c22 ("drivers: caam: add manufacturing protection feature")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag

Add CFG_NXP_CAAM_MATH_DRV compilation flag for caam_math.c
Remove CFG_NXP_CAAM_ACIPHER_DRV flag.
Bind the compilation of caam_rsa.c an

drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag

Add CFG_NXP_CAAM_MATH_DRV compilation flag for caam_math.c
Remove CFG_NXP_CAAM_ACIPHER_DRV flag.
Bind the compilation of caam_rsa.c and caam_prime_rsa.c to
CFG_NXP_CAAM_RSA_DRV.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libtomcrypt: fix pkcs_1_v1_5_decode() when empty message

In case of EME-PKCS1-v1_5 decoding, the encoded message
format is as follow : EM = 0x00 || 0x02 || PS || 0x00 || M.
When using an empty messa

libtomcrypt: fix pkcs_1_v1_5_decode() when empty message

In case of EME-PKCS1-v1_5 decoding, the encoded message
format is as follow : EM = 0x00 || 0x02 || PS || 0x00 || M.
When using an empty message, the 0x00 octet that separates
the padding string and message is located at the end. Thus,
update the condition to pass the check in case of empty message.

This fixes the following AOSP cts test:
Module: CtsKeystoreTestCases
Test: testEmptyPlaintextEncryptsAndDecrypts
Link: https://android.googlesource.com/platform/cts/+/refs/tags/android-cts-12.0_r6/tests/tests/keystore/src/android/keystore/cts/CipherTest.java

Signed-off-by: Safae Ouajih <souajih@baylibre.com>
[jf: upstream commit caf350028833]
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: crypto: add support for SM2_DSA_SM3

Adds TEE_TYPE_SM2_DSA_SM3_PUBLIC_KEY to
drvcrypt_asym_alloc_ecc_public_key() and adds
TEE_TYPE_SM2_DSA_SM3_KEYPAIR to drvcrypt_asym_alloc_ecc_keypair().

drivers: crypto: add support for SM2_DSA_SM3

Adds TEE_TYPE_SM2_DSA_SM3_PUBLIC_KEY to
drvcrypt_asym_alloc_ecc_public_key() and adds
TEE_TYPE_SM2_DSA_SM3_KEYPAIR to drvcrypt_asym_alloc_ecc_keypair(). Adds
support for TEE_MAIN_ALGO_SM2_DSA_SM3 in ecc_sign and ecc_verify.

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove duplicate driver_init() call

Remove duplicated call to driver_init().
The previous driver_init() call would only initialize the driver.
The new driver_init() call initializes the d

core: imx: remove duplicate driver_init() call

Remove duplicated call to driver_init().
The previous driver_init() call would only initialize the driver.
The new driver_init() call initializes the driver and its power
management callback.

Fixes: 97eb916803fe ("drivers: imx: tzc380: re-configure TZ380 upon PM resume")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Fix idx truncation bug

When the idx of TA memory mapping is assigned, it is saved in the
l1_idx_t, which is the uint8_t or uint16_t type. But when it is
parsed, it is saved in uint8_t whic

core: mm: Fix idx truncation bug

When the idx of TA memory mapping is assigned, it is saved in the
l1_idx_t, which is the uint8_t or uint16_t type. But when it is
parsed, it is saved in uint8_t which can cause truncation.
To solve this problem, the idx should be saved in the l1_idx_t
type when parsing the idx.

Signed-off-by: leisen <leisen1@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: edit commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix loading of encrypted TA

The total size of headers for TAs signed with a subkey varies, take that
into account when sanity checking the img_size field of the signed
header.

Fixes: 19b1ce2b

core: fix loading of encrypted TA

The total size of headers for TAs signed with a subkey varies, take that
into account when sanity checking the img_size field of the signed
header.

Fixes: 19b1ce2b2b2b ("core: ree_fs: check ta size before use")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA stack pointer isn't set. That causes a data abort
when accessing its stack.

Solution: Check the user TA initialization is completed or not.
If it is still being initialized, return TEE_ERROR_BAD_STATE.
https://github.com/OP-TEE/optee_os/issues/5905

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

drivers: se050: allow configuring the Secure Element applet

Add CFG_CORE_SE05X_VER to allow configuring the desirable applet
version.
This enables making the driver compatible with newer elements.

drivers: se050: allow configuring the Secure Element applet

Add CFG_CORE_SE05X_VER to allow configuring the desirable applet
version.
This enables making the driver compatible with newer elements.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas BOURGOIN <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: use DT HUK NVMEM layout API

Adds the possibility to get the HUK from OTP definition in the device tree
using the function stm32_bsec_find_otp_in_nvmem_layout().

Signed-off-b

drivers: stm32mp15_huk: use DT HUK NVMEM layout API

Adds the possibility to get the HUK from OTP definition in the device tree
using the function stm32_bsec_find_otp_in_nvmem_layout().

Signed-off-by: Thomas BOURGOIN <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

se050: ecc: SE050-F shared secret

The SE050-F does not support shared secret generation.
Allow this operation to also fallback to its software implementation.

Fixes: 6cc77cdd73aa ("crypto: drivers:

se050: ecc: SE050-F shared secret

The SE050-F does not support shared secret generation.
Allow this operation to also fallback to its software implementation.

Fixes: 6cc77cdd73aa ("crypto: drivers: se050-f: ecc: can fallback to softw-ops")
Test: xtest regression_4009
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: attestation: fix compilation incompatible pointer warning

To reproduce (any 64bits platform will do):
$ make PLATFORM=imx-mx8mmevk CFG_ATTESTATION_PTA=y CFG_WERROR=y

core/pta/attestation.c: In

pta: attestation: fix compilation incompatible pointer warning

To reproduce (any 64bits platform will do):
$ make PLATFORM=imx-mx8mmevk CFG_ATTESTATION_PTA=y CFG_WERROR=y

core/pta/attestation.c: In function ‘cmd_get_pubkey’:
core/pta/attestation.c:358:30: warning: initialization of ‘uint32_t *’ {aka ‘unsigned int *’} from incompatible pointer type ‘size_t *’ {aka ‘long unsigned int *’} [-Wincompatible-pointer-types]
358 | uint32_t *e_out_sz = &params[0].memref.size;
| ^
core/pta/attestation.c:360:30: warning: initialization of ‘uint32_t *’ {aka ‘unsigned int *’} from incompatible pointer type ‘size_t *’ {aka ‘long unsigned int *’} [-Wincompatible-pointer-types]
360 | uint32_t *n_out_sz = &params[1].memref.size;
| ^

Fixes: 7509620b8b95 ("GP131: Update TEE_Param")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...