| 552d5e40 | 18-Jul-2022 |
Jelle Sels <jelle.sels@arm.com> |
core: ffa: Allow multiple SPs with same UUID
The FF-A spec allows multiple SPs to have the same UUID. This makes
it possible to use the FF-A UUID as a identifier for the protocol on
top of the FF-A
core: ffa: Allow multiple SPs with same UUID
The FF-A spec allows multiple SPs to have the same UUID. This makes
it possible to use the FF-A UUID as a identifier for the protocol on
top of the FF-A layer.
To achieve this we have to make sure that the FFA_PARTITION_INFO_GET can
return more then one endpoint id if we pass a UUID.
To make sure that there is no collision between the SP binaries names,
we distinguish between the FF-A UUID and the SP UUID. The SP UUID is used
to identify the SP itself. While the FF-A UUID is used as part of the
FF-A protocol.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| f60c6b9c | 26-Jan-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: imx_ele: add ELE driver
Add EdgeLock Enclave (or ELE) driver support.
ELE is a built-in security subsystem available on imx8ulp and imx93
providing security features to the Cortex-A.
Signe
drivers: imx_ele: add ELE driver
Add EdgeLock Enclave (or ELE) driver support.
ELE is a built-in security subsystem available on imx8ulp and imx93
providing security features to the Cortex-A.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 8cd1171e | 26-Jan-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: imx_mu: add MU base address and size for imx93
Add definition of MU_BASE and MU_SIZE for imx93.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.fori
drivers: imx_mu: add MU base address and size for imx93
Add definition of MU_BASE and MU_SIZE for imx93.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 4f89aed3 | 26-Jan-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: imx_mu: add MU base address and size for imx8ulp
Add definition of MU_BASE and MU_SIZE for imx8ulp.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.
drivers: imx_mu: add MU base address and size for imx8ulp
Add definition of MU_BASE and MU_SIZE for imx8ulp.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 753e6fe4 | 24-Feb-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: imx_mu: increase maximum MU message size
Increase MU message maximum size to 17 words. It corresponds to the
biggest message of the ELE API.
Signed-off-by: Clement Faure <clement.faure@nxp
drivers: imx_mu: increase maximum MU message size
Increase MU message maximum size to 17 words. It corresponds to the
biggest message of the ELE API.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 088116c9 | 24-Feb-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: imx_mu: add support for imx93
Add MU support for imx93.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carr
drivers: imx_mu: add support for imx93
Add MU support for imx93.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| abbe1d51 | 23-Mar-2023 |
Balint Dobszay <balint.dobszay@arm.com> |
core: spmc: move FIP SP deinit call
Move the FIP SP deinit call to before starting the SPs. This change does
not affect functionality, it's just to make the SP packages' lifetime
clearer in the code
core: spmc: move FIP SP deinit call
Move the FIP SP deinit call to before starting the SPs. This change does
not affect functionality, it's just to make the SP packages' lifetime
clearer in the code.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
show more ...
|
| 6d7c8c3d | 28-Feb-2023 |
Balint Dobszay <balint.dobszay@arm.com> |
core: spmc: fix FIP SP loading
The memory management in process_sp_pkg() function contains errors. It
tries to add new mappings for the SP packages that reside in the TA_RAM
PA range, but this range
core: spmc: fix FIP SP loading
The memory management in process_sp_pkg() function contains errors. It
tries to add new mappings for the SP packages that reside in the TA_RAM
PA range, but this range is already mapped so this is unnecessary and
wrong. Fix the code by simply using phys_to_virt() instead.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
show more ...
|
| 1478437e | 10-Mar-2023 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: ltc: use SHA-3 crypto accelerated function
Uses the recently provided accelerated SHA-3 function in LTC
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j
core: ltc: use SHA-3 crypto accelerated function
Uses the recently provided accelerated SHA-3 function in LTC
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| c60ed582 | 10-Mar-2023 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions
Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
A
core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions
Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| bfedef0c | 10-Mar-2023 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions
Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPT
core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions
Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 2be3770e | 16-Mar-2023 |
Xu Yizhou <xuyizhou1@huawei.com> |
core: arm64: SM4 CE optimization for ARMv8.2
Enabled with CFG_CRYPTO_SM4_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang
core: arm64: SM4 CE optimization for ARMv8.2
Enabled with CFG_CRYPTO_SM4_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 8b5fb12e | 07-Mar-2023 |
Xu Yizhou <xuyizhou1@huawei.com> |
core: arm64: SM4-AESE optimization for ARMv8
Enabled with CFG_CRYPTO_SM4_ARM_AESE=y, set by default if
CFG_CRYPTO_WITH_CE=y.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang
core: arm64: SM4-AESE optimization for ARMv8
Enabled with CFG_CRYPTO_SM4_ARM_AESE=y, set by default if
CFG_CRYPTO_WITH_CE=y.
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Acked-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 6e99433e | 08-Mar-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
core: remove keep pager directive on core_init_mmu_regs()
Function core_init_mmu_regs() does not need to be unpaged, it is needed
at core initialization before MMU is setup. Remove DECLARE_KEEP_PAGE
core: remove keep pager directive on core_init_mmu_regs()
Function core_init_mmu_regs() does not need to be unpaged, it is needed
at core initialization before MMU is setup. Remove DECLARE_KEEP_PAGER()
directive (as done in core_mmu_lpae.c) as core_init_mmu_map() already
brings core_init_mmu_regs() in the init sections.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| dd884cc2 | 06-Mar-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
plat-stm32mp1: conf: support 32bit MMU
Updates CFG_TEE_RAM_VA_SIZE default value and MAX_XLAT_TABLES when
32bit-MMU mapping is used instead of LPAE and default disable LPAE
for STM32MP15 with pager.
plat-stm32mp1: conf: support 32bit MMU
Updates CFG_TEE_RAM_VA_SIZE default value and MAX_XLAT_TABLES when
32bit-MMU mapping is used instead of LPAE and default disable LPAE
for STM32MP15 with pager. This setup optimizes pager resident memory
by about 4kB (1 physical page) in current platform default configuration.
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 1a3d47c5 | 08-Mar-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
clk: stm32mp15: embed clock names only in debug mode
Don't embed clock names when not in debug mode, even when log level
is DEBUG_LEVEL. This saves few bytes of SYSRAM for the pager.
Acked-by: Gati
clk: stm32mp15: embed clock names only in debug mode
Don't embed clock names when not in debug mode, even when log level
is DEBUG_LEVEL. This saves few bytes of SYSRAM for the pager.
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 9cf576a9 | 06-Mar-2023 |
Jerome Forissier <jerome.forissier@linaro.org> |
drivers: crypto: versal: do not use deprecated algorithm macros
The TEE_ALG_ECDSA_P384 and TEE_ALG_ECDSA_P521 constants are deprecated
since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHAR
drivers: crypto: versal: do not use deprecated algorithm macros
The TEE_ALG_ECDSA_P384 and TEE_ALG_ECDSA_P521 constants are deprecated
since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"). Therefore use TEE_ALG_ECDSA_SHA384 or
TEE_ALG_ECDSA_SHA512 instead (no functional change since the
aforementioned commit made them equal).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 53af8d70 | 06-Mar-2023 |
Jerome Forissier <jerome.forissier@linaro.org> |
drivers: crypto: se050: do not use deprecated algorithm macros
The TEE_ALG_ECD{H,SA}_P* constants are deprecated since
commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and
TEE_ALG_
drivers: crypto: se050: do not use deprecated algorithm macros
The TEE_ALG_ECD{H,SA}_P* constants are deprecated since
commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and
TEE_ALG_ECDSA_SHA*"). Therefore use TEE_ALG_ECDSA_SHA* or
TEE_ALG_ECDH_DERIVE_SHARED_SECRET instead (no functional change since
the aforementioned commit made them equal)
Additional checks tying the curve to the algorithm do not apply anymore
since the key size (defined by the curve constant: TEE_ECC_CURVE_*) is
not the same as the hash size anymore (defined by the algorithm:
TEE_ALG_ECDSA_SHA* or TEE_ALG_ECDH_DERIVE_SHARED_SECRET).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| fa40bed5 | 10-Mar-2023 |
Weizhao Jiang <weizhaoj@amazon.com> |
core: fix out-of-bounds access of dump_ctx
Problem: in the case of no UTA running, the buffer of dump_ctx will
be allocated with 0 size and passed to init_dump_ctx(). That causes
buffer overrunning.
core: fix out-of-bounds access of dump_ctx
Problem: in the case of no UTA running, the buffer of dump_ctx will
be allocated with 0 size and passed to init_dump_ctx(). That causes
buffer overrunning.
Solution: Check buffer size before allocate the buffer. If it's 0,
return TEE_ERROR_ITEM_NOT_FOUND.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
show more ...
|
| 442c670a | 19-Dec-2022 |
Clément Léger <clement.leger@bootlin.com> |
drivers: atmel_tcb: Use matrix_dt_get_id() to correctly retrieve the id
Use matrix_dt_get_id() instead of manual address parsing to determine
which matrix ID is to be used. Previously it was plain w
drivers: atmel_tcb: Use matrix_dt_get_id() to correctly retrieve the id
Use matrix_dt_get_id() instead of manual address parsing to determine
which matrix ID is to be used. Previously it was plain wrong since it
compared a virtual address to a physical one and thus compute a wrong
value.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 9a28dbc4 | 19-Dec-2022 |
Clément Léger <clement.leger@bootlin.com> |
plat-sam: matrix: add matrix_dt_get_id() to parse matrix id from dt
Rather than using hardcoded values for matrix identifier in drivers
themselves, (which might change in future hardware SoC), add
m
plat-sam: matrix: add matrix_dt_get_id() to parse matrix id from dt
Rather than using hardcoded values for matrix identifier in drivers
themselves, (which might change in future hardware SoC), add
matrix_dt_get_id() function which allows to retrieve the ID based on a
devite-tree node reg property. This property contains the address of the
peripheral and thus can be used to match the address with an identifier.
This is also useful for peripheral which have multiple instances and thus
id is not the same for all of them.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 0db29820 | 23-Jan-2023 |
Clement Faure <clement.faure@nxp.com> |
core: pta: imx: add manufacturing protection
Add the i.MX PTA to expose CAAM manufacturing protection features:
* Get manufacturing protection public key.
* Get manufacturing protection message.
core: pta: imx: add manufacturing protection
Add the i.MX PTA to expose CAAM manufacturing protection features:
* Get manufacturing protection public key.
* Get manufacturing protection message.
* Message signature with manufacturing protection private key.
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| d538d293 | 23-Jan-2023 |
Clement Faure <clement.faure@nxp.com> |
drivers: caam: add manufacturing protection feature
The CAAM features a "manufacturing protection" functionality.
It is a authentication process used to authenticate the chip to
the OEM's server. Th
drivers: caam: add manufacturing protection feature
The CAAM features a "manufacturing protection" functionality.
It is a authentication process used to authenticate the chip to
the OEM's server. The authentication process can ensure the chip:
* is a genuine NXP part
* is a correct part type
* has been properly fused
* is running a authenticated software
* runs in secure/trusted mode.
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| f5c3d85a | 01-Dec-2020 |
Julien Masson <jmasson@baylibre.com> |
core: crypto: add support MD5 hashes in RSA sign/verify/cipher
Introduce support of using MD5 hashes in RSA sign/verify/cipher
operations, which is required by AOSP Keymaster.
This is verified in
core: crypto: add support MD5 hashes in RSA sign/verify/cipher
Introduce support of using MD5 hashes in RSA sign/verify/cipher
operations, which is required by AOSP Keymaster.
This is verified in VerificationOperationsTest.RsaSuccess VTS Test [1],
which checks usage of such digests: NONE, MD5, SHA1, SHA_2_224, SHA_2_256,
SHA_2_384, SHA_2_512.
This patch has been inspired by commit[2]:
Link: [1] https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
Link: [2] https://github.com/OP-TEE/optee_os/commit/199d0b7310d1705661a106358f1f0b46e4c5c587 ("core: crypto: add support MD5 hashes in RSA sign/verify")
Signed-off-by: Julien Masson <jmasson@baylibre.com>
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 2c952266 | 09-Mar-2023 |
Neal Frager <neal.frager@amd.com> |
core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
With further evaluation of the ZU+ PUF, we have determined that it is
possible for the PUF regeneration time to exceed 3ms. For this reas
core: drivers: zynqmp_csu_puf.c: increase regen time to 6ms
With further evaluation of the ZU+ PUF, we have determined that it is
possible for the PUF regeneration time to exceed 3ms. For this reason,
the 2023.1 version of the Xilinx xilskey library will bump the wait time
for PUF regeneration to 6ms. This patch brings optee in line with this
change.
Signed-off-by: Neal Frager <neal.frager@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
show more ...
|