core: crypto: change supported HMAC key size ranges

Change supported HMAC key size range from 64 to 1024 when
CFG_HMAC_64_1024_RANGE config is enabled, This is required
to successfully pass AOSP Key

core: crypto: change supported HMAC key size ranges

Change supported HMAC key size range from 64 to 1024 when
CFG_HMAC_64_1024_RANGE config is enabled, This is required
to successfully pass AOSP Keymaster VTS tests.

From TEE Internal Core API specificaion:
"Table 5-9, support for other sizes or algorithms
is implementation-defined."

Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-totalcompute: remap console logs

Remapping console logs from soc uart1 (s0 termial)
to css secure (uart1_ap terminal)

Signed-off-by: Annam Sai Manisha <annam.saimanisha@arm.com>
Acked-by: Jens

plat-totalcompute: remap console logs

Remapping console logs from soc uart1 (s0 termial)
to css secure (uart1_ap terminal)

Signed-off-by: Annam Sai Manisha <annam.saimanisha@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add SM2 ECC encrypt and decrypt

Adds operation handlers for decryption with ECC public keys and
encryption with ECC private keys and implements SM2 curves asymmetric
ciphering.

Sig

drivers: crypto: add SM2 ECC encrypt and decrypt

Adds operation handlers for decryption with ECC public keys and
encryption with ECC private keys and implements SM2 curves asymmetric
ciphering.

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: crypto: add SM2 curve in crypto API

Add SM2 curve in function get_ecc_key_size_bytes().

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.or

drivers: crypto: add SM2 curve in crypto API

Add SM2 curve in function get_ecc_key_size_bytes().

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: enable the CAAM clock when submitting a new job

Make sure the CAAM clock is running before writing to CAAM registers
when submitting a new CAAM job.
Otherwise, it would generate an OP

drivers: caam: enable the CAAM clock when submitting a new job

Make sure the CAAM clock is running before writing to CAAM registers
when submitting a new CAAM job.
Otherwise, it would generate an OPTEE data-abort.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add missing header file

Fix the following warning:

In file included from core/drivers/crypto/caam/hal/imx_8m/hal_cfg.c:8:
core/drivers/crypto/caam/hal/imx_8m/../../include/caam_hal_j

drivers: caam: add missing header file

Fix the following warning:

In file included from core/drivers/crypto/caam/hal/imx_8m/hal_cfg.c:8:
core/drivers/crypto/caam/hal/imx_8m/../../include/caam_hal_jr.h:22:16: warning: ‘enum caam_jr_owner’ declared inside parameter list will not be visible outside of this definition or declaration
22 | enum caam_jr_owner owner);
| ^~~~~~~~~~~~~

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: use register_ddr() to register dynamic shared memory

Use register_ddr() to register all the DDR memory. Secure memory chunks
are automatically carved-out of the defined DDR memory ranges.

core: imx: use register_ddr() to register dynamic shared memory

Use register_ddr() to register all the DDR memory. Secure memory chunks
are automatically carved-out of the defined DDR memory ranges.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: sam: remove hard coded USB clock setup

Now that USB clock is exposed and usable from the device-tree, we can rely
on the "assigned-clock" properties that have been added in the
device-

drivers: clk: sam: remove hard coded USB clock setup

Now that USB clock is exposed and usable from the device-tree, we can rely
on the "assigned-clock" properties that have been added in the
device-tree.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: add assigned-clocks properties for usb

In order for USB to work, the correct clock parents and rates must be
set for USB clock. Assigned UTMI clock for USB clock and set its rate
to 48

dts: sama5d2: add assigned-clocks properties for usb

In order for USB to work, the correct clock parents and rates must be
set for USB clock. Assigned UTMI clock for USB clock and set its rate
to 48000000.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: sam: export audiopll_fracck and usbck

This allows to modify the clocks rate and parents from the device-tree
using assigned-clock-parents/rate properties rather than hardcoding the
clo

drivers: clk: sam: export audiopll_fracck and usbck

This allows to modify the clocks rate and parents from the device-tree
using assigned-clock-parents/rate properties rather than hardcoding the
clocks rate.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: sam: add a macro for count of main clocks

Add a macro instead of using clock index name to define the count of main
clocks. This will ease the changes when exposing new clocks.

Signed

drivers: clk: sam: add a macro for count of main clocks

Add a macro instead of using clock index name to define the count of main
clocks. This will ease the changes when exposing new clocks.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable leng

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable length buffers are supported
for all RSA operations:
- Crypto API checks it for PKCS_V1_5 and OAEP encryptions.
- OAEP decryption already supports it.

This fixes: https://github.com/OP-TEE/optee_os/issues/5841

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>

show more ...

drivers: imx: tzc380: re-configure TZ380 upon PM resume

Call the initialization function of TZC380 upon resume to reconfigure
regions and check region lockdown.

Signed-off-by: Clement Faure <clemen

drivers: imx: tzc380: re-configure TZ380 upon PM resume

Call the initialization function of TZC380 upon resume to reconfigure
regions and check region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: tzc380: do not dump TZASC state before lockdown

Remove the TZASC state dump before the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier

drivers: imx: tzc380: do not dump TZASC state before lockdown

Remove the TZASC state dump before the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: tzc380: add support for 8mscale platforms

Add the TZASC support for all 8mscale platforms.
The TZASC regions on these platforms have an offset equals to
the DRAM base address.

Signed-

drivers: imx: tzc380: add support for 8mscale platforms

Add the TZASC support for all 8mscale platforms.
The TZASC regions on these platforms have an offset equals to
the DRAM base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: add TOS_FW_CONFIG handling

At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
currently only the HW_CONFIG address is saved, the other one is dropped.
This commit add

core: ffa: add TOS_FW_CONFIG handling

At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
currently only the HW_CONFIG address is saved, the other one is dropped.
This commit adds functionality to save the TOS_FW_CONFIG too, so we can
retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
case, because the SPMC manifest is passed in this DT.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: crypto: fix memory leak in Ed25519 support

The software implementation of ED25519 algorithm has a memory leak in the
key and key pair allocation. Upon every public key allocation, a key pair
i

core: crypto: fix memory leak in Ed25519 support

The software implementation of ED25519 algorithm has a memory leak in the
key and key pair allocation. Upon every public key allocation, a key pair
is allocated (public and private components). When freeing the public
key, only the public component is freed. To reproduce the issue:

$ while xtest 4016; do :; done

Until the following error:

* regression_4016 Test TEE Internal API ED25519 sign/verify
E/LD: copy_section_headers:1124 sys_copy_from_ta_bin
E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c /usr/src/debug/optee-test/master.imx-r0/host/xtest/regression_4000.c:6062: xtest_teec_open_session(&session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY, expected 0x0 = TEEC_SUCCESS
regression_4016 FAILED

To fix the memory leak, a separate public key allocation function must
be defined along a ED25519 public key structure.

Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: link.mk: produce tee-raw.bin by default

Adds tee-raw.bin as a dependency of all. This produces a tee-raw.bin for
all platforms when building. tee-raw.bin is more useful than for
instance

core: arm: link.mk: produce tee-raw.bin by default

Adds tee-raw.bin as a dependency of all. This produces a tee-raw.bin for
all platforms when building. tee-raw.bin is more useful than for
instance tee-pager_v2.bin which often is used when a raw binary is
needed. Platforms with a link.mk only to produce tee-raw.bin have their
link.mk removed since the generic version suffices now.

Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-totalcompute: update TZDRAM_SIZE

For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
0x4000 for boot protocol support.

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com

plat-totalcompute: update TZDRAM_SIZE

For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
0x4000 for boot protocol support.

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_*: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB or
CFG_DT are disabled. This change aims to simplify source files and

drivers: stm32_*: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB or
CFG_DT are disabled. This change aims to simplify source files and is
related to commit [1] from which stm32mp1 platform requires DTB for the
drivers configuration.

Link: [1] 474ad1856b56 ("plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB is
disabled. This change aims to simplify source files and is related to

plat-stm32mp1: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB is
disabled. This change aims to simplify source files and is related to
commit [1] from which stm32mp1 platform requires DTB for the drivers
configuration.

Link: [1] 474ad1856b56 ("plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: tpm: fix syntax in trace message

Fixes build warning (trace message below) when CFG_CORE_TPM_EVENT_LOG=y.

core/kernel/tpm.c:115:8: warning: format ‘%lu’ expects argument of type ‘long unsigne

core: tpm: fix syntax in trace message

Fixes build warning (trace message below) when CFG_CORE_TPM_EVENT_LOG=y.

core/kernel/tpm.c:115:8: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
115 | EMSG("TPM: Not enough space for the log: %zu, %lu",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
116 | buf_size, tpm_log_size);
| ~~~~~~~~~~~~
| |
| size_t {aka unsigned int}


Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: enable CFG_PCKS11_TA by default

Enable the PKCS#11 TA in plat-vexpress for easier testing (such as in
CI). With this, the PKCS#11 in-tree TA is built with optee_os and
CFG_PKCS11_TA i

plat-vexpress: enable CFG_PCKS11_TA by default

Enable the PKCS#11 TA in plat-vexpress for easier testing (such as in
CI). With this, the PKCS#11 in-tree TA is built with optee_os and
CFG_PKCS11_TA is exported in the host_include folder of the TA dev kit
(host_include/conf.{mk,h,cmake}) where optee_test will find it and
also enable the PKCS#11 tests.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_armv8a: set default-user-ta-target ?= ta_arm64

Update platform vexpress-qemu_armv8a to build in-tree TAs in 64 bit
mode (ta_arm64) by default instead of 32-bit. This makes more sense
because th

qemu_armv8a: set default-user-ta-target ?= ta_arm64

Update platform vexpress-qemu_armv8a to build in-tree TAs in 64 bit
mode (ta_arm64) by default instead of 32-bit. This makes more sense
because that is the default setting in the OP-TEE development/test
environment [1].

Link: [1] https://github.com/OP-TEE/build/blob/3.20.0/qemu_v8.mk#L8
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: remove duplicate comments

Removing duplicated comments in the existing as well as newly added
functions.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <eti

plat-k3: remove duplicate comments

Removing duplicated comments in the existing as well as newly added
functions.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...