core: mobj_ffa_add_pages_at() trust addresses from SPMC

mobj_ffa_add_pages_at() checks that a supplied physical address is
non-secure. This check is not needed with an SPMC at S-EL2 as we can
trust

core: mobj_ffa_add_pages_at() trust addresses from SPMC

mobj_ffa_add_pages_at() checks that a supplied physical address is
non-secure. This check is not needed with an SPMC at S-EL2 as we can
trust that to only provide verified addresses. So disable the check for
non-secure memory in that case, this has also the advantage that OP-TEE
no longer need to know the valid ranges of non-secure memory.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: S-EL1 SPMC: fix handling of fragmented memory descriptors

Prior to this commit there was a misunderstanding of how fragmented
memory descriptors are handled. FFA_MEM_SHARE returned FFA_SU

core: arm: S-EL1 SPMC: fix handling of fragmented memory descriptors

Prior to this commit there was a misunderstanding of how fragmented
memory descriptors are handled. FFA_MEM_SHARE returned FFA_SUCCESS even
when another fragment was expected. FFA_MEM_FRAG_TX returned
FFA_MEM_FRAG_RX even after the last fragment was received.

Fix this by only return FFA_SUCCESS from FFA_MEM_SHARE if the entire
descriptor has been received. If only the first fragment has been
received return FFA_MEM_FRAG_RX instead. Only return FFA_MEM_FRAG_RX
from FFA_MEM_FRAG_TX if further fragments are expected. Return
FFA_SUCCESS from FFA_MEM_FRAG_RX when then entire descriptor has been
received.

Fixes: 1b302ac09816 ("core: enable FF-A with SPM Core at S-EL1")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: S-EL1 SPMC: boot ABI update

Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
like Hafnium, but also with the non-FF-A configuration.

Register usage:
X0 - TOS FW conf

core: arm: S-EL1 SPMC: boot ABI update

Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
like Hafnium, but also with the non-FF-A configuration.

Register usage:
X0 - TOS FW config [1] address, if not NULL
X2 - System DTB, if not NULL

Adds check in the default get_aslr_seed() to see if the system DTB is
present before trying to read kaslr-seed from secure-chosen.

Note that this is an incompatible change and requires corresponding
change in TF-A ("feat(qemu): update abi between spmd and spmc") [2].

[1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware configuration
file. Used by Trusted OS (BL32), that is, OP-TEE in this case
Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: remove unused pin description for uart8

Uart8 was removed. Removes unused pin description for this peripheral.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by:

dts: stm32: remove unused pin description for uart8

Uart8 was removed. Removes unused pin description for this peripheral.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: fix indentation and remove unused uart8 for STM32MP135F-DK

Removes uart8 node as it is unused.

Fixes indentation issue for reserved-memory node.

Signed-off-by: Gatien Chevallier <gatie

dts: stm32: fix indentation and remove unused uart8 for STM32MP135F-DK

Removes uart8 node as it is unused.

Fixes indentation issue for reserved-memory node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: make stm32_rng_read() static

Reading a random number should be done via the generic API.

Makes stm32_rng_read() static as it is unused in other files and remove
stm32_rng.h, whi

drivers: stm32_rng: make stm32_rng_read() static

Reading a random number should be done via the generic API.

Makes stm32_rng_read() static as it is unused in other files and remove
stm32_rng.h, which is now empty.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: override plat_rng_init() if hardware RNG

Avoids useless operations by overriding plat_rng_init() and do nothing.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

drivers: stm32_rng: override plat_rng_init() if hardware RNG

Avoids useless operations by overriding plat_rng_init() and do nothing.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: implement late seed error detection

As per STM32MP1x specification, rare seed error conditions must be
considered when random value read from DR register is zero.

Signed-off-by:

drivers: stm32_rng: implement late seed error detection

As per STM32MP1x specification, rare seed error conditions must be
considered when random value read from DR register is zero.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: pm callbacks

Implements power management (suspend/resume) functions in stm32_rng
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

drivers: stm32_rng: pm callbacks

Implements power management (suspend/resume) functions in stm32_rng
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: support clock error detection

Adds clock error detection configuration when the clock-error-detect
property is set in the RNG node in the device tree.

Signed-off-by: Gatien Chev

drivers: stm32_rng: support clock error detection

Adds clock error detection configuration when the clock-error-detect
property is set in the RNG node in the device tree.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: support conditional reset

Implements a RNG variant error concealment named conditional reset
that requires a software sequence before RNG being able to deliver
again random bytes

drivers: stm32_rng: support conditional reset

Implements a RNG variant error concealment named conditional reset
that requires a software sequence before RNG being able to deliver
again random bytes. It is supported by STM32MP13

RNG peripherals that are supporting conditional reset can dynamically
customize their configuration. Adds support for RNG clock frequency
restraint and NIST configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: call conceal_seed_error() on error cases

Changes conceal_seed_error() implementation to be called only upon
error conditions. This change will ease next integration of
STM32MP13

drivers: stm32_rng: call conceal_seed_error() on error cases

Changes conceal_seed_error() implementation to be called only upon
error conditions. This change will ease next integration of
STM32MP13 variant error concealment implementation.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: cleanup and change sample read timeout to 10ms

10ms timeout is sufficient when reading samples from RNG subsystem
when log level is below TRACE_FLOW log level. This changes renam

drivers: stm32_rng: cleanup and change sample read timeout to 10ms

10ms timeout is sufficient when reading samples from RNG subsystem
when log level is below TRACE_FLOW log level. This changes renames
the timeout value macro to RNG_READY_TIMEOUT_US.

This change also renames the reset timeout value for clarity,
from RNG_TIMEOUT_US_1MS to RNG_RESET_TIMEOUT_US.

Moves RNG_FIFO_BYTE_DEPTH macro definition to source file beginning.
Uses U() macro to define IOMEM registers offsets.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount

drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount field from stm32_rng_instance structure as it is now
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function st

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function stm32_rng_init() is replaced with
a FDT helper function stm32_rng_parse_fdt() and a DT_DRIVER probe
function stm32_rng_probe().

Changes stm32_rng driver initialization sequence to reset, if configured,
the RNG hardware subsystem at driver initialization.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable hardware rng for STM32MP13

Adds RNG node in stm32mp131.dtsi and enables it in stm32mp135f-dk.dts.

Default disables CFG_WITH_SOFTWARE_PRNG for STM32MP13: OP-TEE uses
the HW RNG

plat-stm32mp1: enable hardware rng for STM32MP13

Adds RNG node in stm32mp131.dtsi and enables it in stm32mp135f-dk.dts.

Default disables CFG_WITH_SOFTWARE_PRNG for STM32MP13: OP-TEE uses
the HW RNG support.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acke

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove unused includes

Remove unused includes from main.c

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wik

core: imx: remove unused includes

Remove unused includes from main.c

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error since EM.data value is checked along
EM_gen.data value later.
Check EM.data and EM_gen.data values separately to make Coverity happy.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add StMM to reported services

Adds StMM to the list of services reported by the device pseudo TA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias

core: add StMM to reported services

Adds StMM to the list of services reported by the device pseudo TA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clem

plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wi

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being
retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into
a bignum and back to its original binary value.

This will cause cryptographic operations to fail as the secured keys
and objects become not addressable.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...