plat-versal: allow RPMB init only on secured boards

Allow writing the RPMB key only on secured boards.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.for

plat-versal: allow RPMB init only on secured boards

Allow writing the RPMB key only on secured boards.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge

plat-versal: print platform information

Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build

drivers: versal: hardware unique key

The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.

The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.

The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))

The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: clk: fix dt helper function description when clock is optional

Fixes clk_dt_get_by_index() and clk_dt_get_by_name() inline description
comments to state these functions return TEE_ERROR_ITEM_N

core: clk: fix dt helper function description when clock is optional

Fixes clk_dt_get_by_index() and clk_dt_get_by_name() inline description
comments to state these functions return TEE_ERROR_ITEM_NOT_FOUND when
the consumer DT node does not define a clock resource as for devices
where some clocks are optional. These functions return such error code
since commit [1].

Link: [1] 0adca93a5c68 ("core: dt_driver: differentiate error codes if property is not found")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: fix inline comment regarding clock references

Fixes inline description comments for get_of_device_func typedef and
functions dt_driver_device_from_node_idx_prop() and
fdt_get_dt_dri

core: dt_driver: fix inline comment regarding clock references

Fixes inline description comments for get_of_device_func typedef and
functions dt_driver_device_from_node_idx_prop() and
fdt_get_dt_driver_cells() as they do not only relate to clock drivers.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: notif: allow GIC_PPI usage for async notif

Allows to use GIC_PPI interrupts for asynchronous notification.

This change replace macro COMPILE_TIME_ASSERT() with static_assert()
as the former i

core: notif: allow GIC_PPI usage for async notif

Allows to use GIC_PPI interrupts for asynchronous notification.

This change replace macro COMPILE_TIME_ASSERT() with static_assert()
as the former is deprecated.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partiti

core: sp: Allow v2 FIP package format

Commit [1] in Trusted Firmware-A slightly changes the SP package format
in the FIP image. The new format is compatible with the previous version
but the partition manifest and the SP binary are now stored at a 4k
aligned offset in the SP package. The main reasoning behind this is to
simplify the SP load process in other SPMC implementations (i.e.
Hafnium). OP-TEE already supports loading the manifest and the SP binary
from an arbitrary offset thus it is only necessary to allow the new
package version number on FIP SP load.

Link: [1] https://github.com/ARM-software/arm-trusted-firmware/commit/2e82874cc9b7922e000dd4d7718e3153e347b1d7
Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed

plat-mediatek: add support for MT8195 SoC

Add OP-TEE support for the MT8195 SoC.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) an

plat-stm32mp1: don't register SYSRAM twice when scmi-msg are enabled

Fixes stm32mp1 platform to not register the SCMI shared memory twice
when scmi-msg drivers are enable (CFG_SCMI_MSG_DRIVERS=y) and SCP firmware
SCMI library disabled (CFG_SCMI_SCPFW=n). The faulty fixed referenced
commit introduced this duplicated device memory registration when adding
support for SCP firmware SCMI library where this registration was added
in main.c but not removed from plat-stm32mp1/scmi-server.c.

Before this fix, the debug trace below was printed:
D/TC:0 add_phys_mem:649 Physical mem map overlaps 0x2ffff000

Fixes: 986fccc8150b ("plat-stm32mp1: support building with CFG_SCMI_SCPFW=y")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien

plat-stm32mp1: fix SYSRAM size on stm32mp13 variants

Fixes internal RAM SYSRAM size on STM32MP13 variants that is 128kB.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: fix typo in open session test

Fixes a typo in config switch name CFG_SCMI_MSG_DRIVERS in SCMI PTA
open session function.

Fixes: 7ff454421a8c ("core: pta: scmi: support SCP-firmware

core: pta: scmi: fix typo in open session test

Fixes a typo in config switch name CFG_SCMI_MSG_DRIVERS in SCMI PTA
open session function.

Fixes: 7ff454421a8c ("core: pta: scmi: support SCP-firmware SCMI resources")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

core: log capabilities with INFO level

Use IMSG() to log the capabilities that depend on configuration, which
are: reserved and dynamic shared memory, virtualization and asynchronous
notifications.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: rstctrl: differentiate error codes if items not found

Differentiates error codes in rstctrl_dt_get_by_name() if reset-names
property does not exist by returning TEE_ERROR_ITEM_NOT_FOUND.
Ad

drivers: rstctrl: differentiate error codes if items not found

Differentiates error codes in rstctrl_dt_get_by_name() if reset-names
property does not exist by returning TEE_ERROR_ITEM_NOT_FOUND.
Add comment for rstctrl_dt_get_by_index() that can now return
TEE_ERROR_ITEM_NOT_FOUND.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: differentiate error codes if property is not found

Differentiates error codes in dt_driver_device_from_node_idx_prop() if
the requested resource is not found by returning TEE_ERROR_

core: dt_driver: differentiate error codes if property is not found

Differentiates error codes in dt_driver_device_from_node_idx_prop() if
the requested resource is not found by returning TEE_ERROR_ITEM_NOT_FOUND.
This is useful to differentiate cases for optional properties in
drivers.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-cal

plat-vexpress: fvp and qemuv8a support building with CFG_SCMI_SCPFW=y

Adds support for CFG_SCMI_SCPFW to platform flavors vexpress-fvp and
vexpress-qemuv8a. Both rely on the same SCP-firmware so-called product
configuration named "optee-fvp".

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg d

plat-stm32mp1: support building with CFG_SCMI_SCPFW=y

Support building with CFG_SCMI_SCPFW=y. This configuration embeds
SCMI services built from SCP-firmware implementation instead of the
scmi-msg drivers and platform local scmi_server.c.

This change also default disables SCMI SiP SMC entries as the PTA is the
default SCMI commands entry point and ensures at least one of the SCMI
server implementation is default enabled, that is, if CFG_SCMI_SCPFW
is disabled then CFG_SCMI_MSG_DRIVERS is default enabled.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: support SCP-firmware SCMI resources

Updates SCMI PTA to use SCP-firmware resources when CFG_SCMI_SCPFW=y.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Fori

core: pta: scmi: support SCP-firmware SCMI resources

Updates SCMI PTA to use SCP-firmware resources when CFG_SCMI_SCPFW=y.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set

core: lib: scmi-server: Build a SCMI server from SCP-firmware

Adds build of an SCMI server library using SCP-firmware source tree
upon boolean configuration switch CFG_SCMI_SCPFW. Platform must set
the SCP firmware target product with CFG_SCMI_SCPFW_PRODUCT and the
root path of the SCP-firmware source tree with CFG_SCP_FIRMWARE.

CFG_SCMI_SCPFW and CFG_SCMI_MSG_DRIVERS are exclusives alternate
implementations of SCMI services. The former implements almost all
the SCMI specification while the later implements only basic SCMI
services.

SCP-firmware is configured with CMake as an external project to
generate the embedded module resource source and header files to
be built with SCP-firmware.

This commit integrates the 2 SCP-firmware products designed for OP-TEE
in SCP-firmware source tree. Product optee-fvp targets platform vexpress
flavors FVP and Qemus. Product optee-stm32mp1 targets platform stm32mp1.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: simplify scmi-msg case in open session

Allows session opening when CFG_SCMI_MSG_DRIVERS is enabled instead
of testing the 2 possible scmi-msg transport protocol config switches.

Ac

core: pta: scmi: simplify scmi-msg case in open session

Allows session opening when CFG_SCMI_MSG_DRIVERS is enabled instead
of testing the 2 possible scmi-msg transport protocol config switches.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: internal switches for supported transports

Adds internal configuration switch _CFG_SMCI_PTA_SMT_HEADER
and _CFG_SCMI_PTA_MSG_HEADER to specify which are supported.
This change will

core: pta: scmi: internal switches for supported transports

Adds internal configuration switch _CFG_SMCI_PTA_SMT_HEADER
and _CFG_SCMI_PTA_MSG_HEADER to specify which are supported.
This change will ease integration of the alternate SCMI server
build from SCP-firmware.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@

core: use IS_ENABLED2()

Replaces use of IS_ENABLED() with IS_ENABLED2() where applicable.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: add support for clk_get_rates_array

In order to query rates from clients, add get_rates_array() which
returns a supported rate array.

Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>

drivers: clk: add support for clk_get_rates_array

In order to query rates from clients, add get_rates_array() which
returns a supported rate array.

Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform confi

drivers: stm32_bsec: use DT NVMEM layout API

Uses OTP definition in the device tree, by using the function
stm32_bsec_find_otp_in_nvmem_layout() and removes the
hardcoded OTP index in platform config.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms

STM32MP1x platforms now mandate an embedded device tree using
CFG_EMBED_DTB_SOURCE_FILE. This decision simplifies platform

plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms

STM32MP1x platforms now mandate an embedded device tree using
CFG_EMBED_DTB_SOURCE_FILE. This decision simplifies platform
configuration and complies with existing flavors that all define an
embedded DT. This change makes stm32mp157c-dk2.dts the default
embedded DTB when none is set.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...