core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_W

core: arm64: SM3 using ARMv8.2-A cryptographic extensions

Import SM3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SM3_ARM64_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: use SHA-512 crypto accelerated function

Uses the recently provided accelerated SHA-512 function in LTC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if C

core: arm64: SHA-512 using ARMv8.2-A cryptographic extensions

Import SHA-512 assembly code from the Linux kernel (Linaro
contribution). Enabled with CFG_CRYPTO_SHA512_ARM64_CE=y, set by default
if CFG_CRYPTO_WITH_CE82=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: provide kern.ld.S

Provide script to allow linking OP-TEE core for RISC-V.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linar

core: riscv: provide kern.ld.S

Provide script to allow linking OP-TEE core for RISC-V.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: riscv.mk: add mm and tee subdirectories to build tree

Add mm and tee subdirectories to core-platform-subdirs.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by:

core: riscv: riscv.mk: add mm and tee subdirectories to build tree

Add mm and tee subdirectories to core-platform-subdirs.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: kernel: provide link.mk

Link and generate tee.(elf,bin,dmp,map,symb_sizes).

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

core: riscv: kernel: provide link.mk

Link and generate tee.(elf,bin,dmp,map,symb_sizes).

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@found

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might l

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might lead to a build
error.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signe

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050-f: rsa: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signe

crypto: drivers: se050-f: rsa: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050: ecc: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a

crypto: drivers: se050: ecc: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a software
based implementation as long as the private key is not in the secure
element.

Use CFG_NXP_SE05X_ECC_DRV_FALLBACK to enable this feature.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050: rsa: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a

crypto: drivers: se050: rsa: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a software
based implementation as long as the private key is not in the secure
element.

Use CFG_NXP_SE05X_RSA_DRV_FALLBACK to enable this feature.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050-f: rsa: fix support

The NXP SE050-F does not support raw RSA keys, only CRT types.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.

crypto: drivers: se050-f: rsa: fix support

The NXP SE050-F does not support raw RSA keys, only CRT types.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050: adaptor: provide the oefid interface

Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of th

crypto: drivers: se050: adaptor: provide the oefid interface

Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of the device under control

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove stm32mp_is_closed_device()

Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().

S

plat-stm32mp1: remove stm32mp_is_closed_device()

Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: remove protection on debug configuration

Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSE

drivers: stm32_bsec: remove protection on debug configuration

Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSEC configuration registers.

CFG_STM32_BSEC_WRITE is now default enabled and not set to
CFG_TEE_CORE_DEBUG value.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: remove unused functions

Removes unused functions stm32_bsec_otp_lock() and
stm32_bsec_shadow_register().

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-o

drivers: stm32_bsec: remove unused functions

Removes unused functions stm32_bsec_otp_lock() and
stm32_bsec_shadow_register().

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: deprecate BSEC SIP services

As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.

It can be removed in few OP-TEE releases.

Signed-off-by: L

plat-stm32mp1: deprecate BSEC SIP services

As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.

It can be removed in few OP-TEE releases.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: stm32mp: enable BSEC PTA

Default enables the BSEC PTA for STM32MP15x and STM32MP13x.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.che

pta: stm32mp: enable BSEC PTA

Default enables the BSEC PTA for STM32MP15x and STM32MP13x.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: stm32mp: add BSEC PTA

Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.

This interface allows non-secure world clients to get the state of
th

pta: stm32mp: add BSEC PTA

Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.

This interface allows non-secure world clients to get the state of
the BSEC, and read and write the OTPs. The REE has restricted
access on OTPs, the policy is defined in the embedded DT.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: correct BSEC nodes compatible for stm32mp13

Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatibl

dts: stm32: correct BSEC nodes compatible for stm32mp13

Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatible = "st,stm32mp13-bsec".

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: update for stm32mp13

Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.

Signed-off-by: Patrick Delaunay <patrick.delaunay@fos

drivers: stm32_bsec: update for stm32mp13

Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: add low power management

Adds low power management in BSEC driver to save and restore
the debug settings.

It is a preliminary step for BSEC support on STM32MP13.

Signed-off-by

drivers: stm32_bsec: add low power management

Adds low power management in BSEC driver to save and restore
the debug settings.

It is a preliminary step for BSEC support on STM32MP13.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: add new generic interfaces

Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the

drivers: stm32_bsec: add new generic interfaces

Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the driver to enforce security when
trying to access a fuse.

It is a preliminary step for BSEC PTA introduction.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel_wdt: enable watchdog reset

In order to reset the system rather that using an interrupt handler, set
the WDT_MR_WDRSTEN bit which allows to reboot the system.

Signed-off-by: Clément L

drivers: atmel_wdt: enable watchdog reset

In order to reset the system rather that using an interrupt handler, set
the WDT_MR_WDRSTEN bit which allows to reboot the system.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Suggested-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...