dts: at91: fix reg address for secure PIO

The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.

Signed-off-by: Clément Léger <clement.leger@bootlin.c

dts: at91: fix reg address for secure PIO

The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set rstc, shdwc and rtc as secure

Set reset, shutdown and RTC controllers as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carri

dts: sama5d2: set rstc, shdwc and rtc as secure

Set reset, shutdown and RTC controllers as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel-shdwc: check secure status

Check for the shutdown controller secure-status property and if true,
then set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked

drivers: atmel-shdwc: check secure status

Check for the shutdown controller secure-status property and if true,
then set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: atmel-rstc: check for secure status

Check for the reset controller secure-status property and if true, then
set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked

drivers: atmel-rstc: check for secure status

Check for the reset controller secure-status property and if true, then
set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set sckc as secure

The slow clock controller is not used anymore by Linux, set it as
secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etien

dts: sama5d2: set sckc as secure

The slow clock controller is not used anymore by Linux, set it as
secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set pmc as secure

The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.

Signed-off-by: Clément Léger <clement.leger

dts: sama5d2: set pmc as secure

The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: set sfr as secure only

Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.

dts: sama5d2: set sfr as secure only

Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Correct the description of core_is_buffer_outside

Correct the function description of core_is_buffer_outside
in comment.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: J

core: Correct the description of core_is_buffer_outside

Correct the function description of core_is_buffer_outside
in comment.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation

Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced
support for the ED25519 algorithm. This included parsing a
TEE_ATTR_EDDSA

core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation

Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced
support for the ED25519 algorithm. This included parsing a
TEE_ATTR_EDDSA_PREHASH parameter that unfortunately was not fully
compliant with the standard. So fix this with a more strict
interpretation of TEE_ATTR_EDDSA_PREHASH as described in the
specification.

Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow checks in crypto_aes_ccm_init()

aad_len and payload_len are of the type size_t which has a greater range
than int which is used for the corresponding arguments when passed to
ccm_

core: add overflow checks in crypto_aes_ccm_init()

aad_len and payload_len are of the type size_t which has a greater range
than int which is used for the corresponding arguments when passed to
ccm_init(). So to guard against wrapped or truncated values check that
the variables can be in a int first before calling ccm_init().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_storage_obj_write(): handle corrupt object

All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code
is TEE_ERRO

core: syscall_storage_obj_write(): handle corrupt object

All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code
is TEE_ERROR_CORRUPT_OBJECT. This is missing in
syscall_storage_obj_write() so add the missing call to remove the object
if it is corrupt.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC mpi_desc.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to re

core: LTC mpi_desc.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return
TEE_ERROR_OUT_OF_MEMORY and cause a panic in the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC rsa.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return

core: LTC rsa.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return
TEE_ERROR_OUT_OF_MEMORY and cause a panic in the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device unique
signatures per die. One signature is used for the key encryption key
(KEK) and one signature is used as an unique identification value.

The Unique ID is fully accessible and its value can be cleared
(hidden) and regenerated.

The KEK is never accessible and only usable from the AES-GCM engine.

https://github.com/Xilinx/embeddedsw

[1] TRM: https://docs.xilinx.com/r/en-US/am011-versal-acap-trm

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
A

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal_pm: fix compilation issue

The "struct ipi_cmd" was used during the development of the
versal_mbox driver; during the mbox driver review, the struct was
renamed to versal_ipi_cmd.

Th

drivers: versal_pm: fix compilation issue

The "struct ipi_cmd" was used during the development of the
versal_mbox driver; during the mbox driver review, the struct was
renamed to versal_ipi_cmd.

The code being removed in this commit was merged by mistake.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-b

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.s

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: support NVMEM cell description in device-tree

Support the nvmem cells description in device tree and
add the platform helper function stm32_bsec_find_otp_in_nvmem_layout()
that

drivers: stm32_bsec: support NVMEM cell description in device-tree

Support the nvmem cells description in device tree and
add the platform helper function stm32_bsec_find_otp_in_nvmem_layout()
that allows drivers to find an OTP location (BSEC word number and bit
size) from the OTP string identifier, name of the cell in device tree.

The bsec driver directly reads the nvmem cells sub node of bsec device.

This allow to remove the hardcoded OTP index in platform and is aligned
with linux kernel binding.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: move debug defines to include

Moves definition of DEBUG status macros from driver source file to
its header file to allow other drivers to control the debug level.
Introduces BS

drivers: stm32_bsec: move debug defines to include

Moves definition of DEBUG status macros from driver source file to
its header file to allow other drivers to control the debug level.
Introduces BSEC_DEBUG_ALL that is the default debug configuration.
Removes configuration masking as it has no use.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use _fdt_reg* API

Changes bsec_dt_otp_nsec_access() to use _fdt_reg_base_address()
and _fdt_reg_size().

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewe

drivers: stm32_bsec: use _fdt_reg* API

Changes bsec_dt_otp_nsec_access() to use _fdt_reg_base_address()
and _fdt_reg_size().

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: correct address in lock support for any upper_base value

The address computed in stm32_bsec_permanent_lock_otp (with hardcoded
+2 offset) only supports OTP upper base offset 32.

drivers: stm32_bsec: correct address in lock support for any upper_base value

The address computed in stm32_bsec_permanent_lock_otp (with hardcoded
+2 offset) only supports OTP upper base offset 32. This patch corrects
to handle any value of OTP upper base.


This patch corrects to handle any value of OTP upper base.
and simplify this part by using division clearer than mask in this
context.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use U() for unsigned constants

Updates with the U() macro as described in the coding guidelines.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatie

drivers: stm32_bsec: use U() for unsigned constants

Updates with the U() macro as described in the coding guidelines.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: rework and move BITS_PER_WORD

Transforms BITS_PER_WORD to BSEC_BITS_PER_WORD to specify it is
BSEC-related and move it to BSEC driver header file.

Adds BSEC_BYTES_PER_WORD for

drivers: stm32_bsec: rework and move BITS_PER_WORD

Transforms BITS_PER_WORD to BSEC_BITS_PER_WORD to specify it is
BSEC-related and move it to BSEC driver header file.

Adds BSEC_BYTES_PER_WORD for later use.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...