| a40be7eb | 08-Dec-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: drivers: se050: rsa: fallback to softw-ops
Operations that require a public key might fallback to a software
based implementation.
Operations that require a private key might fallback to a
crypto: drivers: se050: rsa: fallback to softw-ops
Operations that require a public key might fallback to a software
based implementation.
Operations that require a private key might fallback to a software
based implementation as long as the private key is not in the secure
element.
Use CFG_NXP_SE05X_RSA_DRV_FALLBACK to enable this feature.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| f8dc3669 | 08-Dec-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: drivers: se050-f: rsa: fix support
The NXP SE050-F does not support raw RSA keys, only CRT types.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.
crypto: drivers: se050-f: rsa: fix support
The NXP SE050-F does not support raw RSA keys, only CRT types.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 73bc4c59 | 08-Dec-2022 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: drivers: se050: adaptor: provide the oefid interface
Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of th
crypto: drivers: se050: adaptor: provide the oefid interface
Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of the device under control
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 1d7bc98c | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
plat-stm32mp1: remove stm32mp_is_closed_device()
Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().
S
plat-stm32mp1: remove stm32mp_is_closed_device()
Removes stm32mp_is_closed_device() platform function and related
resources as it is superseded by BSEC driver API function
stm32_bsec_get_state().
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 4b4b84a8 | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
drivers: stm32_bsec: remove protection on debug configuration
Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSE
drivers: stm32_bsec: remove protection on debug configuration
Keeps stm32_bsec_write_debug_conf() out of CFG_STM32_BSEC_WRITE
purpose. This switch must protect OTP memory writes, not accesses
to BSEC configuration registers.
CFG_STM32_BSEC_WRITE is now default enabled and not set to
CFG_TEE_CORE_DEBUG value.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| a638030b | 07-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
drivers: stm32_bsec: remove unused functions
Removes unused functions stm32_bsec_otp_lock() and
stm32_bsec_shadow_register().
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-o
drivers: stm32_bsec: remove unused functions
Removes unused functions stm32_bsec_otp_lock() and
stm32_bsec_shadow_register().
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| eab94876 | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
plat-stm32mp1: deprecate BSEC SIP services
As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.
It can be removed in few OP-TEE releases.
Signed-off-by: L
plat-stm32mp1: deprecate BSEC SIP services
As the interface is now managed using PTA BSEC, the
SMC SIP services can be set as deprecated.
It can be removed in few OP-TEE releases.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| dae611ea | 07-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
pta: stm32mp: enable BSEC PTA
Default enables the BSEC PTA for STM32MP15x and STM32MP13x.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.che
pta: stm32mp: enable BSEC PTA
Default enables the BSEC PTA for STM32MP15x and STM32MP13x.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 4583de06 | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
pta: stm32mp: add BSEC PTA
Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.
This interface allows non-secure world clients to get the state of
th
pta: stm32mp: add BSEC PTA
Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.
This interface allows non-secure world clients to get the state of
the BSEC, and read and write the OTPs. The REE has restricted
access on OTPs, the policy is defined in the embedded DT.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| ee649fe8 | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
dts: stm32: correct BSEC nodes compatible for stm32mp13
Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatibl
dts: stm32: correct BSEC nodes compatible for stm32mp13
Device tree alignment with kernel and latest binding for BSEC node:
the rev2.0 is used on STM32MP13x devices with the new compatible
compatible = "st,stm32mp13-bsec".
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| e090bb5a | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
drivers: stm32_bsec: update for stm32mp13
Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.
Signed-off-by: Patrick Delaunay <patrick.delaunay@fos
drivers: stm32_bsec: update for stm32mp13
Adds support for stm32mp13x platforms in BSEC driver.
Permanent lock status is updated without reset.
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| d6df31b0 | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
drivers: stm32_bsec: add low power management
Adds low power management in BSEC driver to save and restore
the debug settings.
It is a preliminary step for BSEC support on STM32MP13.
Signed-off-by
drivers: stm32_bsec: add low power management
Adds low power management in BSEC driver to save and restore
the debug settings.
It is a preliminary step for BSEC support on STM32MP13.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 7dfc80ab | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
drivers: stm32_bsec: add new generic interfaces
Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the
drivers: stm32_bsec: add new generic interfaces
Exports generic functions to retrieve the BSEC state and check
if a fuse can be read depending on the BSEC current state.
Adds some robustness in the driver to enforce security when
trying to access a fuse.
It is a preliminary step for BSEC PTA introduction.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| d5d94b35 | 02-Nov-2022 |
Clément Léger <clement.leger@bootlin.com> |
drivers: atmel_wdt: enable watchdog reset
In order to reset the system rather that using an interrupt handler, set
the WDT_MR_WDRSTEN bit which allows to reboot the system.
Signed-off-by: Clément L
drivers: atmel_wdt: enable watchdog reset
In order to reset the system rather that using an interrupt handler, set
the WDT_MR_WDRSTEN bit which allows to reboot the system.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Suggested-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| d16bc0a9 | 22-Feb-2022 |
Clément Léger <clement.leger@bootlin.com> |
dts: at91: fix reg address for secure PIO
The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.
Signed-off-by: Clément Léger <clement.leger@bootlin.c
dts: at91: fix reg address for secure PIO
The secure PIO controller is located at 0xfc039000 not 0xfc038000. Fix
this in all at91 device-trees.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 51a05df1 | 25-Jan-2022 |
Clément Léger <clement.leger@bootlin.com> |
dts: sama5d2: set rstc, shdwc and rtc as secure
Set reset, shutdown and RTC controllers as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carri
dts: sama5d2: set rstc, shdwc and rtc as secure
Set reset, shutdown and RTC controllers as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| c2daaa37 | 25-Jan-2022 |
Clément Léger <clement.leger@bootlin.com> |
drivers: atmel-shdwc: check secure status
Check for the shutdown controller secure-status property and if true,
then set it as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked
drivers: atmel-shdwc: check secure status
Check for the shutdown controller secure-status property and if true,
then set it as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| c2c7da1d | 25-Jan-2022 |
Clément Léger <clement.leger@bootlin.com> |
drivers: atmel-rstc: check for secure status
Check for the reset controller secure-status property and if true, then
set it as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked
drivers: atmel-rstc: check for secure status
Check for the reset controller secure-status property and if true, then
set it as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| ae0e2fec | 27-Oct-2021 |
Clément Léger <clement.leger@bootlin.com> |
dts: sama5d2: set sckc as secure
The slow clock controller is not used anymore by Linux, set it as
secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etien
dts: sama5d2: set sckc as secure
The slow clock controller is not used anymore by Linux, set it as
secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 3fea76be | 27-Oct-2021 |
Clément Léger <clement.leger@bootlin.com> |
dts: sama5d2: set pmc as secure
The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.
Signed-off-by: Clément Léger <clement.leger
dts: sama5d2: set pmc as secure
The PMC was not set as secure up to now but since all the PSCI support
allows using the PMC through it, set it as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 21acbe56 | 28-Jun-2021 |
Clément Léger <clement.leger@bootlin.com> |
dts: sama5d2: set sfr as secure only
Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.
dts: sama5d2: set sfr as secure only
Now that all the drivers for the sfr components are present in OP-TEE,
we can safely set the sfr as secure.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 33e931b1 | 23-Dec-2022 |
Mark-PK Tsai <mark-pk.tsai@mediatek.com> |
core: Correct the description of core_is_buffer_outside
Correct the function description of core_is_buffer_outside
in comment.
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: J
core: Correct the description of core_is_buffer_outside
Correct the function description of core_is_buffer_outside
in comment.
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 3e8a6147 | 15-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation
Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced
support for the ED25519 algorithm. This included parsing a
TEE_ATTR_EDDSA
core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation
Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced
support for the ED25519 algorithm. This included parsing a
TEE_ATTR_EDDSA_PREHASH parameter that unfortunately was not fully
compliant with the standard. So fix this with a more strict
interpretation of TEE_ATTR_EDDSA_PREHASH as described in the
specification.
Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 2373e1b9 | 01-Sep-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: add overflow checks in crypto_aes_ccm_init()
aad_len and payload_len are of the type size_t which has a greater range
than int which is used for the corresponding arguments when passed to
ccm_
core: add overflow checks in crypto_aes_ccm_init()
aad_len and payload_len are of the type size_t which has a greater range
than int which is used for the corresponding arguments when passed to
ccm_init(). So to guard against wrapped or truncated values check that
the variables can be in a int first before calling ccm_init().
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| de1cd722 | 20-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: syscall_storage_obj_write(): handle corrupt object
All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code
is TEE_ERRO
core: syscall_storage_obj_write(): handle corrupt object
All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code
is TEE_ERROR_CORRUPT_OBJECT. This is missing in
syscall_storage_obj_write() so add the missing call to remove the object
if it is corrupt.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|