core: LTC mpi_desc.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to re

core: LTC mpi_desc.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return
TEE_ERROR_OUT_OF_MEMORY and cause a panic in the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC rsa.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return

core: LTC rsa.c: use mempool_alloc() instead of malloc()

Replace the calls to malloc() and free() with calls to mempool_alloc()
and mempool_free() in order to guarantee that we don't have to return
TEE_ERROR_OUT_OF_MEMORY and cause a panic in the TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device

drivers: versal: physical unclonable function

This driver uses the PLM xilpuf service to deliver the physical
unclonable function (PUF).

The Physical unclonable function (PUF) generates two device unique
signatures per die. One signature is used for the key encryption key
(KEK) and one signature is used as an unique identification value.

The Unique ID is fully accessible and its value can be cleared
(hidden) and regenerated.

The KEK is never accessible and only usable from the AES-GCM engine.

https://github.com/Xilinx/embeddedsw

[1] TRM: https://docs.xilinx.com/r/en-US/am011-versal-acap-trm

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
A

versal: enable the PM driver

This allows the main() program to interrogate for the SoC version as
well as programming the FPGA if required.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal_pm: fix compilation issue

The "struct ipi_cmd" was used during the development of the
versal_mbox driver; during the mbox driver review, the struct was
renamed to versal_ipi_cmd.

Th

drivers: versal_pm: fix compilation issue

The "struct ipi_cmd" was used during the development of the
versal_mbox driver; during the mbox driver review, the struct was
renamed to versal_ipi_cmd.

The code being removed in this commit was merged by mistake.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-b

plat-stm32mp1: use DT NVMEM layout API

Updates stm32_get_iwdg_otp_config() to get HW2 OTP position with
stm32_bsec_find_otp_in_nvmem_layout() instead of a hardcoded
platform OTP index.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.s

dts: stm32: add nvmem layout

Add the nvmem layout for each BSEC associated fuses, update the SOC and
ST boards device trees with OTP cells node.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: support NVMEM cell description in device-tree

Support the nvmem cells description in device tree and
add the platform helper function stm32_bsec_find_otp_in_nvmem_layout()
that

drivers: stm32_bsec: support NVMEM cell description in device-tree

Support the nvmem cells description in device tree and
add the platform helper function stm32_bsec_find_otp_in_nvmem_layout()
that allows drivers to find an OTP location (BSEC word number and bit
size) from the OTP string identifier, name of the cell in device tree.

The bsec driver directly reads the nvmem cells sub node of bsec device.

This allow to remove the hardcoded OTP index in platform and is aligned
with linux kernel binding.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: move debug defines to include

Moves definition of DEBUG status macros from driver source file to
its header file to allow other drivers to control the debug level.
Introduces BS

drivers: stm32_bsec: move debug defines to include

Moves definition of DEBUG status macros from driver source file to
its header file to allow other drivers to control the debug level.
Introduces BSEC_DEBUG_ALL that is the default debug configuration.
Removes configuration masking as it has no use.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use _fdt_reg* API

Changes bsec_dt_otp_nsec_access() to use _fdt_reg_base_address()
and _fdt_reg_size().

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewe

drivers: stm32_bsec: use _fdt_reg* API

Changes bsec_dt_otp_nsec_access() to use _fdt_reg_base_address()
and _fdt_reg_size().

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: correct address in lock support for any upper_base value

The address computed in stm32_bsec_permanent_lock_otp (with hardcoded
+2 offset) only supports OTP upper base offset 32.

drivers: stm32_bsec: correct address in lock support for any upper_base value

The address computed in stm32_bsec_permanent_lock_otp (with hardcoded
+2 offset) only supports OTP upper base offset 32. This patch corrects
to handle any value of OTP upper base.


This patch corrects to handle any value of OTP upper base.
and simplify this part by using division clearer than mask in this
context.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: use U() for unsigned constants

Updates with the U() macro as described in the coding guidelines.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatie

drivers: stm32_bsec: use U() for unsigned constants

Updates with the U() macro as described in the coding guidelines.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_bsec: rework and move BITS_PER_WORD

Transforms BITS_PER_WORD to BSEC_BITS_PER_WORD to specify it is
BSEC-related and move it to BSEC driver header file.

Adds BSEC_BYTES_PER_WORD for

drivers: stm32_bsec: rework and move BITS_PER_WORD

Transforms BITS_PER_WORD to BSEC_BITS_PER_WORD to specify it is
BSEC-related and move it to BSEC driver header file.

Adds BSEC_BYTES_PER_WORD for later use.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: J

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: Fix tee_obj_attr_copy_from for X25519

Make sure in tee_obj_attr_copy_from() if the source object type
is TEE_TYPE_X25519_KEYPAIR the destination object type should be
TEE_TYPE_X25519_P

core: crypto: Fix tee_obj_attr_copy_from for X25519

Make sure in tee_obj_attr_copy_from() if the source object type
is TEE_TYPE_X25519_KEYPAIR the destination object type should be
TEE_TYPE_X25519_PUBLIC_KEY. The function should extract public
key attributes if presented with a key pair object.

According to the TEE Internal Core API Specification v1.2 we should
check if the source is of type *_KEYPAIR then the destination is a
subset of type *_PUBLIC_KEY when populating the destination object as
listed in the Table 5-11.

Fixes: 90040fa4c81c ("core: crypto: add X25519 support")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL

drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(),
have_rx_data() and getchar()) by adding comments to the struct and
making sure the code checks the pointer before using them.

With this it should be clear that drivers do not need to provide
stub functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
-

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
- The SFP driver should be able to:
- Read the entire SFP.
- Read the debug level.
- Read the Intent to Secure (ITS) and Secure Boot (SB) flags.
- Read individual OEM Unique Scratch Pad Fuse (OUID) registers.
- Read individual Super Root Key Hash (SRKH) registers.
- Set the debug level.
- Set the device to permanently program the fuse block by
setting the ITS and SB flags.
- Set individual OUID registers.
- Get the status of the SFP driver itself.
- Update fsl-lx2160a device tree with sfp and gpio nodes.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alt

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alternative IDs which OP-TEE will recognize in addition to the
correct official values when deriving a key using the TEE_ALG_SM2_KEP
algorithm.

TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and
TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters
so there is no need to translate back to the old invalid values.

Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: embedded_ts: use mempool to decompress TS image

Changes embedded TS management to have zlib using default mempool to
allocate buffers for image decompression. This is useful as the process
can

core: embedded_ts: use mempool to decompress TS image

Changes embedded TS management to have zlib using default mempool to
allocate buffers for image decompression. This is useful as the process
can require buffer of several kilobytes.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acke

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algor

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algorithms when CFG_CRYPTO_ED25519=y
and/or CFG_CRYPTO_X25519=y, and CFG_CRYPTOLIB_NAME=mbedtls.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...