core: ts_manager: remove unneeded check

The function ts_get_current_session() can not return NULL as panic()
would abort the execution in that case.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundr

core: ts_manager: remove unneeded check

The function ts_get_current_session() can not return NULL as panic()
would abort the execution in that case.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: Process manifest endpoint_id

The manifest can specify the endpoint ID for a SP. Process it and make
sure that 2 SPs don't have the same endpoint ID.
The sp_init_uuid() has been split into

core: ffa: Process manifest endpoint_id

The manifest can specify the endpoint ID for a SP. Process it and make
sure that 2 SPs don't have the same endpoint ID.
The sp_init_uuid() has been split into 2 functions (sp_init_uuid() and
sp_first_run()), this is needed to make sure that the SPs has the
correct endpoint ID during it's first run.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending inte

drivers: xiphera_trng: Allow interrupts while waiting for random

If for some reason getting new random values take a bit longer toggle
interrupt masks on/off while waiting.

This allows pending interrupts to be served faster in REE side as getting
new random might not be that important. At the same time it gives more
time for random number generation to complete and not just performing
spinning and waiting.

It was originally recommended by TRNG vendor not to cache previous partial
results in memory. TRNG itself is rather fast so there should
be always fresh bytes available for consumption. Thus to simplify the code
remove the FIFO construct.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a u

core: drivers: stm32mp15 Hardware Unique Key driver

Generate a secret Hardware Unique Key from BSEC OTPs.

The algorithm used simplifies the device provisioning phase because
it does not require a unique per device secret to be fused: just a key
common to all devices.

The algorithm uses a 128 bit symmetric key stored as four 32 bit words
read from OTP fuses.

The HUK is calculated by AES-GCM encrypting the device UID (96 bits).

Since the UID is persistent - and so should be the key - the NONCE can
be reused and hold any value.

The OTP values must be secrets but don't need to be unique per-device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: fix Ed25519 signature

Fixes signature size value not properly set from caller argument
in crypto_acipher_ed25519_sign() and crypto_acipher_ed25519ctx_sign().

Prior this patch cou

core: libtomcrypt: fix Ed25519 signature

Fixes signature size value not properly set from caller argument
in crypto_acipher_ed25519_sign() and crypto_acipher_ed25519ctx_sign().

Prior this patch could execution fail or not fail and possibly overflow
caller passed buffer, depending on content previously loaded in siglen
stack memory cell.

Fixes: a116848b51a2 ("core: libtomcrypt: add Ed25519 support")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor O

plat-stm32mp1: add support for i2c5 bus

This allows stm32_i2c driver to properly initialize and use
i2c5 bus on stm32mp15 SoC.

Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: fallthrough macro instead of comment

Use fallthrough macro instead of /* Fall Through */ comments.
This addresses this checkpatch warning:
WARNING: Prefer 'fallthrough;' over fallthro

plat-stm32mp1: fallthrough macro instead of comment

Use fallthrough macro instead of /* Fall Through */ comments.
This addresses this checkpatch warning:
WARNING: Prefer 'fallthrough;' over fallthrough comment

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default enable CFG_EXTERNAL_DT for mp15

Changes stm32mp1 MP15 variant default configuration for
CFG_EXTERNAL_DT that is now default enabled. This is needed as
mainline U-Boot an

plat-stm32mp1: conf: default enable CFG_EXTERNAL_DT for mp15

Changes stm32mp1 MP15 variant default configuration for
CFG_EXTERNAL_DT that is now default enabled. This is needed as
mainline U-Boot and Linux may not yet define the necessary
optee nodes in their DT. Therefore prefer external DT be
accessed by default and let external OP-TEE configuration
disable the switch if desired.

This change does not modify MP13 variant default configuration
where CFG_EXTERNAL_DT is default disabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: entry_a64.S: add missing isb in init_pauth_per_cpu()

After updating sctlr_el1 to enable pointer authentication, the isb
instruction is needed to ensure that the subsequent code execution
is co

core: entry_a64.S: add missing isb in init_pauth_per_cpu()

After updating sctlr_el1 to enable pointer authentication, the isb
instruction is needed to ensure that the subsequent code execution
is correct.

Fixes: 93dc6b2960b9 ("core: add pointer authentication support")
Signed-off-by: Jason Li <jasl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: add () in commit subject]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the re

drivers: versal: PM service

Calls the TF-A exported SiP services or PLM PM APIs.

The programming of the FPGA bitstream is being phased out from the TF-A
so it is no longer supported as such: the recommended interface uses
the MBOX driver to the PLM.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key duri

crypto: se050: updates to the crypto object deletion interface

Keys created on the Secure Element NVM via the PKCS#11 TA are removed
by scanning the data buffer holding the reference to the key during
the release of the object.

The storage allocated to hold those keys (ECC/RSA) is always below the
page size length which seems like a reasonable figure to use for future
extensions.

- This commit avoids scanning objects larger than that length.

This commit also updates the interface to delegate the actual handling
of the object to the crypto driver instead of passing just the raw data
contained in the object.

The cryptographic layer is also being allowed to block the deletion of
the object. This is to cover the scenario where the I2C device is not
accessible while a reference to the key is being removed from the secure
storage in the filesystem.

Incidentally also fixes regression 6018: this test releases an object
of size 0xA0000 which can't be scanned due to this part of the code
hitting an Out of Memory condition.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: E

plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use t

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use this
external device tree. This change is useful on 32bits systems where
OP-TEE only needs to pass BL33 DTB base address provided by earlier
boot stage: TF-A BL2.

CFG_EXTERNAL_DT default value is defined by CFG_DT for backward
compatibility of OP-TEE default configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR

The ECC curve is not an attribute of an Ed25519 key pair, let alone a
mandatory one for key generation. It was mis

core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR

The ECC curve is not an attribute of an Ed25519 key pair, let alone a
mandatory one for key generation. It was mistakenly added by commit
03e07432b68f ("ta: pkcs11: Add Ed25519 support"), thus breaking xtest
regression_4007_ed25519 (subcase .1 Generate Ed25519 key).
Remove that attribute from the key type definition.

Fixes: 03e07432b68f ("ta: pkcs11: Add Ed25519 support")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definitio

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definition.

Link: [1] 2380d70 ("core: mmu: fix overflow with high address in tee_mm_pool_t")
Signed-off-by: james.jiang <james.jiang@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.fori

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
[jf: wrap line >80 characters]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than
TEE_NUM_PARAMS copy_in_params() will return an error and
cleanup_shm_refs() is called to clean up.

This leads to accessing uint64_t saved_attr[TEE_NUM_PARAMS] in
entry_invoke_command() or entry_open_session() out of bounds and
possibly also the u[TEE_NUM_PARAMS] array in struct tee_ta_param.

So fix this by capping num_params TEE_NUM_PARAMS in cleanup_shm_refs().

Fixes: b05cd886e06d ("core: enable non-contiguous temporary reference parameters")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-editor.org/rfc/rfc8420.html
A.1. ASN.1 Object for Ed25519

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libtomcrypt: Remove prng_state* NULL pointer check from ed25519_make_key()

For the same reasons as in commit 2d7740f6f44c ("core: libtomcrypt:
Remove prng_state* NULL pointer check from x25519_make_

libtomcrypt: Remove prng_state* NULL pointer check from ed25519_make_key()

For the same reasons as in commit 2d7740f6f44c ("core: libtomcrypt:
Remove prng_state* NULL pointer check from x25519_make_key()"), remove
the NULL pointer check in ed25519_make_key().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Car

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it is subject of
regular updates.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: plat-spike: default configuration for Spike platform

This commit sets the build configuration for a minimalist core to run
on Spike platform.

Signed-off-by: Marouene Boubakri <marouene

core: riscv: plat-spike: default configuration for Spike platform

This commit sets the build configuration for a minimalist core to run
on Spike platform.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c:

core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c: In function 'select_vector_wa_spectre_bhb':
core/arch/arm/kernel/thread.c:644:48: error: 'thread_user_kdata_page' undeclared (first use in this function); did you mean 'thread_user_kcode_size'?
644 | struct thread_core_local *cl = (void *)thread_user_kdata_page;
| ^~~~~~~~~~~~~~~~~~~~~~
| thread_user_kcode_size
core/arch/arm/kernel/thread.c:644:48: note: each undeclared identifier is reported only once for each function it appears in
core/arch/arm/kernel/thread.c:646:27: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
646 | cl[get_core_pos()].bhb_loop_count = loop_count;
| ^
core/arch/arm/kernel/thread.c:648:32: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
648 | thread_get_core_local()->bhb_loop_count = loop_count;
| ^~

Fix this by disabling the unused code.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
ar

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
are available in struct user_mode_ctx so pass a pointer to that struct
instead. This saves a few function arguments and also makes it a bit
more clear how a function can be used.

pgt_clear_ctx_range(), pgt_flush_ctx_range() and pgt_flush_ctx() are
renamed to drop the "_ctx" part in their names since it's not relevant
any longer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...