core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struc

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struct
vm_region. The translation tables will be kept available for the S-EL0
context as long at the mappings are unchanged.

Secure Partitions (SPs) can depend on translation tables always being
available and avoid having to wait for translation tables.

Memory for the translation tables is allocated from the same memory as
used for TAs and SPs. The number of available translation tables are
limited by the amount of TA/SP memory available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This m

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This matches better how page tables are managed since pgt_put_all()
doesn't free the tables, they are just put in a cache list from which
they later can be free or re-allocated.

pgt_alloc() to pgt_get_all():
pgt_get_all() may actually not allocate a new table, not if it can be
found in the cache list.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translat

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translation tables
core_mmu_populate_user_map() will only update translation tables which
are new and not populated yet.

Each user space context has a linked list of struct vm_region describing
the logical memory map. To ensure that this logical memory map is kept
in sync with the translation tables in use set_um_region() must be used
to copy the content of a struct vm_region into translation tables as
needed.

If the current context is updated then the pgts currently in use are
updated. However, if the context isn't current then the cached tables
are updated instead. When cached tables are updated some of the needed
translation tables may actually be missing. This is ignored at this
stage and later taken care of by core_mmu_populate_user_map() since
those tables will be new and have the "populated" entry set to false.
Once core_mmu_populate_user_map() has initialized tables "populated" is
set to true for each table.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too.

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too. The purpose of this is to allow core_mmu_populate_user_map() to
skip already initialized translation tables.

Add two helper functions pgt_pop_from_cache_list() and
pgt_push_to_cache_list() to be used when updating the translation tables
currently in the cache list.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etien

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <e

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs wa

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs was enabled this parameter was always true. So simplify the logic by
removing this parameter and where used internally always do as if
save_ctx was true. This means that pgts used for paging will always
first be pushed to the cache list to later be reclaimed by other means.

This patch does not change the de facto behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each priv

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each privileged thread has its own APIA key. There are also a
separate APIA key for each physical core used when handling an abort or
when using the tmp stack.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Ki

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libtomcrypt: ctr_encrypt(): adjust for OP-TEE CE accelerated routines

Commit 8411e6ad673d ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20220913") is missing a local change in
ctr_encryp

libtomcrypt: ctr_encrypt(): adjust for OP-TEE CE accelerated routines

Commit 8411e6ad673d ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20220913") is missing a local change in
ctr_encrypt.c which should have been carried over from the previous
import branch, see commit 5a913ee74d3c ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20180819"). The missing code is from commit
c54b6344cc4e ("core: crypto: cleanup and fix CE accelerated AES CTR").
Most of that commit was made irrelevant after the move of accelerated
code out of core/lib/libtomcrypt/src, except for the bits that touch
ctr_encrypt() in core/lib/libtomcrypt/src/modes/ctr/ctr_encrypt.c.

Re-introduce the needed change. Fixes failures in xtest 4003 when
CFG_CRYPTO_WITH_CE=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in au

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in authentication-rs")
1c8f27245e4f ("core: ltc: fix .qord value in DSA sign and verify")
87431ada69ed ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
7d8cdbb85a57 ("core: ltc: add missing <string_ext.h>")
fa3ac5998cc7 ("core: ltc: import sub.mk files from master and update")
35f56bc9f8c4 ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
85140c1f9be4 ("core: ltc: fix missing mutex unlock")
02f519845bbe ("core: ltc: add SM2 curve parameters")
757ab2c4462d ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
15c897fbe000 ("core: ltc: fix 'switch case misses default'")
6276df75362f ("core: ltc: add custom DH key generation function dh_make_key()")
1da50b460270 ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
6f78a99a6e8c ("libtomcrypt: implement zeromem() with memzero_explicit()")
90eaafe0f10f ("core: LTC use only _CFG_CORE_LTC_ variables")
fbd6fb746576 ("LTC: add GHASH acceleration")
e3ff5f701223 ("ltc: make cipher_descriptor a pointer to descriptors")
fbe13c05804d ("ltc: make hash_descriptor a pointer to descriptors")
6c193f5e561a ("ltc: make prng_descriptor a pointer to descriptors")
9f40d2838fa3 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
4f6b32962d15 ("ECC: optimize the pool of temporary variables")
955eced29a6f ("Import LibTomCrypt v1.18.2 branch "develop" (Sep 13, 2022)")
3717d76418c8 ("Remove LibTomCrypt")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: define the length of the cache line

Explicitly define the length of the cache line for the Versal ACAP
platform.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerom

plat-versal: define the length of the cache line

Explicitly define the length of the cache line for the Versal ACAP
platform.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: add support for SPs in the FIP

This commit introduces support for using SPs from the FIP. TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add tha

core: sp: add support for SPs in the FIP

This commit introduces support for using SPs from the FIP. TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add that to the FIP. During boot BL2 will load these packages into
memory and the SPMC manifest is used to pass the load addresses to the
SPMC. The SP package contains a header, the SP manifest and the SP image
itself [1].

For loading the SP packages the existing embedded SP handling code is
mostly reused. The only difference is that instead of a scattered array
that's created at build time the SP packages are discovered at runtime
and collected into a linked list.

Link: [1] https://trustedfirmware-a.readthedocs.io/en/v2.6/components/secure-partition-manager.html#secure-partition-packages
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: fix sp_dt_get_u64() alignment issue

In the SP DT files 64-bit values are represented by two 32-bit cells.
When loaded into memory, the address of such value might not be 64-bit
aligned. Cu

core: sp: fix sp_dt_get_u64() alignment issue

In the SP DT files 64-bit values are represented by two 32-bit cells.
When loaded into memory, the address of such value might not be 64-bit
aligned. Currently sp_dt_get_u64() simply dereferences a pointer to such
value. This compiles to a 64-bit load instruction, which causes an
alignment fault if the address was not 64-bit aligned.

Replace the direct dereferencing with the fdt64_ld() helper function
which only uses byte loads.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: add DT UUID helper function

Adds helper function to read a UUID from the SP manifest DT and parse it
into a TEE_UUID struct.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-

core: sp: add DT UUID helper function

Adds helper function to read a UUID from the SP manifest DT and parse it
into a TEE_UUID struct.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

drivers: stm32_i2c: optimize the master receive path

Early error detection prevents an invalid read request made to the
device from blocking the bus for the whole transfer timeout.

Signed-off-by: J

drivers: stm32_i2c: optimize the master receive path

Early error detection prevents an invalid read request made to the
device from blocking the bus for the whole transfer timeout.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

se050: glue: i2c_stm32

To add support in the device tree - since the NXP SE05x device node
has not been agreed yet - the user must provide an alias to the bus
where the device is located.

Once the

se050: glue: i2c_stm32

To add support in the device tree - since the NXP SE05x device node
has not been agreed yet - the user must provide an alias to the bus
where the device is located.

Once the SE05X node has been agreed, support will be added to all
OP-TEE supported platforms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_i2c: fix read operations on I2C_MODE_MASTER mode

One of the valid conditions that leads to the generation of a NACK
is when the controller-receiver signals the end of the transfer
to

drivers: stm32_i2c: fix read operations on I2C_MODE_MASTER mode

One of the valid conditions that leads to the generation of a NACK
is when the controller-receiver signals the end of the transfer
to the target transmitter.

The code being fixed - not clearing the NACK - was causing subsequent
write operations to fail.

This has been validated using the NXP SE050 device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: rpc: log error when allocation fails in non-secure world

The error messages printed when the non-secure world fails to allocate
shared memory may be misleading misleading:

E/LD: init_elf:45

core: rpc: log error when allocation fails in non-secure world

The error messages printed when the non-secure world fails to allocate
shared memory may be misleading misleading:

E/LD: init_elf:453 sys_open_ta_bin(cb3e5ba0-adf1-11e0-998b-0002a5d5c51b)
E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c

This looks like an out-of-memory condition (0xffff000c =
TEE_ERROR_OUT_OF_MEMORY) in the TEE core ("E/TC"), in other words
insufficient core heap space. Add the following message to help pinpoint
the issue:

E/TC:? 0 get_rpc_alloc_res:645 RPC allocation failed. Non-secure world result: ret=0xffff000c ret_origin=0x2

This situation can be reproduced by killing tee-supplicant and invoking
a TA. When the CA is interrupted (Ctrl-C), the above log is printed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to zlib v1.12.2

Squash merging branch import/zlib-1.12.2

67d1c836b46d ("core: zlib: fix build warning when _LFS64_LARGEFILE is not defined")
82826342c694 ("zlib: add SPD

Squashed commit upgrading to zlib v1.12.2

Squash merging branch import/zlib-1.12.2

67d1c836b46d ("core: zlib: fix build warning when _LFS64_LARGEFILE is not defined")
82826342c694 ("zlib: add SPDX license identifiers")
bbdade0f5924 ("zlib: set zconf.h options for embedded TS")
449dd56422ca ("Import zlib v1.12.2")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...