core: add missing pauth key saving in foreign interrupt handler

When a foreign interrupt (non-secure) is trapped in OP-TEE the state of
the current thread is saved similarly to when an RPC is perfor

core: add missing pauth key saving in foreign interrupt handler

When a foreign interrupt (non-secure) is trapped in OP-TEE the state of
the current thread is saved similarly to when an RPC is performed.

With pointer authentication enabled two more registers which are part of
the current context, APIAKEYHI-EL1 and APIAKEYLO-EL1, are added. These
registers contains a key needed for pointer authentication. This key is
unique per context so it must always be saved and restored when
switching context.

Prior to this patch the step where this key is saved in the foreign
interrupt handler was missing, so fix this by adding the missing step.

Fixes: 2b06f9dede33 ("Add basic pointer authentication support for TA's")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-versal: mmap regions

Increase the number of regions in preparation for the merge of
additional drivers.

The value has been chosen using the other more stable platforms
as a reference.

Signed-

plat-versal: mmap regions

Increase the number of regions in preparation for the merge of
additional drivers.

The value has been chosen using the other more stable platforms
as a reference.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-versal: build tee-raw.bin image

This commit generates the tee-raw.bin image so the user can
pass the boot address on the bif file.

The bif file could look like this

the_ROM_image:
{
image {

plat-versal: build tee-raw.bin image

This commit generates the tee-raw.bin image so the user can
pass the boot address on the bif file.

The bif file could look like this

the_ROM_image:
{
image {
{ type=bootimage, file=vpl.pdi }
{ type=bootloader, file=plm.elf }
{ core=psm, file=psmfw.elf }
}

image {
id = 0x1c000000, name=apu_subsystem
{ type=raw, load=0x00001000, file=versal.dtb }
{ core=a72-0, exception_level=el-3, trustzone, file=bl31.elf }
{ core=a72-0, exception_level=el-2, file=u-boot.elf }
{ core=a72-0, exception_level=el-1, trustzone, load=0x60000000,
startup=0x60000000, file=tee-raw.bin }
}
}

For additional information on how to build this platform, please refer
to https://github.com/OP-TEE/build/versal.mk

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os bui

core: drivers: nxp: Add LX2160A-series SecMon driver

- This driver implements reading the entire NXP LX2160-series Security
Monitor (SecMon) module.
- To enable the SecMon driver, the optee-os build requires the
CFG_LS_SEC_MON flag.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: reset platform with reset controller device

Change platform stm32mp1 PSCI_SYSTEM_RESET implementation to rely
on reset controller framework to proceed a full platform reset insead
of

plat-stm32mp1: reset platform with reset controller device

Change platform stm32mp1 PSCI_SYSTEM_RESET implementation to rely
on reset controller framework to proceed a full platform reset insead
of a platform specific sequence. This change makes MP13 variants to
now support PSCI system reset feature.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dt-bindings: define system reset controller for stm32mp1 flavors

Define DT binding ID related to system reset controller, for both
STM32MP15 and STM32MP13 variants.

Acked-by: Jens Wiklander <jens.w

dt-bindings: define system reset controller for stm32mp1 flavors

Define DT binding ID related to system reset controller, for both
STM32MP15 and STM32MP13 variants.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows erro

drivers: scmi-msg: Propagate errors from platform voltd_get_level

plat_scmi_voltd_get_level is refactored to return an SCMI error code and
retrieve the voltage via an out parameter. This allows errors from the
platform SCMI server implementation to be propagated to the REE.

The implementation for stm32mp1 is updated to handle at least some
possible errors.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Eliasson <anton.eliasson@axis.com>

show more ...

plat-stm32mp1: add Avenger96 board with STM32MP157A based DHCOR SoM

The dts(i) files are imported from Linux 5.19-rc6.

Changes made to the imported dts(i) files:
- Enable rcc as on other boards
- A

plat-stm32mp1: add Avenger96 board with STM32MP157A based DHCOR SoM

The dts(i) files are imported from Linux 5.19-rc6.

Changes made to the imported dts(i) files:
- Enable rcc as on other boards
- Allow iwdg2 for usage in non-secure world

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: add STM32MP157C based DHCOM SoM on PDK2 baseboard

The dts(i) files are imported from Linux 5.19-rc6.

Changes made to the imported dts(i) files:
- Drop GPLv2 licensed resources and/or

plat-stm32mp1: add STM32MP157C based DHCOM SoM on PDK2 baseboard

The dts(i) files are imported from Linux 5.19-rc6.

Changes made to the imported dts(i) files:
- Drop GPLv2 licensed resources and/or use their explicit values
- Drop cryp1 okay status as on other boards
- Drop unsupported special rcc clocks definition using comments
- Enable rcc as on other boards
- Allow iwdg2 for usage in non-secure world

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

drivers: versal: general purpose i/o

Provide access to the GPIO controller on Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: rework the SC API to make compatible with the new MU driver

Rework the SC API to leverage the common MU driver.
This re-work implies the deletion of duplicate functions that are now
im

core: driver: rework the SC API to make compatible with the new MU driver

Rework the SC API to leverage the common MU driver.
This re-work implies the deletion of duplicate functions that are now
implemented in the MU driver instead

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and

core: driver: add common i.MX MU driver

Add a common MU driver for i.MX platforms. This MU driver is used to
communicate with external security controllers.

This driver includes a generic part and an hardware abstraction layer
for low level MU functions.

The MU driver implements the HAL for the following platforms:
- mx8ulpevk
- mx8qmmek/imx8qxpmek

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: fix core pos calculation for H3 boards

Due to mistake, cluster position wasn't shifted left if chip is not
M3W. This led to erroneous core ID calculation on chips that are not
M3W. Actua

plat: rcar: fix core pos calculation for H3 boards

Due to mistake, cluster position wasn't shifted left if chip is not
M3W. This led to erroneous core ID calculation on chips that are not
M3W. Actually, this affected only H3, as only this chip has two
clusters.

Fix this by always shifting x1 (cluster ID) to the left, before doing
one additional shift for non-M3W chips.

Fixes: 572afdce53ea ("plat: rcar: Derive core map from PRR")

Reported-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com>
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (R-Car M3)
Tested-by: Oleksandr Grytsov <oleksandr_grytsov@epam.com> (R-Car H3)
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx-i2c: add support for imx8mn

Add i2c support for imx8mn platforms

Signed-off-by: Gerard Koskamp <gerard.koskamp@nedap.com>
Reviewed-by: Robert Krikke <robert.krikke@nedap.com>
Acked-by:

drivers: imx-i2c: add support for imx8mn

Add i2c support for imx8mn platforms

Signed-off-by: Gerard Koskamp <gerard.koskamp@nedap.com>
Reviewed-by: Robert Krikke <robert.krikke@nedap.com>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

show more ...

core: plat-ls: remove OP-TEE support for LS1021A-QDS platform

LS1021A-QDS does not support OP-TEE anymore, removing its
support.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jer

core: plat-ls: remove OP-TEE support for LS1021A-QDS platform

LS1021A-QDS does not support OP-TEE anymore, removing its
support.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: plat-ls: remove OP-TEE support for LS1021A-TWR platform

LS1021A-TWR does not support OP-TEE anymore, removing its
support.
Since LS1021A-TWR was default platform for LS, updating default
platf

core: plat-ls: remove OP-TEE support for LS1021A-TWR platform

LS1021A-TWR does not support OP-TEE anymore, removing its
support.
Since LS1021A-TWR was default platform for LS, updating default
platform also to LS1012A-RDB

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto_api: acipher: correct ECC NIST-P521 key size

NIST P521 uses 521-bit private keys.

This change might impact platforms that expect a certain alignment
on the key size (i.e. CAAM)

Signed-off-b

crypto_api: acipher: correct ECC NIST-P521 key size

NIST P521 uses 521-bit private keys.

This change might impact platforms that expect a certain alignment
on the key size (i.e. CAAM)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: ecc: key size must be a multiple of 8

Enforce the alignment required by the CAAM hardware.

Notice that the NIST-P521 curve uses a 521 bit private key
hence why this change is needed.

drivers: caam: ecc: key size must be a multiple of 8

Enforce the alignment required by the CAAM hardware.

Notice that the NIST-P521 curve uses a 521 bit private key
hence why this change is needed.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: fix use of pointer after free

Fix the following with gcc12:

| In file included from lib/libutils/isoc/include/assert.h:9,
| from core/include/drivers/serial.h:8,
|

plat-stm32mp1: fix use of pointer after free

Fix the following with gcc12:

| In file included from lib/libutils/isoc/include/assert.h:9,
| from core/include/drivers/serial.h:8,
| from core/include/drivers/stm32_uart.h:10,
| from core/arch/arm/plat-stm32mp1/main.c:14:
| core/arch/arm/plat-stm32mp1/main.c: In function 'init_console_from_dt':
| core/arch/arm/plat-stm32mp1/main.c:141:50: error: pointer 'pd' used after 'free' [-Werror=use-after-free]
| 141 | IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-");
| | ~~^~~~~~~~
| lib/libutils/ext/include/trace.h:41:22: note: in definition of macro 'trace_printf_helper'
| 41 | __VA_ARGS__)
| | ^~~~~~~~~~~
| core/arch/arm/plat-stm32mp1/main.c:141:9: note: in expansion of macro 'IMSG'
| 141 | IMSG("DTB enables console (%ssecure)", pd->secure ? "" : "non-");
| | ^~~~
| core/arch/arm/plat-stm32mp1/main.c:139:9: note: call to 'free' here
| 139 | free(pd);
| | ^~~~~~~~

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: dcp: fix compilation address error

hwkey->data will never be null because it is an array

struct tee_hw_unique_key {
uint8_t data[HW_UNIQUE_KEY_LENGTH];
};

Fix the following w

drivers: imx: dcp: fix compilation address error

hwkey->data will never be null because it is an array

struct tee_hw_unique_key {
uint8_t data[HW_UNIQUE_KEY_LENGTH];
};

Fix the following with gcc12:

| core/drivers/imx/dcp/dcp_huk.c: In function 'tee_otp_get_hw_unique_key':
| core/drivers/imx/dcp/dcp_huk.c:71:23: error: the comparison will always evaluate as 'true' for the address of 'data' will never be NULL [-Werror=address]
| 71 | if (!hwkey || !hwkey->data) {
| | ^

Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

crypto-api: rsassa: pass algorithm to implementation

This is required for drivers that might only support some of the
algorithms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

crypto-api: rsassa: pass algorithm to implementation

This is required for drivers that might only support some of the
algorithms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: zynqmp_huk: Add AES eFuse and HUK seed support

When AES eFuse is used to encrypt boot loaders and bitstreams then PUF
functionality is not available for use. When AES eFuse based encryption

drivers: zynqmp_huk: Add AES eFuse and HUK seed support

When AES eFuse is used to encrypt boot loaders and bitstreams then PUF
functionality is not available for use. When AES eFuse based encryption is
in use AES eFuse key becomes device key instead of PUF generated key.

In order to re-plenish additional device specific entropy that PUF would
provide utilize selected set of User programmable eFuses.

Selected user eFuses should be programmed during device manufacturing with
cryptographically good random numbers.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: zymqmp_pm: add USER eFuse support

Adds necessary defines for accessing USER eFuses.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.car

drivers: zymqmp_pm: add USER eFuse support

Adds necessary defines for accessing USER eFuses.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: zynqmp_pm: Add eFuse programming support

Add support to program eFuses utiling functionality found in PMU firmware.

If eFuse programming functionality has been disabled in PMU firmware the

drivers: zynqmp_pm: Add eFuse programming support

Add support to program eFuses utiling functionality found in PMU firmware.

If eFuse programming functionality has been disabled in PMU firmware then
programming will fail.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: zynqmp_pm: fix cache alignment for eFuse operation

Allocate cache aligned temporary memory for both eFuse operation request
and data buffer to make sure that operation is always cache align

drivers: zynqmp_pm: fix cache alignment for eFuse operation

Allocate cache aligned temporary memory for both eFuse operation request
and data buffer to make sure that operation is always cache aligned and to
make usage easier.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...