plat-k3: drivers: ti-sci: Do not print error when message not acknowledged

When the system controller firmware denies a request, we are informed
of this by the lack of an acknowledge flag in the res

plat-k3: drivers: ti-sci: Do not print error when message not acknowledged

When the system controller firmware denies a request, we are informed
of this by the lack of an acknowledge flag in the response. This is
not always an error in cases when we are only testing for permissions.
Do not print error messages in this path. The TI-SCI API caller will
still print the appropriate message if needed.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Set SA2UL firewall region addresses

This firewall region is normally already set to cover our RNG, but that
is not guaranteed. To ensure we actually protect the RNG with this regio

plat-k3: drivers: Set SA2UL firewall region addresses

This firewall region is normally already set to cover our RNG, but that
is not guaranteed. To ensure we actually protect the RNG with this region,
explicitly set the address here to the RNG start and end addresses.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add CFG_REE_FS_INTEGRITY_RPMB for roll-back protection of REE

If we enable CFG_RPMB_FS and CFG_REE_FS at the same time in optee-os,
with tee-supplicant only supports REE, calls from xtest to

core: add CFG_REE_FS_INTEGRITY_RPMB for roll-back protection of REE

If we enable CFG_RPMB_FS and CFG_REE_FS at the same time in optee-os,
with tee-supplicant only supports REE, calls from xtest to
ree_fs_open() will attempt to access RPMB for roll-back protection,
which will fail because tee-supplicant can't access RPMB.

In some platforms, we only want optee-os to support
RPMB key provision checking by invoking any RPMB read/writes, but
don't care about whether contents could be read/written.
The tee-supplicant in these platform is limited to REE only, because
there's an existing issue in Linux OS causing kernel drivers failed to
support RPMB. So we need an option to prevent applications like xtest
to access RPMB when calling ree_fs_open(), but keep the ability to
call RPMB fs related apis. When we check the key thru RPMB read.
If key is provisioned, tee-supplicant will return
TEEC_ERROR_ITEM_NOT_FOUND. If not, optee-os will return
TEE_ERROR_STORAGE_NOT_AVAILABLE.

How-tested: execute `xtest -t regression` with optee-os CFG_REE_FS=y
and CFG_RPMB_FS=y. optee-client RPMB_EMU=n
Many testcases will fail. (ex: case 1004)

Signed-off-by: Judy Wang <wangjudy@microsoft.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: imx: enable the CAAM driver on mx7ulpevk

Enable the CAAM for mx7ulpevk.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

core: imx: crypto_conf: set CAAM configuration for mx7ulpevk

Set CAAM configuration for the mx7ulp platform.
On mx7ulp, JRs share the same interrupt line. To avoid conflict with the
non-secure world

core: imx: crypto_conf: set CAAM configuration for mx7ulpevk

Set CAAM configuration for the mx7ulp platform.
On mx7ulp, JRs share the same interrupt line. To avoid conflict with the
non-secure world, disable the use of JR interrupt in OPTEE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: imx: add support imx93evk platform

Add the support for imx93evk platform.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-b

core: imx: add support imx93evk platform

Add the support for imx93evk platform.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add imx93 SoC ID

Add the imx93 SoC ID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklan

core: imx: add imx93 SoC ID

Add the imx93 SoC ID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add imx93 registers

Add the imx93 registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.

core: imx: add imx93 registers

Add the imx93 registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: simplify the error macro message

Simplify the error macro message for less maintenance when it comes to
introduce new platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Revi

core: imx: simplify the error macro message

Simplify the error macro message for less maintenance when it comes to
introduce new platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: se050: optional I2C access via trampoline

Platforms with secure I2C buses (i.e: STM32MP1) or those with only
a secure element on the bus might prefer not to delegate the I2C
traffic to the

drivers: se050: optional I2C access via trampoline

Platforms with secure I2C buses (i.e: STM32MP1) or those with only
a secure element on the bus might prefer not to delegate the I2C
traffic to the REE.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-corstone1000: add corstone1000 platform

These changes are to add corstone1000 platform to optee
core.
arch/arm/plat-vexpress is taken as a reference to make
these changes.

Signed-off-by: Vishn

plat-corstone1000: add corstone1000 platform

These changes are to add corstone1000 platform to optee
core.
arch/arm/plat-vexpress is taken as a reference to make
these changes.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link: add --no-warn-rwx-segments

binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warn

core: link: add --no-warn-rwx-segments

binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warns by default when that happens [1], which breaks the build due to
--fatal-warnings. The RWX segment is not a problem for the TEE core, since
that information is not used to set memory permissions. Therefore, silence
the warning.

Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: update the daisy chain setting for I2C1

Looking at IMX6ULLRM Rev. 1, 11/2017 paragraph 32.6.329
says the daisy chain for SDA on I2C1 on imx6ull-evk is 2 not 1.

Signed-off-by: Tim

drivers: imx_i2c: update the daisy chain setting for I2C1

Looking at IMX6ULLRM Rev. 1, 11/2017 paragraph 32.6.329
says the daisy chain for SDA on I2C1 on imx6ull-evk is 2 not 1.

Signed-off-by: Tim Anderson <tim.anderson@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

show more ...

core: tee_svc.c: add missing comma

Add missing comma to fix the following error:

$ make -s PLATFORM=vexpress-qemu_armv8a CFG_TA_PAUTH=y CFG_MEMTAG=y
core/tee/tee_svc.c:371:9: error: expected ‘}’

core: tee_svc.c: add missing comma

Add missing comma to fix the following error:

$ make -s PLATFORM=vexpress-qemu_armv8a CFG_TA_PAUTH=y CFG_MEMTAG=y
core/tee/tee_svc.c:371:9: error: expected ‘}’ before ‘{’ token
371 | {
| ^
core/tee/tee_svc.c:280:44: note: to match this ‘{’
280 | const struct tee_props tee_propset_tee[] = {
| ^

Fixes: a0e8ffe9ba8f ("core: add support for MTE")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: update the I2C initialization

NXP drivers in both u-boot and linux waits 50us after enabling
the bus controller to stabilize the bus.

Signed-off-by: Tim Anderson <tim.anderson@fou

drivers: imx_i2c: update the I2C initialization

NXP drivers in both u-boot and linux waits 50us after enabling
the bus controller to stabilize the bus.

Signed-off-by: Tim Anderson <tim.anderson@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: Avoid tee_ram_va equals 0 when CFG_CORE_ASLR is set

Optee OS use 0 as invalid va and tee_ram_va might equals 0 when
CFG_CORE_ASLR=y.
If tee_ram_va = 0, return directly to avoid it.

Signed-off

core: Avoid tee_ram_va equals 0 when CFG_CORE_ASLR is set

Optee OS use 0 as invalid va and tee_ram_va might equals 0 when
CFG_CORE_ASLR=y.
If tee_ram_va = 0, return directly to avoid it.

Signed-off-by: Ming-Jen Chang <ming-jen.chang@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: return true for mattr_is_cached() and TEE_MATTR_MEM_TYPE_TAGGED

Memory areas tagged with TEE_MATTR_MEM_TYPE_TAGGED attributes are
cached. Modify mattr_is_cached() accordingly.

Fixes: 7c3a

core: mm: return true for mattr_is_cached() and TEE_MATTR_MEM_TYPE_TAGGED

Memory areas tagged with TEE_MATTR_MEM_TYPE_TAGGED attributes are
cached. Modify mattr_is_cached() accordingly.

Fixes: 7c3ab7744d ("core: mm: add TEE_MATTR_MEM_TYPE_TAGGED")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat-bcm: remove virtual address lookup from main_init_gic()

- Commit 60801696667d ("plat: arm: refactor GIC initialization")
refactored GIC initialization to have gic_init_base_addr() take

core: plat-bcm: remove virtual address lookup from main_init_gic()

- Commit 60801696667d ("plat: arm: refactor GIC initialization")
refactored GIC initialization to have gic_init_base_addr() take in a
physical address instead of a virtual one, meaning that a virtual
address lookup is no longer necessary within a platform's gic_init().
- BCM's main_init_gic() would still perform a virtual memory lookup and
hand over its virtual address instead of the expected physical one.
This caused the lookup in gic_init_base_addr() to fail and panic.
- This new commit removes the virtual memory lookup from BCM's
main_gic_init() and instead hands gic_init_base_addr() a physical
address.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bcm_sotp: add sotp write support

- Added write support for bcm secure one time programmable fuses.
- bcm_iproc_sotp_mem_read() now takes in a bool value for sotp_add_ecc
instead of an int

drivers: bcm_sotp: add sotp write support

- Added write support for bcm secure one time programmable fuses.
- bcm_iproc_sotp_mem_read() now takes in a bool value for sotp_add_ecc
instead of an int to denote if error checking memory is supported.
- Updated debug and error messages to return TEE_result codes.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI v1.0.
- stm32mp151.dtsi: add iwdg1 node as before
- stm32mp151.dtsi: add iwdg2 interrupt definition
- stm32mp151.dtsi: add tamp node clocks definition
- stm32mp151.dtsi: keep pin-controller{,-z} node names
- stm32mp157a-dk1.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: drop cryp1 okay status
- stm32mp157c-ed1.dts (included by ev1): disable RCC secure-status.
- stm32mp157c-ed1.dts: (included by ev1): drop cryp1 okay status
- Remove resources related to input DT bindings using explicit inline
comments as those are under Linux kernel GPLv2 licensing model.

This update is required to add a new board based on Linux 5.19-rc6
dts file.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dt-bindings: gpio: add GPIO_PULL_{UP,DOWN} definitions

This is required to bump stm32mp15 dts(i) files to Linux 5.19-rc6.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by

dt-bindings: gpio: add GPIO_PULL_{UP,DOWN} definitions

This is required to bump stm32mp15 dts(i) files to Linux 5.19-rc6.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-totalcompute: Introduce TC2

Added TC2 platform support

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Fo

plat-totalcompute: Introduce TC2

Added TC2 platform support

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: rng_hw: Remove __weak attribute from HW RNG functions

These function are no longer overridden by platform HW RNG drivers.
Drivers only need implement hw_get_random_bytes().

Signed-off-by: And

core: rng_hw: Remove __weak attribute from HW RNG functions

These function are no longer overridden by platform HW RNG drivers.
Drivers only need implement hw_get_random_bytes().

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rng_hw: Remove hw_get_random_byte()

Now that all everyone is moved over to hw_get_random_bytes()
we can remove the stub hw_get_random_byte() and the weak default
hw_get_random_bytes().

Signed

core: rng_hw: Remove hw_get_random_byte()

Now that all everyone is moved over to hw_get_random_bytes()
we can remove the stub hw_get_random_byte() and the weak default
hw_get_random_bytes().

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm: Switch to hw_get_random_bytes()

hw_get_random_byte() is no longer used. The default crypto_rng_read()
calls hw_get_random_bytes() now so implement just hw_get_random_bytes().

Signed-off-b

plat-stm: Switch to hw_get_random_bytes()

hw_get_random_byte() is no longer used. The default crypto_rng_read()
calls hw_get_random_bytes() now so implement just hw_get_random_bytes().

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...