drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation

Disable the use of DCP unique key (0xfe in the DCP key selection) after
the HUK generation.
The DCP unique key is used to genera

drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation

Disable the use of DCP unique key (0xfe in the DCP key selection) after
the HUK generation.
The DCP unique key is used to generate the HUK at boot time. Disabling
the use of the unique key prevents the non-secure world from
re-generating the HUK.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

drivers: imx: dcp: clear OTP_KEY bit for unique key selection

The use of the unique key for the HUK generation requires the OTP_KEY
bit to be cleared in the DCP control0 bit field.

Signed-off-by: C

drivers: imx: dcp: clear OTP_KEY bit for unique key selection

The use of the unique key for the HUK generation requires the OTP_KEY
bit to be cleared in the DCP control0 bit field.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

drivers: imx: dcp: workaround DCP errata 051292

The internal boot ROM should reset the DCP controller prior jumping to
bootloader execution. The current boot ROM implementation does not
assert a DCP

drivers: imx: dcp: workaround DCP errata 051292

The internal boot ROM should reset the DCP controller prior jumping to
bootloader execution. The current boot ROM implementation does not
assert a DCP reset.

To mitigate the issue, users can implement a DCP reset by setting
SFTRST[31] and CTRL_CLKGATE[30] bits in the DCP_CTRL_SET registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

plat-stm32mp1: restore reserved shared memory

Restores OP-TEE reserved shared memory (the last MBytes of DRAM located
on top of the secure DDR) in STM32MP15 default configuration. This
default confi

plat-stm32mp1: restore reserved shared memory

Restores OP-TEE reserved shared memory (the last MBytes of DRAM located
on top of the secure DDR) in STM32MP15 default configuration. This
default configuration is needed to support mainline TF-A in conjunction
with mainline Linux kernel.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit show

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit shows if the board boots from internal
ROM. This bit will reset to 1 for a board in the field
and 0 for a test chip.

The read of this bit is out of scope of the snvs_get_security_cfg()
purpose which is to return the system security configuration.
The SYS_SECURE_BOOT bit (msb) can be discarded.

Fixes: 5cd93c5a75 (drivers: imx_snvs: fix SNVS security configuration values)
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-hikey: Add embedded DTB to define SDP

For Hikey, the Secure Data Path memory region definition is
done in an embedded dtb as defined in
Documentation/devicetree/bindings/reserved-memory/linaro,

plat-hikey: Add embedded DTB to define SDP

For Hikey, the Secure Data Path memory region definition is
done in an embedded dtb as defined in
Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: Define SDP in embedded DTB

Allow definition of the Secure Data Path memory region in an embedded DTB
There is no memory intersection checking for such SDP area as embedded DTB
is not available

core: Define SDP in embedded DTB

Allow definition of the Secure Data Path memory region in an embedded DTB
There is no memory intersection checking for such SDP area as embedded DTB
is not available during init of tee core memory mapping

Comply with reserved memory bindings
Linux documentation file:
Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml

Documented in:
Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix TA crash if RPMB key is not provisioned

If optee-os is set with CFG_RPMB_WRITE_KEY=n, returning
TEE_ERROR_BAD_STATE will result in TA panic because of exit checks
in /lib/libutee/tee_api_o

core: fix TA crash if RPMB key is not provisioned

If optee-os is set with CFG_RPMB_WRITE_KEY=n, returning
TEE_ERROR_BAD_STATE will result in TA panic because of exit checks
in /lib/libutee/tee_api_objects.c APIs. Returning
TEE_ERROR_STORAGE_NOT_AVAILABLE to avoid TA panic and signal TA
RPMB is not ready for use, therefore TA could perform error handling.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Judy Wang <wangjudy@microsoft.com>

show more ...

plat-stm32mp1: introduce CFG_STM32MP1_SHARED_RESOURCES

It is now mandatory to enable CFG_STM32MP1_SHARED_RESOURCES to embed
shared_resources.c.

It is forced enabled for STM32MP15x boards and forced

plat-stm32mp1: introduce CFG_STM32MP1_SHARED_RESOURCES

It is now mandatory to enable CFG_STM32MP1_SHARED_RESOURCES to embed
shared_resources.c.

It is forced enabled for STM32MP15x boards and forced disabled for
STM32MP13x boards.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Defaul

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Default enable CFG_STM32_SHARED_IO.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: handle large holes in S-EL0 map

Prior to this patch it was assumed that the memory map of a user mode
context had no holes or very small holes. This leads to a higher pressure
on the translati

core: handle large holes in S-EL0 map

Prior to this patch it was assumed that the memory map of a user mode
context had no holes or very small holes. This leads to a higher pressure
on the translation tables than necessary.

So fix this by skipping to allocate translation tables for holes in the
memory map of a user mode context where possible.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previo

core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previous state before returning an error.

This fix addresses a corner case where the number of needed translation
tables for the new map has been increased and hits a limit, so the remap
request must be denied.

Fixes: 7d2b71d6d30f ("core: vm_set_prot() and friends works across VM regions")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: add CAAM_SIZE values for LS platforms

Add CAAM_SIZE values for all LS platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Lég

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make s

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make sure to free the allocated key in case of an error in the
deserialization of one of the key component.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestati

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestation
o regression_1037.1 Get public key
E/TC:? 0 assertion '!buf_sz' failed at core/pta/attestation.c:199 <deserialize_key>
E/TC:3 0 Panic at core/kernel/assert.c:28 <_assert_break>
E/TC:3 0 TEE load address @ 0xbe000000
E/TC:3 0 Call stack:
E/TC:3 0 0xbe0091b4
E/TC:3 0 0xbe024b5c
E/TC:3 0 0xbe02292c
E/TC:3 0 0xbe02fde4
E/TC:3 0 0xbe0300c4
E/TC:3 0 0xbe029a3c
E/TC:3 0 0xbe025e70
E/TC:3 0 0xbe0336e0
E/TC:3 0 0xbe007070
E/TC:3 0 0xbe0071ec

To reproduce the issue, you need a persistent storage and follow these
steps:
$ xtest 1037
*reboot the platform*
$ xtest 1037

When allocating the key buffer, the maximum buffer size is allocated
(1033 bytes) whatever the size specified by CFG_ATTESTATION_PTA_KEY_SIZE.

With default attestation key size (CFG_ATTESTATION_PTA_KEY_SIZE) of
3072 bits, only 777 bytes is needed to store the key but the allocated
buffer size is still 1033 bytes.

When the key has already been generated, the key stored is deserialized
and the deserialize_key() function expects the size of the previously
generated key to be equal to the maximum buffer size.

The assertion can be removed as the buffer size and the key size could
mismatch. The deserialize_bignum() function, however, still checks the
buffer size is big enough to hold the given key size.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As explained in the locale(7) man page:

If the second argument to setlocale(3) is an empty string, "", for the
default locale, it is determined using the following steps:

1. If there is a non-null environment variable LC_ALL, the value of
LC_ALL is used.

2. If an environment variable with the same name as one of the
categories above exists and is non-null, its value is used for that
category.

3. If there is a non-null environment variable LANG, the value of LANG
is used.

Fixes: 3e2b963515c1 ("core: use C locale when generating the build date")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2]

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2].

Link: [1] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-4-alexandre.torgue@foss.st.com
Link: [2] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-5-alexandre.torgue@foss.st.com
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.c

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 t

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 that
will use each specific DT bindings.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the pro

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the provider reference does not need to be registered.

This change protects from issues when, for example, device-tree compiler
removes unused phandle to optimize DTB image size.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...