core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previo

core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previous state before returning an error.

This fix addresses a corner case where the number of needed translation
tables for the new map has been increased and hits a limit, so the remap
request must be denied.

Fixes: 7d2b71d6d30f ("core: vm_set_prot() and friends works across VM regions")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: add CAAM_SIZE values for LS platforms

Add CAAM_SIZE values for all LS platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Lég

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make s

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make sure to free the allocated key in case of an error in the
deserialization of one of the key component.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestati

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestation
o regression_1037.1 Get public key
E/TC:? 0 assertion '!buf_sz' failed at core/pta/attestation.c:199 <deserialize_key>
E/TC:3 0 Panic at core/kernel/assert.c:28 <_assert_break>
E/TC:3 0 TEE load address @ 0xbe000000
E/TC:3 0 Call stack:
E/TC:3 0 0xbe0091b4
E/TC:3 0 0xbe024b5c
E/TC:3 0 0xbe02292c
E/TC:3 0 0xbe02fde4
E/TC:3 0 0xbe0300c4
E/TC:3 0 0xbe029a3c
E/TC:3 0 0xbe025e70
E/TC:3 0 0xbe0336e0
E/TC:3 0 0xbe007070
E/TC:3 0 0xbe0071ec

To reproduce the issue, you need a persistent storage and follow these
steps:
$ xtest 1037
*reboot the platform*
$ xtest 1037

When allocating the key buffer, the maximum buffer size is allocated
(1033 bytes) whatever the size specified by CFG_ATTESTATION_PTA_KEY_SIZE.

With default attestation key size (CFG_ATTESTATION_PTA_KEY_SIZE) of
3072 bits, only 777 bytes is needed to store the key but the allocated
buffer size is still 1033 bytes.

When the key has already been generated, the key stored is deserialized
and the deserialize_key() function expects the size of the previously
generated key to be equal to the maximum buffer size.

The assertion can be removed as the buffer size and the key size could
mismatch. The deserialize_bignum() function, however, still checks the
buffer size is big enough to hold the given key size.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As explained in the locale(7) man page:

If the second argument to setlocale(3) is an empty string, "", for the
default locale, it is determined using the following steps:

1. If there is a non-null environment variable LC_ALL, the value of
LC_ALL is used.

2. If an environment variable with the same name as one of the
categories above exists and is non-null, its value is used for that
category.

3. If there is a non-null environment variable LANG, the value of LANG
is used.

Fixes: 3e2b963515c1 ("core: use C locale when generating the build date")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2]

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2].

Link: [1] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-4-alexandre.torgue@foss.st.com
Link: [2] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-5-alexandre.torgue@foss.st.com
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.c

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 t

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 that
will use each specific DT bindings.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the pro

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the provider reference does not need to be registered.

This change protects from issues when, for example, device-tree compiler
removes unused phandle to optimize DTB image size.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default disable ASLR

Default disable CFG_CORE_ASLR on stm32mp1. The platform memory
firewall does not allow secure world to access external DTB in
non-secure memory when MMU is

plat-stm32mp1: conf: default disable ASLR

Default disable CFG_CORE_ASLR on stm32mp1. The platform memory
firewall does not allow secure world to access external DTB in
non-secure memory when MMU is OFF, which is what the software attempts
to do when CFG_CORE_ASLR=y.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: update RAM configuration

Align platform RAM configuration with TF-A.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.car

plat-stm32mp1: conf: update RAM configuration

Align platform RAM configuration with TF-A.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default heap size to 48kB when pager is on

Changes default heap size from 64kB to 48kB when pager is enabled.
The saved physical pages are assigned to pager pool.

Signed-off-by

plat-stm32mp1: conf: default heap size to 48kB when pager is on

Changes default heap size from 64kB to 48kB when pager is enabled.
The saved physical pages are assigned to pager pool.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: allow BSEC writing in debug mode

Default embed support for burning fuses when in debug build configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Rev

plat-stm32mp1: conf: allow BSEC writing in debug mode

Default embed support for burning fuses when in debug build configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: disable TA compression when pager is on

Disable CFG_EARLY_TA_COMPRESS when CFG_WITH_PAGER is enabled. With this
change, the TAs will not be compressed into the TEE binary. Now,

plat-stm32mp1: conf: disable TA compression when pager is on

Disable CFG_EARLY_TA_COMPRESS when CFG_WITH_PAGER is enabled. With this
change, the TAs will not be compressed into the TEE binary. Now, core
heap can be smaller than 64kB and platform can leverage that to assign
more physical pages in the pager pool.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: remove shared memory configuration

This change fully removes the reserved static shared memory
(CFG_SHMEM_START/CFG_SHMEM_SIZE) that is no more needed since U-Boot
and Linux bot

plat-stm32mp1: conf: remove shared memory configuration

This change fully removes the reserved static shared memory
(CFG_SHMEM_START/CFG_SHMEM_SIZE) that is no more needed since U-Boot
and Linux both use their standard system memory as TEE shared memory.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: Add error checking for MSG message protocol

It is an error to use MSG_HEADER capability if it is not
enabled in the config.

Signed-off-by: Ludvig Pärsson <ludvig.parsson@axis.com>

core: pta: scmi: Add error checking for MSG message protocol

It is an error to use MSG_HEADER capability if it is not
enabled in the config.

Signed-off-by: Ludvig Pärsson <ludvig.parsson@axis.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: scmi: Fix open_session for CFG_SCMI_MSG_SHM_MSG

Currently you have to enable CFG_SCMI_MSG_SMT, even if you
only want to use CFG_SCMI_MSG_SHM_MSG, in order to open
a session to the PTA.

S

core: pta: scmi: Fix open_session for CFG_SCMI_MSG_SHM_MSG

Currently you have to enable CFG_SCMI_MSG_SMT, even if you
only want to use CFG_SCMI_MSG_SHM_MSG, in order to open
a session to the PTA.

Signed-off-by: Ludvig Pärsson <ludvig.parsson@axis.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: riscv: plat-spike: console driver based on host-target interface

Spike doesn't yet model a UART but relies on RISC-V Host-Target Interface
(HTIF) to perform all I/O. It is a protocol allowing

core: riscv: plat-spike: console driver based on host-target interface

Spike doesn't yet model a UART but relies on RISC-V Host-Target Interface
(HTIF) to perform all I/O. It is a protocol allowing the target to access
host to perform console, storage etc. It requires special ELF symbols
tohost and fromhost. HTIF base address is set to 0x40008000.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: remove useless line continuation; initialize base to 0]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: add stmm and sp prototypes

Provide a declaration of functions is_sp_ctx(), is_stmm_ctx(), to_sp_ctx()
and to_stmm_ctx() to avoid build errors.

Signed-off-by: Marouene Boubakri <marouen

core: riscv: add stmm and sp prototypes

Provide a declaration of functions is_sp_ctx(), is_stmm_ctx(), to_sp_ctx()
and to_stmm_ctx() to avoid build errors.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: riscv: generic_ram_layout.h: ram layout configuration directives

The RAM layout is similar to the original one, use TD(D|S)RAM instead of
TZ(D|S)RAM referring to Trusted Domain (TD).
Keep the

core: riscv: generic_ram_layout.h: ram layout configuration directives

The RAM layout is similar to the original one, use TD(D|S)RAM instead of
TZ(D|S)RAM referring to Trusted Domain (TD).
Keep the directives for secure data path. SDP could be achieved later
using IOPMP.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...