core: armv7: fix ASLR error

With commit 528dabb28254 ("core: suppress text relocation on
stack_tmp_export") the stack pointer is calculated using a relative
address instead of based on an absolute a

core: armv7: fix ASLR error

With commit 528dabb28254 ("core: suppress text relocation on
stack_tmp_export") the stack pointer is calculated using a relative
address instead of based on an absolute address which is relocated with
ASLR enabled.

Prior to this on Armv7 we compensate for a relocation update for
stack_tmp_export_rel in reset_secondary() just after the stack pointer
was initialized. So now when the relocation update of stack_tmp_export_rel
is gone remove the compensating code too.

Fixes: 528dabb28254 ("core: suppress text relocation on stack_tmp_export")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sp: handle memory regions w/o base address

The FF-A spec states that in the SP manifest a base address is not
mandatory for memory regions. If the field is not present, the specified
memory re

core: sp: handle memory regions w/o base address

The FF-A spec states that in the SP manifest a base address is not
mandatory for memory regions. If the field is not present, the specified
memory region must be allocated by the SPMC and mapped to the SP's
context.

A copy of the SP manifest fdt is used for passing the memory region
virtual addresses to the SP. Additional space is allocated when copying
the fdt so the originally not present base address fields can be added
later.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
[jf: edit description to avoid checkpatch spelling warning]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sp: map memory regions from SP manifest

Currently the SP manifest processing only handles the device regions,
add support to handle the normal memory regions too.

Note: if the region's base a

core: sp: map memory regions from SP manifest

Currently the SP manifest processing only handles the device regions,
add support to handle the normal memory regions too.

Note: if the region's base address is a PA, according to the FF-A spec
it has to be identity mapped to the same VA. This requirement will be
removed in the spec's next version, so the current implementation should
be acceptable.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: refactor manifest attribute checks

Simplify memory access attribute checks when parsing the SP manifest.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <e

core: sp: refactor manifest attribute checks

Simplify memory access attribute checks when parsing the SP manifest.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: reorganize init functions

Move some of the SP init functions to prepare for the needed order in
the upcoming patches. This change doesn't modify functionality.

Acked-by: Jens Wiklander <j

core: sp: reorganize init functions

Move some of the SP init functions to prepare for the needed order in
the upcoming patches. This change doesn't modify functionality.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

drivers: se050: scp: add support for more boards

Add the board specific persistent keys required to stablish the SCP03
sessions with the secure element.

See https://www.nxp.com/docs/en/application-

drivers: se050: scp: add support for more boards

Add the board specific persistent keys required to stablish the SCP03
sessions with the secure element.

See https://www.nxp.com/docs/en/application-note/AN12436.pdf

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: pm: sam: clarify that the pm_suspend.S file was relicensed

Clarify that this file was imported from Linux and relicensed to avoid
any licensing issue.

Acked-by: Nicolas Ferre <nicolas.ferr

drivers: pm: sam: clarify that the pm_suspend.S file was relicensed

Clarify that this file was imported from Linux and relicensed to avoid
any licensing issue.

Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Acked-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y

Enables Arm Cryptography Extensions by default for the rk3399 SoC since
they are supported [1].

Link: [1] http://opensource.rock-chips.com/images/

plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y

Enables Arm Cryptography Extensions by default for the rk3399 SoC since
they are supported [1].

Link: [1] http://opensource.rock-chips.com/images/d/d7/Rockchip_RK3399_Datasheet_V2.1-20200323.pdf
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

zynqmp: platform: provide uart configuration during compilation

Add possibility to provide UART configuration as a compile
flag (CFG_UART_BASE, CFG_UART_IT, CFG_UART_CLK_HZ).

Acked-by: Jerome Foris

zynqmp: platform: provide uart configuration during compilation

Add possibility to provide UART configuration as a compile
flag (CFG_UART_BASE, CFG_UART_IT, CFG_UART_CLK_HZ).

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

plat-vexpress: juno: default enable hwrng from smccc trng interface

Changes juno default configuration to get random bytes from TF-A
SMCCC TRNG interface instead of the pseudo-RNG support form OP-TE

plat-vexpress: juno: default enable hwrng from smccc trng interface

Changes juno default configuration to get random bytes from TF-A
SMCCC TRNG interface instead of the pseudo-RNG support form OP-TEE.

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: smccc_trng: get entropy from secure monitor

Implements random noise generation interface from Arm SMCCC TRNG
specification. Configuration switch CFG_ARM_SMCCC_TRNG must be enabled
to embed

drivers: smccc_trng: get entropy from secure monitor

Implements random noise generation interface from Arm SMCCC TRNG
specification. Configuration switch CFG_ARM_SMCCC_TRNG must be enabled
to embed the RNG driver that use this interface.

When CFG_ARM_SMCCC_TRNG is enable and CFG_WITH_SOFTWARE_PRNG is
disable, use SMCCC TRNG driver as entropy source. When
both CFG_ARM_SMCCC_TRNG and CFG_WITH_SOFTWARE_PRNG are enable, seed
OP-TEE PRNG with 32byte of TRNG entropy.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: declare struct mobj in thread_arch.h

Adds missing declaration of struct mobj in arm/kernel/thread_arch.h.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne C

core: arm: declare struct mobj in thread_arch.h

Adds missing declaration of struct mobj in arm/kernel/thread_arch.h.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: enable CFG_ATMEL_TCB

Enable CFG_ATMEL_TCB to use the TCB as a time source instead of
CFG_SECURE_TIME_SOURCE_REE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Cl

plat-sam: enable CFG_ATMEL_TCB

Enable CFG_ATMEL_TCB to use the TCB as a time source instead of
CFG_SECURE_TIME_SOURCE_REE.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: add timer clock driver

Add support for the TCB block that are present on the samad2. This
series add support for the TCB as a time source and register it using
REGISTER_TIME_SOURCE(). More

plat-sam: add timer clock driver

Add support for the TCB block that are present on the samad2. This
series add support for the TCB as a time source and register it using
REGISTER_TIME_SOURCE(). Moreover, on Linux, the tick is done using the
TCB since the sama5d2 does not have the ARM architected timers. Since
the time source used for the tick clocksource is probed early in the
boot process, the SCMI clock support which uses a platform driver is
not yet probed and thus the TCB can't be probe properly. To workaround
that problem, this driver enables the TCB clocks and the Linux
device-tree is modified to use "fixed-clock" clock instead of the TCB
SCMI ones.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: crypto: add X25519 support

This adds the X25519 core functionality and
enables support for Curve25519 key attribute
type for OP-TEE crypto syscalls.

Acked-by: Etienne Carriere <etienne.carrie

core: crypto: add X25519 support

This adds the X25519 core functionality and
enables support for Curve25519 key attribute
type for OP-TEE crypto syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()

Calling x25519_make_key(prng_state *prng, int wprng, curve25519_key *key)
checks if prng_state is NULL. This would req

core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()

Calling x25519_make_key(prng_state *prng, int wprng, curve25519_key *key)
checks if prng_state is NULL. This would require the caller to pass
a valid pointer. Initializing prng_state in some configurations
can get very large. For instance, xtest for X25519 key generation
causes the TA to panic due to stack overrun

F/TC:? 0 trace_syscall:151 syscall #54 (syscall_obj_generate_key)
E/TC:1 Dead canary at end of 'stack_abt[3]' (0xe1a01fc)
E/TC:1 Panic at core/kernel/thread.c:124 <thread_check_canaries>
E/TC:1 TEE load address @ 0xe100000
E/TC:1 Call stack:
E/TC:1 0x0e108934 print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm64.c:80
E/TC:1 0x0e113f24 __do_panic at optee_os/core/kernel/panic.c:24
E/TC:1 0x0e116eb4 thread_check_canaries at optee_os/core/kernel/thread.c:115
E/TC:1 0x0e106a60 thread_handle_std_smc at optee_os/core/arch/arm/kernel/thread_optee_smc.c:56

OP-TEE registers a custom prng descriptor (prng_crypto_desc) used for
LTC asymmetric crypto operations and prng_state is not used.

The LTC_ARGCHK(prng != NULL) check is not present in the LTC key generation
functions for ECC, RSA, DH and DSA implementations.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

core: libtomcrypt: Add X25519 support

This enables the X25519 implementation of libtomcrypt
and adds the OP-TEE wrapper function definitions

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: libtomcrypt: Add X25519 support

This enables the X25519 implementation of libtomcrypt
and adds the OP-TEE wrapper function definitions

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

plat-ti: Remove extra license text as we have SPDX

No functional change here.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

plat-sam: enable CFG_ATMEL_PIOBU by default

By default, enable CFG_ATMEL_PIOBU driver on plat-sam.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.foriss

plat-sam: enable CFG_ATMEL_PIOBU by default

By default, enable CFG_ATMEL_PIOBU driver on plat-sam.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: atmel_piobu: add driver

Add piobu driver which handle secumod GPIOs. This driver also handle
tampering interrupts on GPIOs which are configured as input with the
device-tree. For instance,

drivers: atmel_piobu: add driver

Add piobu driver which handle secumod GPIOs. This driver also handle
tampering interrupts on GPIOs which are configured as input with the
device-tree. For instance, the following device-tree excerpt allows to
set an input as an intrusion detection pin:

gpios = <0 PIOBU_PIN_INPUT(1, 1, PIOBU_PIN_PULL_DOWN,
PIOBU_PIN_DEF_LEVEL_LOW, PIOBU_PIN_WAKEUP_ENABLE)>;

In case of a tamper event, the source of the tampering will be
displayed.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: atmel_rtc: add atmel_rtc_get_tamper_timestamp()

The sama5d2 RTC actually hold the timestamp of the last tampering
attempt. Add a function to get the last time of tampering detection.

Acked

drivers: atmel_rtc: add atmel_rtc_get_tamper_timestamp()

The sama5d2 RTC actually hold the timestamp of the last tampering
attempt. Add a function to get the last time of tampering detection.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-ti: Enable hardware RNG PTA

When the hardware RNG is available we should also enable
the HWRNG PTA so we can use it from the REE.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklan

plat-ti: Enable hardware RNG PTA

When the hardware RNG is available we should also enable
the HWRNG PTA so we can use it from the REE.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: Add SM handler for setting AMBA IF in the WUGEN

This mirrors what is available as a ROM API. We implement this here as
OP-TEE's monitor replaces the ROM's monitor functions and we would lik

plat-ti: Add SM handler for setting AMBA IF in the WUGEN

This mirrors what is available as a ROM API. We implement this here as
OP-TEE's monitor replaces the ROM's monitor functions and we would like
to keep feature parity.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: xiphera_trng: Add support for XIP8001B TRNG

Adds support for Xiphera's XIP8001B true random number generator.

XIP8001B is a FPGA IP core that can be synthesized in FPGA devices to
provide

drivers: xiphera_trng: Add support for XIP8001B TRNG

Adds support for Xiphera's XIP8001B true random number generator.

XIP8001B is a FPGA IP core that can be synthesized in FPGA devices to
provide TRNG source for device where it is missing like Xilinx Zynq-7000
and Xilinx Zynq MPSoC.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Co-developed-by: Atte Tommiska <atte.tommiska@xiphera.com>
Signed-off-by: Atte Tommiska <atte.tommiska@xiphera.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: Add support for disabled devices

In systems where there are multiple instances of the devices like two TRNGs
where one is reserved for REE environment and one is for TEE environment

core: dt_driver: Add support for disabled devices

In systems where there are multiple instances of the devices like two TRNGs
where one is reserved for REE environment and one is for TEE environment
those can be defined in device tree in following way:

ree-trng {
status = "okay";
secure-status = "disabled";
...
}

tee-trng {
status = "disabled";
secure-status = "okay";
...
}

If OP-TEE has driver enabled for the device both devices will be probed.

Driver can detect device's 'status' and 'secure-status' settings and return
TEE_ERROR_NODE_DISABLED value for one that is not for its use.

This will indicate to device driver probing to continue without an error.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...