drivers: scmi-msg: rename channel entry lock functions

Renames scmi_channel_set_busy() and scmi_channel_release_busy()
to scmi_msg_claim_channel() and scmi_msg_release_channel(). This
change also mo

drivers: scmi-msg: rename channel entry lock functions

Renames scmi_channel_set_busy() and scmi_channel_release_busy()
to scmi_msg_claim_channel() and scmi_msg_release_channel(). This
change also moves the implementation from smt.c to entry.c in
the scmi-msg driver for alternate mailbox memory protocol support.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: decrease register size for gicv2

The mapped size for GIC distributor and cpu registers is currently
defined to the size used for GICv3. GICv2 doesn't need such large sizes,
in fact some platfo

core: decrease register size for gicv2

The mapped size for GIC distributor and cpu registers is currently
defined to the size used for GICv3. GICv2 doesn't need such large sizes,
in fact some platforms has the distributor and cpu registers next to
each other in the physical memory map. This causes an overlap that can
be confusing. Fix this by selecting a smaller size when a GICv2 is used
instead.

It should be noted GICC_DIR is at offset 0x1000 in the cpu interface so
this register will not be accessible, but this should not be a problem
since OP-TEE doesn't use that register.

Reviewed-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: link: generate entry_point_address.txt for uTee image

For some platforms like mx7ulpevk, the `UL` attribute for CFG_DRAM_BASE
is necessary to avoid the following error:

$ PLATFORM=imx-mx

core: imx: link: generate entry_point_address.txt for uTee image

For some platforms like mx7ulpevk, the `UL` attribute for CFG_DRAM_BASE
is necessary to avoid the following error:

$ PLATFORM=imx-mx7ulpevk make uTee
core/mm/mobj.c: In function ‘mobj_init’:
./out/arm-plat-imx/include/generated/conf.h:222:64: warning: integer overflow in expression of type ‘int’ results in ‘-1644167168’ [-Woverflow]
222 | #define CFG_TZDRAM_START (0x60000000 - 0x01e00000 - 0x00200000 + 0x40000000)
| ^

However, this `UL` attribute prevents the shell from properly computing
the CFG_TZDRAM_START value :

$ PLATFORM=imx-mx7ulpevk make uTee
bash: (UL(0x60000000) - 0x01e00000 - 0x00200000 + 0x40000000): missing `)' (error token is "(0x60000000) - 0x01e00000 - 0x00200000 + 0x40000000)")

To address both issues, remove the `UL` attribute from CFG_TZDRAM_START
with Makefile string substitution.

Fixes: 0f8347dcafe ("core: imx: generate uImage for imx6 and imx7 platforms")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: fix cache operation on SGT table

The cache operation of the SGT table in caam_sgt_derive() was wrong and
it did not take into account the CAAM "burst" defined by the value
CFG_CAAM_SG

drivers: caam: fix cache operation on SGT table

The cache operation of the SGT table in caam_sgt_derive() was wrong and
it did not take into account the CAAM "burst" defined by the value
CFG_CAAM_SGT_ALIGN.
The cache operation of the SGT table in caam_sgt_cache_op() is done
correctly however.

This patch adds caam_sgt_entries_cache_clean() to do this operation and
avoid implementation errors.

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: plat-ls: correct CAAM JR interrupt numbers

CAAM JR interrupt numbers for some of platforms were configured
wrong, corrected it.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by

core: plat-ls: correct CAAM JR interrupt numbers

CAAM JR interrupt numbers for some of platforms were configured
wrong, corrected it.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

tpm2: Add TPM2 as PCR provider to TCG eventlog parsing framework

TCG eventlog parsing framework parses the eventlog and extends the
PCR's. For this, it needs a provider for PCR's. Register TPM2 as
a

tpm2: Add TPM2 as PCR provider to TCG eventlog parsing framework

TCG eventlog parsing framework parses the eventlog and extends the
PCR's. For this, it needs a provider for PCR's. Register TPM2 as
a provider to this framework.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add support to parse TPM eventlog and extend PCRs

Support for OP-TEE to parse the TPM eventlog. The eventlog format
is based on TCG specification [1], so we call this TCG framework.

To parse

core: Add support to parse TPM eventlog and extend PCRs

Support for OP-TEE to parse the TPM eventlog. The eventlog format
is based on TCG specification [1], so we call this TCG framework.

To parse the eventlog and extend PCR's device is needed which
supports PCR's. This device can be TPM or any other HSM which
supports PCR like registers. Such a device can register itself
as a TCG provider for PCR information and ability to extend the
PCR's.

[1] TCG PC Client Platform Firmware Profile Specification
link: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

tpm2: Add commands to GetCapability, Read/Extend PCR

Add support for TPM2_PCR_{Read/Extend} and TPM2_GetCapability.
TPM uses PCR for integrity collections. Add support to
read and extend PCR's. For

tpm2: Add commands to GetCapability, Read/Extend PCR

Add support for TPM2_PCR_{Read/Extend} and TPM2_GetCapability.
TPM uses PCR for integrity collections. Add support to
read and extend PCR's. For PCR's some generic information like
number of banks, number of PCR's, supported and active algorithms etc.
is required which can be obtained from TPM using TPM2_GetCapability
command. This information is required at lot of places, so save the
basic capability information with tpm2_chip.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: Fix compilation issue with CFG_CRYPTO_ECC=n

Disabling ECC crypto does not disable the libtomcrypt ECC
related declarations, so CFG_CRYPTO_ECC=n gives a compilation error.

Signed-

core: libtomcrypt: Fix compilation issue with CFG_CRYPTO_ECC=n

Disabling ECC crypto does not disable the libtomcrypt ECC
related declarations, so CFG_CRYPTO_ECC=n gives a compilation error.

Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to each device.

KEK is fed in hardware into the AES engine inside DMSC/SMS. The efuses
carrying the KEK are marked as read and write protected. As a result,
KEK is only accessible via the AES engine in DMSC/SMS.

System Firmware provides API to obtain a key derived from KEK(DKEK) for
encryption/decryption which is accessible through TI-SCI protocol.

The DKEK will be used in K3 SOCs to initialize HUK for Secure Storage.

Adds TI_SCI_MSG_SA2UL_GET_DKEK in TISCI protocol to extract the DKEK from
K3 SOCs and initialize HUK.

Further details can be found in the TISCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip (SoC) such as those
in keystone family K3 SoC to communicate between various compute
processors with a central system controller entity.

TISCI message protocol provides support for management of various
hardware entities within the SoC. Add support driver to allow
communication with system controller entity within the SoC using the
Secure Proxy.

Introduce the basic registration and query capability for the
driver protocol as part of this change. Subsequent patches add in
functionality specific to the TI-SCI features.

Further information can be found in TI-SCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication pa

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication path from various processors
in the System on Chip(SoC) to a central System Controller.

Secure Proxy instance exposes "threads" or "proxies" which is
primary representation of "a" communication channel. Each thread is
preconfigured by System controller configuration based on SoC usage
requirements. Secure proxy by itself represents a single "queue" of
communication but allows the proxies to be independently operated.

For communication with TISCI, Secure Proxy driver is required in OP-TEE.

NOTE: Secure proxy configuration is only done by System Controller,
hence these are assumed to be pre-configured instances.

Provide the driver support for Secure Proxy and thread instances.

Tested on AM65x.

See AM65x Technical Reference Manual (SPRUID7E, April 2018)
for further details: https://www.ti.com/lit/ug/spruid7e/spruid7e.pdf

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't updated as part of this change, so
currently it doesn't compile. Fix this and get aligned with the new
naming.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: syscalls: strip tags from user space pointers

Strips the tags from user space pointers before using them.
We're relying on TCR_EL1.TCMA0=1 to make the accesses unchecked.

Acked-by: Jerome For

core: syscalls: strip tags from user space pointers

Strips the tags from user space pointers before using them.
We're relying on TCR_EL1.TCMA0=1 to make the accesses unchecked.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any o

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any overhead and the behaviour is unchanged. With
CFG_MEMTAG=y a check is performed to see if the platform can support MTE
and the API is dynamically configured accordingly. This means that it's
safe to have CFG_MEMTAG=y even for platforms not supporting MTE. There
will be some minimal overhead then, but likely not noticeable.

An entry is also added in the TEE_PROPSET_TEE_IMPLEMENTATION for a u32
property "org.trustedfirmware.optee.cpu.feat_memtag_implemented". The
property is set to a non-zero value only if CFG_CORE_MEMTAG is
configured and the underlying CPU supports FEAT_MTE.

This commit still only uses the default tag with the value 0 resulting
in unchanged pointers when accessing memory. However, all plumbing is in
place allowing for instance tagging of the heap in a later commit.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as t

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as tagged memory when supported.

Memory potentially shared with non-secure world or other firmware should
not be mapped as tagged since we don't have control over the tags then.

The mappings used by TEE_MATTR_MEM_TYPE_TAGGED is replaced by
TEE_MATTR_MEM_TYPE_CACHED if MTE isn't supported or configured.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerom

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flav

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flavor is
supported.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carr

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename mobj_get_cattr() to mobj_get_mem_type()

Renames mobj_get_cattr() to mobj_get_mem_type(). The mobj operation
get_ctype() is also renamed to get_mem_type().

This commit is only about ren

core: rename mobj_get_cattr() to mobj_get_mem_type()

Renames mobj_get_cattr() to mobj_get_mem_type(). The mobj operation
get_ctype() is also renamed to get_mem_type().

This commit is only about renaming ctype to mem_type, no changes in
behaviour.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_ocotp: initialize OCOTP driver earlier

Initialize the OCOTP driver earlier with service_init() instead of
driver_init().

With CFG_CORE_HUK_SUBKEY_COMPAT=y, tee_fs_init_key_manager() an

drivers: imx_ocotp: initialize OCOTP driver earlier

Initialize the OCOTP driver earlier with service_init() instead of
driver_init().

With CFG_CORE_HUK_SUBKEY_COMPAT=y, tee_fs_init_key_manager() and
consequently tee_otp_get_die_id() get executed earlier than the
OCOTP driver initialization. tee_fs_init_key_manager() is called by
service_init_late() routine.

On platforms featuring the OCOTP driver, the function
tee_otp_get_die_id() relies on the driver to be initialized.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm: vfp_a32: check the existence of FPU NEON by CPACR

Almost all Cortex-A processors come with a Floating-Point Unit (FPU)
and most also have a NEON unit. However, use of registers D16-D31 of
the V

arm: vfp_a32: check the existence of FPU NEON by CPACR

Almost all Cortex-A processors come with a Floating-Point Unit (FPU)
and most also have a NEON unit. However, use of registers D16-D31 of
the VFP register file depends on the processor's FPU implementation.

Arm coprocessor access control register (CPACR.D32DIS) indicates if
FPU and Advanced SIMD is implemented. Check this bit to see if the
processor is supported or not.

Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...