core: suppress text relocation on stack_tmp_export

stack_tmp_export is a pointer so it is associated with a dynamic
relocation when position-independent code is generated (ASLR). Moreover,
this symb

core: suppress text relocation on stack_tmp_export

stack_tmp_export is a pointer so it is associated with a dynamic
relocation when position-independent code is generated (ASLR). Moreover,
this symbol is in the .identity_map section, which is part of .text after
the final link. To get rid of this TEXTREL, remove stack_tmp_export and
compute the corresponding value in assembly instead from stack_tmp and
constants defined in core/arch/arm/kernel/asm-defines.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add OPTEE_FFA_SEC_CAP_ARG_OFFSET

Adds the secure capability OPTEE_FFA_SEC_CAP_ARG_OFFSET to indicate that
OP-TEE with FF-A can support an argument struct at a non-zero offset into
a passed sha

core: add OPTEE_FFA_SEC_CAP_ARG_OFFSET

Adds the secure capability OPTEE_FFA_SEC_CAP_ARG_OFFSET to indicate that
OP-TEE with FF-A can support an argument struct at a non-zero offset into
a passed shared memory object.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add OPTEE_SMC_CALL_WITH_RPC_ARG

Adds OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG where
the struct optee_msg_arg to be used for RPC is appended in the memory
following the norm

core: add OPTEE_SMC_CALL_WITH_RPC_ARG

Adds OPTEE_SMC_CALL_WITH_RPC_ARG and OPTEE_SMC_CALL_WITH_REGD_ARG where
the struct optee_msg_arg to be used for RPC is appended in the memory
following the normal argument struct optee_msg_arg.
OPTEE_SMC_CALL_WITH_REGD_ARG only works with registered shared memory, a
cookie and an offset is used instead a physical address.

The presence OPTEE_SMC_CALL_WITH_RPC_ARG and
OPTEE_SMC_CALL_WITH_REGD_ARG is indicated by the new
OPTEE_SMC_SEC_CAP_RPC_ARG bit returned by
OPTEE_SMC_EXCHANGE_CAPABILITIES. OPTEE_SMC_EXCHANGE_CAPABILITIES also
reports the number of arguments that the RPC argument struct must have
room for.

OPTEE_SMC_CALL_WITH_RPC_ARG, OPTEE_SMC_CALL_WITH_ARG and
OPTEE_SMC_CALL_WITH_REGD_ARG can be used interleaved.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide dummy mobj_reg_shm_get_by_cookie()

Provides a dummy static inlined mobj_reg_shm_get_by_cookie() returning NULL
in case CFG_CORE_DYN_SHM=n.

Reviewed-by: Jerome Forissier <jerome@foriss

core: provide dummy mobj_reg_shm_get_by_cookie()

Provides a dummy static inlined mobj_reg_shm_get_by_cookie() returning NULL
in case CFG_CORE_DYN_SHM=n.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add missing imx6 SoC IDs to soc_is_imx6()

Add the following SoC IDs to soc_is_imx6()
- SOC_MX6SL
- SOC_MX6SLL
- SOC_MX6D

Fixes: 16e73240d ("core: imx: add CSU module")
Signed-off-by:

core: imx: add missing imx6 SoC IDs to soc_is_imx6()

Add the following SoC IDs to soc_is_imx6()
- SOC_MX6SL
- SOC_MX6SLL
- SOC_MX6D

Fixes: 16e73240d ("core: imx: add CSU module")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Add support for DEVICE_nGnRnE

Currently OP-TEE only allows non-cached memory to be mapped as
ATTR_DEVICE_nGnRE/Device. This patch adds support for
ATTR_DEVICE_nGnRnE/Strongly-ordered.

Signed-

core: Add support for DEVICE_nGnRnE

Currently OP-TEE only allows non-cached memory to be mapped as
ATTR_DEVICE_nGnRE/Device. This patch adds support for
ATTR_DEVICE_nGnRnE/Strongly-ordered.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add mattr_is_cached()

mattr_is_cached() can be used to determine if the mattr is cached or
not.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@lina

core: Add mattr_is_cached()

mattr_is_cached() can be used to determine if the mattr is cached or
not.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: change TEE_MATTR_CACHE_ to TEE_MATTR_MEM_TYPE_

Some extra memory types will be added. This patch renames all
TEE_MATTR_CACHE_ defines to TEE_MATTR_MEM_TYPE_. This will make the next
patches ea

core: change TEE_MATTR_CACHE_ to TEE_MATTR_MEM_TYPE_

Some extra memory types will be added. This patch renames all
TEE_MATTR_CACHE_ defines to TEE_MATTR_MEM_TYPE_. This will make the next
patches easier to understand.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add description for get_aslr_seed()

Adds a comment describing get_aslr_seed().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-sam: enable RTC support

Enable RTC API, RTC PTA and Atmel RTC driver for sama5d2.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-sam: enable RTC support

Enable RTC API, RTC PTA and Atmel RTC driver for sama5d2.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

dts: sama5d2: set RTC as secure

The RTC on sama5d2 is actually securing both RSTC, WDT and RTC register
access. Enable secure mode for the RTC to ensure the WDT register
accesses are secured.

Acked

dts: sama5d2: set RTC as secure

The RTC on sama5d2 is actually securing both RSTC, WDT and RTC register
access. Enable secure mode for the RTC to ensure the WDT register
accesses are secured.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to

driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to be secured, in order to still allow the RTC to be
used from non-secure world, add a driver for the RTC which will be
registered as the system RTC. The RTc PTA will then used this RTC to
set/get time from Linux using a RTC driver that uses the TEE subsystem.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

pta: add PTA for RTC

On some systems, when the RTC is secured, there is no way for the
normal world to access it. This PTA uses the RTC API to allow a
Linux OP-TEE based RTC driver to communicate wi

pta: add PTA for RTC

On some systems, when the RTC is secured, there is no way for the
normal world to access it. This PTA uses the RTC API to allow a
Linux OP-TEE based RTC driver to communicate with the RTC that is
secured.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@l

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: storage: do not check object ID buffer when its size is zero

The storage syscalls syscall_storage_obj_open(),
syscall_storage_obj_create() and syscall_storage_obj_rename() must not
call vm_che

core: storage: do not check object ID buffer when its size is zero

The storage syscalls syscall_storage_obj_open(),
syscall_storage_obj_create() and syscall_storage_obj_rename() must not
call vm_check_access_rights() on the object ID buffer when its length is
zero, because it is a valid case but vm_check_access_rights() rejects
such a buffer with TEE_ERROR_ACCESS_DENIED.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: make dirfile interface accept empty object ID

The TEE Internal Core API specification (v1.3.1) explicitly allows the
use of an empty object ID in TEE_RenamePersistentObject(). The text is:

core: FS: make dirfile interface accept empty object ID

The TEE Internal Core API specification (v1.3.1) explicitly allows the
use of an empty object ID in TEE_RenamePersistentObject(). The text is:

newObjectID, newObjectIDLen: A buffer containing the new object
identifier. The identifier contains arbitrary bytes, including the
zero byte. The identifier length SHALL be less than or equal to
TEE_OBJECT_ID_MAX_LEN and can be zero.

(note the mention: "and can be zero").

Consequently, the OP-TEE filesystem code needs to accept an empty buffer
as a valid object identifier.

The REE FS implementation is not currently compatible with this because
a null struct dirfile_entry::oidlen is considered unused (free). In
order to differentiate between a free entry and one that represents an
object with an empty name, this commit adds a condition on the first
byte of struct dirfile_entry::oid. When zero, the structure is free;
when non-zero, it is the empty object ID. A new helper function is
introduced (is_free()) and used instead of simple tests on !oidlen.

The tee_fs_dirfile_find() function is modified to be able to match the
empty object ID. It used to interpret oidlen == 0 as a request to find a
free entry; this logic is moved to an new function: tee_fs_dirfile_new().

The RPMB implementation (core/tee/tee_rpmb_fs.c) has no problem because
it stores absolute object names including the TA UUID in a FAT structure
like so: "/<TA UUID>/<Object ID in hexadecimal>". An empty object ID is
therefore not a corner case.

Link: https://github.com/OP-TEE/optee_os/issues/5171
Reported-by: Sadiq Hussain <sadiq.muchumarri@intel.com>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: rstctrl: remove stm32_rstctrl legacy API functions

Removes stm32mp1 reset controllers legacy platform API functions and
moves declaration of stm32mp_rcc_reset_id_to_rstctrl() next to the
de

drivers: rstctrl: remove stm32_rstctrl legacy API functions

Removes stm32mp1 reset controllers legacy platform API functions and
moves declaration of stm32mp_rcc_reset_id_to_rstctrl() next to the
declaration of the remaining platform helper function related to reset
controllers: stm32mp_nsec_can_access_reset().

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: stm32_cryp: use rstctrl resources

Changes stm32_cryp driver to use rstctrl resources. Driver panics
upon rstctrl_dt_get_by_index() failure, even in case of driver probe
deferral err

drivers: crypto: stm32_cryp: use rstctrl resources

Changes stm32_cryp driver to use rstctrl resources. Driver panics
upon rstctrl_dt_get_by_index() failure, even in case of driver probe
deferral error as stm32_cryp is not yet defined as a DT_DRIVER. Such
port is out of the scope this change.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi_server: use rstctrl resources

Change stm32mp1 SCMI server implementation to use rstctrl framework
to handle reset controllers.

Acked-by: Jerome Forissier <jerome@forissier.org>

plat-stm32mp1: scmi_server: use rstctrl resources

Change stm32mp1 SCMI server implementation to use rstctrl framework
to handle reset controllers.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rstctrl reset controller for stm32mp1 platforms

Implement stm32 platforms reset controller device, embedded upon
CFG_STM32_RSTCTRL=y.

The drivers exposes its reset controls to the dt

drivers: stm32_rstctrl reset controller for stm32mp1 platforms

Implement stm32 platforms reset controller device, embedded upon
CFG_STM32_RSTCTRL=y.

The drivers exposes its reset controls to the dt_driver provider and
with stm32mp1 platform legacy reset control API function:
stm32_reset_assert(), stm32_reset_deassert() and
stm32_reset_assert_deassert_mcu().

This change also removes source file stm32mp1_rcc.c that has moved
to drivers/rstctrl/stm32_rstctrl.c but stm32_rcc_base() definition
which is moved into to platform main.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plar: rcar: add initial support for Gen4

RCar Gen4 is the next generation of Renesas automotive
chips. Currently only RCar S4 on board Spider is available. This
platform has 8 CortexA55 cores with G

plar: rcar: add initial support for Gen4

RCar Gen4 is the next generation of Renesas automotive
chips. Currently only RCar S4 on board Spider is available. This
platform has 8 CortexA55 cores with GICv3.

This is patch adds minimal support, so not all Gen4 features are
available. Namely, ROM API is not supported right now, so HW RNG and
ASLR are disabled. Also, ATF does not provide DTB, so non-secure DDR
ranges are hardcoded.

Apart from that, depending on external configuration, initial
bootloader can use two different UARTs as console: either SCIF3 or
HSCIF0. Thus, CFG_RCAR_UART is introduced.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: enable GIC support

Enable GIC support in the same as it is done in other platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklande

plat: rcar: enable GIC support

Enable GIC support in the same as it is done in other platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add parameter checks for RSA signature

Add size check in the crypto driver for RSA sign and verify functions.
For both functions, the encoded message length has some size
constraint

drivers: crypto: add parameter checks for RSA signature

Add size check in the crypto driver for RSA sign and verify functions.
For both functions, the encoded message length has some size
constraints [1].

[1]: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
https://datatracker.ietf.org/doc/html/rfc3447#section-9.1.1

Fixes: f5a70e3ef ("drivers: crypto: generic resources for crypto device driver - RSA")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: Add SA settings for i.MX7DS

The Secure Access register configures the access mode for
non-TrustZone aware DMA masters. To ensure that no DMA master can read
the secure memory for OP-TEE, w

plat-imx: Add SA settings for i.MX7DS

The Secure Access register configures the access mode for
non-TrustZone aware DMA masters. To ensure that no DMA master can read
the secure memory for OP-TEE, we set access for all masters except the
ARM CP15 register to non-secure only and lock the settings afterwards.

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

show more ...

drivers: gic: replace spaces with tabs

No functional changes.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etie

drivers: gic: replace spaces with tabs

No functional changes.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...