driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to

driver: atmel_rtc: add driver for atmel RTC

On sama5d2, the RTC is included in a larger block of devices that can
only be secured as a whole (RSTC, WDT, etc). Since these other
peripherals needs to be secured, in order to still allow the RTC to be
used from non-secure world, add a driver for the RTC which will be
registered as the system RTC. The RTc PTA will then used this RTC to
set/get time from Linux using a RTC driver that uses the TEE subsystem.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

pta: add PTA for RTC

On some systems, when the RTC is secured, there is no way for the
normal world to access it. This PTA uses the RTC API to allow a
Linux OP-TEE based RTC driver to communicate wi

pta: add PTA for RTC

On some systems, when the RTC is secured, there is no way for the
normal world to access it. This PTA uses the RTC API to allow a
Linux OP-TEE based RTC driver to communicate with the RTC that is
secured.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@l

drivers: rtc: add RTC API

This API allows to interact with a RTC registered as the system RTC.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: storage: do not check object ID buffer when its size is zero

The storage syscalls syscall_storage_obj_open(),
syscall_storage_obj_create() and syscall_storage_obj_rename() must not
call vm_che

core: storage: do not check object ID buffer when its size is zero

The storage syscalls syscall_storage_obj_open(),
syscall_storage_obj_create() and syscall_storage_obj_rename() must not
call vm_check_access_rights() on the object ID buffer when its length is
zero, because it is a valid case but vm_check_access_rights() rejects
such a buffer with TEE_ERROR_ACCESS_DENIED.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: make dirfile interface accept empty object ID

The TEE Internal Core API specification (v1.3.1) explicitly allows the
use of an empty object ID in TEE_RenamePersistentObject(). The text is:

core: FS: make dirfile interface accept empty object ID

The TEE Internal Core API specification (v1.3.1) explicitly allows the
use of an empty object ID in TEE_RenamePersistentObject(). The text is:

newObjectID, newObjectIDLen: A buffer containing the new object
identifier. The identifier contains arbitrary bytes, including the
zero byte. The identifier length SHALL be less than or equal to
TEE_OBJECT_ID_MAX_LEN and can be zero.

(note the mention: "and can be zero").

Consequently, the OP-TEE filesystem code needs to accept an empty buffer
as a valid object identifier.

The REE FS implementation is not currently compatible with this because
a null struct dirfile_entry::oidlen is considered unused (free). In
order to differentiate between a free entry and one that represents an
object with an empty name, this commit adds a condition on the first
byte of struct dirfile_entry::oid. When zero, the structure is free;
when non-zero, it is the empty object ID. A new helper function is
introduced (is_free()) and used instead of simple tests on !oidlen.

The tee_fs_dirfile_find() function is modified to be able to match the
empty object ID. It used to interpret oidlen == 0 as a request to find a
free entry; this logic is moved to an new function: tee_fs_dirfile_new().

The RPMB implementation (core/tee/tee_rpmb_fs.c) has no problem because
it stores absolute object names including the TA UUID in a FAT structure
like so: "/<TA UUID>/<Object ID in hexadecimal>". An empty object ID is
therefore not a corner case.

Link: https://github.com/OP-TEE/optee_os/issues/5171
Reported-by: Sadiq Hussain <sadiq.muchumarri@intel.com>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: rstctrl: remove stm32_rstctrl legacy API functions

Removes stm32mp1 reset controllers legacy platform API functions and
moves declaration of stm32mp_rcc_reset_id_to_rstctrl() next to the
de

drivers: rstctrl: remove stm32_rstctrl legacy API functions

Removes stm32mp1 reset controllers legacy platform API functions and
moves declaration of stm32mp_rcc_reset_id_to_rstctrl() next to the
declaration of the remaining platform helper function related to reset
controllers: stm32mp_nsec_can_access_reset().

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: stm32_cryp: use rstctrl resources

Changes stm32_cryp driver to use rstctrl resources. Driver panics
upon rstctrl_dt_get_by_index() failure, even in case of driver probe
deferral err

drivers: crypto: stm32_cryp: use rstctrl resources

Changes stm32_cryp driver to use rstctrl resources. Driver panics
upon rstctrl_dt_get_by_index() failure, even in case of driver probe
deferral error as stm32_cryp is not yet defined as a DT_DRIVER. Such
port is out of the scope this change.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi_server: use rstctrl resources

Change stm32mp1 SCMI server implementation to use rstctrl framework
to handle reset controllers.

Acked-by: Jerome Forissier <jerome@forissier.org>

plat-stm32mp1: scmi_server: use rstctrl resources

Change stm32mp1 SCMI server implementation to use rstctrl framework
to handle reset controllers.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rstctrl reset controller for stm32mp1 platforms

Implement stm32 platforms reset controller device, embedded upon
CFG_STM32_RSTCTRL=y.

The drivers exposes its reset controls to the dt

drivers: stm32_rstctrl reset controller for stm32mp1 platforms

Implement stm32 platforms reset controller device, embedded upon
CFG_STM32_RSTCTRL=y.

The drivers exposes its reset controls to the dt_driver provider and
with stm32mp1 platform legacy reset control API function:
stm32_reset_assert(), stm32_reset_deassert() and
stm32_reset_assert_deassert_mcu().

This change also removes source file stm32mp1_rcc.c that has moved
to drivers/rstctrl/stm32_rstctrl.c but stm32_rcc_base() definition
which is moved into to platform main.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plar: rcar: add initial support for Gen4

RCar Gen4 is the next generation of Renesas automotive
chips. Currently only RCar S4 on board Spider is available. This
platform has 8 CortexA55 cores with G

plar: rcar: add initial support for Gen4

RCar Gen4 is the next generation of Renesas automotive
chips. Currently only RCar S4 on board Spider is available. This
platform has 8 CortexA55 cores with GICv3.

This is patch adds minimal support, so not all Gen4 features are
available. Namely, ROM API is not supported right now, so HW RNG and
ASLR are disabled. Also, ATF does not provide DTB, so non-secure DDR
ranges are hardcoded.

Apart from that, depending on external configuration, initial
bootloader can use two different UARTs as console: either SCIF3 or
HSCIF0. Thus, CFG_RCAR_UART is introduced.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: enable GIC support

Enable GIC support in the same as it is done in other platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklande

plat: rcar: enable GIC support

Enable GIC support in the same as it is done in other platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add parameter checks for RSA signature

Add size check in the crypto driver for RSA sign and verify functions.
For both functions, the encoded message length has some size
constraint

drivers: crypto: add parameter checks for RSA signature

Add size check in the crypto driver for RSA sign and verify functions.
For both functions, the encoded message length has some size
constraints [1].

[1]: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
https://datatracker.ietf.org/doc/html/rfc3447#section-9.1.1

Fixes: f5a70e3ef ("drivers: crypto: generic resources for crypto device driver - RSA")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: Add SA settings for i.MX7DS

The Secure Access register configures the access mode for
non-TrustZone aware DMA masters. To ensure that no DMA master can read
the secure memory for OP-TEE, w

plat-imx: Add SA settings for i.MX7DS

The Secure Access register configures the access mode for
non-TrustZone aware DMA masters. To ensure that no DMA master can read
the secure memory for OP-TEE, we set access for all masters except the
ARM CP15 register to non-secure only and lock the settings afterwards.

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

show more ...

drivers: gic: replace spaces with tabs

No functional changes.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etie

drivers: gic: replace spaces with tabs

No functional changes.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat: arm: refactor GIC initialization

All platforms (except STM32MP1) follow the same pattern during GIC
initialization: get virtual addresses for distributor (and optionally,
for CPU interface), c

plat: arm: refactor GIC initialization

All platforms (except STM32MP1) follow the same pattern during GIC
initialization: get virtual addresses for distributor (and optionally,
for CPU interface), check that they are not NULL, call either
gic_init() or gic_init_base_addr().

We can move most of this logic into gic_init_base_addr(), while
platform-specific code will supply only base physical addresses for
distributor and CPU interface. This will simplify and align platform
code.

ST32MP1 had more complex logic, as it used io_pa_or_va_secure() to get
MMIO range addresses. However, as main_init_gic() called
assert(cpu_mmu_enabled()), there is no sense in using
io_pa_or_va_secure(), because we already ensured that VA will be
always used. Thus assert() call was moved to gic_init_base_addr(), and
STM32MP1 were aligned with other platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_gpio: Fix register access before enabling clocks

The valid_gpio_config() function accesses the GPIO register
before the clock is enabled, which leads to the assert always
failing when

drivers: stm32_gpio: Fix register access before enabling clocks

The valid_gpio_config() function accesses the GPIO register
before the clock is enabled, which leads to the assert always
failing when using stm32_gpio_set_output_level().

Signed-off-by: Loïc Bauer <loic.bauer@socomec.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: panic on initialization error

Failure to initialize the SE05x device is a critical operation as it will
effectively disable ciphers configured at build time.

This also match

drivers: crypto: se050: panic on initialization error

Failure to initialize the SE05x device is a critical operation as it will
effectively disable ciphers configured at build time.

This also matches the behaviour implemented by the other crypto drivers.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: fix GIC offset for ls1043a rev1 and rev1.1

GIC offsets are different on ls1043a depending of the SoC revision
1 or 1.1

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by

core: ls: fix GIC offset for ls1043a rev1 and rev1.1

GIC offsets are different on ls1043a depending of the SoC revision
1 or 1.1

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: remove CAAM endianness definitions from conf.mk

Remove CAAM endianness definition (CFG_CAAM_LITTLE_ENDIAN and
CFG_CAAM_BIG_ENDIAN) from conf.mk as it is already defined in
crypto_conf.mk

core: ls: remove CAAM endianness definitions from conf.mk

Remove CAAM endianness definition (CFG_CAAM_LITTLE_ENDIAN and
CFG_CAAM_BIG_ENDIAN) from conf.mk as it is already defined in
crypto_conf.mk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto/aspeed: ast2600: Add HACE HW hash support

Aspeed AST2600 Hash and Crypto Engine (HACE) is designated to
accelerate the throughput of hash and symmetric encryption/decryption.

This patch adds

crypto/aspeed: ast2600: Add HACE HW hash support

Aspeed AST2600 Hash and Crypto Engine (HACE) is designated to
accelerate the throughput of hash and symmetric encryption/decryption.

This patch adds the driver support for AST2600 HACE to provide
HW-assisted hash for the SHA family. The initial driver structure
for Aspeed crypto engines is also constructed.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: change return type for tee_entry_std() TEE_Result

Changes the return type for the function tee_entry_std() to TEE_Result
in order to make it independent of optee_smc.h. tee_entry_std() is also

core: change return type for tee_entry_std() TEE_Result

Changes the return type for the function tee_entry_std() to TEE_Result
in order to make it independent of optee_smc.h. tee_entry_std() is also
called from yielding_call_with_arg() and it doesn't make sense for that
function to return values based on the SMC ABI.

With this we're doing an ABI change for FF-A, but that should not make a
difference for the driver since that only test for 0 or !0. In addition
if !0 is returned the communication has broken down completely so there
not much left to recover from. Note that this patch does not require
changes in the Linux kernel driver.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove references to OPTEE_SMC_SHM_CACHED

Removes references to OPTEE_SMC_SHM_CACHED in architecture independent
code, the references are replaces by TEE_MATTR_CACHE_CACHED which is
more accur

core: remove references to OPTEE_SMC_SHM_CACHED

Removes references to OPTEE_SMC_SHM_CACHED in architecture independent
code, the references are replaces by TEE_MATTR_CACHE_CACHED which is
more accurate.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move NOTIF_VALUE_DO_BOTTOM_HALF assert to thread_optee_smc.c

Moves the compile assertion that NOTIF_VALUE_DO_BOTTOM_HALF matches
OPTEE_SMC_ASYNC_NOTIF_VALUE_DO_BOTTOM_HALF in core/kernel/notif

core: move NOTIF_VALUE_DO_BOTTOM_HALF assert to thread_optee_smc.c

Moves the compile assertion that NOTIF_VALUE_DO_BOTTOM_HALF matches
OPTEE_SMC_ASYNC_NOTIF_VALUE_DO_BOTTOM_HALF in core/kernel/notif.c to
core/arch/arm/kernel/thread_optee_smc.c to keep dependencies to
optee_smc.h in architecture specific code.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm.c: don't include sm/optee_smc.h

sm/optee_smc.h isn't needed in this file any longer so remove the
include statement.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Je

core: vm.c: don't include sm/optee_smc.h

sm/optee_smc.h isn't needed in this file any longer so remove the
include statement.

Acked-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: fix the RSA public key size for TA signature verification

The size of the RSA public key allocation should be based on the modulus
size in bits.

Fixes: 064663e8b ("core: crypto: add s

core: crypto: fix the RSA public key size for TA signature verification

The size of the RSA public key allocation should be based on the modulus
size in bits.

Fixes: 064663e8b ("core: crypto: add struct shdr helper functions")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...