core: FFA_SHARE: Process receiver data

Process the receiver specific data of a FFA_SHARE command.
Store the receiver and link it to the endpoints (SPs).

Signed-off-by: Jelle Sels <jelle.sels@arm.co

core: FFA_SHARE: Process receiver data

Process the receiver specific data of a FFA_SHARE command.
Store the receiver and link it to the endpoints (SPs).

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FFA_SHARE: Process FFA_MEM_SHARE message

Process a FF-A FFA_MEM_SHARE message coming from a SP or being sent
from the Normal world with one or more SPs receivers.
FFA_MEM_SHARE is used to shar

core: FFA_SHARE: Process FFA_MEM_SHARE message

Process a FF-A FFA_MEM_SHARE message coming from a SP or being sent
from the Normal world with one or more SPs receivers.
FFA_MEM_SHARE is used to share a memory region from an endpoint (SP or
normal world) with one or more endpoints in secure world(SPs).

A simplified version of the share memory transaction descriptor looks
like the following:

|-------------------|
|ffa_mem_transaction| Contains general data for the whole share
|-------------------|
|mem_access_array[0]| Contains information specific for each receiver SP
|-------------------|
|mem_access_array[1]|
|-------------------|
|mem_access_array[n]|
|-------------------|
|ffa_mem_region | Contains the memory which is shared
|-------------------|

Add sp_mem as a new memory object. Sp_mem is used to store all
information needed for a FF-A share. For each new FF-A share a sp_mem
object is created. Each share is stored inside the mem_shares list
inside sp_mem.c

The ffa_mem_transaction data is stored inside the sp_mem object.
The receivers list inside sp_mem is used to store all the
ffa_mem_region related data.
The regions list is used to store all data related to the
mem_access_array. A mobj reference is will be used to map the region
into the SPs endpoint.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

FF-A: Add macro for FF-A memory cookie bit

When creating a new cookie of the mobj_ffa a BIT64(44) was used inline.
Create a macro for it.

Signed-off-by: Jelle <jelle.sels@arm.com>
Reviewed-by: Jens

FF-A: Add macro for FF-A memory cookie bit

When creating a new cookie of the mobj_ffa a BIT64(44) was used inline.
Create a macro for it.

Signed-off-by: Jelle <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add vm_get_mobj

Return the mobj of a va.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@li

core: Add vm_get_mobj

Return the mobj of a va.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: set QSPI memories as non secure

When left unconfigured, the QSPI memories are assigned to the secure
world. However, the controller is assigned to normal world and Linux
expects to use QPS

plat-sam: set QSPI memories as non secure

When left unconfigured, the QSPI memories are assigned to the secure
world. However, the controller is assigned to normal world and Linux
expects to use QPSI memories with it which will fail because they are
not accessible. Configure them to be accessible by the normal world in
order to let Linux handle the QSPI controller properly.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following re

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following resources/peripherals:
- RNG
- Peripheral owernership
- Clocks

To allocate and initialize the CAAM, the driver relies on the
MU driver and a secure controller API to communicate with the
security controller.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT code for CAAM RNG initialization status.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-imx: add Advantech RSB-3720 board support

Support for Advantech RSB-3720 board (imx8mp).
(PLATFORM=imx-mx8mp_rsb3720_6g)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: J

plat-imx: add Advantech RSB-3720 board support

Support for Advantech RSB-3720 board (imx8mp).
(PLATFORM=imx-mx8mp_rsb3720_6g)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

qemu: enable testing of notifications using the console

When asynchronous notifications are enabled the console driver in qemu
is configured as a top half and bottom half driver allowing basic
testi

qemu: enable testing of notifications using the console

When asynchronous notifications are enabled the console driver in qemu
is configured as a top half and bottom half driver allowing basic
testing of the notification framework.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top half runs in secure interrupt context and a
notifications tells normal world to schedule a yielding call to do the
bottom half processing.

The protocol is defined in optee_msg.h optee_rpc_cmd.h and optee_smc.h.

A notification consists of a 32-bit value which normal world can
retrieve using a fastcall into secure world. OP-TEE is currently only
supporting the value 0-63 where 0 has a special meaning. When 0 is sent
it means that normal world is supposed to make a yielding call
OPTEE_MSG_CMD_DO_BOTTOM_HALF.

The notification framework in OP-TEE defines an interface where drivers
can register a callback which is called on each yielding bottom half
call.

Notification capability is negotiated with the normal world while it
initializes its driver. If both sides supports these notifications then
they are enabled.

CFG_CORE_ASYNC_NOTIF_GIC_INTID is added to define the hardware interrupt
used to notify normal world. This is added to the DTB in case OP-TEE can
is configured with CFG_DT=y. Other cases requires the normal world DTB
to be kept in sync with this.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICA

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICATION in order to match the new interface.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerom

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_smc.h: clarify calls with struct optee_msg_arg

Clarifies the responsibilities of the caller when calling with struct
optee_msg_arg as argument.

Reviewed-by: Jerome Forissier <jerome@for

core: optee_smc.h: clarify calls with struct optee_msg_arg

Clarifies the responsibilities of the caller when calling with struct
optee_msg_arg as argument.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: bti: fail link phase if some objects do not support BTI

Adds the proper linker options (-z force-bti --fatal-warnings) to fail
the link if some object files lack the BTI feature bit when BTI

arm64: bti: fail link phase if some objects do not support BTI

Adds the proper linker options (-z force-bti --fatal-warnings) to fail
the link if some object files lack the BTI feature bit when BTI is
requested (CFG_CORE_BTI=Y, CFG_TA_BTI=y). The options are added for
tee.elf, ldelf.elf, in-tree TAs, in-tree user space shared libraries
(CFG_ULIBS_SHARED=y) as well as for external TAs and shared libraries
built with the dev kit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is

core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is set true only if CFG_TA_BTI is configured and
the underlying CPU supports FEAT_BTI.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructio

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructions
that are not the intended target of a branch. The executable pages need
to be marked as guarded to ensure that BTI doesn't execute as NOP.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: bti: Support building user mode libraries with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source f

arm64: bti: Support building user mode libraries with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source files compiled for user mode libraries or Trusted Application
will be compiled with BTI.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm : Enable GP bit for kernel mapping for userspace

Mark the kernel pages mapped in userspace as guarded.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier

core: mm : Enable GP bit for kernel mapping for userspace

Mark the kernel pages mapped in userspace as guarded.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ldelf: Enable GP bit when creating mapping for ldelf

Since ldelf loader is compiled with BTI if CFG_CORE_BTI is enabled,
mark the GP bit when creating mapping for ldelf in user space.

Signed-

core: ldelf: Enable GP bit when creating mapping for ldelf

Since ldelf loader is compiled with BTI if CFG_CORE_BTI is enabled,
mark the GP bit when creating mapping for ldelf in user space.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will b

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will be used
when creating mapping for user space.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: Add support for reading register ID_AA64PFR1_EL1

Register ID_AA64PFR1_EL1 provides information about
implemented PE features in AArch64 state. Read it to determine
if BTI mechanism is support

arm64: Add support for reading register ID_AA64PFR1_EL1

Register ID_AA64PFR1_EL1 provides information about
implemented PE features in AArch64 state. Read it to determine
if BTI mechanism is supported or not.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add BTI launch pads in aarch64 assembly files

Compiler adds BTI launchpads only in C source files. For
assembly files, BTI launchpad is also required at locations
where "br" is used and at the start

Add BTI launch pads in aarch64 assembly files

Compiler adds BTI launchpads only in C source files. For
assembly files, BTI launchpad is also required at locations
where "br" is used and at the start of the functions. This
needs to be added manually.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asm.S : Introduce parameter _bti in FUNC's

There are few places where the original macros FUNC and LOCAL_FUNC
are used to define vector tables or exception vector tables.
To take care of s

libutils: asm.S : Introduce parameter _bti in FUNC's

There are few places where the original macros FUNC and LOCAL_FUNC
are used to define vector tables or exception vector tables.
To take care of such assembly code where BTI is not needed,
introduce new parameter _bti. If the _bti passed to the
function is not default, don't add BTI launchpad to the function.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...