arm64: bti: Support building TEE core C files with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source file

arm64: bti: Support building TEE core C files with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source files compiled for TEE Core including the kernel versions
of libraries such as libutils.a will be compiled with BTI. This
also includes ldelf loader C files.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move section .note.gnu.property after .text in lds files

It is observed that clang compiler sometimes places the
.note.gnu.property at offset 0. For TA's, the loader expects
the user_ta_header at th

Move section .note.gnu.property after .text in lds files

It is observed that clang compiler sometimes places the
.note.gnu.property at offset 0. For TA's, the loader expects
the user_ta_header at that location while for ldelf,
_ldelf_start() is expected at this point. To avoid such
conflicts place this section after the text section.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use adr_l for global r/w variable threads

Replace an adr instruction with adr_l in thread_foreign_intr_exit to
make sure that the r/w global variable threads is accessible even if the
optee bi

core: use adr_l for global r/w variable threads

Replace an adr instruction with adr_l in thread_foreign_intr_exit to
make sure that the r/w global variable threads is accessible even if the
optee binary is very large.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thr

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thread.h
Source file mobj_ffa.c makes use of these two functions, hence include
kernel/thread_spmc.h header.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \
-in data -pubin -out data.crypt

pkcs11-tool --module /usr/lib/libckteec.so.0.1 \
--pin 87654321 --decrypt --id 01 \
--token-label fio --mechanism RSA-PKCS \
--input-file data.crypt > data.decrypted

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

The user we can continue to define its value so that the OP-TEE driver
only works when such OEFID is available.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mecha

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mechanism to request extra bytes to handle the
DER format.

To address this situation, this patch allocates a temporary buffer to
get the signature from the Plug-and-Trust subsystem; then, upon doing
the DER to binary conversion, copies the resulting data to the output
buffer.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: stmm: Increase the shared number of pages

Currently we only allow single page sharing for the StanAloneMM non-secure
world buffer. There are cases on EFI variables though which this isn't
eno

core: stmm: Increase the shared number of pages

Currently we only allow single page sharing for the StanAloneMM non-secure
world buffer. There are cases on EFI variables though which this isn't
enough. For example an EFI signature list (.esl) containing more than
two keys would fail since the payload is larger than a single page. So
let's bump the number to something more reasonable.

Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

show more ...

core: libtomcrypt: increase MPI_MEMPOOL_SIZE to 46kB

This value is increased because xtest pkcs11_1019 when run
in loop, leads to extensive use of memory pool which
sometimes leads to memory allocat

core: libtomcrypt: increase MPI_MEMPOOL_SIZE to 46kB

This value is increased because xtest pkcs11_1019 when run
in loop, leads to extensive use of memory pool which
sometimes leads to memory allocation failure.

Problem is the way mempool_alloc() is implemented in combination
with how it's used from ltc_ecc_projective_add_point().

mempool_alloc() has a stack like allocation scheme. When freeing
the top element that memory is returned to the pool, but if memory
further down is free it's not returned until all elements above has
been freed. If two or more elements gets allocated and freed in a
cycle they can continue to use more and more memory with nothing
returned.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5022

show more ...

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code is restricted to single core system since it rely
on the fact that no other cores can invalidate the TLB or the
I-cache. This driver will be used by PSCI to shutdown the SoC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: sam: add at91_ddr.h file with DDR register definition

This file will be used by multiple drivers and PM support.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

drivers: sam: add at91_ddr.h file with DDR register definition

This file will be used by multiple drivers and PM support.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: clk: sam: expose at91_pmc_get_base

The shutdown controller needs to access the PMC to switch the clock
using assembly code. Expose pmc base using at91_pmc_get_base.

Acked-by: Etienne Carri

drivers: clk: sam: expose at91_pmc_get_base

The shutdown controller needs to access the PMC to switch the clock
using assembly code. Expose pmc base using at91_pmc_get_base.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: clk: use while (true)

Changes clk_dt.c to use while (true) instead of while (1) for consistency
in optee_os implementation.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-

drivers: clk: use while (true)

Changes clk_dt.c to use while (true) instead of while (1) for consistency
in optee_os implementation.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: change clk_dt_get_by_*() prototype

Changes clk_dt_get_by_idx() and clk_dt_get_by_name() to return a
the TEE_Result code and use an output argument to pass back
clock reference rather t

drivers: clk: change clk_dt_get_by_*() prototype

Changes clk_dt_get_by_idx() and clk_dt_get_by_name() to return a
the TEE_Result code and use an output argument to pass back
clock reference rather than the opposite. This change makes
clk_dt_get_by_*() function more consistent with the other
OP-TEE core API functions.

Also renames clk_dt_get_by_idx() to clk_dt_get_by_index().

Updates sama5d2_clk.c and atmel_trng.c accordingly.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

lib: libutils: trace.c: make print_core_id() architecture-independent

The function print_core_id() in is calling architecture-specific routines
to retrieve the core id. It is more relevant to create

lib: libutils: trace.c: make print_core_id() architecture-independent

The function print_core_id() in is calling architecture-specific routines
to retrieve the core id. It is more relevant to create a new abstract
function trace_ext_get_core_id() in lib/libutee/trace_ext.c that needs to
be implemented in the architecture-specific code. This is similar to
print_thread_id() which calls trace_ext_get_thread_id() implemented in
core/arch/arm/kernel/trace_ext.c

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: acipher: initialize driver with the JR base address

Instead of systematically using the job ring 0 registers to initialize
the CAAM acipher drivers, use the job ring allocated to OPTE

drivers: caam: acipher: initialize driver with the JR base address

Instead of systematically using the job ring 0 registers to initialize
the CAAM acipher drivers, use the job ring allocated to OPTEE OS.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hash: initialize driver with the JR base address

Instead of systematically using the job ring 0 registers to initialize
the CAAM hash driver, use the job ring allocated to OPTEE OS.

drivers: caam: hash: initialize driver with the JR base address

Instead of systematically using the job ring 0 registers to initialize
the CAAM hash driver, use the job ring allocated to OPTEE OS.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: arm: lpae: fix build with large number of CPU cores

A compile time assertion is triggered by the following command:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_NB_CORE=128 \

core: arm: lpae: fix build with large number of CPU cores

A compile time assertion is triggered by the following command:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_TEE_CORE_NB_CORE=128 \
CFG_LPAE_ADDR_SPACE_BITS=40
In file included from core/arch/arm/mm/core_mmu_lpae.c:61:
core/arch/arm/mm/core_mmu_lpae.c: In function ‘core_init_mmu_prtn_ta_core’:
lib/libutils/isoc/include/assert.h:30:24: error: duplicate case value
30 | switch (0) { case 0: case ((x) ? 1: 0): default : break; } \
| ^~~~
core/arch/arm/mm/core_mmu_lpae.c:697:2: note: in expansion of macro ‘COMPILE_TIME_ASSERT’
697 | COMPILE_TIME_ASSERT(MAX_XLAT_TABLES <
| ^~~~~~~~~~~~~~~~~~~
lib/libutils/isoc/include/assert.h:30:16: note: previously used here
30 | switch (0) { case 0: case ((x) ? 1: 0): default : break; } \
| ^~~~
core/arch/arm/mm/core_mmu_lpae.c:697:2: note: in expansion of macro ‘COMPILE_TIME_ASSERT’
697 | COMPILE_TIME_ASSERT(MAX_XLAT_TABLES <
| ^~~~~~~~~~~~~~~~~~~
core/arch/arm/mm/core_mmu_lpae.c:708:8: warning: unused variable ‘ret’ [-Wunused-variable]
708 | bool ret = false;
| ^~~

The type used for struct mmu_partition::user_l1_table_idx, currently
uint8_t, is not wide enough. Fix the issue by using uint8_t or uint16_t
based on the value of MAX_XLAT_TABLES.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: probe drivers before/after crypto services

Changes drivers probing sequence to probe before and after core crypto
services that are initialized at service_init initcall level. It in

core: dt_driver: probe drivers before/after crypto services

Changes drivers probing sequence to probe before and after core crypto
services that are initialized at service_init initcall level. It intends
to support probing of drivers the crypto layer depends on (as those
registering to drvcrypt framework) as well as drivers that depend on
crypto services.

At early_init_late initcall level, root node is parsed and the
driver probing loop is run as prior this change. With this change
the probing loop may end-up unresolved dependencies hence another
round of driver probing is done at driver_init initcall level. Drivers
dependencies are expected to be resolved at that stage.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_c

core: dt_driver: helper for dependency on crypt service

Adds dt_driver_get_crypto() function to allow drivers to request
probe deferral when depending on core crypto services. For that purpose
tee_cryp_init() is changed to call dt_driver_crypt_init_complete() once
crypt layer initialization completes.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

driver: atmel_trng: remove wrong assertion

Remove mistakenly added assert which will always trigger in debug
mode.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <cl

driver: atmel_trng: remove wrong assertion

Remove mistakenly added assert which will always trigger in debug
mode.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: imx: fix CAAM base address for i.MX8Q platforms

Fix CAAM base address for i.MX8QM/QXP platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@

core: imx: fix CAAM base address for i.MX8Q platforms

Fix CAAM base address for i.MX8QM/QXP platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver

drivers: imx: add SC driver for i.MX8QM/QXP

Add the secure controller driver that implements:
- SCFW API
- SCU IPC functions
- SCU secure IPC initialization
The SCU driver relies on the MU driver to communicate with the security
controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_wdog: fix defined but not used with CFG_DT=n

Fix a defined but not used error when building with CFG_DT by moving
dt_wdog_match_table under the same ifdef block used by the device-tree

drivers: imx_wdog: fix defined but not used with CFG_DT=n

Fix a defined but not used error when building with CFG_DT by moving
dt_wdog_match_table under the same ifdef block used by the device-tree
block.

Acked-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: pm: fix incorrect flag check in pm_callback

Fix test error check that always return true with current
condition. The check must be done to identify if the
SUSPENDED flag has been set.

Fixes:

core: pm: fix incorrect flag check in pm_callback

Fix test error check that always return true with current
condition. The check must be done to identify if the
SUSPENDED flag has been set.

Fixes: 5920ec258f16 ("core: kernel: pm: refine suspend/resume sequence order")
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...