zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Sa

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-of

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).

Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisa

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
R

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carrier

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.c

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: socket: enable TA to query recv out buffer

Propagate out size for socket recv event when it's larger than the
supplied in size. Also enable passing a NULL buffer while querying the
size o

core: pta: socket: enable TA to query recv out buffer

Propagate out size for socket recv event when it's larger than the
supplied in size. Also enable passing a NULL buffer while querying the
size of the buffer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix ASLR problem with short-descriptor table mappings

With short-descriptor table mappings, that is without LPAE, the user va
range is defined at the lowest addresses. Depending on the seed su

core: fix ASLR problem with short-descriptor table mappings

With short-descriptor table mappings, that is without LPAE, the user va
range is defined at the lowest addresses. Depending on the seed supplied
this could conflict with chosen base address for core mappings. Add a
check early in assign_mem_va() to avoid such conflicts.

Without this patch there's a risk of occasional panics like:
E/TC:0 0 Panic 'issue in linear address space' at core/arch/arm/mm/core_mmu.c:2147 <check_pa_matches_va>
E/TC:0 0 TEE load address @ 0xa34000
E/TC:0 0 Call stack:
E/TC:0 0 0x00a3a901

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: zynqmp: register ddr for dyn shm support

Register DDR based on the DRAM base and size definitions from
platform_config.h for supporting dynamic shared memory usage.

Acked-by: Jens Wiklander <

plat: zynqmp: register ddr for dyn shm support

Register DDR based on the DRAM base and size definitions from
platform_config.h for supporting dynamic shared memory usage.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

drivers: crypto: rsa/ecc/dsa: input parameter validation

To comply with the PKCS#11 convention for functions returning output
in a variable-length buffer, prefer to check the required size of the
ou

drivers: crypto: rsa/ecc/dsa: input parameter validation

To comply with the PKCS#11 convention for functions returning output
in a variable-length buffer, prefer to check the required size of the
output buffer before the existence of the output buffer itself.

This will save callers from having to allocate a buffer that might not
be used.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

drivers: clk: rename setup callback to probe

Rename clock core and fixed_clk setup functions to probe functions and
update in-line description as per handler description in the framework.

Acked-by:

drivers: clk: rename setup callback to probe

Rename clock core and fixed_clk setup functions to probe functions and
update in-line description as per handler description in the framework.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: rename clk_dt_get_fn to clk_dt_get_func

Rename type clk_dt_get_fn to clk_dt_get_func for consistency in OP-TEE
OS implementation where all other function prototype type definitions
use

drivers: clk: rename clk_dt_get_fn to clk_dt_get_func

Rename type clk_dt_get_fn to clk_dt_get_func for consistency in OP-TEE
OS implementation where all other function prototype type definitions
use _func as suffix.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta/bcm/elog: add missing buffer size check

Adds a missing buffer size check in pta_elog_load_nitro_fw(). This
prevents writing beyond the memory range reserved for the nitro
firmware.

Fixes:

core: pta/bcm/elog: add missing buffer size check

Adds a missing buffer size check in pta_elog_load_nitro_fw(). This
prevents writing beyond the memory range reserved for the nitro
firmware.

Fixes: e605fbdfd7a0 ("pta: bcm: Add PTA to handle Broadcom error logs")
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: implement clk_is_enabled()

Add clock API function clk_is_enabled(). It is not very useful at
runtime since clock state can change at any time. The API function
is useful during specifi

drivers: clk: implement clk_is_enabled()

Add clock API function clk_is_enabled(). It is not very useful at
runtime since clock state can change at any time. The API function
is useful during specific system sequences where OP-TEE core knows
is executes atomically (primary core boot, low power sequences).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: add platform data per compatible identifier

Add a platform data reference field in struct dt_device_match so
that a driver knows data related to the compatible it is probed for.

Signe

drivers: clk: add platform data per compatible identifier

Add a platform data reference field in struct dt_device_match so
that a driver knows data related to the compatible it is probed for.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: enable CFG_GENERATE_DTB_OVERLAY by default

Since at91bootstrap load u-boot without device-tree, the only way to pass
information to U-Boot is to use a DTB overlay. This overlay is then
mer

plat-sam: enable CFG_GENERATE_DTB_OVERLAY by default

Since at91bootstrap load u-boot without device-tree, the only way to pass
information to U-Boot is to use a DTB overlay. This overlay is then
merged by U-Boot into the Linux dtb.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: remove unused CFG_DRAM_SIZE config option

This define was used in an older version but not anymore.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <

plat-sam: remove unused CFG_DRAM_SIZE config option

This define was used in an older version but not anymore.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: allow using sama5d2_xplained instead of sama5d2xult

sama5d2_xplained is used in various software (U-Boot, Linux, etc). Allow
using it and deprecate sama5d2xult.

Acked-by: Etienne Carriere

plat-sam: allow using sama5d2_xplained instead of sama5d2xult

sama5d2_xplained is used in various software (U-Boot, Linux, etc). Allow
using it and deprecate sama5d2xult.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: add sama5d27-som1-ek board support and change default platform

sama5d2 xplained board is going to be deprecated. Switch to a board
that is going to be supported for a longer period, sama5d

plat-sam: add sama5d27-som1-ek board support and change default platform

sama5d2 xplained board is going to be deprecated. Switch to a board
that is going to be supported for a longer period, sama5d27_som1_ek.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...