plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere

plat-stm32mp1: enable CRYPTO HW if available

Compile crypto framework and use CRYP1 ip if available.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: stm32: use CRYP IP for CIPHER algorithms

Add CRYP IP drivers, and add STM32 CRYP as a drvcrypt cipher provider.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-b

crypto: stm32: use CRYP IP for CIPHER algorithms

Add CRYP IP drivers, and add STM32 CRYP as a drvcrypt cipher provider.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider data

core: dt_driver: make struct dt_driver_provider opaque

Move struct dt_driver_provider from header file to source file so that
the DT driver provider internals are not exposed to core.

Provider database reference dt_driver_provider can now be internal
to dt_driver.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_dt_node_clock_probe_driver()

Move/rename clk_dt_get_from_provider() to dt_driver_probe_device_by_node()
and local helper clk_get_compatible_driver() to probe_device_by

core: dt_driver: factorize clk_dt_node_clock_probe_driver()

Move/rename clk_dt_get_from_provider() to dt_driver_probe_device_by_node()
and local helper clk_get_compatible_driver() to probe_device_by_compat().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: move probe callback to dt_driver

Move ::probe field from struct dt_driver_setup to struct dt_driver
and remove struct dt_driver_setup.

Acked-by: Jerome Forissier <jerome@forissier.

core: dt_driver: move probe callback to dt_driver

Move ::probe field from struct dt_driver_setup to struct dt_driver
and remove struct dt_driver_setup.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_dt_get_from_provider()

Implement dt_driver_device_from_node_idx_prop() for
clk_dt_get_by_idx_prop() to get target reference instance.

Move/rename clk_dt_get_from_prov

core: dt_driver: factorize clk_dt_get_from_provider()

Implement dt_driver_device_from_node_idx_prop() for
clk_dt_get_by_idx_prop() to get target reference instance.

Move/rename clk_dt_get_from_provider() to
dt_driver_device_from_provider_prop()

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize clk_get_provider_by_*()

Move rename clk_get_provider_by_{node|phandle}() to
dt_driver_get_provider_by_*().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clé

core: dt_driver: factorize clk_get_provider_by_*()

Move rename clk_get_provider_by_{node|phandle}() to
dt_driver_get_provider_by_*().

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize DT cells helper functions

Move/rename fdt_clock_cells() to fdt_get_dt_driver_cells().
and clk_dt_register_clk_provider() to dt_driver_register_provider().

Add helper func

core: dt_driver: factorize DT cells helper functions

Move/rename fdt_clock_cells() to fdt_get_dt_driver_cells().
and clk_dt_register_clk_provider() to dt_driver_register_provider().

Add helper function dt_driver_provider_cells() to get ::provider_cells
from a registered provider reference.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize DT phandle util resources

Move struct clk_dt_phandle_args and struct clk_dt_provider from clk_dt.h
to dt_driver.h and rename them to struct dt_driver_phandle_args and
stru

core: dt_driver: factorize DT phandle util resources

Move struct clk_dt_phandle_args and struct clk_dt_provider from clk_dt.h
to dt_driver.h and rename them to struct dt_driver_phandle_args and
struct dt_driver_provider.

Introduce type get_of_device_func for callback functions used to
retrieve a device instance reference from a DT phandle possible with
arguments.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: use reg_size to map virtual addresses

Use the register map size from the dt_node_info structure
to call the phys_to_virt() function.

Signed-off-by: Lionel Debieve <lionel.debiev

drivers: stm32_rng: use reg_size to map virtual addresses

Use the register map size from the dt_node_info structure
to call the phys_to_virt() function.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_uart: use reg_size to map virtual addresses

Use the register map size from the dt_node_info structure
to call the phys_to_virt() function.

Signed-off-by: Lionel Debieve <lionel.debie

drivers: stm32_uart: use reg_size to map virtual addresses

Use the register map size from the dt_node_info structure
to call the phys_to_virt() function.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_i2c: use reg_size to map virtual addresses

Use directly the register map size from the dt_node_info
structure to call the io_pa_or_va() function.

Signed-off-by: Lionel Debieve <lione

drivers: stm32_i2c: use reg_size to map virtual addresses

Use directly the register map size from the dt_node_info
structure to call the io_pa_or_va() function.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address ra

core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address range.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error cod

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error code DT_INFO_INVALID_REG_SIZE as
return in prototype. Update the current users according to this change.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Sa

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-of

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).

Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisa

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
R

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carrier

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...