plat-totalcompute: Add OP-TEE SP manifest file

Add Secure Partition manifest file. This file is used when OP-TEE is build
with CFG_CORE_SEL2_SPMC support when creating the SP binary image.

Signed-o

plat-totalcompute: Add OP-TEE SP manifest file

Add Secure Partition manifest file. This file is used when OP-TEE is build
with CFG_CORE_SEL2_SPMC support when creating the SP binary image.

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-totalcompute: define tzdram start address for S-EL1 SPMC config

Define TZDRAM_START for CFG_CORE_SEL1_SPMC config

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Reviewed-

plat-totalcompute: define tzdram start address for S-EL1 SPMC config

Define TZDRAM_START for CFG_CORE_SEL1_SPMC config

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: Total Compute platform support

Initial support for Total Compute platform[1]
- defines tc0 platform configuration
- enables CFG_ARM64_core by default
- defines TZCDRAM_BASE

L

core: arm: Total Compute platform support

Initial support for Total Compute platform[1]
- defines tc0 platform configuration
- enables CFG_ARM64_core by default
- defines TZCDRAM_BASE

Link: [1] https://community.arm.com/developer/tools-software/oss-platforms/w/docs/606/total-compute

Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: remove redundant mobj_put() in vm_map_pad()

When mobj_get_cattr() fails vm_map_pad() doesn't need to
call mobj_put() which is expected to balance mobj_get() called
only after mobj_get_catt

core: mm: remove redundant mobj_put() in vm_map_pad()

When mobj_get_cattr() fails vm_map_pad() doesn't need to
call mobj_put() which is expected to balance mobj_get() called
only after mobj_get_cattr() succeeds. The issue was introduced
in release 3.8.0 with struct mobj reference counting.

Signed-off-by: Gavin Liu <Gavin.Liu@mediatek.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: optimize speed of AES CBC MAC

The current AES CBC MAC implementation invokes the AES CBC algorithm via
crypto_cipher_update() for each 16-byte block of the input data. This
can be inefficien

crypto: optimize speed of AES CBC MAC

The current AES CBC MAC implementation invokes the AES CBC algorithm via
crypto_cipher_update() for each 16-byte block of the input data. This
can be inefficient especially with hardware accelerated implementations
which may have a significant overhead (I am thinking of proprietary
implementations of MBed TLS for example).

This commit introduces a new config option:
CFG_CRYPTO_CBC_MAC_BUNDLE_BLOCKS (default 64) which allows to bundle
several 16-byte blocks of input data when calling the AES CBC function.
Therefore with the default value, data are processed 1 KB at a time
(assuming the caller provides enough data of course). There is a small
memory overhead (malloc) of the same size at most.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat-ls: ls1012a: Fix GIC offset

The GIC offset for LS1012A is different than the one for
LS1043A and LS1046A.
Fixing for LS1012A

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Si

core: plat-ls: ls1012a: Fix GIC offset

The GIC offset for LS1012A is different than the one for
LS1043A and LS1046A.
Fixing for LS1012A

Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: increase CFG_DTB_MAX_SIZE to 256KiB

On stm32mp1 platform the external DTB that may be passed by former
boot stage may overflow the default 64kB of CFG_DTB_MAX_SIZE hence
increase it t

plat-stm32mp1: increase CFG_DTB_MAX_SIZE to 256KiB

On stm32mp1 platform the external DTB that may be passed by former
boot stage may overflow the default 64kB of CFG_DTB_MAX_SIZE hence
increase it to 256kB which is reasonable for that platform.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix shres2str_state() prototype

Reported by GCC-10.2 when build plat-stm32mp1 with CFG_TEE_CORE_LOG_LEVEL=3.

core/arch/arm/plat-stm32mp1/shared_resources.c: In function ‘register_per

plat-stm32mp1: fix shres2str_state() prototype

Reported by GCC-10.2 when build plat-stm32mp1 with CFG_TEE_CORE_LOG_LEVEL=3.

core/arch/arm/plat-stm32mp1/shared_resources.c: In function ‘register_periph’:
core/arch/arm/plat-stm32mp1/shared_resources.c:212:24: warning: implicit conversion from ‘enum shres_state’ to ‘enum stm32mp_shres’ [-Wenum-conversion]
212 | shres2str_state(state));
| ^~~~~

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: increase CFG_DTB_MAX_SIZE to 128KiB

On imx6q, imx6qp, imx6dl and imx7d platforms, we get the following error
at boot:

E/TC:0 0 init_external_dt:1099 Invalid Device Tree at 0x18000000: er

core: imx: increase CFG_DTB_MAX_SIZE to 128KiB

On imx6q, imx6qp, imx6dl and imx7d platforms, we get the following error
at boot:

E/TC:0 0 init_external_dt:1099 Invalid Device Tree at 0x18000000: error -3

i.MX device trees compiled with _symbols_ nodes makes DTB bigger than 56KiB.
Increase the CFG_DTB_MAX_SIZE from 56KiB to 128KiB for all imx6 and imx7
platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-marvell: Add support for OcteonTX2 CNF95xx and CN98xx

Add support for OcteonTX2 CNF95xx and CN98xx platforms
from Marvell.

Signed-off-by: Anil Kumar Reddy <areddy3@marvell.com>
Acked-by: Jerom

plat-marvell: Add support for OcteonTX2 CNF95xx and CN98xx

Add support for OcteonTX2 CNF95xx and CN98xx platforms
from Marvell.

Signed-off-by: Anil Kumar Reddy <areddy3@marvell.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-marvell: Add support for OcteonTX2 CN96xx SoC

Add support for OcteonTX2 CN96xx SoC from Marvell.

Only tested 64-bit mode with default configurations:

1. Build command
make PLATFORM=marvell-o

plat-marvell: Add support for OcteonTX2 CN96xx SoC

Add support for OcteonTX2 CN96xx SoC from Marvell.

Only tested 64-bit mode with default configurations:

1. Build command
make PLATFORM=marvell-otx2t96
2. Passed xtest

Signed-off-by: Bharat Bhushan <bbhushan2@marvell.com>
Signed-off-by: Anil Kumar Reddy <areddy3@marvell.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: support i2c4

Extend the driver functionality to support i2c4

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: De

drivers: imx_i2c: support i2c4

Extend the driver functionality to support i2c4

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadiga01@gmail.com>

show more ...

plat-imx: registers: i2c: support i2c4

Add required definitions to support i2c4

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: D

plat-imx: registers: i2c: support i2c4

Add required definitions to support i2c4

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Devendra Devadiga <devendradevadiga01@gmail.com>

show more ...

drivers: imx_i2c: fix support for MX8MQ

Add missing config required to enable the support

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadiga01

drivers: imx_i2c: fix support for MX8MQ

Add missing config required to enable the support

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadiga01@gmail.com>

show more ...

plat-imx: registers: imx6: fix i2c3 base address

Fix the base address of the I2C3 controller

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadig

plat-imx: registers: imx6: fix i2c3 base address

Fix the base address of the I2C3 controller

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadiga01@gmail.com>

show more ...

core: plat-ls: generate tee-raw.bin

LS Platforms use RAW OP-TEE binary, but it is not getting
generated by default for platforms.
So added code for generating it by default for LS platforms.

Signed

core: plat-ls: generate tee-raw.bin

LS Platforms use RAW OP-TEE binary, but it is not getting
generated by default for platforms.
So added code for generating it by default for LS platforms.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

core: clear temporary stack flag before entering boot_init_primary_late()

boot_init_primary_late() uses the stack of thread 0, so the flag that
indicates usage of the temporary stack must be cleared

core: clear temporary stack flag before entering boot_init_primary_late()

boot_init_primary_late() uses the stack of thread 0, so the flag that
indicates usage of the temporary stack must be cleared in the current
core's thread_core_local structure.

Fixes the following crash when CFG_CORE_DEBUG_CHECK_STACKS=y:

D/TC:0 0 select_vector:1126 SMCCC_ARCH_WORKAROUND_1 (0x80008000) available
D/TC:0 0 select_vector:1128 SMC Workaround for CVE-2017-5715 used
D/TC:0 0 check_stack_limits:370 Stack pointer out of range (0xb7f54fd0)
D/TC:0 0 print_stack_limits:346 tmp [0] 0xb7f57c90..0xb7f584b0
D/TC:0 0 print_stack_limits:346 tmp [1] 0xb7f58ad0..0xb7f592f0
D/TC:0 0 print_stack_limits:346 tmp [2] 0xb7f59910..0xb7f5a130
D/TC:0 0 print_stack_limits:346 tmp [3] 0xb7f5a750..0xb7f5af70
D/TC:0 0 print_stack_limits:351 abt [0] 0xb7f4e710..0xb7f4f330
D/TC:0 0 print_stack_limits:351 abt [1] 0xb7f4f950..0xb7f50570
D/TC:0 0 print_stack_limits:351 abt [2] 0xb7f50b90..0xb7f517b0
D/TC:0 0 print_stack_limits:351 abt [3] 0xb7f51dd0..0xb7f529f0
D/TC:0 0 print_stack_limits:356 thr [0] 0xb7f53030..0xb7f55030
D/TC:0 0 print_stack_limits:356 thr [1] 0xb7f55670..0xb7f57670
E/TC:0 0 Panic at core/arch/arm/kernel/thread.c:372 <check_stack_limits>

Fixes: 59ac3801b756 ("core: split boot_init_primary()")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: use adr_l to reference stack_tmp_stride

When CFG_NUM_THREADS and/or CFG_TEE_CORE_NB_CORE become large enough,
link errors are reported:

$ make -s CFG_TEE_CORE_NB_CORE=48 CFG_NUM_THREA

core: arm64: use adr_l to reference stack_tmp_stride

When CFG_NUM_THREADS and/or CFG_TEE_CORE_NB_CORE become large enough,
link errors are reported:

$ make -s CFG_TEE_CORE_NB_CORE=48 CFG_NUM_THREADS=48 \
PLATFORM=vexpress-qemu_armv8a
out/arm-plat-vexpress/core/arch/arm/kernel/entry_a64.o: in function `clear_bss':
core/arch/arm/kernel/entry_a64.S:160:(.text._start+0x98): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `stack_tmp_stride' defined in .identity_map.stack_tmp_stride section in out/arm-plat-vexpress/core/arch/arm/kernel/thread.o
out/arm-plat-vexpress/core/arch/arm/kernel/entry_a64.o: in function `cpu_on_handler':
core/arch/arm/kernel/entry_a64.S:443:(.text.cpu_on_handler+0x50): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `stack_tmp_stride' defined in .identity_map.stack_tmp_stride section in out/arm-plat-vexpress/core/arch/arm/kernel/thread.o

Fix the issue by replacing the addr instruction with the adr_l macro.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: entry_a64.S: use adr_l macro instead of open coding

Replace the open-coded adrp + add :lo12: in set_sp with the macro that
does the very same thing (adr_l).

Signed-off-by: Jerome Forissier <j

core: entry_a64.S: use adr_l macro instead of open coding

Replace the open-coded adrp + add :lo12: in set_sp with the macro that
does the very same thing (adr_l).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mm: split mobj_tee_ram onto rw/rx parts

Now mobj_tee_ram memory abstraction contains both TEE_RAM_RX and TEE_RAM_RW
regions joined together. This patch splits it to mobj_tee_ram_rx and
mobj_tee_ram_

mm: split mobj_tee_ram onto rw/rx parts

Now mobj_tee_ram memory abstraction contains both TEE_RAM_RX and TEE_RAM_RW
regions joined together. This patch splits it to mobj_tee_ram_rx and
mobj_tee_ram_rw to manage RX/RW memory objects separately.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Rybakov <a.rybakov@omp.ru>

show more ...

hikey, hikey960: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is

hikey, hikey960: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is based on the ION allocator, which was removed from the kernel.

Therefore, disable SDP support by default.

Link: [1] https://github.com/linaro-swg/linux/tree/optee-v5.12-20210628
Link: [2] https://github.com/OP-TEE/optee_test/blob/3.13.0/host/xtest/regression_1000.c#L1220-L1263
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: csu: RNGB TZ reservation on imx6ull/sl/sll

Reserve the RNGB to the TrustZone.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutron

drivers: csu: RNGB TZ reservation on imx6ull/sl/sll

Reserve the RNGB to the TrustZone.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: REE FS: report earlier unexpected REE FS reset

When REE FS dirf.db file is not found but RPMB stores a hash for
that file it means the REE FS was tampered. This change makes OP-TEE
core to rep

core: REE FS: report earlier unexpected REE FS reset

When REE FS dirf.db file is not found but RPMB stores a hash for
that file it means the REE FS was tampered. This change makes OP-TEE
core to report this status instead of creating the file and let a later
access fails due to empty content hash mismatch.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: REE FS: introduce CFG_REE_FS_ALLOW_RESET

New boolean configuration switch CFG_REE_FS_ALLOW_RESET that, when
enabled, will make OP-TEE OS to allow REE FS content to be reset in
the Linux filesy

core: REE FS: introduce CFG_REE_FS_ALLOW_RESET

New boolean configuration switch CFG_REE_FS_ALLOW_RESET that, when
enabled, will make OP-TEE OS to allow REE FS content to be reset in
the Linux filesystem even when RPMB FS is enabled and already stores a
REE FS rollback protection hash. This switch is intended to test purpose
where REE FS can be wiped because the device flash memory was programmed
with brand new build artifacts.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix DMA object when only output reallocated

Use case:
- cipher block to encrypt/decrypt is more than 1 Kbytes (e.g. 1232
bytes)
- input data are accessible from CAAM (no reallocatio

drivers: caam: fix DMA object when only output reallocated

Use case:
- cipher block to encrypt/decrypt is more than 1 Kbytes (e.g. 1232
bytes)
- input data are accessible from CAAM (no reallocation)
- output data is not accessible from CAAM (reallocation of DMA buffer).

In case of cipher operation, the input and output CAAM SGT/Buffer
are built in same time through function caam_dmaobj_sgtbuf_inout_build()
to ensure that both SGT/Buffer do the same cipher block size.
Function caam_dmaobj_sgtbuf_inout_build() calls the function
caam_dmaobj_sgtbuf_build():
- first to build the input data SGT/Buffer. Length returned is
whole cipher buffer size (i.e. 1232 bytes).
- secondly to build the output data SGT/Buffer. Length return is
whole cipher buffer size (i.e. 1232 bytes) whereas it must be 1024 bytes
because output data must use the reallocation DMA buffer (max 1KBytes).

Fix consist in returning the SGT/Buffer length effectively mapped and
not the maximum length that is the input data SGT/Buffer length.

Consequence of this fix, AES CMAC update loop has to be fixed.

Fixes: 38923d487567 ("drivers: caam: implement CAAM DMA Object")

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...