core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this rea

core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this reason the interface of rng.pta implemented for Developerbox
platform is re-used. Interface is generic and corresponds to in-kernel
optee-rng driver.

Pseudo TA interface is specifically used so that credible entropy is
available to REE early at boot, even before user-space is fully up.

[1] https://lwn.net/Articles/777260/

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
}

According to OpenSSL,
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
part is encoded as
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05

Links for reference:
OpenSSL: https://bit.ly/3hVZ7Is
RFC: https://datatracker.ietf.org/doc/html/rfc8017#section-9.2[Page 46]

But in this case it was being formed as
0x2A,0x86,0x48,0x86,0x48,0x02,0x05 which was wrong.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jer

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platfor

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers preven

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers prevents crashes with ASLR enabled.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
fu

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
function.

ROM API provides 32 bytes of random data at a time. To optimally use it, we
need to cache received random vector and provide random number bytes from
it one by one.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: add support for ROM API calls including HW RNG

RCAR Gen3 SoCs have public ROM API functions that provide access to various
security-related features, including access to hardware random

plat: rcar: add support for ROM API calls including HW RNG

RCAR Gen3 SoCs have public ROM API functions that provide access to various
security-related features, including access to hardware random number
generator.

This patch adds both generic ROM API interface and wrapper function for
ROM_GetRndVector() call.

As ROM API code is written with identity mapping in mind, we can't call
those function with MMU enabled. So we need a special trampoline function
that would disable MMU, save state and jump to ROM API code.

Beginning with the latest revisions (H3 ES3.0, M3 ES1.1, etc) of Renesas
SoCs, ROM API addresses are fixed, but prior to that each family had own
address, so we need to maintain table of all possible addressed and select
correct one in runtime.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: store PRR value in global variable

Product Register will be needed not only by get_core_pos_mpidr
function but by other platform code as well. So move its cached
value into variable in m

plat: rcar: store PRR value in global variable

Product Register will be needed not only by get_core_pos_mpidr
function but by other platform code as well. So move its cached
value into variable in main.c

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: disable aarch32 support for OP-TEE core

While it is theoretically possible to boot RCar Gen3 SoC in aarch32
mode, it isn't supported by Renesas BSP. ARM TF provided by Renesas
boots only

plat: rcar: disable aarch32 support for OP-TEE core

While it is theoretically possible to boot RCar Gen3 SoC in aarch32
mode, it isn't supported by Renesas BSP. ARM TF provided by Renesas
boots only in aarch64 mode. Also it lacks aarch32 assembler code, so
it is not possible to built it for aarch32 at all.

Therefore, there is a little sense in supporting aarch32 in
OP-TEE (for plat-rcar, of course) - user just can't boot it. On other
hand it requires additional efforts to maintain aarch32 assembly code
that newer will be used.

This patch enforces CFG_ARM64_core build option and removes all
aarch32 related parts.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

boot: introduce plat_get_aslr_seed()

Platforms may provide own ways to get ASLR seed, so this commit
adds weak function plat_get_aslr_seed(), which is called when we
can't obtain seed from FDT.

Sig

boot: introduce plat_get_aslr_seed()

Platforms may provide own ways to get ASLR seed, so this commit
adds weak function plat_get_aslr_seed(), which is called when we
can't obtain seed from FDT.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: scif: update base address in scif_uart_init()

Prior this patch function scif_uart_init() didn't called io_pa_or_va()
to determine correct base address for the device. This worked fine
becau

drivers: scif: update base address in scif_uart_init()

Prior this patch function scif_uart_init() didn't called io_pa_or_va()
to determine correct base address for the device. This worked fine
because in most cases OP-TEE address space is identity mapped. But,
this breaks if are trying to enable ASLR, because SCIF MMIO range is
no more 1:1 mapped.

To fix this we need to use io_pa_or_va() as all other drivers do.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix CMAC data input handling

Depending on the memory buffer input configuration, the function
caam_dmaobj_sgtbuf_build() might modify the data size to be processed in
the loop.
This c

drivers: caam: fix CMAC data input handling

Depending on the memory buffer input configuration, the function
caam_dmaobj_sgtbuf_build() might modify the data size to be processed in
the loop.
This case happens sometimes on the imx8mp where the input buffer
physical address in above 32 bits.
This implies reporting the data size re-ajustment when data is saved in
the context buffer.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-vexpress: FF-A: update secondary core init

Currently when using FF-A on FVP platform, the secondary core entrypoint
registration is done with PSCI calls. However, this relies on a forked
TF-A v

plat-vexpress: FF-A: update secondary core init

Currently when using FF-A on FVP platform, the secondary core entrypoint
registration is done with PSCI calls. However, this relies on a forked
TF-A version, as normally PSCI calls aren't accepted from SWd. Replace
this mechanism with FFA_SECONDARY_EP_REGISTER, which is an FF-A v1.1
ALP0 ABI and it's supported by upstream TF-A v2.5.

Note that the Function ID expected by TF-A differs from the one in the
spec, this will be fixed when the spec is finalized, but the overall
mechanism should stay the same.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: pta: scmi: fix missing threaded state of the channel

Enable SMT channel threaded state when SCMI PTA gets a channel. Before
this fixup, Core panics when SCMI message is posted since the assert

core: pta: scmi: fix missing threaded state of the channel

Enable SMT channel threaded state when SCMI PTA gets a channel. Before
this fixup, Core panics when SCMI message is posted since the assertion
on channel threaded field value in scmi_smt_threaded_entry() when
in debug mode.

Fixes: b0a1c2504aaf ("core: pta: scmi: new interface to REE SCMI agent")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rpmb: use IS_ENABLED on CFG_RPMB_FS_DEBUG_DATA

Replace #ifdef with if (IS_ENABLED()) for CFG_RPMB_FS_DEBUG_DATA.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jen

core: rpmb: use IS_ENABLED on CFG_RPMB_FS_DEBUG_DATA

Replace #ifdef with if (IS_ENABLED()) for CFG_RPMB_FS_DEBUG_DATA.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rpmb: remove CFG_RPMB_FS_NO_MAC

Remove CFG_RPMB_FS_NO_MAC that disabled authentication of RPMB frames
read from the device. The switch was not documented never enabled in
the project hence it

core: rpmb: remove CFG_RPMB_FS_NO_MAC

Remove CFG_RPMB_FS_NO_MAC that disabled authentication of RPMB frames
read from the device. The switch was not documented never enabled in
the project hence it simply removed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove faulty DMAOJB_TRACE()

Remove DMA object debug trace that would print a structure
variable through a NULL pointer.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed

drivers: caam: remove faulty DMAOJB_TRACE()

Remove DMA object debug trace that would print a structure
variable through a NULL pointer.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: a32: fix parameter passing for __thread_std_smc_entry()

With the commit referred below is __thread_std_smc_entry() changed to
take 6 arguments instead of 4. This means with the arm32 calling
c

core: a32: fix parameter passing for __thread_std_smc_entry()

With the commit referred below is __thread_std_smc_entry() changed to
take 6 arguments instead of 4. This means with the arm32 calling
convention [1] that the last two parameters are passed on the stack.
This is handled automatically by the C compiler, but has to be done by
hand when calling from assembly. __thread_std_smc_entry() is called from
assembly so fix the two places where the function is called.

Link [1]: https://developer.arm.com/documentation/ihi0042/latest/

Fixes: 4107d2f93e3e ("core: add a4 and a5 to thread_alloc_and_run()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix compiler warning with Clang

Function rwp_unpaged_iv_free() is reduced to a call to panic() when
CFG_WITH_PAGER=y and CFG_CORE_PAGE_TAG_AND_IV=y. In this case, Clang 12
suggests a no

core: pager: fix compiler warning with Clang

Function rwp_unpaged_iv_free() is reduced to a call to panic() when
CFG_WITH_PAGER=y and CFG_CORE_PAGE_TAG_AND_IV=y. In this case, Clang 12
suggests a noreturn attribute:

$ make -s CFG_WITH_PAGER=y COMPILER=clang
core/mm/fobj.c:322:1: warning: function 'rwp_unpaged_iv_free' could be
declared with attribute 'noreturn' [-Wmissing-noreturn]
{
^
1 warning generated.

However the attribute cannot be applied since it would be inappropriate
when CFG_CORE_PAGE_TAG_AND_IV != y. Therefore, disable the warning for
the file core/mm/fobj.c when the problematic configuration is enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: allow configuration without any secure storage

Support a configuration with no secure storage (CFG_REE_FS=n and
CFG_RPMB_FS=n). In such a case, user TAs will get error code
TEEC_ERROR_ITEM_NOT

core: allow configuration without any secure storage

Support a configuration with no secure storage (CFG_REE_FS=n and
CFG_RPMB_FS=n). In such a case, user TAs will get error code
TEEC_ERROR_ITEM_NOT_FOUND when trying to access persistent objects.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: zlib: fix build warning when _LFS64_LARGEFILE is not defined

In zlib, _LFS64_LARGEFILE is expected to be a boolean directive, either
1 (true) or 0 (false). Depending on toolchain version and d

core: zlib: fix build warning when _LFS64_LARGEFILE is not defined

In zlib, _LFS64_LARGEFILE is expected to be a boolean directive, either
1 (true) or 0 (false). Depending on toolchain version and directives
build may produces warnings (as shown below with gcc 9.3) when the macro
is not defined hence this change to default it to value 0 (false).

core/lib/zlib/zutil.h:196:39: warning: "_LFS64_LARGEFILE" is not defined, evaluates to 0 [-Wundef]
196 | (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
| ^~~~~~~~~~~~~~~~
In file included from core/lib/zlib/adler32.c:9:
core/lib/zlib/zutil.h:196:39: warning: "_LFS64_LARGEFILE" is not defined, evaluates to 0 [-Wundef]
196 | (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
| ^~~~~~~~~~~~~~~~
CC out/core/lib/zlib/zutil.o
In file included from core/lib/zlib/inftrees.c:7:
core/lib/zlib/zutil.h:196:39: warning: "_LFS64_LARGEFILE" is not defined, evaluates to 0 [-Wundef]
196 | (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
| ^~~~~~~~~~~~~~~~
In file included from core/lib/zlib/inflate.c:84:
core/lib/zlib/zutil.h:196:39: warning: "_LFS64_LARGEFILE" is not defined, evaluates to 0 [-Wundef]
196 | (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
| ^~~~~~~~~~~~~~~~
In file included from core/lib/zlib/zutil.c:9:
core/lib/zlib/zutil.h:196:39: warning: "_LFS64_LARGEFILE" is not defined, evaluates to 0 [-Wundef]
196 | (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
| ^~~~~~~~~~~~~~~~

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix thread_alloc_and_run() argument passing

Fix thread_alloc_and_run() to pass all its arguments to
__thread_alloc_and_run(). This is needed with FF-A since the offset of
the struct optee_msg_

core: fix thread_alloc_and_run() argument passing

Fix thread_alloc_and_run() to pass all its arguments to
__thread_alloc_and_run(). This is needed with FF-A since the offset of
the struct optee_msg_arg is passed in w6 from normal world. The Linux
kernel driver currently passes offset=0 so it's not seen while testing,
but that may change with future optimizations in the kernel driver.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add support for mx8mp platforms

Add support for mx8mp in the CAAM HAL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
A

drivers: caam: add support for mx8mp platforms

Add support for mx8mp in the CAAM HAL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add support for i.MX 8MP EVK

Add support for mx8mp platforms

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens

core: imx: add support for i.MX 8MP EVK

Add support for mx8mp platforms

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...