core: assert result in crypto_bignum_copy()

Adds an assert() that mbedtls_mpi_copy() succeeds in
crypto_bignum_copy().

This fixes coverity scan:
CID 1501791 (#1 of 1): Unchecked return value (CHEC

core: assert result in crypto_bignum_copy()

Adds an assert() that mbedtls_mpi_copy() succeeds in
crypto_bignum_copy().

This fixes coverity scan:
CID 1501791 (#1 of 1): Unchecked return value (CHECKED_RETURN)

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: assert result in crypto_bignum_bn2bin()

Adds an assert() that mbedtls_mpi_write_binary() succeeds in
crypto_bignum_bn2bin().

This fixes coverity scan:
CID 1501843 (#1 of 1): Unchecked return

core: assert result in crypto_bignum_bn2bin()

Adds an assert() that mbedtls_mpi_write_binary() succeeds in
crypto_bignum_bn2bin().

This fixes coverity scan:
CID 1501843 (#1 of 1): Unchecked return value (CHECKED_RETURN).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj: fix memory leak

dynamic shared memory is not being released leading to an out of
memory condition.

Issue triggered during tests exporting the cryptographic random
generator to the REE (

core: mobj: fix memory leak

dynamic shared memory is not being released leading to an out of
memory condition.

Issue triggered during tests exporting the cryptographic random
generator to the REE (Linux) and then reading the value via the device
interface (/dev/hwrng).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix allocated buffer size

When a buffer is allocated for output CAAM operations,
the output buffer cache is invalidated beforehand.

To avoid data loss, an allocated buffer size shoul

drivers: caam: fix allocated buffer size

When a buffer is allocated for output CAAM operations,
the output buffer cache is invalidated beforehand.

To avoid data loss, an allocated buffer size should be a
multiple data cacheline size.

Fixes: b22795b ("drivers: caam: make use of generic memalign() implementation")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: use dcache_get_line_size()

Remove CAAM function to get the data cache line size and
use the generic function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens W

drivers: caam: use dcache_get_line_size()

Remove CAAM function to get the data cache line size and
use the generic function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens W

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

build: core: add missing dependencies when generating assembly constants

The header file <generated/asm-defines.h> is created at build time. It
contains macro definitions for various offsets in C st

build: core: add missing dependencies when generating assembly constants

The header file <generated/asm-defines.h> is created at build time. It
contains macro definitions for various offsets in C structures and is
especially useful for use from assembler code. It is generated from
asm-defines.c, which includes a number of header files, of which two
are also generated at build time: <generated/arm32_sysreg.h> and
<generated/arm32_gicv3_sysreg.h>.

These dependencies are expressed nowhere in the makefiles and therefore
build errors can result. For example:

$ make out/arm-plat-vexpress/core/include/generated/.asm-defines.s
CHK out/arm-plat-vexpress/conf.mk
UPD out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
UPD out/arm-plat-vexpress/include/generated/conf.h
CC out/arm-plat-vexpress/core/include/generated/.asm-defines.s
In file included from core/arch/arm/include/arm.h:99,
from core/arch/arm/include/kernel/thread.h:12,
from core/arch/arm/kernel/asm-defines.c:8:
core/arch/arm/include/arm32.h:167:10: fatal error: generated/arm32_sysreg.h: No such file or directory
167 | #include <generated/arm32_sysreg.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.

The error in [1] is believed to have the same root cause: during
parallel build the generated header file might have been created by one
job but not yet written to when another job would open it. The compiler
would see an empty file, thus the missing declarations.

Add the missing dependencies via a new variable at the location where
asm-defines.c is added to the build.

Note that the other core .c files depending on these generated sysreg
headers are not affected because their .o files explicitly depend on
FORCE-GENSRCcore (which generates the headers).

Link: [1] https://ci.linaro.org/job/ledge-oe-premerge-ci/182/DISTRO=rpb,MACHINE=ledge-ti-am572x,label=docker-buster-amd64/console
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: Obtain memory layout from DT

Since the ATF is passing a DT fragment to OpTee-OS, parse the memory
information from this DT fragment. This makes it possible to run the
OpTee-OS on any mem

plat: rcar: Obtain memory layout from DT

Since the ATF is passing a DT fragment to OpTee-OS, parse the memory
information from this DT fragment. This makes it possible to run the
OpTee-OS on any memory layout instead of the few hard-coded options.
Switch the default platform to this DT based approach, but retain the
legacy platforms as well for backward compatibility.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

plat: rcar: Derive core map from PRR

Instead of hard-coding the core count and the core ID mapping,
derive this information from the PRR register. All R-Car3 SoCs
have either one or two 4-core CPU c

plat: rcar: Derive core map from PRR

Instead of hard-coding the core count and the core ID mapping,
derive this information from the PRR register. All R-Car3 SoCs
have either one or two 4-core CPU clusters composed of CA53 or
CA57, except for M3W/M3W+, which has two CA57s and four CA53s.

So the approach here is to always set core count to 8, read out
PRR register once on boot, and then calculate the core ID using
CorePos = CoreId + (ClusterId << (IsM3W ? 1 : 0))

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

crypto: se050: Foundries Plug-and-Trust Release 0.0.2

The Foundries Plug-and-Trust library tracks NXP Plug-and-Trust
quaterly releases.

Modifications in the NXP library sources require a new prepro

crypto: se050: Foundries Plug-and-Trust Release 0.0.2

The Foundries Plug-and-Trust library tracks NXP Plug-and-Trust
quaterly releases.

Modifications in the NXP library sources require a new preprocessor
macro to be defined.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: se050: improve maintainability

Replace explicit c-flags duplication across makefiles with single
shared definition.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed

drivers: crypto: se050: improve maintainability

Replace explicit c-flags duplication across makefiles with single
shared definition.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: mobj: fixup undefined mobj_mapped_shm_alloc

Provide a function definition when CFG_CORE_DYN_SHM is not configured.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wi

core: mobj: fixup undefined mobj_mapped_shm_alloc

Provide a function definition when CFG_CORE_DYN_SHM is not configured.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

virt: round down TA RAM memory size to page size

It is possible that get_ta_ram_size() would return size which is not
aligned to a small page size. This will cause panic in core_init_mmu_prtn()
func

virt: round down TA RAM memory size to page size

It is possible that get_ta_ram_size() would return size which is not
aligned to a small page size. This will cause panic in core_init_mmu_prtn()
function.

To fix this we need to round down calculated value to a page size.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: make use of generic memalign() implementation

Make use of the newly implemented memalign() function for the CAAM
driver.
Remove the previous CAAM memalign() implementation and its ass

drivers: caam: make use of generic memalign() implementation

Make use of the newly implemented memalign() function for the CAAM
driver.
Remove the previous CAAM memalign() implementation and its associated
debugging structures.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: libtomcrypt: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: E

core: libtomcrypt: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: add commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC a

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC algorithm
- SRAM key storage
- HUK generation

This driver adds DCP support for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: csu: enable DCP protection

Enable DCP protection in the CSU for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Clement Faure <clement.fa

drivers: csu: enable DCP protection

Enable DCP protection in the CSU for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add dcache_get_line_size() function

Add dcache_get_line_size() function to get cache line size for ARM32 and
ARM64 platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by:

core: add dcache_get_line_size() function

Add dcache_get_line_size() function to get cache line size for ARM32 and
ARM64 platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clarify tlbi_mva_range()

Clarifies tlbi_mva_range() with a full description of the interface at
the declaration of the function. The supplied VA range must be aligned
on the supplied granulari

core: clarify tlbi_mva_range()

Clarifies tlbi_mva_range() with a full description of the interface at
the declaration of the function. The supplied VA range must be aligned
on the supplied granularity.

The implementation is updated to take full advantage of this restriction
together with an additional assert.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assump

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assumption that the HUK is unknown and never exposed
outside the TEE.

CFG_CORE_SE05X_SCP03_PROVISION
Needs to be configured to exec the feature.

CFG_CORE_SE05X_DISPLAY_SCP03_KEYS:
Outputs the current and the new SCP03 keys to the console during
provisioning.

Note that to provision new SCP03 keys, SCP03 must already be in
operation (ie, have an encrypted communication channel between the
processor and the SE050).

Tested on imx8mm EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove deprecated core_tlb_maintenance()

Removes the deprecated and unused function core_tlb_maintenance().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander

core: remove deprecated core_tlb_maintenance()

Removes the deprecated and unused function core_tlb_maintenance().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: lx2160aqds: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-QDS
GIC base address was hardcoded for LX2160A-QDS,
now will get the base address from dtb f

core: ls: lx2160aqds: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-QDS
GIC base address was hardcoded for LX2160A-QDS,
now will get the base address from dtb file.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dts: add DTS files for LX2160A-RDB

Add dts file for LX2160A-QDS Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

core: ls: add LX2160A-QDS platform

Add support for Layerscape® LX2160A-QDS from NXP.
Dynamic shared memory is also enabled.

Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Signed-off-by: Sahil M

core: ls: add LX2160A-QDS platform

Add support for Layerscape® LX2160A-QDS from NXP.
Dynamic shared memory is also enabled.

Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...