core: ls: lx2160ardb: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-RDB
GIC base address was hardcoded for LX2160A-RDB,
now will get the base address from dtb f

core: ls: lx2160ardb: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-RDB
GIC base address was hardcoded for LX2160A-RDB,
now will get the base address from dtb file.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: Remove GIC initialization for ARM-TF based platforms

On ARMv8, GIC configuration is initialized in ARM-TF

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotr

core: ls: Remove GIC initialization for ARM-TF based platforms

On ARMv8, GIC configuration is initialized in ARM-TF

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dts: add DTS files for LX2160A-RDB

LX2160A-RDB will be compiled with Embedded DTB support.
Add dts file for LX2160A-RDB Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-

core: dts: add DTS files for LX2160A-RDB

LX2160A-RDB will be compiled with Embedded DTB support.
Add dts file for LX2160A-RDB Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: lx2160ardb: Add regions for dynamic shared memory

To enable use of dynamic shared memory, DDR regions
need to be added in the platform MMU map.

Signed-off-by: Ruchika Gupta <ruchika.gupta

core: ls: lx2160ardb: Add regions for dynamic shared memory

To enable use of dynamic shared memory, DDR regions
need to be added in the platform MMU map.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

console: lx2160A: fix uart clock and baud rate

Currently there are garbled messages from OP-TEE due to
assumption that platform clock is always 700MHz. This is
not correct as LX2 supports variable p

console: lx2160A: fix uart clock and baud rate

Currently there are garbled messages from OP-TEE due to
assumption that platform clock is always 700MHz. This is
not correct as LX2 supports variable platform frequency.
It could be one of the 600, 650, 700, 750 Mhz based on
the RCW configuration.

Ideally OPTEE should read RCW registers from Global Utilities
Register block and derive the uart clock based on platform pll
frequency. But there is no need for this as Baud Rate is already
configured in PL011 by the previous boot stages in TF-A.
This fix calls pl011_init() with zero for baud rate => It won't be
reinitalized in OP-TEE.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being configured with an invalid value.
This happens due to an error in the ifdef logic using an uninitialized
register.

Fix this by using the correct register.

Fixes: c4a57390edef ("core: pager: use icache_inv_user_range()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core cryp

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core crypto library (that is, when CFG_CRYPTOLIB_NAME=mbedtls
CFG_CRYPTOLIB_DIR=lib/libmbedtls).

This commit removes this restriction by porting the relevant files
(core/lib/libtomcrypt/sm2-{dsa,kep,pke}.c) over to the MBed TLS API in
lib/libmbedtls/core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: sm2: do not panic core if key allocation fails

During SM2 key derivation via syscall_cryp_derive_key(), if
crypto_acipher_alloc_ecc_public_key() fails for whatever reason in
get_sm2_ke

core: crypto: sm2: do not panic core if key allocation fails

During SM2 key derivation via syscall_cryp_derive_key(), if
crypto_acipher_alloc_ecc_public_key() fails for whatever reason in
get_sm2_kep_params(), peer_key and/or peer_eph_key are left in an invalid
state and it is incorrect to call crypto_acipher_free_ecc_public_key()
in this case. Doing so causes a core panic:

E/TC:? 0 assertion 'key->ops && key->ops->free' failed at core/crypto/crypto.c:702 <crypto_acipher_free_ecc_public_key>
E/TC:1 0 Panic at core/kernel/assert.c:28 <_assert_break>

Fix the get_sm2_kep_params() cleanup code to avoid this situation.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
c

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
currently implemented in core/lib/libtomcrypt/sm2_kdf.c, next to the SM2
source code based on LibTomCrypt.

In order to provide an MBed TLS implementation of SM2, the helper
function shall be outside the LibTomCrypt directory. Move it to
core/crypto/sm2-kdf.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jer

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <je

drivers: crypto: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jero

drivers: caam: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugi

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugin()' to send any commands
to a plugin. The commands are predefined by the plugin developer.

See the https://github.com/linaro-swg/optee_examples
repo for an example of using plugins.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup proces

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup process
using libdl.
It makes it easy to:
- add new features in the supplicant that aren't needed in upstream,
e.g. Rich OS specific services;
- sync upstream version with own fork;

This patch adds a new RPC - 'OPTEE_RPC_CMD_SUPP_PLUGIN' as an unified
interface between OP-TEE and any plugins. Kernel code can use it
to call for execution of some command in plugins.

Every plugin has own name based on UUID.
OP-TEE has access to plugins by it.

See definition of protocol for the plugin RPC command
in 'core/include/optee_rpc_cmd.h' file.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix shared memory buffer rpc allocation

When dynamic shared memory has been configured, contiguous shared
memory regions outside reserved SHM need to be included in the
allocation pool.

To ke

core: fix shared memory buffer rpc allocation

When dynamic shared memory has been configured, contiguous shared
memory regions outside reserved SHM need to be included in the
allocation pool.

To keep the implementation simple, we will restrict the size of these
allocations to a single page; we can then leverage the mechanism used
for the allocation of arguments.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

link: make section size definitions relocation-proof

Value of define VCORE_UNPG_RW_SZ is determined by linker script and
provided to C code as a symbol value (__vcore_unpg_rw_size). This is a
standa

link: make section size definitions relocation-proof

Value of define VCORE_UNPG_RW_SZ is determined by linker script and
provided to C code as a symbol value (__vcore_unpg_rw_size). This is a
standard way of sharing linker variables with C code, which is described in
ld manual.

Problem is that linker sometimes makes those symbols relocatable and ASLR
code then moves them to random places with rest of the OP-TEE image.

For example, on build for RCAR platform I am getting those entries in
relocation section:

[...]
000000004415b120 R_AARCH64_RELATIVE *ABS*+0x0000000044100180
000000004415af60 R_AARCH64_RELATIVE *ABS*+0x000000004415fc48
000000004415afb0 R_AARCH64_RELATIVE *ABS*+0x00000000000a4000 <======
000000004415aef8 R_AARCH64_RELATIVE *ABS*+0x000000004415c000
[...]

From programmer's point of view this looks like "constant" VCORE_UNPG_RW_SZ
has random value every boot.

Obvious approach is to provide section end address and then calculate size
on C side:

#define VCORE_UNPG_RW_SZ ((size_t)(__vcore_unpg_rx_end -
__vcore_unpg_rx_start))

But with this approach compiler can't initialize constant values in
definitions like

register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA,
VCORE_UNPG_RW_SZ);

from core_mmu.c.

Basically, this leads to following constraints:

1. If we calculate section size in linker script, then compiler can use
it as a constant expression, but this value may be mangled by ASLR
at run-time.

2. We can't calculate section size in C code, because this value can't be
used as a constant expression.

This patch provides a workaround around this issue by providing two sets of
definitions: old _SZ definition is renamed to _SZ_UNSAFE and it should be
used only in places where a constant expression is required and provided it
is referenced only before dynamic relocations have been applied, while the
new _SZ definition can be used in all other situations.

Value of _new SZ is obtained by deducting section start address from end
address. Additional linker symbols are introduced to provide section end
addresses.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: drop SDP PTA

Drop SDP PTA as it is not used anywhere and looks like isn't
maintained. When is CFG_SDP_PTA=y the build fails with
compile errors:

error: implicit declaration of function ‘

core: pta: drop SDP PTA

Drop SDP PTA as it is not used anywhere and looks like isn't
maintained. When is CFG_SDP_PTA=y the build fails with
compile errors:

error: implicit declaration of function ‘tee_ta_get_calling_session’;
did you mean ‘ts_get_calling_session’?
[-Werror=implicit-function-declaration]
...
error: ‘struct tee_ta_session’ has no member named ‘ctx’

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: split boot_init_primary()

Splits boot_init_primary() into boot_init_primary_early() and
boot_init_primary_late(). The thread#0 stack pointer is assigned as
stack pointer before boot_init_prima

core: split boot_init_primary()

Splits boot_init_primary() into boot_init_primary_early() and
boot_init_primary_late(). The thread#0 stack pointer is assigned as
stack pointer before boot_init_primary_late() is called. This allows
functions registered to be called by call_finalcalls() to depend on the
full thread stack being available.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etie

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove security check for i.MX6DQ

Recent commit cfff3778dae0 ("core: imx: remove security check for
i.MX6SDL") fixed an issue where i.MX6SDL SoC does not expose the
security configuration

core: imx: remove security check for i.MX6DQ

Recent commit cfff3778dae0 ("core: imx: remove security check for
i.MX6SDL") fixed an issue where i.MX6SDL SoC does not expose the
security configuration in the HPSR registers correctly.

This issue also affects i.MX6DQ. Let's add a check for this SoC
family in the same place.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

driver: imx_wdog: search node by compatible

Instead of searching the node by hard-coded paths, search the node by
the compatible, which should be more robust against upstream device tree
changes. Up

driver: imx_wdog: search node by compatible

Instead of searching the node by hard-coded paths, search the node by
the compatible, which should be more robust against upstream device tree
changes. Upstream recently changed the naming of "aips-bus" to "bus",
breaking the OP-TEE i.MX Watchdog driver in the process, since the path
can no longer be found within the tree.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx6ull evk, imx6q apalis-imx6, imx8mm evk, imx8mq evk)
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: imx_wdog: default initialize variables

Set all function variables to sensible defaults.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

core: fix bad memset() in update_write_helper()

update_write_helper() is clearing uninitialized parts of blk_buf.
There's an error in the logic calculating how much should be cleared
resulting in a

core: fix bad memset() in update_write_helper()

update_write_helper() is clearing uninitialized parts of blk_buf.
There's an error in the logic calculating how much should be cleared
resulting in a negative size being supplied to memset(). Fix this by
always clearing blk_buf before usage.

Fixes: cd799689cd3d ("core: rpmb: fix initialization of new rpmb data")
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix file handle leakage in syscall_storage_next_enum()

Prior to this patch was syscall_storage_next_enum() opening a file
handle with tee_svc_storage_read_head() but never freeing the handle.

core: fix file handle leakage in syscall_storage_next_enum()

Prior to this patch was syscall_storage_next_enum() opening a file
handle with tee_svc_storage_read_head() but never freeing the handle.
Fix this by closing the file handle as part of cleaning up before
returning.

Fixes: 928efd065222 ("core: syscall_storage_next_enum() use live pobj")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...