core: mobj: fixup undefined mobj_mapped_shm_alloc

Provide a function definition when CFG_CORE_DYN_SHM is not configured.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wi

core: mobj: fixup undefined mobj_mapped_shm_alloc

Provide a function definition when CFG_CORE_DYN_SHM is not configured.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

virt: round down TA RAM memory size to page size

It is possible that get_ta_ram_size() would return size which is not
aligned to a small page size. This will cause panic in core_init_mmu_prtn()
func

virt: round down TA RAM memory size to page size

It is possible that get_ta_ram_size() would return size which is not
aligned to a small page size. This will cause panic in core_init_mmu_prtn()
function.

To fix this we need to round down calculated value to a page size.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: make use of generic memalign() implementation

Make use of the newly implemented memalign() function for the CAAM
driver.
Remove the previous CAAM memalign() implementation and its ass

drivers: caam: make use of generic memalign() implementation

Make use of the newly implemented memalign() function for the CAAM
driver.
Remove the previous CAAM memalign() implementation and its associated
debugging structures.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: libtomcrypt: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: E

core: libtomcrypt: add 3DES CMAC implementation

Add 3DES CMAC (NIST SP800-38B).

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: add commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC a

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC algorithm
- SRAM key storage
- HUK generation

This driver adds DCP support for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: csu: enable DCP protection

Enable DCP protection in the CSU for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Clement Faure <clement.fa

drivers: csu: enable DCP protection

Enable DCP protection in the CSU for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add dcache_get_line_size() function

Add dcache_get_line_size() function to get cache line size for ARM32 and
ARM64 platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by:

core: add dcache_get_line_size() function

Add dcache_get_line_size() function to get cache line size for ARM32 and
ARM64 platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clarify tlbi_mva_range()

Clarifies tlbi_mva_range() with a full description of the interface at
the declaration of the function. The supplied VA range must be aligned
on the supplied granulari

core: clarify tlbi_mva_range()

Clarifies tlbi_mva_range() with a full description of the interface at
the declaration of the function. The supplied VA range must be aligned
on the supplied granularity.

The implementation is updated to take full advantage of this restriction
together with an additional assert.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assump

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assumption that the HUK is unknown and never exposed
outside the TEE.

CFG_CORE_SE05X_SCP03_PROVISION
Needs to be configured to exec the feature.

CFG_CORE_SE05X_DISPLAY_SCP03_KEYS:
Outputs the current and the new SCP03 keys to the console during
provisioning.

Note that to provision new SCP03 keys, SCP03 must already be in
operation (ie, have an encrypted communication channel between the
processor and the SE050).

Tested on imx8mm EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove deprecated core_tlb_maintenance()

Removes the deprecated and unused function core_tlb_maintenance().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander

core: remove deprecated core_tlb_maintenance()

Removes the deprecated and unused function core_tlb_maintenance().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: lx2160aqds: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-QDS
GIC base address was hardcoded for LX2160A-QDS,
now will get the base address from dtb f

core: ls: lx2160aqds: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-QDS
GIC base address was hardcoded for LX2160A-QDS,
now will get the base address from dtb file.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dts: add DTS files for LX2160A-RDB

Add dts file for LX2160A-QDS Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

core: ls: add LX2160A-QDS platform

Add support for Layerscape® LX2160A-QDS from NXP.
Dynamic shared memory is also enabled.

Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Signed-off-by: Sahil M

core: ls: add LX2160A-QDS platform

Add support for Layerscape® LX2160A-QDS from NXP.
Dynamic shared memory is also enabled.

Signed-off-by: Manish Tomar <manish.tomar@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: lx2160ardb: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-RDB
GIC base address was hardcoded for LX2160A-RDB,
now will get the base address from dtb f

core: ls: lx2160ardb: get GIC base address from dtb

CFG_EMBED_DT option is enabled by default for LX2160A-RDB
GIC base address was hardcoded for LX2160A-RDB,
now will get the base address from dtb file.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: Remove GIC initialization for ARM-TF based platforms

On ARMv8, GIC configuration is initialized in ARM-TF

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotr

core: ls: Remove GIC initialization for ARM-TF based platforms

On ARMv8, GIC configuration is initialized in ARM-TF

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dts: add DTS files for LX2160A-RDB

LX2160A-RDB will be compiled with Embedded DTB support.
Add dts file for LX2160A-RDB Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-

core: dts: add DTS files for LX2160A-RDB

LX2160A-RDB will be compiled with Embedded DTB support.
Add dts file for LX2160A-RDB Platform.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ls: lx2160ardb: Add regions for dynamic shared memory

To enable use of dynamic shared memory, DDR regions
need to be added in the platform MMU map.

Signed-off-by: Ruchika Gupta <ruchika.gupta

core: ls: lx2160ardb: Add regions for dynamic shared memory

To enable use of dynamic shared memory, DDR regions
need to be added in the platform MMU map.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

console: lx2160A: fix uart clock and baud rate

Currently there are garbled messages from OP-TEE due to
assumption that platform clock is always 700MHz. This is
not correct as LX2 supports variable p

console: lx2160A: fix uart clock and baud rate

Currently there are garbled messages from OP-TEE due to
assumption that platform clock is always 700MHz. This is
not correct as LX2 supports variable platform frequency.
It could be one of the 600, 650, 700, 750 Mhz based on
the RCW configuration.

Ideally OPTEE should read RCW registers from Global Utilities
Register block and derive the uart clock based on platform pll
frequency. But there is no need for this as Baud Rate is already
configured in PL011 by the previous boot stages in TF-A.
This fix calls pl011_init() with zero for baud rate => It won't be
reinitalized in OP-TEE.

Signed-off-by: Thirupathaiah Annapureddy <thiruan@linux.microsoft.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being

core: fix icache_inv_user_range()

Prior to this patch with CFG_WITH_PAGER=y, CFG_WITH_LPAE=y and
CFG_CORE_UNMAP_CORE_AT_EL0=n icache_inv_user_range() crashes with a
prefetch abort due to TTBR0 being configured with an invalid value.
This happens due to an error in the ifdef logic using an uninitialized
register.

Fix this by using the correct register.

Fixes: c4a57390edef ("core: pager: use icache_inv_user_range()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core cryp

core: add support for SM2 using MBed TLS

The SM2 algorithms (PKE, KEP and DSA) are currently implemented using
LibTomCrypt. They are automatically disabled when MBed TLS is selected
as the core crypto library (that is, when CFG_CRYPTOLIB_NAME=mbedtls
CFG_CRYPTOLIB_DIR=lib/libmbedtls).

This commit removes this restriction by porting the relevant files
(core/lib/libtomcrypt/sm2-{dsa,kep,pke}.c) over to the MBed TLS API in
lib/libmbedtls/core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: sm2: do not panic core if key allocation fails

During SM2 key derivation via syscall_cryp_derive_key(), if
crypto_acipher_alloc_ecc_public_key() fails for whatever reason in
get_sm2_ke

core: crypto: sm2: do not panic core if key allocation fails

During SM2 key derivation via syscall_cryp_derive_key(), if
crypto_acipher_alloc_ecc_public_key() fails for whatever reason in
get_sm2_kep_params(), peer_key and/or peer_eph_key are left in an invalid
state and it is incorrect to call crypto_acipher_free_ecc_public_key()
in this case. Doing so causes a core panic:

E/TC:? 0 assertion 'key->ops && key->ops->free' failed at core/crypto/crypto.c:702 <crypto_acipher_free_ecc_public_key>
E/TC:1 0 Panic at core/kernel/assert.c:28 <_assert_break>

Fix the get_sm2_kep_params() cleanup code to avoid this situation.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
c

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
currently implemented in core/lib/libtomcrypt/sm2_kdf.c, next to the SM2
source code based on LibTomCrypt.

In order to provide an MBed TLS implementation of SM2, the helper
function shall be outside the LibTomCrypt directory. Move it to
core/crypto/sm2-kdf.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jer

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...