plat-stm32mp1: factorize FDT parsing in pmic driver

Factorize looping into the FDT regulator nodes for STM32MP1 PMIC driver.
Boot-on, low power and non-secure access configuration are done for
each

plat-stm32mp1: factorize FDT parsing in pmic driver

Factorize looping into the FDT regulator nodes for STM32MP1 PMIC driver.
Boot-on, low power and non-secure access configuration are done for
each regulator sub-node of the PMIC node.

This change merges save_power_configurations() sequence into
parse_regulator_fdt_nodes() implementation. The sequence panics on
error as the previous implementation did. Some error level traces
are changed to debug level.

No functional changes.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: store PMIC regulators secure assignment

Implement stm32mp_nsec_can_access_regu() for non-secure service to
get whether a voltage regulator driven by PMIC can be accessed.
The status i

plat-stm32mp1: store PMIC regulators secure assignment

Implement stm32mp_nsec_can_access_regu() for non-secure service to
get whether a voltage regulator driven by PMIC can be accessed.
The status is set according to embedded FDT, based status value.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: non-lpae: allocate one more translation table for ASLR

Commit 1579bdf39b3e ("core: lpae: allocate one more translation table
for ASLR") has fixed an issue with LPAE (QEMUv8), but a similar one

core: non-lpae: allocate one more translation table for ASLR

Commit 1579bdf39b3e ("core: lpae: allocate one more translation table
for ASLR") has fixed an issue with LPAE (QEMUv8), but a similar one
occurs with non-LPAE. More specifically, running xtest 1013 on QEMU
with CFG_ULIBS_SHARED=y:

E/TC:0 0 Panic 'Failed to spread pgdir on small tables' at core/arch/arm/mm/core_mmu.c:1737 <core_mmu_map_pages>
E/TC:0 0 TEE load address @ 0x5a9b5000
E/TC:0 0 Call stack:
E/TC:0 0 0x5a9bcba1 print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:109
E/TC:0 0 0x5a9c8293 __do_panic at optee_os/core/kernel/panic.c:31
E/TC:0 0 0x5a9bf357 core_mmu_map_pages at optee_os/core/arch/arm/mm/core_mmu.c:1737
E/TC:0 0 0x5a9c2a2f mobj_reg_shm_inc_map at optee_os/core/arch/arm/mm/mobj_dyn_shm.c:200
E/TC:0 0 0x5a9e9067 mobj_inc_map at optee_os/core/arch/arm/include/mm/mobj.h:93
E/TC:0 0 0x5a9e92b1 mobj_mapped_shm_alloc at optee_os/core/arch/arm/mm/mobj_dyn_shm.c:412
E/TC:0 0 0x5a9ee9d9 msg_param_mobj_from_noncontig at optee_os/core/kernel/msg_param.c:141
E/TC:0 0 0x5a9b9d43 get_rpc_alloc_res at optee_os/core/arch/arm/kernel/thread_optee_smc.c:541
E/TC:0 0 0x5a9e479b thread_rpc_alloc at optee_os/core/arch/arm/kernel/thread_optee_smc.c:580
E/TC:0 0 0x5a9e47bf thread_rpc_alloc_payload at optee_os/core/arch/arm/kernel/thread_optee_smc.c:585
E/TC:0 0 0x5a9b67db rpc_load at optee_os/core/arch/arm/kernel/ree_fs_ta.c:99
E/TC:0 0 0x5a9e28e9 ree_fs_ta_open at optee_os/core/arch/arm/kernel/ree_fs_ta.c:146
E/TC:0 0 0x5a9c9f77 system_open_ta_binary at optee_os/core/pta/system.c:259
E/TC:0 0 0x5a9ca873 invoke_command at optee_os/core/pta/system.c:890
E/TC:0 0 0x5a9e3553 pseudo_ta_enter_invoke_cmd at optee_os/core/arch/arm/kernel/pseudo_ta.c:198
E/TC:0 0 0x5a9ef059 tee_ta_invoke_command at optee_os/core/kernel/tee_ta_manager.c:767
E/TC:0 0 0x5a9f345f syscall_invoke_ta_command at optee_os/core/tee/tee_svc.c:887
E/TC:0 0 0x5a9c3128 tee_svc_do_call at optee_os/core/arch/arm/tee/arch_svc_a32.S:54

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: non-lpae: increase PGT_CACHE_SIZE when CFG_NUM_THREADS=2

xtest on QEMU shows allocation errors when CFG_ULIBS_SHARED=y:

# xtest 1010
...
o regression_1010.10 Invalid memory access 5 with 1

core: non-lpae: increase PGT_CACHE_SIZE when CFG_NUM_THREADS=2

xtest on QEMU shows allocation errors when CFG_ULIBS_SHARED=y:

# xtest 1010
...
o regression_1010.10 Invalid memory access 5 with 1024 bytes memref
regression_1000.c:500: [...] 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY [...]
regression_1000.c:505: [...] 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY [...]
regression_1010.10 FAILED
...
E/TC:? 0 alloc_pgt:147 5 page tables not available
E/TC:? 0 alloc_pgt:147 5 page tables not available

This configuration needs at least 5 page tables. Use 8 to avoid wasting
space.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: scmi-msg: add SCMI Voltage Domain protocol

SCMI Voltage Domain protocol in defined in the SCMI specification
since its version 3 [1]. This protocol allows a SCMI server to expose
voltage re

drivers: scmi-msg: add SCMI Voltage Domain protocol

SCMI Voltage Domain protocol in defined in the SCMI specification
since its version 3 [1]. This protocol allows a SCMI server to expose
voltage regulator control services. The current specification defines
services to discover the exposed regulators, to enable/disable them
and to set/get the regulator voltage level.

The protocol driver is embedded upon configuration switch
CFG_SCMI_MSG_VOLTAGE_DOMAIN.

Link: [1] https://developer.arm.com/documentation/den0056/c
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: use SCMI reset to manage MCU hold boot

Adding the MCU hold boot management through a SCMI dedicated
reset domain. MCU hold boot controls the MCU reboot sequence together
with MCU rese

plat-stm32mp1: use SCMI reset to manage MCU hold boot

Adding the MCU hold boot management through a SCMI dedicated
reset domain. MCU hold boot controls the MCU reboot sequence together
with MCU reset controller already exposed to SCMI agent 0.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stm32_bsec: add local helper otp_upper_base()

Use local helper function otp_upper_base() to factorize where upper OTP
base ID starts.

Signed-off-by: Etienne Carriere <etienne.carriere@lina

drivers: stm32_bsec: add local helper otp_upper_base()

Use local helper function otp_upper_base() to factorize where upper OTP
base ID starts.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stm32_gpio: fix incorrect alternate mask

Alternate configuration is using 4 bits, current mask
was resetting partially the other alternate configuration.

Signed-off-by: Lionel Debieve <lio

drivers: stm32_gpio: fix incorrect alternate mask

Alternate configuration is using 4 bits, current mask
was resetting partially the other alternate configuration.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: prevent panicking when secure clock has no parent

Remove the Core panic instruction when looking for parents of a
clock to be secure. If the clock has no parent, there is no parent
cl

plat-stm32mp1: prevent panicking when secure clock has no parent

Remove the Core panic instruction when looking for parents of a
clock to be secure. If the clock has no parent, there is no parent
clock to secure, no need to panic.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: disable RTCAPB clock when not needed

Disable RTCAPB clock when not used. The clock is currently needed
when enabling or disabling the secondary code since this one reads
secure entry

plat-stm32mp1: disable RTCAPB clock when not needed

Disable RTCAPB clock when not used. The clock is currently needed
when enabling or disabling the secondary code since this one reads
secure entry point address from a SoC interface relying on this clock.

Prior this change was RTCAPB clock enabled at boot time and never
disabled. This change disables the clock when secondary core is brought
to life and enables it back before secondary core enters its
power down sequence.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stpmic1: add stpmic1_regulator_is_valid()

Add driver helper API function stpmic1_regulator_is_valid() to
check if a regulator name identifier references a STPMIC1 regulator.

Signed-off-by:

drivers: stpmic1: add stpmic1_regulator_is_valid()

Add driver helper API function stpmic1_regulator_is_valid() to
check if a regulator name identifier references a STPMIC1 regulator.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stpmic1: API functions to query regulators levels

Add API function in STPMIC1 driver to allow Core to query the
regulators supported voltage levels. This change is needed by
coming SCMI Vol

drivers: stpmic1: API functions to query regulators levels

Add API function in STPMIC1 driver to allow Core to query the
regulators supported voltage levels. This change is needed by
coming SCMI Voltage Domain for regulator resource discovery
services.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: stpmic1: don't force panic on invalid regulator ID

Returns an explicit invalid reference rather than panicking straight
in local helper function get_regulator_data(). This change lets calle

drivers: stpmic1: don't force panic on invalid regulator ID

Returns an explicit invalid reference rather than panicking straight
in local helper function get_regulator_data(). This change lets caller
function decide whether to panic, propagate an error status or take
the applicable behavior when it occurs.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: scmi-msg: remove #ifdef in switch/case

Remove #ifdef from scmi_process_message() switch/case block and define
stubs for when related SCMI protocol is not embedded.

Signed-off-by: Etienne C

drivers: scmi-msg: remove #ifdef in switch/case

Remove #ifdef from scmi_process_message() switch/case block and define
stubs for when related SCMI protocol is not embedded.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: scmi-msg: fix clock rates query

Fix implementation of the clock rate query platform functions to
consider rates start index which was missing.

Fixes: a7a9e3ba71dd ("drivers/scmi-msg: suppo

drivers: scmi-msg: fix clock rates query

Fix implementation of the clock rate query platform functions to
consider rates start index which was missing.

Fixes: a7a9e3ba71dd ("drivers/scmi-msg: support for clock protocol")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Fix RPMB fat entry cache buffer overflow

Ensure that fat_entry_dir_update can only update entries less than
the current cache size and not just the maximum size limit of the cache.

Signed-off

core: Fix RPMB fat entry cache buffer overflow

Ensure that fat_entry_dir_update can only update entries less than
the current cache size and not just the maximum size limit of the cache.

Signed-off-by: Neil Shipp <neilsh@microsoft.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Use fallthrough pseudo-keyword in switch/case statements

Use fallthrough; in switch/case statements. Imported libraries
(libtomcrypt, libmbedtls) are not modified to minimize differences with
upstre

Use fallthrough pseudo-keyword in switch/case statements

Use fallthrough; in switch/case statements. Imported libraries
(libtomcrypt, libmbedtls) are not modified to minimize differences with
upstream.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: fix inline description for _fdt_get_status()

Fix _fdt_get_status() inline desciption comment as the function
never returns a negative value reporting some kind of error case.

Signed-off-b

core: dt: fix inline description for _fdt_get_status()

Fix _fdt_get_status() inline desciption comment as the function
never returns a negative value reporting some kind of error case.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: allocate one more translation table for ASLR

Depending on the ASLR seed, the MMU code may run out of translation
tables and panic. For instance with seed = 0x71dfb000 in init_mem_map()
t

core: lpae: allocate one more translation table for ASLR

Depending on the ASLR seed, the MMU code may run out of translation
tables and panic. For instance with seed = 0x71dfb000 in init_mem_map()
the following crash is reproducible:

D/TC:0 core_mmu_entry_to_finer_grained:761 xlat tables used 7 / 7
...
D/TC:0 tee_entry_exchange_capabilities:102 Dynamic shared memory is enabled
E/TC:0 0 Panic 'Failed to spread pgdir on small tables' at core/arch/arm/mm/core_mmu.c:1739 <core_mmu_map_pages>
E/TC:0 0 TEE load address @ 0x7fefb000
E/TC:0 0 Call stack:
E/TC:0 0 0x000000007ff06688 print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm64.c:79
E/TC:0 0 0x000000007ff13d24 __do_panic at optee_os/core/kernel/panic.c:24
E/TC:0 0 0x000000007ff083d8 core_mmu_map_pages at optee_os/core/arch/arm/mm/core_mmu.c:1719
E/TC:0 0 0x000000007ff0cf8c mobj_reg_shm_inc_map at optee_os/core/arch/arm/mm/mobj_dyn_shm.c:200
E/TC:0 0 0x000000007ff0d5a0 mobj_inc_map at optee_os/core/arch/arm/include/mm/mobj.h:92
E/TC:0 0 0x000000007ff03960 map_cmd_buffer at optee_os/core/arch/arm/kernel/thread_optee_smc.c:128

Fix the issue by allocating one more translation table when CFG_ASLR=y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Bad assert in fat_entry_dir_update()

Fix an assert in fat_entry_dir_update() that always fires when updating
fat entries other than the first element in the cache.

Signed-off-by: Neil Shipp <

core: Bad assert in fat_entry_dir_update()

Fix an assert in fat_entry_dir_update() that always fires when updating
fat entries other than the first element in the cache.

Signed-off-by: Neil Shipp <neilsh@microsoft.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: include parity in DES/DES3 key sizes

Update from GP 1.0 the parity bits are now included in the DES and DES3
key sizes. This is an incompatible change where 56, 112 and 168 key sizes
are repla

core: include parity in DES/DES3 key sizes

Update from GP 1.0 the parity bits are now included in the DES and DES3
key sizes. This is an incompatible change where 56, 112 and 168 key sizes
are replaced with 64, 128 and 192 respectively.

This changes the ABI in a way that it's not enough even to recompile the
TA. In order to maintain backwards compatibility the configuration flag
CFG_COMPAT_GP10_DES is introduced (default y). The presence of the
parity bits is autodetected and this update is transparent to a TA which
hasn't been updated.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscall_asymm_verify(): accurate DSA parameter check

A comment in syscall_asymm_verify() reads:
"Depending on the DSA algorithm (NIST), the digital signature output
size may be truncated to th

core: syscall_asymm_verify(): accurate DSA parameter check

A comment in syscall_asymm_verify() reads:
"Depending on the DSA algorithm (NIST), the digital signature output
size may be truncated to the size of a key pair (Q prime size). Q prime
size must be less or equal than the hash output length of the hash
algorithm involved."

Instead of just assuming that Q size is small when data length is
smaller than the hash, check that it's the case also. Don't allow data
length smaller than both hash size and Q size.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC

Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined
already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old
TEE_ATTR

Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC

Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined
already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old
TEE_ATTR_BIT_VALUE and TEE_ATTR_BIT_PROTECTED are kept for backwards
compatibility for now.

[1]: GlobalPlatform TEE Internal API Specification v1.0
[2]: GlobalPlatform TEE Internal Core API Specification v1.1

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use C locale when generating the build date

The build date included in the version string depends on the current
locale (language), which is not very good. Force LANG=C so that english
abbrevi

core: use C locale when generating the build date

The build date included in the version string depends on the current
locale (language), which is not very good. Force LANG=C so that english
abbreviations are used for the day and month.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_i2c: early_init

When i2c SE elements (crypto providers) are enabled, the driver
requires early initialization. This should be made the default
scenario for drivers with this use case

S

drivers: imx_i2c: early_init

When i2c SE elements (crypto providers) are enabled, the driver
requires early initialization. This should be made the default
scenario for drivers with this use case

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...