plat-imx: fix CSU SA settings for i.MX6UL

io_write32() would replace the settings bits while writing the lock
bits, replace the setting of the lock bits with io_setbits32() to ensure
that the access

plat-imx: fix CSU SA settings for i.MX6UL

io_write32() would replace the settings bits while writing the lock
bits, replace the setting of the lock bits with io_setbits32() to ensure
that the access bits won't be overwritten. The lock bit mask also
contained access value bits, remove those.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: ff-a: clear shm buffer caching after yielding call

In __thread_std_smc_entry() for the legacy SMC interface the RPC SHM
cache is cleared when a thread is done. Add the same handling to the
FF-

core: ff-a: clear shm buffer caching after yielding call

In __thread_std_smc_entry() for the legacy SMC interface the RPC SHM
cache is cleared when a thread is done. Add the same handling to the
FF-A case.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
p

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
private RPC buffer when needed.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: ff-a: add dummy thread_rpc_{alloc,free}_global_payload()

OP-TEE doesn't support "global" shm allocations with FF-A yet. Provide
dummy implementations of the functions to simplify configur

core: arm: ff-a: add dummy thread_rpc_{alloc,free}_global_payload()

OP-TEE doesn't support "global" shm allocations with FF-A yet. Provide
dummy implementations of the functions to simplify configuration.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: allocate kernel payload

Request shared memory allocation of TYPE_KERNEL memory

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io

core: arm: allocate kernel payload

Request shared memory allocation of TYPE_KERNEL memory

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
[jw: add spmc counter part]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: enable FF-A with SPM Core at S-EL1

Adds support for using FF-A as transport instead of using the
proprietary SMCs defined in optee_smc.h.

The configuration support the case where SPM Core is

core: enable FF-A with SPM Core at S-EL1

Adds support for using FF-A as transport instead of using the
proprietary SMCs defined in optee_smc.h.

The configuration support the case where SPM Core is implementation at
S-EL1, that is, inside OP-TEE. This configuration is also know as "S-EL1
SPMC" in the FF-A 1.0 specification [1].

Compile with CFG_CORE_SEL1_SPMC=y

Note that this is an experimental feature, ABIs etc may have
incompatible changes

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: spci: add support to register secondary CPU entrypoints using PSCI_CPU_ON

This patch adds support to use the PSCI_CPU_ON function to register the
entry point for each OP-TEE context o

plat-vexpress: spci: add support to register secondary CPU entrypoints using PSCI_CPU_ON

This patch adds support to use the PSCI_CPU_ON function to register the
entry point for each OP-TEE context on a secondary CPU. This function is
invoked on the boot CPU during initialisation. When the physical CPU is
turned on by the Normal world, the SPMD in EL3 arranges for the entry
point to be invoked to perform OP-TEE initialisation.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
[jw: small edits + AAarch32 support]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add mobj_ffa

Adds a new mobj, mobj_ffa, tailored to handle shared memory
registrations over FF-A.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.

core: add mobj_ffa

Adds a new mobj, mobj_ffa, tailored to handle shared memory
registrations over FF-A.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport

core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport
instead of raw proprietary SMCs. This ABI where OP-TEE specific
implementation is used to fill the implementation specific gaps in the
specification is called OP-TEE FF-A, or sometimes just FF-A.

A new memref type, struct optee_msg_param_fmem, is added to carry
information needed to create new shared memory mobjs.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add FF-A 1.0 definitions

This patch adds FF-A 1.0 definitions based on [1] and an earlier version
of this .h file [2] from TF-A.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_F

core: add FF-A 1.0 definitions

This patch adds FF-A 1.0 definitions based on [1] and an earlier version
of this .h file [2] from TF-A.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf
Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/plain/include/services/spci_beta0.h?h=topics/spci_beta0_spmd&id=c5afe561f653449f4fd9df1d50cf70c60fc0d343

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: psci.h: add PSCI_CPU_ON_SMC64

Adds PSCI_CPU_ON_SMC64 which is using the 64-bit calling convention as a
complement to define PSCI_CPU_ON using the 32-bit calling convention.

Acked-by: Etienne

core: psci.h: add PSCI_CPU_ON_SMC64

Adds PSCI_CPU_ON_SMC64 which is using the 64-bit calling convention as a
complement to define PSCI_CPU_ON using the 32-bit calling convention.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_etzpc: rename internal function init_device_from_hw_config()

Fix typo in function label: init_devive_from_hw_config() is renamed
init_device_from_hw_config().

Fix also a typo in source file i

stm32_etzpc: rename internal function init_device_from_hw_config()

Fix typo in function label: init_devive_from_hw_config() is renamed
init_device_from_hw_config().

Fix also a typo in source file inline comment.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce recursive mutexes

Adds support for recursive mutex objects. A recursive mutex may be
locked several times by the same thread without causing a deadlock.
The implementation is copied

core: introduce recursive mutexes

Adds support for recursive mutex objects. A recursive mutex may be
locked several times by the same thread without causing a deadlock.
The implementation is copied from the get_pool()/put_pool() functions
in lib/libutils/ext/mempool.c, which will be updated to use the new
mutex type in a later commit.

In order to avoid the overhead associated with recursive mutexes when
not needed, a new struct recursive_mutex is introduced as well as
specific functions: mutex_init_recursive(), mutex_destroy_recursive(),
mutex_lock_recursive() and mutex_unlock_recursive(). A static initializer
is also available (RECURSIVE_MUTEX_INITIALIZER).
mutex_get_recursive_lock_depth() returns the current lock depth (only
valid to call from the thread holding the lock).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mutex: replace -1 with THREAD_ID_INVALID

Code cleanup: use THREAD_ID_INVALID rather that its value (-1).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <

core: mutex: replace -1 with THREAD_ID_INVALID

Code cleanup: use THREAD_ID_INVALID rather that its value (-1).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is m

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is more than enough since the largest thread ID
value is (CFG_NUM_THREADS - 1). Note, struct wait_queue_elem::handle
is already a short int.

trace_ext_get_thread_id() is not changed (still returns an int) because
it is part of the TA API and modifying it would needlessly introduce
incompatibilities.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't f

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't fail with TEE_ERROR_BAD_PARAMETERS.

Signed-off-by: Roland Nagy <rnagy@xmimx.tk>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jen

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on that is calculated with NULL as base.

Also fixed a cast in the same code lines to keep constness.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carr

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by:

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwi

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. N

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. Not sure it matters much, but in order to avoid any functional
change, CFG_WITH_STACK_CANARIES ?= n is added to plat-bcm/conf.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...