Add optimization and debug flags to exported TA C++ flags

$(platform-cflags-optimization) and $(platform-cflags-debug-info) are
added to the TA C flags via ta_arm{32,64}-platform-cflags. Do the same

Add optimization and debug flags to exported TA C++ flags

$(platform-cflags-optimization) and $(platform-cflags-debug-info) are
added to the TA C flags via ta_arm{32,64}-platform-cflags. Do the same
for C++ flags thanks to ta_arm{32,64}-platform-cxxflags.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm: rpc i2c trampoline driver

Gives OP-TEE access to the i2c buses initialized and controlled by the
REE kernel. This is done by memory mapping a buffer from the thread's
cache where the inpu

core: arm: rpc i2c trampoline driver

Gives OP-TEE access to the i2c buses initialized and controlled by the
REE kernel. This is done by memory mapping a buffer from the thread's
cache where the input or output data is transferred.

Using this mechanism, OP-TEE clients do not have to worry about REE
RUNTIME_PM features switching off clocks from the controllers or
collisions with other bus masters.

This driver assumes that the I2C chip is on a REE statically assigned
bus which value is known to OP-TEE (it will not query/probe the REE).

The slave address can be either seven or ten bits. When using a ten
bit address, the corresponding flag needs to be set in the command and
the REE adapter must support the requested addressing mode.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: juno: update 808870 Unconditional VLDM workaround

With the commit be3bc461c686 ("ta: experimental C++ support") we have
some C++ tests in the regression tests which depends on libraries in the

core: juno: update 808870 Unconditional VLDM workaround

With the commit be3bc461c686 ("ta: experimental C++ support") we have
some C++ tests in the regression tests which depends on libraries in the
toolchain with hard float enabled. To be able to compile the regression
tests hard float cannot be disabled. Disabling hard float was our
original workaround for this erratum. Another way to avoid the erratum
is to disable strict alignment checks. So unless
CFG_SCTLR_ALIGNMENT_CHECK isn't explicitly set to 'y' force it to 'n'
instead.

Fixes: be3bc461c686 ("ta: experimental C++ support")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: init_secondary_helper(): fix spelling mistake

Fix spelling mistake in the info message displayed on the console when
secondary CPUs are initialized.

Signed-off-by: Jerome Forissier <jerome@fo

core: init_secondary_helper(): fix spelling mistake

Fix spelling mistake in the info message displayed on the console when
secondary CPUs are initialized.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: add hard-float detection for cxxflags

Otherwise the compiler will complain that hard-float object files
generated from C code can not be linked with soft-float files generated
from cxx files.

arm: add hard-float detection for cxxflags

Otherwise the compiler will complain that hard-float object files
generated from C code can not be linked with soft-float files generated
from cxx files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: add cxxflags for CPU support

Otherwise the compiler is not able to determine the FPU setting from the
CPU architecture for cxx files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutroni

core: add cxxflags for CPU support

Otherwise the compiler is not able to determine the FPU setting from the
CPU architecture for cxx files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32_bsec: always embed shadow OTPs write function

Change the scope of configuration switch CFG_STM32_BSEC_WRITE to
not cover shadow OTP write support. CFG_STM32_BSEC_WRITE is used
to embed or not

stm32_bsec: always embed shadow OTPs write function

Change the scope of configuration switch CFG_STM32_BSEC_WRITE to
not cover shadow OTP write support. CFG_STM32_BSEC_WRITE is used
to embed or not OTP programming support but writing shadow OTPs
is a normal executing an OTP read operation hence this change
embeds stm32_bsec_write_otp() driver API function even when
CFG_STM32_BSEC_WRITE is disabled.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
[etienne: rephrase commit log]
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: SiP SMC service for BSEC access

Correct the SiP SMC identifier, alignment with TF-A
and U-Boot.

Fixes: 206b29e850e9 ("plat-stm32mp1: SiP SMC service for BSEC access")
Signed-off-by:

plat-stm32mp1: SiP SMC service for BSEC access

Correct the SiP SMC identifier, alignment with TF-A
and U-Boot.

Fixes: 206b29e850e9 ("plat-stm32mp1: SiP SMC service for BSEC access")
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
[etienne: fix commit log]
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: experimental C++ support

Update the TA makefiles to support C++ (file extension: .cpp).

This allows the use of C++ in TA and libraries, with limitations (see
below). I consider this work experi

ta: experimental C++ support

Update the TA makefiles to support C++ (file extension: .cpp).

This allows the use of C++ in TA and libraries, with limitations (see
below). I consider this work experimental because it was only tested
with simple cases in xtest, introducing the required changes and
addressing issues one after another. Therefore, some features may be
missing for more complex use cases (additional relocation types or
runtime support...).

Tested with the arm-linux-gnueabihf- and aarch64-linux-gnu- toolchains
(GCC 8.3).

Limitations:

- Clang is not supported at the moment
- Exception handling: shared libraries cannot throw, catch or propagate
exceptions. Doing so would require linking the libraries and the main
program with the shared libgcc [1] which is not straightforward due
to the many dependencies on the GNU libc. Exceptions *can* be used in
the main program however, as well as in static libraries directly
linked with the main program.
- ldelf stack unwinding does not support C++ frames so crash/panic
dumps will likely be truncated when they involve C++ code.

Link: [1] https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html see "-shared-libgcc"
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8, HiKey960)
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: preserve user space TPIDR_EL0

Preparing for C++ support in TAs.

Preserves the value of TPIDR_EL0 set by user space by saving and
restoring the register in case of syscall or foreign in

core: arm64: preserve user space TPIDR_EL0

Preparing for C++ support in TAs.

Preserves the value of TPIDR_EL0 set by user space by saving and
restoring the register in case of syscall or foreign interrupt.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

rmpb: fix infinite recursion in dump_fat() when CFG_TEE_CORE_LOG_LEVEL=4

When CFG_TEE_CORE_LOG_LEVEL=4 and CFG_RPMB_FS=y, the TEE core crashes
with a dead stack canary message:

E/TC:0 0 Dead canar

rmpb: fix infinite recursion in dump_fat() when CFG_TEE_CORE_LOG_LEVEL=4

When CFG_TEE_CORE_LOG_LEVEL=4 and CFG_RPMB_FS=y, the TEE core crashes
with a dead stack canary message:

E/TC:0 0 Dead canary at end of 'stack_abt[3]'
E/TC:0 0 Panic at core/arch/arm/kernel/thread.c:192 <thread_check_canaries>
E/TC:0 0 TEE load address @ 0x1bd0f000
E/TC:0 0 Call stack:
E/TC:0 0 0x1bd17b3d print_kernel_stack at optee_os/core/arch/arm/kernel/unwind_arm32.c:452
E/TC:0 0 0x1bd23a07 __do_panic at optee_os/core/kernel/panic.c:32 (discriminator 1)
E/TC:0 0 0x1bd120cb thread_check_canaries at optee_os/core/arch/arm/kernel/thread.c:188 (discriminator 2)
E/TC:0 0 0x1bd12c1f thread_state_suspend at optee_os/core/arch/arm/kernel/thread.c:754
E/TC:0 0 0x1bd14610 thread_rpc at optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S:227

The issue happens to be with the debug function dump_fat() which causes
infinite recursion. Fix it by doing nothing until after RPMB
initialization has completed.

Fixes: 5f68d7848fe8 ("core: RPMB FS: Caching for FAT FS entries")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: fix the unwind stack failure with __no_return function

unwind operation use LR instead of PC to locate unwind data. In some
case, the compiler removes all the extra instrustions after a b

core: arm: fix the unwind stack failure with __no_return function

unwind operation use LR instead of PC to locate unwind data. In some
case, the compiler removes all the extra instrustions after a branch to
__no_return function, and then LR saves the address of next function,
rather than the caller of the __no_return function, leading to unwind
failure.

The fix manually adjust the LR value to match the search algorithm so
as to locate the correct caller in unwind stack operation.

Signed-off-by: Angelina Zhao <xuemingzhao@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: reformat the commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: remove the unused PM stubs

Removes the PM stubs and all references to CFG_PM_STUBS.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.o

core: remove the unused PM stubs

Removes the PM stubs and all references to CFG_PM_STUBS.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove thread_*_handler_ptr

The thread_*_handler_ptr function pointers only holds the same constant
value. Instead of loading the function pointer from the entry functions
call the handler fun

core: remove thread_*_handler_ptr

The thread_*_handler_ptr function pointers only holds the same constant
value. Instead of loading the function pointer from the entry functions
call the handler functions directly and remove these
thread_*_handler_ptr function pointers.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove boot_get_handlers()

struct thread_handlers is used to pass the entry functions
for different power management events. In practice only .cpu_on is used
and with the default function at t

core: remove boot_get_handlers()

struct thread_handlers is used to pass the entry functions
for different power management events. In practice only .cpu_on is used
and with the default function at that. In the ARMv7 case where the
secure monitor replaces TF-A not even that function entry is used.

Remove struct thread_handlers and boot_get_handlers(). When configured
with TF-A initialize thread_*_handler_ptr with __weak default functions.

The __weak default PM functions
- thread_cpu_off_handler()
- thread_cpu_suspend_handler()
- thread_cpu_resume_handler()
- thread_system_off_handler()
- thread_system_reset_handler()
can be overridden by platforms when needed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: log message when secure storage corruption is detected

When CFG_REE_FS and CFG_RPMB_FS are both 'y', the data stored by OP-TEE
in the REE filesystem (typically, under /data/tee) are protected

core: log message when secure storage corruption is detected

When CFG_REE_FS and CFG_RPMB_FS are both 'y', the data stored by OP-TEE
in the REE filesystem (typically, under /data/tee) are protected by
hashes stored in the RPMB. Any modifications to the REE files via
external means are therefore detected and TEE_ERROR_SECURITY is
returned. However, no error or debug message is printed to the secure
console which makes troubleshooting more difficult than needed. This
commit adds a debug message.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: core: ta: Configurable Python interpreter

Build systems that manage multiple different python interpreters need
explicit control over which version of the interpreter to use.
This patch enables

mk: core: ta: Configurable Python interpreter

Build systems that manage multiple different python interpreters need
explicit control over which version of the interpreter to use.
This patch enables one to override the default interpreter with the path
to a specific one.

Signed-off-by: Dick Olsson <hi@senzilla.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-imx: fix CSU SA settings for i.MX6UL

io_write32() would replace the settings bits while writing the lock
bits, replace the setting of the lock bits with io_setbits32() to ensure
that the access

plat-imx: fix CSU SA settings for i.MX6UL

io_write32() would replace the settings bits while writing the lock
bits, replace the setting of the lock bits with io_setbits32() to ensure
that the access bits won't be overwritten. The lock bit mask also
contained access value bits, remove those.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: ff-a: clear shm buffer caching after yielding call

In __thread_std_smc_entry() for the legacy SMC interface the RPC SHM
cache is cleared when a thread is done. Add the same handling to the
FF-

core: ff-a: clear shm buffer caching after yielding call

In __thread_std_smc_entry() for the legacy SMC interface the RPC SHM
cache is cleared when a thread is done. Add the same handling to the
FF-A case.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
p

core: add generic rpc shared memory buffer caching

Replaces tee_fs_rpc_cache_alloc() with thread_rpc_shm_alloc() which also
takes a shared memory type as argument. This allows allocating an kernel
private RPC buffer when needed.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: ff-a: add dummy thread_rpc_{alloc,free}_global_payload()

OP-TEE doesn't support "global" shm allocations with FF-A yet. Provide
dummy implementations of the functions to simplify configur

core: arm: ff-a: add dummy thread_rpc_{alloc,free}_global_payload()

OP-TEE doesn't support "global" shm allocations with FF-A yet. Provide
dummy implementations of the functions to simplify configuration.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: allocate kernel payload

Request shared memory allocation of TYPE_KERNEL memory

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io

core: arm: allocate kernel payload

Request shared memory allocation of TYPE_KERNEL memory

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
[jw: add spmc counter part]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: enable FF-A with SPM Core at S-EL1

Adds support for using FF-A as transport instead of using the
proprietary SMCs defined in optee_smc.h.

The configuration support the case where SPM Core is

core: enable FF-A with SPM Core at S-EL1

Adds support for using FF-A as transport instead of using the
proprietary SMCs defined in optee_smc.h.

The configuration support the case where SPM Core is implementation at
S-EL1, that is, inside OP-TEE. This configuration is also know as "S-EL1
SPMC" in the FF-A 1.0 specification [1].

Compile with CFG_CORE_SEL1_SPMC=y

Note that this is an experimental feature, ABIs etc may have
incompatible changes

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: spci: add support to register secondary CPU entrypoints using PSCI_CPU_ON

This patch adds support to use the PSCI_CPU_ON function to register the
entry point for each OP-TEE context o

plat-vexpress: spci: add support to register secondary CPU entrypoints using PSCI_CPU_ON

This patch adds support to use the PSCI_CPU_ON function to register the
entry point for each OP-TEE context on a secondary CPU. This function is
invoked on the boot CPU during initialisation. When the physical CPU is
turned on by the Normal world, the SPMD in EL3 arranges for the entry
point to be invoked to perform OP-TEE initialisation.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
[jw: small edits + AAarch32 support]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add mobj_ffa

Adds a new mobj, mobj_ffa, tailored to handle shared memory
registrations over FF-A.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.

core: add mobj_ffa

Adds a new mobj, mobj_ffa, tailored to handle shared memory
registrations over FF-A.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...