core: fix ops_sec_mem in core/mm/fobj.c

Adds missing const attribute to ops_sec_mem in core/mm/fobj.c.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.b

core: fix ops_sec_mem in core/mm/fobj.c

Adds missing const attribute to ops_sec_mem in core/mm/fobj.c.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove unused core/arch/arm/tee/svc_dummy.c

The function tee_svc_handler() doesn't exist any longer so no need for a
dummy implementation. Removes references to tee_svc_handler() and where
applicabl

Remove unused core/arch/arm/tee/svc_dummy.c

The function tee_svc_handler() doesn't exist any longer so no need for a
dummy implementation. Removes references to tee_svc_handler() and where
applicable adds references to user_ta_handle_svc() instead.

Fixes: 7c732ee481c6 ("core: get svc handler from the context of current session")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Disable CFG_SCTLR_ALIGNMENT_CHECK (SCTLR.A) by default

With ARM CPUs, unaligned accesses are forbidden in a number of cases
such as when the MMU is disabled, or when device memory is concerned,
or w

Disable CFG_SCTLR_ALIGNMENT_CHECK (SCTLR.A) by default

With ARM CPUs, unaligned accesses are forbidden in a number of cases
such as when the MMU is disabled, or when device memory is concerned,
or with atomic instructions. However in the general case [1] and for
all modern ARMv7-A and ARMv8-A processors, they do not really matter.
Compilers such as GCC and Clang will generate unaligned accesses by
default; a specific flag (-mstrict-align or --mno-unaligned-access) has
to be supplied to prevent such code from being output.

[1] Roughly speaking: LDR/STR instructions operating on normal cached
memory.

The SCTLR.A bit ("Alignment check enable") defines whether the CPU
should allow these unaligned accesses (when set to 0) or should trap
(when set to 1). Having SCTLR.A enabled by default can be annoying for
a couple of reasons that we have met in practice:

1. TAs linked against a third-party library. Since strict alignment
is not a compiler default, it is likely that a third party library does
not enforce it. With SCTLR.A == 1, such a library would have to be
recompiled in order to be used by a TA. Recompiling may or may not be
an easy task. Concrete example: libgcc_eh.a (the C++ exception handling
support library, part of the arm-linux-gnueabihf and aarch64-linux-gnu
toolchains).
2. Compiler bug. For example, Clang 9.0.1 and 10.0.0 may erroneously
replace memcmp() calls with inline code performing unaligned accesses
[2].

All things being considered, it seems preferable for SCTLR.A to be
cleared by default, i.e., CFG_SCTLR_ALIGNMENT_CHECK=n, which is what
this commit does. The configuration variable is kept just in case.
Note that the Linux kernel and the KVM hypervisor do not set SCTLR.A or
HSCTLR.A either.

Note regarding code running before the MMU is enabled: when SCTLR.M is
clear all accesses are treated as with DEVICE attribute and hence
SCTLR.A has no effect. It will trap unaligned accesses regardless. So
this patch will have no side effect.

Link: [2] http://lists.llvm.org/pipermail/llvm-dev/2020-June/141985.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: remove CFG_BOOT_SYNC_CPU

It is disabled by default, and no i.MX platform enables it anyway.

Signed-off-by: Gianguido Sorà <me@gsora.xyz>
Acked-by: Clement Faure <clement.faure@nxp.com>

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc us

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc using __getauxval(), which OP-TEE does not
implement.
This requires that the proper -mcpu is passed to GCC so that the code
can be correctly compiled to use either LSE or load-store-exclusive.

Fixes linker errors like the following when compiling with GCC 10:

aarch64-linux-ld.bfd: libgcc.a(lse-init.o):
in function `init_have_lse_atomics':
lse-init.c:44: undefined reference to `__getauxval'
core/arch/arm/kernel/link.mk:38:
recipe for target 'build/core/all_objs.o' failed

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
[jf: s/optee doesn't/OP-TEE does not/, replace ?= by := for immediate
evaluation]
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Allow use of cc-option in core/arch/arm/arm.mk

It can be useful to call the cc-option macro when setting flags in
core/arch/arm/arm.mk. Unfortunately cc-option is defined in
mk/compile.mk which is t

Allow use of cc-option in core/arch/arm/arm.mk

It can be useful to call the cc-option macro when setting flags in
core/arch/arm/arm.mk. Unfortunately cc-option is defined in
mk/compile.mk which is too late to be useful (core/arch/arm/arm.mk is
included by core/core.mk before mk/compile.mk).

This commit addresses the issue by moving the definition of cc-option
to its own file, mk/cc-option.mk, which is then included by
core/arch/arm/arm.mk. There is a dependency on the compiler definitions
(mk/gcc.mk or mk/clang.mk) and on $(arch-bit-$(sm)) so
core/arch/arm/arm.mk is modified accordingly.

Moving cc-option out of mk/compile.mk means that all non-core
submodules would lose the definition unless they include
mk/cc-option.mk; the TA dev kit is modified so that TAs can call
cc-option from within their sub.mk files. As for other submodules, they
are internal and do not use cc-options as of now so they are not
modified.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Make UART number configurable via CFG_CONSOLE_UART

This is analogous to plat-hikey and allows to select a different console
UART for the k3 platform as well during build. This is needed to

plat-k3: Make UART number configurable via CFG_CONSOLE_UART

This is analogous to plat-hikey and allows to select a different console
UART for the k3 platform as well during build. This is needed to enable
support for the IOT2050 device which uses the second UART.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Andrew F. Davis <afd@ti.com>

show more ...

Revert "arm64: Disable outline-atomics when compiling"

This reverts commit 5e75fab066a352c8f334b1b5c73380f5896e85f3.

Unfortunately, the cc-option function cannot be called in
core/arch/arm/arm.mk,

Revert "arm64: Disable outline-atomics when compiling"

This reverts commit 5e75fab066a352c8f334b1b5c73380f5896e85f3.

Unfortunately, the cc-option function cannot be called in
core/arch/arm/arm.mk, at least not without further changes, because it
depends on $(CC$(sm)) which is set in mk/gcc.mk or mk/clang.mk. Both
files need $(arch-bits-$(sm)), which is set in core/arch/arm/arm.mk.
Circular dependency.

Let's revert this change until a proper fix is found, because it has
side effects on non-GCC 10 compilation such as build warnings [1] and
slow compilation with Clang.

Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc us

arm64: Disable outline-atomics when compiling

Disables the automatic detection of LSE (Large System Extension)
instructions when compiling AArch64 code. GCC 10 implements this
detection in libgcc using __getauxval(), which OP-TEE doesn't implement.
This requires that the proper -mcpu is passed to GCC so that the code
can be correctly compiled to use either LSE or load-store-exclusive.

Fixes linker errors like the following when compiling with GCC 10:

aarch64-linux-ld.bfd: libgcc.a(lse-init.o):
in function `init_have_lse_atomics':
lse-init.c:44: undefined reference to `__getauxval'
core/arch/arm/kernel/link.mk:38:
recipe for target 'build/core/all_objs.o' failed

Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
[jf: s/optee/OP-TEE/]
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: tee_mmu: fix use after free bug in vm_unmap()

vm_unmap() uses r->va and r->size after it is freed and can cause the
end VA address calculation to be wrong and the while loop keep going
till it

core: tee_mmu: fix use after free bug in vm_unmap()

vm_unmap() uses r->va and r->size after it is freed and can cause the
end VA address calculation to be wrong and the while loop keep going
till it unmaps the rest of the regions. This bug can cause TA to
crash with a translation fault since vm_unmap() unmapped text and data

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: aslr: suppress R_AARCH64_ABS64 and R_ARM_ABS32 relocations

The following errors were observed when building with GCC 6.2.1:

- 64 bits:
GEN out/arm/core/tee.bin
Unexpected relocation t

core: aslr: suppress R_AARCH64_ABS64 and R_ARM_ABS32 relocations

The following errors were observed when building with GCC 6.2.1:

- 64 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x101

- 32 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x2

Relocation type 0x101 is R_AARCH64_ABS64 and 0x2 is R_ARM_ABS32. The
errors are output by scripts/gen_tee_bin.py which expects only relative
relocations (the ones that are necessary for ASLR).

This patch adds the -Bsymbolic linker option to avoid these
relocations. More information can be found in Linux commit [1].

Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=08cc55b2afd97a654f71b3bebf8bb0ec89fdc498
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the

plat-imx: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: make core_is_buffer_*() paddr_t compatible

The core_is_buffer_*() helpers are sometimes used with physical
addresses (type paddr_t). This can cause problem on platforms where
sizeof(paddr_t) >

core: make core_is_buffer_*() paddr_t compatible

The core_is_buffer_*() helpers are sometimes used with physical
addresses (type paddr_t). This can cause problem on platforms where
sizeof(paddr_t) > sizeof(vaddr_t), that is on ARM32 systems with
CFG_CORE_LARGE_PHYS_ADDR=y. The FVP platform compiled for AArch32 is one
such system which as a consequence fails with:
E/TC:0 0 check_phys_mem_is_outside:335 Non-sec mem (0x880000000:0x180000000) ove
rlaps map (type 12 0xff000000:0x1000000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:336 <check_phys_mem_is_outside>

This patch fixes this problem by taking input addresses as paddr_t and
sizes as paddr_ssize_t instead. The wrapper macros which did some
automatic casting removed. The requires updates at some of the places
where these functions are called.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wa

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carri

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_a32.S

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure worl

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure world to consider any non-zero values,
including standard unknown function error code (-1), as
reporting a failure.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning an

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning and
probe() devices on tee bus we can initialize early drivers which
do not require tee-supplicant and after mount fs and tee-supplicant
run do probe() drivers witch require tee-supplicant.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_bab

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymy

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@ep

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO com

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO compensation. Enable IO compensation when platform boots.

This change defines SYSCFG clock that is needed and moves definition
of the RCC compatible string DT_RCC_CLK_COMPAT to RCC header file so
that it can be shared with stm32mp1_syscfg.c.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to guard the #include <libfdt.h> with
a #ifdef CFG_DT ... #endif block. This contrasts with other features
which don't require such guards.

This patch builds libfdt unconditionally and removes the include
guards. No change is expected in the binaries.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...