stpmic1: save enable bit position in regulator control

Add enable bit position info in STPMIC1 regulators description
instead of assuming it is BIT(0). This allows to define other
regulators with en

stpmic1: save enable bit position in regulator control

Add enable bit position info in STPMIC1 regulators description
instead of assuming it is BIT(0). This allows to define other
regulators with enable bit not at position 0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stpmic1: stpmic1_is_regulator_enabled() returns a boolean

Change helper function stpmic1_is_regulator_enabled() to return
a boolean value.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.o

stpmic1: stpmic1_is_regulator_enabled() returns a boolean

Change helper function stpmic1_is_regulator_enabled() to return
a boolean value.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stpmic1: Fix LDO3 voltage table

Add VOUT2/2 (sink/source mode) value in LDO3 voltage table.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Nicolas Le Bayon <nicolas.le

stpmic1: Fix LDO3 voltage table

Add VOUT2/2 (sink/source mode) value in LDO3 voltage table.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_COR

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_CORE handling for
checkpatch issue so that both CPU_ON/CPU_OFF support are
bound to number of core.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32_rng: increase timeout to 10 ms

Use a longer timeout in RNG access sequence. When enabling STM32 RNG
from reset state, it may take few milliseconds for the RNG to be ready.

Fixes panic at plat

stm32_rng: increase timeout to 10 ms

Use a longer timeout in RNG access sequence. When enabling STM32 RNG
from reset state, it may take few milliseconds for the RNG to be ready.

Fixes panic at platform boot with trace:
E/TC:0 0 Panic at core/arch/arm/plat-stm32mp1/rng_seed.c:48 <plat_rng_init>

Fixes: 4e0397eed2e5 ("stm32mp1: seed PRNG with STM32 RNG")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

rpmb: remove unnecessary check

Remove unnecessary check to fix compile warning reported
by clang as following:

core/tee/tee_rpmb_fs.c:2051:11: warning: address of array 'fh->filename'
will always e

rpmb: remove unnecessary check

Remove unnecessary check to fix compile warning reported
by clang as following:

core/tee/tee_rpmb_fs.c:2051:11: warning: address of array 'fh->filename'
will always evaluate to 'true' [-Wpointer-bool-conversion]
if (fh->filename && (!strcmp(fh->filename,
fe->filename)) &&
~~~~^~~~~~~~ ~~
core/tee/tee_rpmb_fs.c:2134:10: warning: address of array 'fh->filename'
will always evaluate to 'true' [-Wpointer-bool-conversion]
if (fh->filename && !fh->rpmb_fat_address)
~~~~^~~~~~~~ ~~

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Signed-off-by: Peikan Tsai <peikantsai@gmail.com>
Reviewed-by: YJ Chiang <yj.chiang@mediatek.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obvi

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obviously device and peripheral drivers
are initialized. Therefore the platform sequence to seed the PRNG
locally handles RNG clock and reset without relying on clock and
reset device OP-TEE drivers as these are not yet initialized.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch/arm/kernel/generic_entry_a64.o
core/arch/arm/kernel/generic_entry_a64.S:426:2: error: changed section flags for .identity_map, expected: 0x6
.section .identity_map
^

Some information about this error can be found in the description for
LLVM commit [1] ("[MC][ELF] Error for sh_type, sh_flags or sh_entsize
change").

The ".section .identity_map" directive does not mention any flags so
since the section name is not a well-known one (.text etc.), the flags
default to none [2]. However, at this point in the source file we
already have emitted code into .text* which has flags "ax" (and type
%progbits), so the line does indeed change the flags, hence the compile
error.

This commit adds the missing flags and type.

Link: [2] https://sourceware.org/binutils/docs/as/Section.html "ELF Version"
Link: [1] https://github.com/llvm/llvm-project/commit/75af9da75572
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and relocations are applied. Clang (ld.lld) on Aarch64 needs a
special flag for this: --apply-dynamic-relocs. Without the flag the
R_AARCH64_RELATIVE places are initially filled with zeros.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: fix return code in convert_ltc_verify_status()

Calling TEE_AsymmetricVerifyDigest() with invalid RSA signature
length cause TA to panic. By GP TEE Internal Core specs,
TEE_Asymmet

core: libtomcrypt: fix return code in convert_ltc_verify_status()

Calling TEE_AsymmetricVerifyDigest() with invalid RSA signature
length cause TA to panic. By GP TEE Internal Core specs,
TEE_AsymmetricVerifyDigest() shouldn't cause panic when call
with invalid signature length.

Fixes: a3f5668a0cae ("core: ltc: RSA signature verification: fix return code")
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carrie

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. Th

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. This
change removes this support as it simplifies BSEC initialization
structure.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etien

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not B

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not BSEC internal disturbance
error as only shadowing or writing OTPs can report BSEC disturbance
issues.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: simplify lock support functions

Change stm32_bsec_otp_lock() to only lock fuses as hardware safely does
not allow unlocking a locked BSEC word.

Functions to read a lock return a TEE_Res

stm32_bsec: simplify lock support functions

Change stm32_bsec_otp_lock() to only lock fuses as hardware safely does
not allow unlocking a locked BSEC word.

Functions to read a lock return a TEE_Result status aside from the
effective lock value read.

Rename stm32_bsec_wr_lock() into stm32_bsec_read_permanent_lock()
as it is more explicit.

Change IMSG() into DMSG() as traces refer to debug info rather than
informative info.

Use flag character '#' to prefix printed hexadecimal values with "0x".

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: correct OTP locked programming bit position

Correct BSEC_LOCK_PROGRAM value in stm32_bsec driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jen

stm32_bsec: correct OTP locked programming bit position

Correct BSEC_LOCK_PROGRAM value in stm32_bsec driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of th

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of the bank.

Fixes: 68c4a16b37c7 ("stm32mp1: use phys_to_virt_io_secure() where expected")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: device pta: enumerate early TAs

This is an extension of commit 0b611081804a ("core: pta: Add device
pseudo TA") to register not only pseudo-TAs but also user-space early
TAs that have the TA_F

core: device pta: enumerate early TAs

This is an extension of commit 0b611081804a ("core: pta: Add device
pseudo TA") to register not only pseudo-TAs but also user-space early
TAs that have the TA_FLAG_DEVICE_ENUM flag set.

This change makes enumerated early TAs visible on the optee bus in the
Linux kernel.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
[jf: minor edits to descritpion, swap #include lines, s/(*pos)/*pos/]
[jf: move local variable declaration up]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Maxim Uvarov <maxim.uvarov@linaro.org> (QEMU, ftpm)
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_t

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_to_c.py to read the TA flags from its ELF file and store
it in the early TA description.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: minor edits to commit message and one comment]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

CC out/arm/core/arch/arm/kernel/ree_fs_ta.o
core/arch/arm/kernel/ree_fs_ta.c:325:40: warning: suggest braces around initialization of subobject [-Wmissing-braces]
struct shdr_bootstrap_ta hdr_entry = {0};
^
{}

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: RPMB FS: Caching for FAT FS entries

This patch adds optional FAT FS entry caching functionality to the
RPMB FS. This functionality can be enabled by a non zero value for
CFG_RPMB_FS_CACHE_ENTR

core: RPMB FS: Caching for FAT FS entries

This patch adds optional FAT FS entry caching functionality to the
RPMB FS. This functionality can be enabled by a non zero value for
CFG_RPMB_FS_CACHE_ENTRIES. The caching functionality can improve RPMB
I/O at the cost of additional heap memory. The cache size is most
likely platform-specific and should be chosen according to available
secure world memory and expected FAT FS entries in RPMB. The cache
holds the first X FAT FS entry in RAM. Whenever the FAT FS is
traversed, we read from the cache instead of invoking RPMB I/O. The
cache is updated when cached FAT FS entries are written.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, GP)

show more ...

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we sh

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we should return
TEE_ERROR_BAD_PARAMETERS as per the GP TEE Internal Core API
specification v1.2.1: "If an incorrect or inconsistent attribute is
detected. The checks that are performed depend on the implementation.".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: DH: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. For
Diffie-Hellman, if the size of the prime number (TEE_ATTR_D

core: crypto: DH: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. For
Diffie-Hellman, if the size of the prime number (TEE_ATTR_DH_PRIME) is
not key_size, we should return TEE_ERROR_BAD_PARAMETERS as per the GP
TEE Internal Core API specification v1.2.1: "If an incorrect or
inconsistent attribute is detected. The checks that are performed
depend on the implementation.".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...