core: riscv: Introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This commit is to synchronize the boot stages with AR

core: riscv: Introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This commit is to synchronize the boot stages with ARM architecture,
introduced in d0c23684 (core: arm: introduce boot_init_primary_final()).

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: do not acknowledge end of interrupt for special GIC interrupt IDs

According to the ARM documentation for GICV2/3/4, there is no need to
write to the end of interrupt register for some special

core: do not acknowledge end of interrupt for special GIC interrupt IDs

According to the ARM documentation for GICV2/3/4, there is no need to
write to the end of interrupt register for some special IDs. Apply this
recommendation to avoid writing to IO memory in this time sensitive
sequence.

Also distinguish unhandled interrupts with an error log.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix debug event fault value for ARM32 with LPAE

According to ARM documentation, the debug event fault value is indeed
0b100010, which is 0x22, not 0x12. Fix this value in
core_mmu_get_fault_ty

core: fix debug event fault value for ARM32 with LPAE

According to ARM documentation, the debug event fault value is indeed
0b100010, which is 0x22, not 0x12. Fix this value in
core_mmu_get_fault_type().

Fixes: 0eff3e9bf016 ("arm32: Adds LPAE support")
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp2: add platform-specific abort handler

When a data abort occurs and its fault type is FAULT_TYPE_IGNORE, it
may be an abort generated by the SERC hardware block. Check if a
SERC Illegal

plat-stm32mp2: add platform-specific abort handler

When a data abort occurs and its fault type is FAULT_TYPE_IGNORE, it
may be an abort generated by the SERC hardware block. Check if a
SERC Illegal Access was caught and print the SERC register and panic()
if that is the case.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add platform-specific abort handler

Platforms may have specific code to handle an abort when fault type
is FAULT_TYPE_IGNORE. Add plat_abort_handler() that can be overridden
at platform level

core: add platform-specific abort handler

Platforms may have specific code to handle an abort when fault type
is FAULT_TYPE_IGNORE. Add plat_abort_handler() that can be overridden
at platform level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: imx: rngb: early initialization

The RNGB module must be ready during init_tee_runtime to provide a
random stack canary value during bootup.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundr

drivers: imx: rngb: early initialization

The RNGB module must be ready during init_tee_runtime to provide a
random stack canary value during bootup.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: interrupt: fix interrupt_set_{affinity|wake}() description

Fix inline description of itr_num argument for interrupt_set_affinity()
and interrupt_set_wake().

Fixes: b2d6db21ec5e ("core: interr

core: interrupt: fix interrupt_set_{affinity|wake}() description

Fix inline description of itr_num argument for interrupt_set_affinity()
and interrupt_set_wake().

Fixes: b2d6db21ec5e ("core: interrupt: helper function for raise_pi, raise_sgi, set_affinity")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not confi

core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not configure the
interrupt (since it's already configured from interrupt_dt_get_by_*()
API functions).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: clarify when dt_get_irq handler is needed

Add an inline comment telling struct itr_chip:dt_get_irq handler is
needed only when interrupt consumer manually get configuration
informat

core: interrupt: clarify when dt_get_irq handler is needed

Add an inline comment telling struct itr_chip:dt_get_irq handler is
needed only when interrupt consumer manually get configuration
information from the DT to later configure the interrupt. The
aim of this change is to clarify this handler is not needed for
interrupt provider registered with interrupt_register_provider()
and which consumer rely on interrupt_dt_get_by_*() to configure
their interrupts.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their
interrupts (with interrupt_dt_get_by_*() and interrupt_create_handler()).
Therefore change itr_chip_is_valid() to not enforce its support
but add back that constraint for the interrupt main controller.

Add an itr_chip_dt_only_init() helper function for interrupt
controllers which consumers only use the DT to configure their
interrupt, that is such controllers do not need a configure handler.

itr_chip_is_valid() is not called outside interrupt.c where it is
used in itr_chip_init() and itr_chip_dt_only_init() so make it a local
function.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt d

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt drivers accordingly.

By the way fix inline comment spelling typo (s/contrainsts/constraints/).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scmi: Fix qemu_v8 configuration

OP-TEE SCMI server on qemu_v8 doesn't boot with latest SCP-firmware when
notification is enabled since the addition of clock notification in SCP.
This comes from that

scmi: Fix qemu_v8 configuration

OP-TEE SCMI server on qemu_v8 doesn't boot with latest SCP-firmware when
notification is enabled since the addition of clock notification in SCP.
This comes from that there is no notification channel supported yet for
OP-TEE SCMI server. Disable notification until notification support is
added.

Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Let console devices be build time configurable

Currently RISC-V virtual platform enforces 16550 UART to be console
device. However, there are other console devices which can be cho

riscv: plat-virt: Let console devices be build time configurable

Currently RISC-V virtual platform enforces 16550 UART to be console
device. However, there are other console devices which can be chose by
developer. Thus, we allow the configurations for console device to be
overridden at build time while keeping the default value enabled.

Besides, fix CFG_SBI_CONSOLE to be CFG_RISCV_SBI_CONSOLE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
Th

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
That's not true when CFG_NS_VIRTUALIZATION=y so fix this by only
unmasking when NS-virtualization isn't enabled.

Fixes: 259c34df294f ("core: arm: boot: enable native interrupts before initcalls")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically a

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This is
needed in later patches where the stacks aren't statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This addres

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This address together with the known size of the stack is enough to
calculate all the other needed stack related addresses:
- start and end canaries,
- top and bottom of the stacks.

Add and use new internal functions to calculate these addresses and
remove the now unused macros. This is needed in later patches where the
stacks aren't statically allocated.

INIT_CANARY(), GET_START_CANARY(), and GET_END_CANARY() are kept for now
to see that the addresses for the canaries are calculated correctly in
the new functions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks()

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks() and thread_init_thread_core_local() are
replaced by a new version of thread_init_thread_core_local() for
CFG_BOOT_INIT_THREAD_CORE_LOCAL0=y.

Move initialization of thread_core_local[] from very early to
boot_init_primary_late() where various DTBs containing run-time
configuration are available. This will be needed in later patches when
the number of configured cores can be read from DT or some other
run-time configuration.

Move the "OP-TEE version" print and following code from
boot_init_primary_late() to boot_init_primary_final()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: entry_a32.S: use ldr over adr

Load address of reset_vect_table using ldr r0, =reset_vect_table,
instead of adr r0 reset_vect_table to allow longer addressing range.

Signed-off-by: Jens W

core: arm: entry_a32.S: use ldr over adr

Load address of reset_vect_table using ldr r0, =reset_vect_table,
instead of adr r0 reset_vect_table to allow longer addressing range.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: plat-virt: Let CFG_RISCV_PLIC be build time configurable

RISC-V has several standard interrupt controllers supported by QEMU
virtual platform. Thus, we allow CFG_RISCV_PLIC to be overridden a

riscv: plat-virt: Let CFG_RISCV_PLIC be build time configurable

RISC-V has several standard interrupt controllers supported by QEMU
virtual platform. Thus, we allow CFG_RISCV_PLIC to be overridden at
build time while keeping the default value enabled.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mmu: Add dynamic VA regions' mapping to page table

When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and
MEM_AREA_SHM_VASPACE should be added into page tables and replicated to
al

core: mmu: Add dynamic VA regions' mapping to page table

When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and
MEM_AREA_SHM_VASPACE should be added into page tables and replicated to
all CPU cores too. This fixes an issue when the VA of
MEM_AREA_RES_VASPACE or MEM_AREA_SHM_VASPACE is not in a same 1GB region
with other memory regions.

Link: https://github.com/OP-TEE/optee_os/issues/7275
Signed-off-by: Mark Zhang <markz@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: fix carve_out_phys_mem()

carve_out_phys_mem() is prior to this patch not handling cases where the
memory to be carved out isn't covered entirely by the physical memory.
So fix carve_out_ph

core: mm: fix carve_out_phys_mem()

carve_out_phys_mem() is prior to this patch not handling cases where the
memory to be carved out isn't covered entirely by the physical memory.
So fix carve_out_phys_mem() to handle carving out memory that may only
overlap partially with the physical memory.

Add debug prints in core_mmu_set_discovered_nsec_ddr() to list the
non-secure RAM areas.

Fixes: 941dec3a7f6f ("core: adjust nsec ddr memory size correctly")
Fixes: 490c50dfdb33 ("core: assign non-sec DDR configuration from DT")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: fix panic with TEE_SDP_TEST_MEM

The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses
MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This
conflicts with TEE_SD

core: mm: fix panic with TEE_SDP_TEST_MEM

The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses
MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This
conflicts with TEE_SDP_TEST_MEM where MEM_AREA_SEC_RAM_OVERALL covers
TEE_SDP_TEST_MEM and triggers a panic in verify_special_mem_areas().

The commit 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory")
changed to use vaddr_to_phys() to find the physical address for
TEE_SDP_TEST_MEM_BASE. This isn't right since it refers to physical
memory only.

So fix these problems.

Fixes: 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM")
Fixes: 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-versal2: disable ARM CE v8.2

Disable the ARM CE v8.2 configuration since it is not available on the SoC.
Allow the ARM CE configuration to be overridden at build time while keeping
the default

plat-versal2: disable ARM CE v8.2

Disable the ARM CE v8.2 configuration since it is not available on the SoC.
Allow the ARM CE configuration to be overridden at build time while keeping
the default value enabled.

Signed-off-by: Amey Avinash Raghatate <AmeyAvinash.Raghatate@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_risab: add .set_memory_conf ops

Add the .set_memory_conf ops to be able to reconfigure memory regions
protected by RISABs dynamically.

Factorize the RIF configuration application.

S

drivers: stm32_risab: add .set_memory_conf ops

Add the .set_memory_conf ops to be able to reconfigure memory regions
protected by RISABs dynamically.

Factorize the RIF configuration application.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...