plat-ti: replace stack_tmp_stride usage

The function resume_springboard() needs to restore the tmp_stack before
the rest of the resume process can be started. Since the commit
05994c760d5d ("core: t

plat-ti: replace stack_tmp_stride usage

The function resume_springboard() needs to restore the tmp_stack before
the rest of the resume process can be started. Since the commit
05994c760d5d ("core: thread: get stacks from recorded end-va") we can
now read the address of the tmp_stack from thread_core_local. So update
resume_springboard() as needed.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: update virt_to_phys() self tests

Update pointer in the virt_to_phys() test for a TEE_RAM to make sure
it's pointer in the TEE_RAM area since stack pointers may be mapped
differently with

core: pta: update virt_to_phys() self tests

Update pointer in the virt_to_phys() test for a TEE_RAM to make sure
it's pointer in the TEE_RAM area since stack pointers may be mapped
differently with CFG_DYN_CONFIG=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64: increase tmp stack size for debug

Increase STACK_TMP_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jero

core: arm64: increase tmp stack size for debug

Increase STACK_TMP_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: ffa: add test logical SP

Add a test LSP with UUID 54b5440e-a3d2-48d1-872a-7b6cbfc34855 to see
that LSPs can be found and reached from the normal world.

Signed-off-by: Jens Wiklander <jen

core: arm: ffa: add test logical SP

Add a test LSP with UUID 54b5440e-a3d2-48d1-872a-7b6cbfc34855 to see
that LSPs can be found and reached from the normal world.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: arm: ffa: add framework for Logical SPs

Add a framework to register Logical Secure Partitions in parallel with
OP-TEE at S-EL1. This is akin to Pseudo TAs, it provides an ABI but it's
part of

core: arm: ffa: add framework for Logical SPs

Add a framework to register Logical Secure Partitions in parallel with
OP-TEE at S-EL1. This is akin to Pseudo TAs, it provides an ABI but it's
part of the OP-TEE binary. A critical difference is that it's only
available for FF-A and can only use the non-threaded environment, that
is, no mutexes or RPC.

The logical OP-TEE core partition is registered in the framework. The
SPMC is also registered in the framework, but with a nil UUID so it's
not returned by FFA_PARTITION_INFO_GET.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: ffa: only accept FFA_RUN for S-EL0 SPs

OP-TEE core is never preemted with FFA_INTERRUPT so it must never be
resumed with FFA_RUN. However, S-EL0 SPs are preempted with
FFA_INTERRUPT so those a

core: ffa: only accept FFA_RUN for S-EL0 SPs

OP-TEE core is never preemted with FFA_INTERRUPT so it must never be
resumed with FFA_RUN. However, S-EL0 SPs are preempted with
FFA_INTERRUPT so those are still resumed using FFA_RUN.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: ffa: sp_partition_info_get() takes uuid_words[]

Replace the TEE_UUID *ffa_uuid parameter with uint32_t ffa_uuid_words[4]
to simplify how sp_partition_info_get() is called.

Signed-off-by: Jens

core: ffa: sp_partition_info_get() takes uuid_words[]

Replace the TEE_UUID *ffa_uuid parameter with uint32_t ffa_uuid_words[4]
to simplify how sp_partition_info_get() is called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: ffa: add spmc_is_reserved_id()

Add spmc_is_reserved_id() and replace direct checks against spmd_id and
spmc_id. spmd_id and spmc_id are changed to static variables since they
don't need to be

core: ffa: add spmc_is_reserved_id()

Add spmc_is_reserved_id() and replace direct checks against spmd_id and
spmc_id. spmd_id and spmc_id are changed to static variables since they
don't need to be exported any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: pta: add self tests for transfer list

Add self tests for transfer list.
Adapt CFG_TRANSFER_LIST with its dependencies and add
CFG_TRANSFER_LIST_TEST.

Signed-off-by: Raymond Mao <raymond.mao@l

core: pta: add self tests for transfer list

Add self tests for transfer list.
Adapt CFG_TRANSFER_LIST with its dependencies and add
CFG_TRANSFER_LIST_TEST.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: remove the last appended void transfer entry

transfer_list_set_data_size() appends a void entry for the following
entries to meet the alignment requirement even when it is the last
one

core: kernel: remove the last appended void transfer entry

transfer_list_set_data_size() appends a void entry for the following
entries to meet the alignment requirement even when it is the last
one, thus add a check before appending.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: fix bug in transfer_list_add()

Fix the missing cast on the target address when doing memmove.
Get the address of entry data via transfer_list_entry_data()
instead of adding offset.

Fi

core: kernel: fix bug in transfer_list_add()

Fix the missing cast on the target address when doing memmove.
Get the address of entry data via transfer_list_entry_data()
instead of adding offset.

Fixes: a12225022bd5 ("core: add transfer list API")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: reserve physical nexus memory for manifest

In reinit_manifest_dt() when reserving physical memory for the manifest,
allocate from physical nexus memory instead to support ns-virtualizatio

core: ffa: reserve physical nexus memory for manifest

In reinit_manifest_dt() when reserving physical memory for the manifest,
allocate from physical nexus memory instead to support ns-virtualization.

Fixes: 414123ae8ca5 ("core: ffa: reserve physical memory for manifest")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: applies FF-A v1.2 features on StandaloneMm

edk2's StandaloneMm will be applied with FF-A v1.2.
while applying, StandaloneMm doesn't create anymore PHIT hob by itself
but it should be passed fr

core: applies FF-A v1.2 features on StandaloneMm

edk2's StandaloneMm will be applied with FF-A v1.2.
while applying, StandaloneMm doesn't create anymore PHIT hob by itself
but it should be passed from other software stack.

To make StandaloneMm runs properly, create Hob information and
deliver it using FF-A Boot protocol according to FF-A specification [1].

Also, apply FF-A management protocol to change it [2] to
get/set memory permission instead of using DIRECT_REQ_MSG.

Also, implements some FF-A ABIs to communication StandaloneMm properly.

Link: https://developer.arm.com/documentation/den0077/latest [1]
Link: https://developer.arm.com/documentation/den0140/latest [2]

Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>

show more ...

core: introduce libefi for StandaloneMm

According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed

core: introduce libefi for StandaloneMm

According to Platform Initialization (PI) Specification [1] and
Discussion on edk2 mailing list [2],
StandaloneMm shouldn't create Hob but it should be passed from TF-A.
That's why StandaloneMm in Arm wouldn't produce Hob by itself [3] but
other software stack should pass boot information via PHIT Hob.

This patch introduces libefi including create Hob to deliver
boot information to StandaloneMm and defines related data structures.

Link: https://uefi.org/sites/default/files/resources/PI_Spec_1_6.pdf [1]
Link: https://edk2.groups.io/g/devel/topic/103675962#114283 [2]
Link: https://github.com/tianocore/edk2/pull/6116 [3]

Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>

show more ...

riscv: mm: Fix core_mmu_entry_is_branch()

We must also check V bit to determine non-leaf PTE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.co

riscv: mm: Fix core_mmu_entry_is_branch()

We must also check V bit to determine non-leaf PTE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

riscv: mm: support Sv48 and Sv57 address translation for core and TA

Add the macros for Sv57 address translation mode. Add CFG_RISCV_MMU_MODE
into riscv.mk and set it as 39 by default to enable Sv39

riscv: mm: support Sv48 and Sv57 address translation for core and TA

Add the macros for Sv57 address translation mode. Add CFG_RISCV_MMU_MODE
into riscv.mk and set it as 39 by default to enable Sv39 virtual address
translation scheme.

Currently, TA virtual memory occupies 1GB space, and TAs page table
should be an entry inside a level 2 (VPN[2]) page table, which is
decided by user_va_idx variable. For Sv39 translation scheme, it starts
from VPN[2], so nothing to do. For Sv48 translation scheme, we need to
allocate entry 0 of level 3 (VPN[3]) page table, and let it point to the
level 2 page table used by TA. For Sv57 translation scheme, we need to
further allocate entry 0 of level 4 (VPN[4]) page table, and let it
point to the level 3 page table.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: mm: Explicitly set user VA range inside L2(RV64) and L1(RV32) VPN

Add macros for level and bit shift of virtual page number (VPN) encoded
in RISC-V virtual address. Explicitly set range of us

riscv: mm: Explicitly set user VA range inside L2(RV64) and L1(RV32) VPN

Add macros for level and bit shift of virtual page number (VPN) encoded
in RISC-V virtual address. Explicitly set range of user virtual address
inside level 2 VPN by giving CORE_MMU_VPN2_SHIFT since the
CORE_MMU_BASE_TABLE_SHIFT is not always based on level 2 VPN if the MMU
scheme is not Sv39.

For RV32, there is only two-level VPN. The user VA range would be inside
level 1 VPN.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: mm: clean up macro definitions

Rename RISCV_SATP_ASID_SIZE to RISCV_SATP_ASID_WIDTH since it is used to
represent width of bits. Also remove redundant RISCV_MMU_ASID_WIDTH
since we already ha

riscv: mm: clean up macro definitions

Rename RISCV_SATP_ASID_SIZE to RISCV_SATP_ASID_WIDTH since it is used to
represent width of bits. Also remove redundant RISCV_MMU_ASID_WIDTH
since we already have RISCV_SATP_ASID_WIDTH. Fix a minor compiler
warning due to inconsistent data types on variable comparison.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: remove $(libgcccore) usage

Remove all remaining $(libgcccore) usage now that
lib/libutils/compiler-rt provides the needed bits.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm: remove $(libgcccore) usage

Remove all remaining $(libgcccore) usage now that
lib/libutils/compiler-rt provides the needed bits.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: dt_driver: variable may be unused

Fix the following warning with Clang 18.6.1:

core/kernel/dt_driver.c:456:15: error: variable 'count' set but not used [-Werror,-Wunused-but-set-vari

core: kernel: dt_driver: variable may be unused

Fix the following warning with Clang 18.6.1:

core/kernel/dt_driver.c:456:15: error: variable 'count' set but not used [-Werror,-Wunused-but-set-variable]
456 | unsigned int count = 0;
| ^

Indeed, when CFG_TEE_CORE_LOG_LEVEL <= 2, the value of count is never
read.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the loa

core: ffa: reserve physical memory for manifest

With CFG_CORE_SEL2_SPMC=y (Hafnium as SPMC at S-EL2), the FF-A manifest
passed to OP-TEE resides in the memory reserved for OP-TEE just before
the load address. The physical memory pool is initialized with the entire
range of secure memory, with holes carved out for already used memory.

Temporarily allocate the physical memory used by the manifest until it's
not needed any longer and released by release_manifest_dt().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fs_htree: Fix AAD length when CFG_REE_FS_HTREE_HASH_SIZE_COMPAT=y

Correct the hash size declared in AAD length declared in REE FS hash
tree authentication sequence when CFG_REE_FS_HTREE_HASH_S

core: fs_htree: Fix AAD length when CFG_REE_FS_HTREE_HASH_SIZE_COMPAT=y

Correct the hash size declared in AAD length declared in REE FS hash
tree authentication sequence when CFG_REE_FS_HTREE_HASH_SIZE_COMPAT is
enabled in which case the hash is truncated to the size of the
FEK key (TEE_FS_HTREE_FEK_SIZE).

The issue has currently no impact since REE FS hash tree authentication
is based on AES-GCM but it would be of importance if, for example, one
moves to an AES-CCM scheme while still enabling
CFG_REE_FS_HTREE_HASH_SIZE_COMPAT (even if unlikely to happen).
To prevent such issue in the future, let's declare the effectively
used hash size.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Link: https://github.com/OP-TEE/optee_os/pull/7340/commits/087325faec7c057a638cca80f0549e9abe49f190#r2024716984
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: add platform flavors for 62A and 62P devices

Even though the SA2UL integration on the AM62Ax and AM62Px platforms are
functionally identical to the AM62x platforms many, when build

plat-k3: drivers: add platform flavors for 62A and 62P devices

Even though the SA2UL integration on the AM62Ax and AM62Px platforms are
functionally identical to the AM62x platforms many, when building
OP-TEE manually, are using the platform name they are building for and
not 'am62x' which leaves SA2UL_BASE undefined and to failed builds:

In file included from core/include/mm/core_memprot.h:9,
from core/include/kernel/interrupt.h:10,
from core/arch/arm/plat-k3/drivers/sa2ul_rng.c:12:
core/arch/arm/plat-k3/./platform_config.h:91:34: error: ‘SA2UL_BASE’ undeclared here (not in a function); did you mean ‘SCU_BASE’?
91 | #define RNG_BASE (SA2UL_BASE + 0x10000)
| ^~~~~~~~~~

For now let's just define the AM62Ax and AM62Px platform flavors
identical to how AM62x is defined and include an #else statement to
catch when a undefined platform flavor tries to build the SA2UL driver

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Andrew Davis <afd@ti.com>
Signed-off-by: Bryan Brattlof <bb@ti.com>

show more ...

crypto: stm32: fix stm32_saes CTR mode on small input buffers

Fix missing cast when saving pre-computed masks in STM32 SAES driver
CTR implementation when several small input data is provided to
the

crypto: stm32: fix stm32_saes CTR mode on small input buffers

Fix missing cast when saving pre-computed masks in STM32 SAES driver
CTR implementation when several small input data is provided to
the update handler.

The issue is revealed by xtest regression_4017 when run with at least
level 12, e.g. "xtest -l 15 regression_4017".

Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: stm32: fix stm32_cryp CTR mode on small input buffers

Fix missing cast when saving pre-computed masks in STM32 CRYP driver
CTR implementation when several small input data is provided to
the

crypto: stm32: fix stm32_cryp CTR mode on small input buffers

Fix missing cast when saving pre-computed masks in STM32 CRYP driver
CTR implementation when several small input data is provided to
the update handler.

The issue could be found, for example, by assigning STM32 CRYP to OP-TEE
in stm32mp1-157C_DK2 board DTS file (patch below) and running xtest
regression_4017 with level 15 ("xtest -l 15 regression_4017").

Example of a patch on stm32mp157c-dk2.dts file to use CRYP driver for
AES operations:
+&cryp1 { status = "okay"; };
+
&etzpc {
st,decprot =
(...)
- <DECPROT(STM32MP1_ETZPC_CRYP1_ID, DECPROT_NS_RW, DECPROT_UNLOCK)>,
+ <DECPROT(STM32MP1_ETZPC_CRYP1_ID, DECPROT_S_RW, DECPROT_UNLOCK)>,
(...)
}

Fixes: 5e64ae6796b7 ("crypto: stm32: use CRYP IP for CIPHER algorithms")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...