core: crypto: use supplied DSA parameters when creating key

When generating a DSA key, syscall_obj_generate_key() currently ignores
the supplied parameters: TEE_ATTR_DSA_PRIME, TEE_ATTR_DSA_SUBPRIME

core: crypto: use supplied DSA parameters when creating key

When generating a DSA key, syscall_obj_generate_key() currently ignores
the supplied parameters: TEE_ATTR_DSA_PRIME, TEE_ATTR_DSA_SUBPRIME and
TEE_ATTR_DSA_BASE. Instead a new set of parameters is generated each
time based on the specified key size. This does not comply with the
GlobalPlatform TEE Internal Core API specification which lists these
atrributes as mandatory input to the generation function (see v1.2.1
table 5-12 TEE_GenerateKey parameters).

Fix this issue by providing the supplied parameters to LibTomCrypt's
dsa_generate_key() instead of calling dsa_make_key().

Fixes: https://github.com/OP-TEE/optee_os/issues/3746
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/product/akebi96/

Signed-off-by: Tetsuya Yoshizaki <yoshizaki.tetsuya@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree sp

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree specification which mandates that the total physical memory
should be passed in the memory nodes.
Remove the TA and TEE RAM from the passed in memory, reserved-memory
nodes are used to indicate that part of the RAM is not accessible to
Linux. Fixes the following warning on some i.MX platforms:

I/TC: Non-secure external DT found
E/TC:0 0 check_phys_mem_is_outside:330 Non-sec mem (0x10000000:0x40000000) overlaps map (type 2 0x4e000000:0x5d000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:334 <check_phys_mem_is_outside>
E/TC:0 0 TEE load address @ 0x4e000000
E/TC:0 0 Call stack:
E/TC:0 0 0x4e006fd1

Fixes https://github.com/OP-TEE/optee_os/issues/3567
Fixes https://github.com/OP-TEE/optee_os/issues/3710

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Allow platforms to configure num of JR entries

Currently JR entries is fixed to 10 in common file. Allow
this to be over-ridden by platform's conf.mk

Signed-off-by: Ruchika Gupta <r

drivers: caam: Allow platforms to configure num of JR entries

Currently JR entries is fixed to 10 in common file. Allow
this to be over-ridden by platform's conf.mk

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: Fix bug in caam_hal_jr_flush()

After requesting the CAAM block for flushing the JR,
the function should wait till the halt is complete
(i.e HALT_ONGOING). The code currently erroneous

drivers: caam: Fix bug in caam_hal_jr_flush()

After requesting the CAAM block for flushing the JR,
the function should wait till the halt is complete
(i.e HALT_ONGOING). The code currently erroneously
checks this on HALT_COMPLETE which can result in
infinite loops on platforms where the halt gets
completed before this check exceutes for first time.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: Modify access of 64 bit registers

The Address of Input/output Job ring and scatter gather table are
handled differently depending on platform

1. All BE CAAM platforms (LS1043, LS1012

drivers: caam: Modify access of 64 bit registers

The Address of Input/output Job ring and scatter gather table are
handled differently depending on platform

1. All BE CAAM platforms (LS1043, LS1012, LS1046)
and i.MX platforms (LE CAAM):
base + 0x0000 : most-significant 32 bits
base + 0x0004 : least-significant 32 bits

The 32-bit version of this core therefore has to write to base + 0x0004
to set the 32-bit wide DMA address.

2. All other LE CAAM platforms (LS2088, LS1088, LX2160 etc.)
base + 0x0000 : least-significant 32 bits
base + 0x0004 : most-significant 32 bits

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
t

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
to panic in a not obvious way when the out of bound address is accessed.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: use pointers to out/inring_entry for CAAM

Use pointers to outring_entry and inring_entry as input for
caam_desc_pop(), caam_desc_push() and caam_desc_jobstatus() functions.

This quic

drivers: caam: use pointers to out/inring_entry for CAAM

Use pointers to outring_entry and inring_entry as input for
caam_desc_pop(), caam_desc_push() and caam_desc_jobstatus() functions.

This quick re-work originaly comes from the initiative to get rid of a
GGC 9.2 warning -Waddress-of-packed-member

core/drivers/crypto/caam/caam_jr.c: In function ‘do_jr_dequeue’:
core/drivers/crypto/caam/caam_jr.c:262:22: warning: taking address of packed member of ‘struct outring_entry’ may result in an unaligned pointer value [-Waddress-of-packed-member]
262 | if (caam_desc_pop(&jr_out->desc) == caller->pdesc) {
| ^~~~~~~~~~~~~
core/drivers/crypto/caam/caam_jr.c:265:26: warning: taking address of packed member of ‘struct outring_entry’ may result in an unaligned pointer value [-Waddress-of-packed-member]
265 | caam_read_jobstatus(&jr_out->status);
| ^~~~~~~~~~~~~~~

By doing this, we let the function safely extracting the field.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to
access (state, rate) but that can only be effectively accessed from
secure world due to the TZ secure hardening of the SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
harde

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
hardening of the system, are restricted to secure world accesses only.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: foundation for SCMI service

Embed a SCMI server in stm32mp1 based on SCMI message drivers.
The platform currently supports only the SCMI Base protocol.

Platform provides 2 Arm SMCCC

plat-stm32mp1: foundation for SCMI service

Embed a SCMI server in stm32mp1 based on SCMI message drivers.
The platform currently supports only the SCMI Base protocol.

Platform provides 2 Arm SMCCC fastcall communication channels each
using a small shared memory buffer is SYSRAM manage with a SMT header
for SCMI message exchange.

Default disable CFG_CORE_ASLR, CFG_LOCKDEP, CFG_TEE_CORE_DEBUG and
CFG_UNWIND for TEE RAM memory constraints since SCMI server with a
fastcall message processing path consumes several pages of SoC internal
SYSRAM where TEE pager resides.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: remove useless macros in SMC SiP handler

Remove unused macros in stm32mp1 platform SMC SiP handler source file.

Fixes: d9c569c9c765 ("plat-stm32mp1: prepare for SiP SMC services")
Si

plat-stm32mp1: remove useless macros in SMC SiP handler

Remove unused macros in stm32mp1 platform SMC SiP handler source file.

Fixes: d9c569c9c765 ("plat-stm32mp1: prepare for SiP SMC services")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dt-bindings: stm32mp1: define SCMI reset domains

Define the platform SCMI reset domains for stm32mp1 family.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <je

dt-bindings: stm32mp1: define SCMI reset domains

Define the platform SCMI reset domains for stm32mp1 family.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dt-bindings: stm32mp1: define SCMI clocks

Define the identifiers for stm32mp1 platform SCMI clocks.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@fori

dt-bindings: stm32mp1: define SCMI clocks

Define the identifiers for stm32mp1 platform SCMI clocks.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: invoke_test.pta: add test on null memref parameter

Add command PTA_INVOKE_TESTS_CMD_MEMREF_NULL to test invocation
of a PTA with a memref parameter with a NULL buffer reference.
The PTA should

pta: invoke_test.pta: add test on null memref parameter

Add command PTA_INVOKE_TESTS_CMD_MEMREF_NULL to test invocation
of a PTA with a memref parameter with a NULL buffer reference.
The PTA should successfully be invoked with a valid memref
parameter yet referring to a NULL buffer pointer.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

plat: rcar: Print SREC when generating the SREC file

Print SREC when generating the SREC file instead of GEN, which is
likely copied from neighboring entry in the same Makefile.

Signed-off-by: Mare

plat: rcar: Print SREC when generating the SREC file

Print SREC when generating the SREC file instead of GEN, which is
likely copied from neighboring entry in the same Makefile.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: prepare for SiP SMC services

Implement secure monitor platform handlers foundations for
platform stm32mp1 to handle SiP SMC services.

Signed-off-by: Etienne Carriere <etienne.carrier

plat-stm32mp1: prepare for SiP SMC services

Implement secure monitor platform handlers foundations for
platform stm32mp1 to handle SiP SMC services.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: assign last 4kB of sysram as shared memory

Allow the last 4kByte of stm32mp1 SYSRAM internal RAM to be
assigned to non-secure world when used as SCMI shared memory.
ETZPC memory firew

plat-stm32mp1: assign last 4kB of sysram as shared memory

Allow the last 4kByte of stm32mp1 SYSRAM internal RAM to be
assigned to non-secure world when used as SCMI shared memory.
ETZPC memory firewall is configured accordingly from service
late initialization level as ETPCZ driver is initialized from
service init level when embedded BTD support is enabled.

Platform configuration switches CFG_STM32MP1_SCMI_SHM_BASE and
CFG_STM32MP1_SCMI_SHM_SIZE are used to define the SCMI shared
memory location.

Compilation asserts that if CFG_TZSRAM_START is define inside SYSRAM
then it fully resides inside the secure SYSRAM area as per SoC ETZPC
implementation that mandates the non-secure SYSRAM to be above (higher
address) the secure SYSRAM.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: clock: secure and non-secure gateable clocks

Array stm32mp1_clk_gate[] defines the clock resources. This change
adds an attribute to the clocks in stm32mp1_clk_gate array. Clocks
unde

plat-stm32mp1: clock: secure and non-secure gateable clocks

Array stm32mp1_clk_gate[] defines the clock resources. This change
adds an attribute to the clocks in stm32mp1_clk_gate array. Clocks
under RCC[TZEN] hardening are tagged SEC and clocks always assigned
to non-secure world as per SoC implementation are tagged N_S.

Non-secure clocks that OP-TEE expects to enable are enabled without
increase of their reference counter and, for consistency, are never
disabled by TEE Core. Note that such clocks may be accessed by
OP-TEE Core when the non-secure world is not executing, for example
at boot time or could be when system is suspending/resuming.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: shared resources: remove unused stm32mp_clock_is_*()

Remove unused functions stm32mp_clock_is_shareable(),
stm32mp_clock_is_shared() and stm32mp_clock_is_non_secure()? These
were init

plat-stm32mp1: shared resources: remove unused stm32mp_clock_is_*()

Remove unused functions stm32mp_clock_is_shareable(),
stm32mp_clock_is_shared() and stm32mp_clock_is_non_secure()? These
were initially designed to allow a secure service to expose clocks
to non-secure world. These functions are now deprecated since
stm32mp_nsec_can_access_clock() was introduced.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: shared resources: helper for shareable clocks

stm32mp_nsec_can_access_clock() reports whether a clock is assigned
to the secure world only or if it can be manipulated by the non-secur

plat-stm32mp1: shared resources: helper for shareable clocks

stm32mp_nsec_can_access_clock() reports whether a clock is assigned
to the secure world only or if it can be manipulated by the non-secure
world through some service exposed by secure world as a SCMI server.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: utee_param_to_param(): set mobj to NULL when NULL memrefs of size 0

Set the tee_ta_param mobj to NULL if user parameter is a NULL memrefs
of size 0.
When mobj pointer is NULL, it also identify

core: utee_param_to_param(): set mobj to NULL when NULL memrefs of size 0

Set the tee_ta_param mobj to NULL if user parameter is a NULL memrefs
of size 0.
When mobj pointer is NULL, it also identify the last parameter of the list.

Fixes: 9d2e798360b5 ("core: TEE capability for null sized memrefs support")

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lockdep: introduce CFG_LOCKDEP_RECORD_STACK

The lockdep algorithm uses quite a bit of heap memory to record the
call stacks. This commit adds a configuration flag so that this may be
turned of

core: lockdep: introduce CFG_LOCKDEP_RECORD_STACK

The lockdep algorithm uses quite a bit of heap memory to record the
call stacks. This commit adds a configuration flag so that this may be
turned off. When CFG_LOCKDEP_RECORD_STACK=n the deadlock detection
still works but the diagnostics message will show no call stack
obviously.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drop __weak from internal_aes_gcm_update_payload_blocks()

Removes the __weak attribute from internal_aes_gcm_update_payload_blocks()
now that both AArch32 and AArch64 have an optimized replace

core: drop __weak from internal_aes_gcm_update_payload_blocks()

Removes the __weak attribute from internal_aes_gcm_update_payload_blocks()
now that both AArch32 and AArch64 have an optimized replacement.

The previous __weak internal_aes_gcm_update_payload_blocks() is now
moved into core/crypto/aes-gcm-sw.c with its helper functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optimize AArch64 AES-GCM routines

Optimize handling of the last odd AES-GCM block by reusing function
recently added to boost AArch32 performance. Resulting in a small gain
in performance and

core: optimize AArch64 AES-GCM routines

Optimize handling of the last odd AES-GCM block by reusing function
recently added to boost AArch32 performance. Resulting in a small gain
in performance and fewer lines of code.

With this patch together with the recent changes the throughput of
AArch64 AES-GCM has increased from around 400MiB/s to 470MiB/s with
blocks of 4096 bytes.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...