core: aslr: suppress R_AARCH64_ABS64 and R_ARM_ABS32 relocations

The following errors were observed when building with GCC 6.2.1:

- 64 bits:
GEN out/arm/core/tee.bin
Unexpected relocation t

core: aslr: suppress R_AARCH64_ABS64 and R_ARM_ABS32 relocations

The following errors were observed when building with GCC 6.2.1:

- 64 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x101

- 32 bits:
GEN out/arm/core/tee.bin
Unexpected relocation type 0x2

Relocation type 0x101 is R_AARCH64_ABS64 and 0x2 is R_ARM_ABS32. The
errors are output by scripts/gen_tee_bin.py which expects only relative
relocations (the ones that are necessary for ASLR).

This patch adds the -Bsymbolic linker option to avoid these
relocations. More information can be found in Linux commit [1].

Link: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=08cc55b2afd97a654f71b3bebf8bb0ec89fdc498
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the

plat-imx: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: make core_is_buffer_*() paddr_t compatible

The core_is_buffer_*() helpers are sometimes used with physical
addresses (type paddr_t). This can cause problem on platforms where
sizeof(paddr_t) >

core: make core_is_buffer_*() paddr_t compatible

The core_is_buffer_*() helpers are sometimes used with physical
addresses (type paddr_t). This can cause problem on platforms where
sizeof(paddr_t) > sizeof(vaddr_t), that is on ARM32 systems with
CFG_CORE_LARGE_PHYS_ADDR=y. The FVP platform compiled for AArch32 is one
such system which as a consequence fails with:
E/TC:0 0 check_phys_mem_is_outside:335 Non-sec mem (0x880000000:0x180000000) ove
rlaps map (type 12 0xff000000:0x1000000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:336 <check_phys_mem_is_outside>

This patch fixes this problem by taking input addresses as paddr_t and
sizes as paddr_ssize_t instead. The wrapper macros which did some
automatic casting removed. The requires updates at some of the places
where these functions are called.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wa

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carri

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_a32.S

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure worl

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure world to consider any non-zero values,
including standard unknown function error code (-1), as
reporting a failure.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning an

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning and
probe() devices on tee bus we can initialize early drivers which
do not require tee-supplicant and after mount fs and tee-supplicant
run do probe() drivers witch require tee-supplicant.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_bab

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymy

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@ep

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO com

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO compensation. Enable IO compensation when platform boots.

This change defines SYSCFG clock that is needed and moves definition
of the RCC compatible string DT_RCC_CLK_COMPAT to RCC header file so
that it can be shared with stm32mp1_syscfg.c.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to guard the #include <libfdt.h> with
a #ifdef CFG_DT ... #endif block. This contrasts with other features
which don't require such guards.

This patch builds libfdt unconditionally and removes the include
guards. No change is expected in the binaries.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

rpmb: fix building when TRACE_LEVEL >= TRACE_FLOW

Building with CFG_RPMB_FS=y and CFG_TEE_CORE_LOG_LEVEL=4 yields a
compile-time error due to a typo.

Replacing TEE_RESULT with TEE_Result fixes the

rpmb: fix building when TRACE_LEVEL >= TRACE_FLOW

Building with CFG_RPMB_FS=y and CFG_TEE_CORE_LOG_LEVEL=4 yields a
compile-time error due to a typo.

Replacing TEE_RESULT with TEE_Result fixes the issue.

Signed-off-by: Gianguido Sorà <me@gsora.xyz>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-hisilicon: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported whe

plat-hisilicon: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: SiP SMC service for BSEC access

Implement a SiP SMC based interface fàr the non-secure world to access
BSEC words. The service is embedded upon CFG_STM32_BSEC_SIP=y. If not
embedded,

plat-stm32mp1: SiP SMC service for BSEC access

Implement a SiP SMC based interface fàr the non-secure world to access
BSEC words. The service is embedded upon CFG_STM32_BSEC_SIP=y. If not
embedded, the service simply reports a failure.

This service is used by U-boot package since its release v2019.07-rc1 [1]
to retrieve information such as the device MAC address [2].

Link: [1] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/include/mach/stm32mp1_smc.h
Link: [2] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/cpu.c#L475

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DT

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DTS files
since non-secure world is allowed to access these OTPs despite they
are located in the upper BSEC words (secure) area.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32_bsec: grant BSEC words non-secure access from embedded DTB

Change BSEC driver to allow non-secure world to access specific BSEC
upper words that have the ST NVMEM property "st,non-secure-otp".

stm32_bsec: grant BSEC words non-secure access from embedded DTB

Change BSEC driver to allow non-secure world to access specific BSEC
upper words that have the ST NVMEM property "st,non-secure-otp". The
property is presented to the LKML in [1].

During BSEC driver initialization, a bit fields array is allocated to
store whether each 32bit BSEC upper words is allowed to be accessed by
the non-secure world.

Link: [1] https://lkml.org/lkml/2020/5/8/1258
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when

plat-stm32mp1: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_boot: use "%#lx" to print unsigned long, not "0x%"PRIxPA

In 32-bit builds with CFG_CORE_LARGE_PHYS_ADDR=y, PRIxPA is "llx"
which is not the recommended format to print an unsigned long

core: generic_boot: use "%#lx" to print unsigned long, not "0x%"PRIxPA

In 32-bit builds with CFG_CORE_LARGE_PHYS_ADDR=y, PRIxPA is "llx"
which is not the recommended format to print an unsigned long int.
Use "lx" instead to avoid warnings with some compilers.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat-ls: Enable CAAM driver for PLATFORM lx2160ardb

Enable and test CAAM driver on lx2160ardb platform for
hash, ciphers and RSA

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-

core: plat-ls: Enable CAAM driver for PLATFORM lx2160ardb

Enable and test CAAM driver on lx2160ardb platform for
hash, ciphers and RSA

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: Fix alignment fault caused by caam_desc_pop()

Size of each JR Output ring entry is of 12 bytes for CAAM
using address pointer size as 64 bit. The descriptor address
pointer thus lies

drivers: caam: Fix alignment fault caused by caam_desc_pop()

Size of each JR Output ring entry is of 12 bytes for CAAM
using address pointer size as 64 bit. The descriptor address
pointer thus lies at 32 bit boundary in second output ring entry.
64 bit access of descriptor pointer at 32 bit boundary generates
alignment fault. To fix this, descriptor address pointer should
be accessed as two 32 bit operations.

regression_1004 Test User Crypt TA

E/TC:03 00 Core data-abort at address 0xfc09e74c (alignment fault)
E/TC:03 00 esr 0x96000021 ttbr0 0x20000fc0d7060 ttbr1 0x00000000 cidr 0x0
E/TC:03 00 cpu #3 cpsr 0x200001c4
E/TC:03 00 x0 00000000fc09e74c x1 0000000000000000
E/TC:03 00 x2 0000000000000050 x3 0000008000010100
E/TC:03 00 x4 0000000000000003 x5 00000000fc0e46e5
E/TC:03 00 x6 00000000fc09e74c x7 00000000fc09df78
E/TC:03 00 x8 0000000000000078 x9 00000000fc09c110
E/TC:03 00 x10 0000000041001900 x11 00000000ab12a911
E/TC:03 00 x12 0000000032e4d24d x13 00000000fc0e46e5
E/TC:03 00 x14 0000000000000000 x15 0000000000000000
E/TC:03 00 x16 00000000fc0e4b88 x17 0000000000000000
E/TC:03 00 x18 0000000000000000 x19 0000000000000000
E/TC:03 00 x20 000000000000270f x21 00000000fc07c000
E/TC:03 00 x22 00000000fc07c000 x23 0000000000000000
E/TC:03 00 x24 00000000fc09e74c x25 00000000fc0716d0
E/TC:03 00 x26 00000000fc09df78 x27 0000000000000000
E/TC:03 00 x28 0000000000000000 x29 00000000fc0e4900
E/TC:03 00 x30 00000000fc01ae8c elr 00000000fc01c124
E/TC:03 00 sp_el0 00000000fc0e4900
E/TC:03 00 TEE load address @ 0xfc000000
E/TC:03 00 Core data-abort at address 0xfc09e74c .debug_info+649036 (alignment fault)
E/TC:03 00 Call stack:
E/TC:03 00 0x00000000fc01c124 caam_desc_pop at core/drivers/crypto/caam/caam_desc.c:88
E/TC:03 00 0x00000000fc01b2ac caam_jr_enqueue at core/drivers/crypto/caam/caam_jr.c:510
E/TC:03 00 0x00000000fc02247c caam_cipher_block at core/drivers/crypto/caam/cipher/caam_cipher.c:331
E/TC:03 00 0x00000000fc022970 do_update_cipher at core/drivers/crypto/caam/cipher/caam_cipher.c:976
E/TC:03 00 0x00000000fc01a290 cipher_update at core/drivers/crypto/crypto_api/cipher/cipher.c:144
E/TC:03 00 0x00000000fc03562c tee_fs_fek_crypt at core/tee/tee_fs_key_manager.c:118
E/TC:03 00 0x00000000fc033dbc verify_root at core/tee/fs_htree.c:549
E/TC:03 00 0x00000000fc031edc ree_fs_open_primitive at core/tee/tee_ree_fs.c:416
E/TC:03 00 0x00000000fc0345d0 tee_fs_dirfile_open at core/tee/fs_dirfile.c:122
E/TC:03 00 0x00000000fc0321cc open_dirh at core/tee/tee_ree_fs.c:530
E/TC:03 00 0x00000000fc032498 ree_fs_open at core/tee/tee_ree_fs.c:604
E/TC:03 00 0x00000000fc0363dc tadb_open at core/tee/tadb.c:214
E/TC:03 00 0x00000000fc036c44 tee_tadb_ta_open at core/tee/tadb.c:633
E/TC:03 00 0x00000000fc00578c secstor_ta_open at core/arch/arm/kernel/secstor_ta.c:19
E/TC:03 00 0x00000000fc026658 system_open_ta_binary at core/pta/system.c:259
E/TC:03 00 0x00000000fc005e24 pseudo_ta_enter_invoke_cmd at core/arch/arm/kernel/pseudo_ta.c:199
E/TC:03 00 0x00000000fc0250dc tee_ta_invoke_command at core/kernel/tee_ta_manager.c:761
E/TC:03 00 0x00000000fc02b398 syscall_invoke_ta_command at core/tee/tee_svc.c:885
E/TC:03 00 0x00000000fc0123bc tee_svc_do_call at core/arch/arm/tee/arch_svc_a64.S:141
E/TC:03 00 0x00000000fc00811c thread_svc_handler at core/arch/arm/kernel/thread.c:1378
E/TC:03 00 0x00000000fc0039e0 el0_svc at core/arch/arm/kernel/thread_a64.S:639

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: Add register map changes for Era 10

Era 10 changes the register map.

The updates that affect the drivers:
-new version registers are added

Signed-off-by: Ruchika Gupta <ruchika.gupt

drivers: caam: Add register map changes for Era 10

Era 10 changes the register map.

The updates that affect the drivers:
-new version registers are added

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...