imx: tzc380: dump state

Instead of only showing the access register, dump the whole
configuration state of the TZC380.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Cl

imx: tzc380: dump state

Instead of only showing the access register, dump the whole
configuration state of the TZC380.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

imx: tzc380: perform a region lockdown

Lockdown the region configuration after the auto configuration of
regions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement

imx: tzc380: perform a region lockdown

Lockdown the region configuration after the auto configuration of
regions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

tzc380: add lockdown and action to tzc_dump_state

Also dump the lockdown and action configuration while dumping the TZC380
configuration state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengut

tzc380: add lockdown and action to tzc_dump_state

Also dump the lockdown and action configuration while dumping the TZC380
configuration state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

tzc380: add function to lockdown regions

The TZC380 allows a lockdown of the region configuration to prevent
unintended or malicious configuration changes. Add a function which
locks down all region

tzc380: add function to lockdown regions

The TZC380 allows a lockdown of the region configuration to prevent
unintended or malicious configuration changes. Add a function which
locks down all regions of the current configuration

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: panic(): don't lose the message in non-debug mode

When CFG_TEE_CORE_DEBUG != y, panic("Some text") prints no file/line/
function information (which is expected in non-debug mode) but it also
i

core: panic(): don't lose the message in non-debug mode

When CFG_TEE_CORE_DEBUG != y, panic("Some text") prints no file/line/
function information (which is expected in non-debug mode) but it also
ignores its parameter. As a result, the console simply shows "Panic"
which is not very helpful.

There is no reason not to print the panic message, so add it.
Note that it is still possible to build a fully silent OP-TEE by
setting the log level to zero.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: plat-ls: Fix gic offsets for platform LS1046ARDB

Fix GIC offsets for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@n

core: plat-ls: Fix gic offsets for platform LS1046ARDB

Fix GIC offsets for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: plat-ls: Enable caam support for platform LS1046ARDB

Enable CAAM support for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.ma

core: plat-ls: Enable caam support for platform LS1046ARDB

Enable CAAM support for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix platform regarding ASLR

Remove assertion on MMU disable state in console_init() since
the function can be called from generic_boot.c after MMU is
enabled when ASLR support in Core

plat-stm32mp1: fix platform regarding ASLR

Remove assertion on MMU disable state in console_init() since
the function can be called from generic_boot.c after MMU is
enabled when ASLR support in Core is enabled.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: enable dynamic shared memory

Register dynamic shared memory allowed by the platform that is
the DRAM address ranges below and above the secure DRAM (TZDRAM).

Signed-off-by: Etienne C

plat-stm32mp1: enable dynamic shared memory

Register dynamic shared memory allowed by the platform that is
the DRAM address ranges below and above the secure DRAM (TZDRAM).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: aslr: fix cached_mem_end update

Fix update of cache_mem_end that corrupts CPU register R4 used to
store a boot argument in Aarch32.

Fixes: 487fd6828322 ("core: aslr: apply load offset to cach

core: aslr: fix cached_mem_end update

Fix update of cache_mem_end that corrupts CPU register R4 used to
store a boot argument in Aarch32.

Fixes: 487fd6828322 ("core: aslr: apply load offset to cached_mem_end")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: fix aarch32 lpae mmu configuration

Correct configuration of the MMU registers TTBR0/TTBR1 for
Aarch32/LPAE that omitted to load a zero value in the 32bit upper
part of the regis

core: generic_entry: fix aarch32 lpae mmu configuration

Correct configuration of the MMU registers TTBR0/TTBR1 for
Aarch32/LPAE that omitted to load a zero value in the 32bit upper
part of the registers.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: CAAM: Fix caam_desc_pop() function for 64bit platforms

Fix caam_desc_pop() function for reading the output CAAM job ring
entry for 64-bit platforms.

Signed-off-by: Priyanka Singh <priyanka

drivers: CAAM: Fix caam_desc_pop() function for 64bit platforms

Fix caam_desc_pop() function for reading the output CAAM job ring
entry for 64-bit platforms.

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: RPMB FS: Make N_ENTRIES a config variable

Allows to configure the number of FAT fs entries to be read from RPMB
storage in one chunk. Increasing this number makes functions that
traverse the F

core: RPMB FS: Make N_ENTRIES a config variable

Allows to configure the number of FAT fs entries to be read from RPMB
storage in one chunk. Increasing this number makes functions that
traverse the FAT fs read in more entries within a single RPMB read
operation. While this potentially improves RPMB I/O, it comes at the
cost of additional memory required to be allocated on the heap.
Determining an optimal size is platform- and use-case-dependent.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: aslr: set tee_svc_uref_base to VCORE_START_VA

tee_svc_uref_base was using hardcoded TEE_TEXT_VA_START define value.
This value isn't valid after TEE core relocation. Switch to use
VCORE_START_

core: aslr: set tee_svc_uref_base to VCORE_START_VA

tee_svc_uref_base was using hardcoded TEE_TEXT_VA_START define value.
This value isn't valid after TEE core relocation. Switch to use
VCORE_START_VA which is linker variable that should get update after
relocation code executed.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: aslr: apply load offset to cached_mem_end

cached_mem_end was calculated before relocation and use later for D$
flush. Add code to update cached_mem_end with ASLR load offset.

Signed-off-by: K

core: aslr: apply load offset to cached_mem_end

cached_mem_end was calculated before relocation and use later for D$
flush. Add code to update cached_mem_end with ASLR load offset.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Empty body for dump_fat() unless log level set to TRACE_FLOW

This patch improves RPMB performance. When called, dump_fat()
traverses the whole list of FAT entries and prints them out using
FMSG(). d

Empty body for dump_fat() unless log level set to TRACE_FLOW

This patch improves RPMB performance. When called, dump_fat()
traverses the whole list of FAT entries and prints them out using
FMSG(). dump_fat() is currently called by write_fat_entry() and
rpmb_fs_setup(). With this commit, dump_fat() is only active when
debugging/tracing, and empty for productive builds.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: add imx6ulzevk platform flavor

Add imx6ulzevk platform flavor.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

drivers: tzc: set maximum region size for tzc_auto_configure()

According to the TZC380 documentation, the AXI address width controls
the upper limit value of the region size.
This fix makes sure tha

drivers: tzc: set maximum region size for tzc_auto_configure()

According to the TZC380 documentation, the AXI address width controls
the upper limit value of the region size.
This fix makes sure that tzc_auto_configure() function will not
allocated a region bigger that the AXI address width.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: imx: add default UART for sabreauto boards

Board imx6*sabreauto default UART is UART4 and not UART1.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@fo

core: imx: add default UART for sabreauto boards

Board imx6*sabreauto default UART is UART4 and not UART1.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE sho

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE should not be trapping asynchronous data aborts by default
(unless for bringups) because they usually indicate memory errors
outside the control of PE's MMU and thus better handled by the normal
world OS. Trapping async data aborts also force-unloads keep-alive TAs,
which defeats the feature.

This (masking async data aborts) turns out to be indeed the expected
behavior as `CPSR.A` is set upon SMC entry. The bit is however mistakenly
cleared upon transitioning from SVC mode (OP-TEE) to user mode (TA) due
to a typo introduced in the following commit:

commit a702f5e71e79 ("core: split thread_enter_user_mode")

where `get_spsr()` should be calling `read_cpsr()` instead of
`read_spsr()` in order to save important bits in CPSR to SPSR prior to
switching to user mode.

More general background at the risk of being pedantic:

Invoking a TA from the REE-OS triggers a series of exception level
transitions: NS.EL1-->[NS.EL2-->]EL3-->[S.EL2-->]S.EL1-->S.EL0.

During each transtion the SPSR of each level except EL0 should be kept
in sync with the level's PSTATE(ARM64) or CPSR(ARM32).

The PSTATE/CPSR is initialized by target level's software when
transitioning from a high level to a lower level. For example OP-TEE
initializes the PSTATE/CPSR upon SMC entry.

The PSTATE/CPSR is saved to the current level SPSR by software prior
to transitioning out to a lower level. The PSTATE/CPSR is restored
from SPSR automatically (without software intervention) upon
"returning" to a highlevel from a lower level.

Fixes: https://github.com/OP-TEE/optee_os/issues/3576

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ali Zhang <alizhang@google.com>

show more ...

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_speculate() is used to protect the sensitive lookup.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

This fixes a regression with CFG_FTRACE_SUPPORT=y:
E/TC:? 0 assertion '!res' failed at core/arch/arm/kernel/user_ta.c:571 <user_ta_dump_ftrace>

Fixes: cffe74d2446b ("core: fix assigned size of struct mobj_reg_shm")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@f

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...