core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: re

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: recipe for target 'out/core/tee.bin' failed

Introduce a special __get_tee_init_end to fix this and also avoid
confusion with __init_end used in the code for the pager case.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linar

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <j

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
cr

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
crypto_acipher_rsassa_verify().

A salt is something introduced by PCKS1_PSS, PKCS1_V1.5 does not have a
salt and the parameter will be ignored by crypto_acipher_rsassa_verify()
for the latter.

With the PCKS1_PSS algorithm it is common practice to use a salt with
the same size as the hash, but it is not a requirement. The
implementation here depends on using a salt with the same size as the
hash. This is a compromise to avoid extending the signed header with a
salt length field.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.ga

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: s/Load address @/TEE load address @/]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

Update Broadcom DRAM2 base and size

Update Broadcom DRAM2 base and size
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into s

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into secure ddr memory region

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gp

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gpio pin

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jero

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encry

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encryption key is derived from hardware unique key which
can be overridden via platform specific encryption key.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called o

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called on the primary cpu.

In practice that's not a problem (except for plat-stm, more on that
later) since all the platform specific plat_cpu_reset_late() only does
something if get_core_pos() returns 0, that is on the primary cpu.

On plat-stm SCR is now updated in plat_cpu_reset_early() instead.

This patch is needed because ASLR may relocate OP-TEE to a virtual base
address which differs from the physical base address. This means that
it's not possible to execute C code before MMU has been enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: mx6: support for TZASC on 6UL/ULL

The i.MX6UL/ULL processors support only one instance of the TZC380 IP.
Use only one to setup the firewall mappings.

Signed-off-by: Rouven Czerwinski <r.c

plat-imx: mx6: support for TZASC on 6UL/ULL

The i.MX6UL/ULL processors support only one instance of the TZC380 IP.
Use only one to setup the firewall mappings.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted b

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted by gen_tee_bin.py and converted into a more compact data
structure which is stored in the embedded data region.

For each relocation, only one 32-bit offset is kept. Compared to the
standard ELF format, the size of the relocation table is either halved
(Rel32 type: two 32-bit words per entry) or divided by 6 (Rel64 type:
three 64-bit words per entry).

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is ini

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is initializing a struct boot_embdata is added. This
struct is populated gen_tee_bin.py and later interpreted by
assembly boot code and init_runtime().

Previous memory allocation for hashes in the linker script is replaced
by this new mechanism.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry_a64.S: fix boot_mmu_config alignment

Makes sure that boot_mmu_config is at a 8 byte aligned address.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Reviewed-by: J

core: generic_entry_a64.S: fix boot_mmu_config alignment

Makes sure that boot_mmu_config is at a 8 byte aligned address.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: bcm: Add Broadcom SOTP PTA

Add Broadcom SOTP PTA
This PTA is used by userspace application to read
SOTP value and determine modules/features that are
enabled on this platform

Signed-off-by: Ra

pta: bcm: Add Broadcom SOTP PTA

Add Broadcom SOTP PTA
This PTA is used by userspace application to read
SOTP value and determine modules/features that are
enabled on this platform

Signed-off-by: Rahul Gupta <rahul.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: bcm: Add additional bnxt commands in pta

Add support for below bnxt commands:
- HEALTH_STATUS
- HANDSHAKE_STATUS
- CRASH_DUMP_COPY

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Sign

pta: bcm: Add additional bnxt commands in pta

Add support for below bnxt commands:
- HEALTH_STATUS
- HANDSHAKE_STATUS
- CRASH_DUMP_COPY

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: bnxt: Add driver support for additional bnxt cmds

Add driver support for following bnxt commands:
- HEALTH_STATUS
- HANDSHAKE_STATUS
- CRASH_DUMP_COPY

Signed-off-by: Vikas Gupta <vikas.

drivers: bnxt: Add driver support for additional bnxt cmds

Add driver support for following bnxt commands:
- HEALTH_STATUS
- HANDSHAKE_STATUS
- CRASH_DUMP_COPY

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: bnxt: Load bnxt images from secure memory

Load bnxt images from the secure memory at 1K offset,
If found on the secure memory instead of flash.
We copy the images from flash to secure memor

drivers: bnxt: Load bnxt images from secure memory

Load bnxt images from the secure memory at 1K offset,
If found on the secure memory instead of flash.
We copy the images from flash to secure memory for
the very first time

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: bnxt: Remove NS3Z specific code

Remove support for discontinued platform(NS3Z)

Signed-off-by: Rajesh Ravi <rajesh.ravi@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broad

drivers: bnxt: Remove NS3Z specific code

Remove support for discontinued platform(NS3Z)

Signed-off-by: Rajesh Ravi <rajesh.ravi@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...