core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and rena

core: remove algo from crypto_cipher_*()

Removes the algo parameters from all crypto_cipher_*() functions except
crypto_cipher_alloc_ctx().

tee_aes_cbc_cts_update() is moved into aes-cts.c and renamed to
cbc_cts_update().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ack

core: remove algo from crypto_hash_*()

Removes the algo parameters from all crypto_hash_*() functions except
crypto_hash_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: compile assembler code with -marm by default

When CFG_FTRACE_SUPPORT=y, thumb mode should not be used in TA code,
because the ftrace code assumes arm instructions. Therefore we have to
pass t

arm32: compile assembler code with -marm by default

When CFG_FTRACE_SUPPORT=y, thumb mode should not be used in TA code,
because the ftrace code assumes arm instructions. Therefore we have to
pass the -marm switch to the compiler and assembler. This is correctly
done for the C compiler but not for the assembler. The same applies to
assembler files in the TEE core when CFG_SYSCALL_FTRACE=y.

More generally and for simplicity, we will assume that all _a32.S files
should be compiled in arm mode and therefore add -marm to
arm32-platform-aflags. Any exception can be handled via file-specific
flags in sub.mk.

Fixes a crash in the setjmp()/longjmp() test of xtest 1006 when Linaro's
GCC 6.2 is used to build the user space libutils.a (more precisely:
lib/libutils/isoc/arch/arm/setjmp_a32.S):

E/TC:? 0 User TA prefetch-abort at address 0x0 (translation fault)
E/TC:? 0 fsr 0x00000005 ttbr0 0x0e19206a ttbr1 0x0e18806a cidr 0x2
E/TC:? 0 cpu #1 cpsr 0x60000110
E/TC:? 0 r0 0x00000000 r4 0x00115780 r8 0x00000000 r12 0x00115658
E/TC:? 0 r1 0x00000001 r5 0x0011fb8c r9 0x00000000 sp 0x001156a0
E/TC:? 0 r2 0x00000000 r6 0x60000110 r10 0x00000000 lr 0x00000000
E/TC:? 0 r3 0x00000000 r7 0x00000000 r11 0x001156bc pc 0x00000000
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: arm
E/LD: region 0: va 0x00102000 pa 0x0e300000 size 0x002000 flags rw-s (ldelf)
E/LD: region 1: va 0x00104000 pa 0x0e302000 size 0x00a000 flags r-xs (ldelf)
E/LD: region 2: va 0x0010e000 pa 0x0e30c000 size 0x001000 flags rw-s (ldelf)
E/LD: region 3: va 0x0010f000 pa 0x0e30d000 size 0x003000 flags rw-s (ldelf)
E/LD: region 4: va 0x00112000 pa 0x0e310000 size 0x001000 flags r--s
E/LD: region 5: va 0x00113000 pa 0x0e444000 size 0x003000 flags rw-s (stack)
E/LD: region 6: va 0x0011b000 pa 0x00001000 size 0x024000 flags r-xs [0]
E/LD: region 7: va 0x0013f000 pa 0x00025000 size 0x10f000 flags rw-s [0]
E/LD: region 8: va 0x00266000 pa 0x00000000 size 0x003000 flags r-xs [1]
E/LD: region 9: va 0x00269000 pa 0x00002000 size 0x002000 flags rw-s [1]
E/LD: region 10: va 0x00300000 pa 0x40a67570 size 0x001000 flags rw-- (param)
E/LD: [0] 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b @ 0x0011b000
E/LD: [1] ffd2bded-ab7d-4988-95ee-e4962fff7154 @ 0x00266000
E/LD: Call stack:
E/LD: 0x00000000

Note: the crash is due to the fact that the compiler was configured for
-mthumb by default, whereas Arm's GCC 8.3 for instance defaults to
-marm. The compiler switches can be checked with:

$ echo 'void f() {};' | \
arm-linux-gnueabihf-gcc -frecord-gcc-switches -xc -c - -o test
$ readelf -p .GCC.command.line test

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-imx: add UART6 & 7 for i.MX6UL/L

The i.MX6UL/L variants contains additional UARTs which are not present
on the Cortex A9 variants. Add them to register file so they can be used
for new board de

plat-imx: add UART6 & 7 for i.MX6UL/L

The i.MX6UL/L variants contains additional UARTs which are not present
on the Cortex A9 variants. Add them to register file so they can be used
for new board definitions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

pta: bcm_pta: add Broadcom bnxt pta

Add Broadcom bnxt pta which uses Broadcom bnxt
drivers to manage firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: She

pta: bcm_pta: add Broadcom bnxt pta

Add Broadcom bnxt pta which uses Broadcom bnxt
drivers to manage firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadol

drivers: bnxt: add Broadcom bnxt driver

Add Broadcom bnxt driver which helps to load the
firmware on bnxt device

Signed-off-by: Vikas Gupta <vikas.gupta@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: add rk3399 and px30 flavors

Add support for the both the 6-core rk3399 as well as the 4-core px30
Rockchip socs to be used as secure payload together with trusted firmware.

Signed-of

plat-rockchip: add rk3399 and px30 flavors

Add support for the both the 6-core rk3399 as well as the 4-core px30
Rockchip socs to be used as secure payload together with trusted firmware.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: use GENMASK instead of opencoding bitmask on rk322x platform

GENMASK is way better to describe a registers mask than 0xffff0000,
so switch to it for the existing rk322x platform code.

plat-rockchip: use GENMASK instead of opencoding bitmask on rk322x platform

GENMASK is way better to describe a registers mask than 0xffff0000,
so switch to it for the existing rk322x platform code.

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: split platform_init for ddr region protection

rk322x currently expects to be loaded from U-Boot-SPL directly and defines
one platform service to initialize security settings for its p

plat-rockchip: split platform_init for ddr region protection

rk322x currently expects to be loaded from U-Boot-SPL directly and defines
one platform service to initialize security settings for its purposes.

On all future platforms we will want to approach this differently in that
OP-TEE gets started out of Trusted Firmware which in turn already should
have done core security settings and inside OP-TEE we will only want to
protect OP-TEEs memory region against non-secure access.

So create a general service calling into a flavor-specific function to
protect the memory region but also leave rk322x its special init functon.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: cleanup build infrastructure to make room for more platforms

Most features used by rk322x really will be limited to it even in the
future as all other platforms will be a secure paylo

plat-rockchip: cleanup build infrastructure to make room for more platforms

Most features used by rk322x really will be limited to it even in the
future as all other platforms will be a secure payload together with
trusted firmware.

So clean up the make files accordingly.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: make hardcoded uart optional

Rockchip SoCs can obviously use multiple uarts and while there is always
a uart used on the reference designs and hence on most boards, some boards
may wa

plat-rockchip: make hardcoded uart optional

Rockchip SoCs can obviously use multiple uarts and while there is always
a uart used on the reference designs and hence on most boards, some boards
may want to use a different uart.

OP-TEE can already initialize the uart from a chosen node from devicetree
and only needs the hardcoded uart for really early logs which will only
be needed during development.

So make the hard-coded uart optional and make it configurable via
the newly introduced CFG_EARLY_CONSOLE config settings.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: setup thread_handlers when working with Trusted Firmware

Most Rockchip platforms will use Trusted Firmware. All Aarch64 SoCs will
do so, but also the rk3288 has TF-A support and could

plat-rockchip: setup thread_handlers when working with Trusted Firmware

Most Rockchip platforms will use Trusted Firmware. All Aarch64 SoCs will
do so, but also the rk3288 has TF-A support and could use OP-TEE as secure
payload, with the RK322x SoC being the exception.

Therefore setup the thread_handlers in a way to work for both cases.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: make gic init handle both GICv2 and GICv3

For a gic-v3 the setup is slightly different, so make sure the
gic init handles both correctly for future platform-flavours.

Signed-off-by:

plat-rockchip: make gic init handle both GICv2 and GICv3

For a gic-v3 the setup is slightly different, so make sure the
gic init handles both correctly for future platform-flavours.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: map io peripherals individually

Most Rockchip platforms will generally only need a very minimal subset
of a SoCs peripherals, so there is no need to map the whole io area
and instead

plat-rockchip: map io peripherals individually

Most Rockchip platforms will generally only need a very minimal subset
of a SoCs peripherals, so there is no need to map the whole io area
and instead we should only map the relevant devices.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: move memory layout from platform_config to conf.mk

Makes it easier to integrate additional flavours later on.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Ack

plat-rockchip: move memory layout from platform_config to conf.mk

Makes it easier to integrate additional flavours later on.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-rockchip: remove boilerplate license blocks

All Rockchip platform files do have SPDX tags denoting the files licenses,
so there is no need to keep the now duplicate license boilerplate around.

plat-rockchip: remove boilerplate license blocks

All Rockchip platform files do have SPDX tags denoting the files licenses,
so there is no need to keep the now duplicate license boilerplate around.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Kever Yang <kever.yang@rock-chips.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: disable CAAM for all i.MX6/7 flavors

Currently, using an upstream kernel with i.MX6/7 devices and OP-TEE
results in OP-TEE stalling during the loading of trusted applications.
OP-TEE trie

core: imx: disable CAAM for all i.MX6/7 flavors

Currently, using an upstream kernel with i.MX6/7 devices and OP-TEE
results in OP-TEE stalling during the loading of trusted applications.
OP-TEE tries to use the CAAM for verification, unfortunately the
upstream kernel will turn off the clocks for the CAAM, resulting in the
bus transaction stalling on the bus and the processor requiring a hard
reset. Disable the NXP CAAM driver until the clock issues are resolved.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

hikey: Move console_data to __nex_bss

Move console data into __nex_bss section for hikey platform
to work properly when virtualization is enabled.

Signed-off-by: Renê de Souza Pinto <Rene.deSouzaPi

hikey: Move console_data to __nex_bss

Move console data into __nex_bss section for hikey platform
to work properly when virtualization is enabled.

Signed-off-by: Renê de Souza Pinto <Rene.deSouzaPinto@opensynergy.com>
Acked-by: Michalis Pappas <mpp@opensynergy.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Fix value of OPTEE_SMC_SEC_CAP_VIRTUALIZATION

Update the value of OPTEE_SEC_CAP_VIRTUALIZATION as it currently conflicts
with OPTEE_SEC_CAP_DYNAMIC_SHM

Signed-off-by: Michalis Pappas <mpp@ope

core: Fix value of OPTEE_SMC_SEC_CAP_VIRTUALIZATION

Update the value of OPTEE_SEC_CAP_VIRTUALIZATION as it currently conflicts
with OPTEE_SEC_CAP_DYNAMIC_SHM

Signed-off-by: Michalis Pappas <mpp@opensynergy.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

core: core.mk: add generated conf.cmake file to $(cleanfiles)

Commit b924c494920f ("Generate conf.cmake for TA dev kit") omitted to
add the generated file $(O)/conf.cmake to $(cleanfiles) and theref

core: core.mk: add generated conf.cmake file to $(cleanfiles)

Commit b924c494920f ("Generate conf.cmake for TA dev kit") omitted to
add the generated file $(O)/conf.cmake to $(cleanfiles) and therefore
'make clean' leaves it intact. Fix that.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: gensrc: add generated file to $(cleanfiles) automatically

The gensrc mechanism should not require the user to update the
cleanfiles variable since it can do it by itself. This commit updates
the

mk: gensrc: add generated file to $(cleanfiles) automatically

The gensrc mechanism should not require the user to update the
cleanfiles variable since it can do it by itself. This commit updates
the implementation and simplifies the call sites.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is n

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is necessary to make OP-TEE to be able to run on multi-threaded
systems. The number of threads/core can be modified by the
CFG_CORE_THREAD_SHIFT makefile parameter. The default value is the
existing single threaded mode.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add suppor

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add support for runtime loading of shared libraries")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: edit subject line]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number cor

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number corresponding to the number of AES rounds to perform. In
_rijndael_ecb_encrypt the skey->rijndael.Nr is subtracted by two, which
can result in an integer underflow if the structure hasn't been
initialized correctly.

By clamping the value for skey->rijndael.Nr into the valid rounds for
AES we can return an error instead of ending up reading outside the
boundaries (of skey->rijndael.eK).

Patch manually picked from [1].

Link: [1] https://github.com/libtom/libtomcrypt/commit/7b4a5c1dcf2803e9c6cbcbc2458db9317e6fb8ca
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...