core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not confi

core: interrupt: clarify inline comment in interrupt_create_handler()

Clarify inline comment in interrupt_create_handler() to explicit that
this function request add_configure_handler() to not configure the
interrupt (since it's already configured from interrupt_dt_get_by_*()
API functions).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: clarify when dt_get_irq handler is needed

Add an inline comment telling struct itr_chip:dt_get_irq handler is
needed only when interrupt consumer manually get configuration
informat

core: interrupt: clarify when dt_get_irq handler is needed

Add an inline comment telling struct itr_chip:dt_get_irq handler is
needed only when interrupt consumer manually get configuration
information from the DT to later configure the interrupt. The
aim of this change is to clarify this handler is not needed for
interrupt provider registered with interrupt_register_provider()
and which consumer rely on interrupt_dt_get_by_*() to configure
their interrupts.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their

core: interrupt: itr_chip may not require configure handler

The configure handler in struct itr_ops is not required for interrupt
providers which consumers only use the DT to get and configure their
interrupts (with interrupt_dt_get_by_*() and interrupt_create_handler()).
Therefore change itr_chip_is_valid() to not enforce its support
but add back that constraint for the interrupt main controller.

Add an itr_chip_dt_only_init() helper function for interrupt
controllers which consumers only use the DT to configure their
interrupt, that is such controllers do not need a configure handler.

itr_chip_is_valid() is not called outside interrupt.c where it is
used in itr_chip_init() and itr_chip_dt_only_init() so make it a local
function.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt d

core: interrupt: rename .add handler to .configure

Rename field add of struct itr_ops to configure for consistency
since that handler is used the configure the interrupt. Update
existing interrupt drivers accordingly.

By the way fix inline comment spelling typo (s/contrainsts/constraints/).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scmi: Fix qemu_v8 configuration

OP-TEE SCMI server on qemu_v8 doesn't boot with latest SCP-firmware when
notification is enabled since the addition of clock notification in SCP.
This comes from that

scmi: Fix qemu_v8 configuration

OP-TEE SCMI server on qemu_v8 doesn't boot with latest SCP-firmware when
notification is enabled since the addition of clock notification in SCP.
This comes from that there is no notification channel supported yet for
OP-TEE SCMI server. Disable notification until notification support is
added.

Signed-off-by: Vincent Guittot <vincent.guittot@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Let console devices be build time configurable

Currently RISC-V virtual platform enforces 16550 UART to be console
device. However, there are other console devices which can be cho

riscv: plat-virt: Let console devices be build time configurable

Currently RISC-V virtual platform enforces 16550 UART to be console
device. However, there are other console devices which can be chose by
developer. Thus, we allow the configurations for console device to be
overridden at build time while keeping the default value enabled.

Besides, fix CFG_SBI_CONSOLE to be CFG_RISCV_SBI_CONSOLE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
Th

core: arm: boot: mask native interrupts for virtualization

Native interrupts are prior to this patch unmasked while processing
initcalls. This is only permitted if the temporary stack isn't used.
That's not true when CFG_NS_VIRTUALIZATION=y so fix this by only
unmasking when NS-virtualization isn't enabled.

Fixes: 259c34df294f ("core: arm: boot: enable native interrupts before initcalls")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically a

core: arm32: initialize secure monitor late

Initialize the secure monitor as late as possible before exiting to the
normal world. This is needed in later patches where the stacks aren't
statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This

core: thread: initialize stack canaries from recorded end-va

Continue where "core: thread: get stacks from recorded end-va" left and
initialize the stack canaries based on the recorded end-va. This is
needed in later patches where the stacks aren't statically allocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This addres

core: thread: get stacks from recorded end-va

Each stack has its end-va or top recorded in either thread_core_local[]
or threads[] as tmp_stack_va_end, abt_stack_va_end, or stack_va_end.
This address together with the known size of the stack is enough to
calculate all the other needed stack related addresses:
- start and end canaries,
- top and bottom of the stacks.

Add and use new internal functions to calculate these addresses and
remove the now unused macros. This is needed in later patches where the
stacks aren't statically allocated.

INIT_CANARY(), GET_START_CANARY(), and GET_END_CANARY() are kept for now
to see that the addresses for the canaries are calculated correctly in
the new functions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks()

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks() and thread_init_thread_core_local() are
replaced by a new version of thread_init_thread_core_local() for
CFG_BOOT_INIT_THREAD_CORE_LOCAL0=y.

Move initialization of thread_core_local[] from very early to
boot_init_primary_late() where various DTBs containing run-time
configuration are available. This will be needed in later patches when
the number of configured cores can be read from DT or some other
run-time configuration.

Move the "OP-TEE version" print and following code from
boot_init_primary_late() to boot_init_primary_final()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: entry_a32.S: use ldr over adr

Load address of reset_vect_table using ldr r0, =reset_vect_table,
instead of adr r0 reset_vect_table to allow longer addressing range.

Signed-off-by: Jens W

core: arm: entry_a32.S: use ldr over adr

Load address of reset_vect_table using ldr r0, =reset_vect_table,
instead of adr r0 reset_vect_table to allow longer addressing range.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: plat-virt: Let CFG_RISCV_PLIC be build time configurable

RISC-V has several standard interrupt controllers supported by QEMU
virtual platform. Thus, we allow CFG_RISCV_PLIC to be overridden a

riscv: plat-virt: Let CFG_RISCV_PLIC be build time configurable

RISC-V has several standard interrupt controllers supported by QEMU
virtual platform. Thus, we allow CFG_RISCV_PLIC to be overridden at
build time while keeping the default value enabled.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mmu: Add dynamic VA regions' mapping to page table

When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and
MEM_AREA_SHM_VASPACE should be added into page tables and replicated to
al

core: mmu: Add dynamic VA regions' mapping to page table

When optee boots, the initial mapping for MEM_AREA_RES_VASPACE and
MEM_AREA_SHM_VASPACE should be added into page tables and replicated to
all CPU cores too. This fixes an issue when the VA of
MEM_AREA_RES_VASPACE or MEM_AREA_SHM_VASPACE is not in a same 1GB region
with other memory regions.

Link: https://github.com/OP-TEE/optee_os/issues/7275
Signed-off-by: Mark Zhang <markz@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: fix carve_out_phys_mem()

carve_out_phys_mem() is prior to this patch not handling cases where the
memory to be carved out isn't covered entirely by the physical memory.
So fix carve_out_ph

core: mm: fix carve_out_phys_mem()

carve_out_phys_mem() is prior to this patch not handling cases where the
memory to be carved out isn't covered entirely by the physical memory.
So fix carve_out_phys_mem() to handle carving out memory that may only
overlap partially with the physical memory.

Add debug prints in core_mmu_set_discovered_nsec_ddr() to list the
non-secure RAM areas.

Fixes: 941dec3a7f6f ("core: adjust nsec ddr memory size correctly")
Fixes: 490c50dfdb33 ("core: assign non-sec DDR configuration from DT")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: fix panic with TEE_SDP_TEST_MEM

The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses
MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This
conflicts with TEE_SD

core: mm: fix panic with TEE_SDP_TEST_MEM

The commit 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM") uses
MEM_AREA_SEC_RAM_OVERALL to map practically all secure memory. This
conflicts with TEE_SDP_TEST_MEM where MEM_AREA_SEC_RAM_OVERALL covers
TEE_SDP_TEST_MEM and triggers a panic in verify_special_mem_areas().

The commit 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory")
changed to use vaddr_to_phys() to find the physical address for
TEE_SDP_TEST_MEM_BASE. This isn't right since it refers to physical
memory only.

So fix these problems.

Fixes: 2f2f69df5afe ("core: mm: replace MEM_AREA_TA_RAM")
Fixes: 1c1f8b65b5c6 ("core: mm: unify secure core and TA memory")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-versal2: disable ARM CE v8.2

Disable the ARM CE v8.2 configuration since it is not available on the SoC.
Allow the ARM CE configuration to be overridden at build time while keeping
the default

plat-versal2: disable ARM CE v8.2

Disable the ARM CE v8.2 configuration since it is not available on the SoC.
Allow the ARM CE configuration to be overridden at build time while keeping
the default value enabled.

Signed-off-by: Amey Avinash Raghatate <AmeyAvinash.Raghatate@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Michal Simek <michal.simek@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_risab: add .set_memory_conf ops

Add the .set_memory_conf ops to be able to reconfigure memory regions
protected by RISABs dynamically.

Factorize the RIF configuration application.

S

drivers: stm32_risab: add .set_memory_conf ops

Add the .set_memory_conf ops to be able to reconfigure memory regions
protected by RISABs dynamically.

Factorize the RIF configuration application.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_risab: rework regs_access_granted()

Rework regs_access_granted() to always authorize access to RISAB1/2
that can only be accessed by the Cortex-A35.

Also fix the sequence by isolatin

drivers: stm32_risab: rework regs_access_granted()

Rework regs_access_granted() to always authorize access to RISAB1/2
that can only be accessed by the Cortex-A35.

Also fix the sequence by isolating the case where the CID filtering is
not enabled.

Fixes: c413678c6ca6 ("drivers: stm32_risab: add RISAB internal memory firewall driver")
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: remove header file

Remove stm32_etzpc.h header file that is not required since the
declared and defined resources are used internally in stm32_etzpc.c

By the way, al

drivers: firewall: stm32_etzpc: remove header file

Remove stm32_etzpc.h header file that is not required since the
declared and defined resources are used internally in stm32_etzpc.c

By the way, also remove inclusion of stm32mp15-etzpc.h DT bindings
header file from stm32_rng.c where it is not needed.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: arm: virt-aware FF-A thread_foreign_intr_exit()

thread_foreign_intr_exit() is called after the thread state has been
saved and the thread is suspended. With virtualization enabled
(CFG_NS_VIRT

core: arm: virt-aware FF-A thread_foreign_intr_exit()

thread_foreign_intr_exit() is called after the thread state has been
saved and the thread is suspended. With virtualization enabled
(CFG_NS_VIRTUALIZATION=y) the virt_unset_guest() is also called. After
this, the guests thread contexts aren't available any longer. For FF-A
thread_foreign_intr_exit() needs a few fields from the suspend threads
context so extract those before suspending the thread and pass them as
parameters for thread_foreign_intr_exit().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: __nex-annotate nexus rxtx buffer

Add __nex_bss and __nex_data annotations for the rxtx buffers used in a
configuration with SPMC at S-EL2 or EL3.

Signed-off-by: Jens Wiklander <jens.wikl

core: ffa: __nex-annotate nexus rxtx buffer

Add __nex_bss and __nex_data annotations for the rxtx buffers used in a
configuration with SPMC at S-EL2 or EL3.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initcall.h: make boot_final() last final call

Make the boot_final() call last among the final call, that is, after the
xen_*_init*() calls. spmc_init() accesses the manifest_fd so it must be
c

core: initcall.h: make boot_final() last final call

Make the boot_final() call last among the final call, that is, after the
xen_*_init*() calls. spmc_init() accesses the manifest_fd so it must be
called before release_manifest_dt() removes it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: virt-aware spmc_init() for SPMC at S-EL2/EL3

Call virt_add_guest_spec_data() for the struct notif_vm_bitmap to make
it accessible from notif_send_async().

Signed-off-by: Jens Wiklander <

core: ffa: virt-aware spmc_init() for SPMC at S-EL2/EL3

Call virt_add_guest_spec_data() for the struct notif_vm_bitmap to make
it accessible from notif_send_async().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage interrupts during OP-TEE core initialization, as for example
detecting a firewall access violation when it occurs. Before this change,
OP-TEE needed to complete its initialization and return the secure
monitor for secure interrupts to be handled.

Note that when CFG_NS_VIRTUALIZATION is enabled, initcalls called from
virt_on_stdcall() is not changed here since they are executing from a
standard call entry hence with native and foreign interrupts already
default unmasked.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...