core: ltc: fix preallocation of MPI bignums

Fixes the preallocation to make room for the actual content also in
crypto_bignum_allocate() by calling mbedtls_mpi_grow().

Acked-by: Etienne Carriere <e

core: ltc: fix preallocation of MPI bignums

Fixes the preallocation to make room for the actual content also in
crypto_bignum_allocate() by calling mbedtls_mpi_grow().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Introduce OPTEE_SMC_GET_THREAD_COUNT

This call should be used to query OP-TEE about number of threads
(basically, CFG_NUM_THREADS build option).

It is introduced after discussion at [1] about

core: Introduce OPTEE_SMC_GET_THREAD_COUNT

This call should be used to query OP-TEE about number of threads
(basically, CFG_NUM_THREADS build option).

It is introduced after discussion at [1] about possibility to read
number of supported threads. It is needed for XEN OP-TEE mediator to
mitigate possible DoS from virtual guest. If XEN knows number of
OP-TEE threads, it can limit number of standard calls from the guest
on own side.

Also, it can be used by optee client driver, to ratelimit number of calls
from its side.

Link: [1] https://lists.xenproject.org/archives/html/xen-devel/2019-01/msg01460.html

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pl022, pl061: add missing pager constraint on _ops struct

Add KEEP_PAGER() for pl022_ops and pl061_ops structs.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <je

pl022, pl061: add missing pager constraint on _ops struct

Add KEEP_PAGER() for pl022_ops and pl061_ops structs.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pl022_spi: fix non-trivial typo

read16() was replaced with io_read8() instead of io_read16() so fix it.

Fixes: 918bb3a5 ("core: upgrade from write32() to io_write32() and friends")

Signed-off-by:

pl022_spi: fix non-trivial typo

read16() was replaced with io_read8() instead of io_read16() so fix it.

Fixes: 918bb3a5 ("core: upgrade from write32() to io_write32() and friends")

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pl022_spi: simplify receive of remaining data

If the expected number of packets are not received during the
transmit+receive cycle, just receive the remaining data after the
cycle if the Receive FIF

pl022_spi: simplify receive of remaining data

If the expected number of packets are not received during the
transmit+receive cycle, just receive the remaining data after the
cycle if the Receive FIFO (SSPSR_RNE) is not empty, without depending
on the busy (SSPSR_BSY) flag, else we might miss reading some data as
indicated in [1].

LINK: [1] https://github.com/OP-TEE/optee_os/issues/1461#issuecomment-306156463

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: storage: set data length after truncation

After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.

Signed-off-by: Christopher Tam <godtamit@google.

core: storage: set data length after truncation

After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.

Signed-off-by: Christopher Tam <godtamit@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)

show more ...

core: arm: kern.ld.S: minimize padding between .heap1 and .nozi

When OP-TEE is build with CFG_WITH_LPAE=y, the things stored in the
.nozi section do not need to be aligned on more than 4 KiB. Only t

core: arm: kern.ld.S: minimize padding between .heap1 and .nozi

When OP-TEE is build with CFG_WITH_LPAE=y, the things stored in the
.nozi section do not need to be aligned on more than 4 KiB. Only the
non-LPAE case requires 16 KiB alignment for the L1 page table.

Use an #ifdef to minimize the extra space between .heap1 and .nozi,
thus making the heap size closer to what is requested by
CFG_CORE_HEAP_SIZE. This can be useful when trying to minimize the
size of the TEE core binary, which could otherwise be bigger than
necessary by as much as 12 KiB.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: kern.ld.S: use ABSOLUTE() in some assertions

Symbols defined inside output sections are relative to the section
start. Therefore, when we want to check the actual address, we need
to appl

core: arm: kern.ld.S: use ABSOLUTE() in some assertions

Symbols defined inside output sections are relative to the section
start. Therefore, when we want to check the actual address, we need
to apply the ABSOLUTE() builtin function to the symbol.

Note that symbols defined outside output sections are absolute by
default, and therefore need not be treated the same.

kern.ld.S has two incorrect assertions which can never fail, because
the value that is checked is in fact 0 (since we are at the beginning
of a section in both cases).

Fix the code by adding the missing ABSOLUTE().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: mx6: add support for the TZC380 to MX6Q

Use the generic RAM layout to configure the TZC380 according to the
device configuration.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutroni

plat-imx: mx6: add support for the TZC380 to MX6Q

Use the generic RAM layout to configure the TZC380 according to the
device configuration.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

tzc380: add region auto configuration function

The tzc_auto_configure() function takes an address, a size, the attribute
and a region as arguments. It calculates the fitting tzc380 region
configurat

tzc380: add region auto configuration function

The tzc_auto_configure() function takes an address, a size, the attribute
and a region as arguments. It calculates the fitting tzc380 region
configuration and applies it to the controller.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

tzc380: add function to retrieve action register

The TZC380 IP has an action configuration which defines the action taken
if a region is accessed with the wrong permissions.
Devices do not have to s

tzc380: add function to retrieve action register

The TZC380 IP has an action configuration which defines the action taken
if a region is accessed with the wrong permissions.
Devices do not have to set the action register explicitly, add a
function to retrieve the default configuration.

Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: bcm_sotp: add SOTP driver

low level driver for Broadcom SOTP controller.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Si

drivers: bcm_sotp: add SOTP driver

low level driver for Broadcom SOTP controller.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Rahul Gupta <rahul.gupta@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>

show more ...

drivers: bcm_hwrng: add HWRNG driver

low level driver for Broadcom random number generator IP.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.g

drivers: bcm_hwrng: add HWRNG driver

low level driver for Broadcom random number generator IP.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>

show more ...

plat-rpi3: Use generic memory layout

plat-rpi3 have quite standard memory layout, so there is no sense
to maintain separate configuration if it possible to use generic
one.

Signed-off-by: Ying-Chun

plat-rpi3: Use generic memory layout

plat-rpi3 have quite standard memory layout, so there is no sense
to maintain separate configuration if it possible to use generic
one.

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>

show more ...

stm32mp1: shres: set GPIO secure hardening

Set secure hardening for the GPIOZ pins according to their
peripheral registration.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Je

stm32mp1: shres: set GPIO secure hardening

Set secure hardening for the GPIOZ pins according to their
peripheral registration.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: shres: configure ETZPC protection

With this change, platform configures the ETZPC firewall
according to shared peripheral being assigned to either the
secure or the non-secure world.

Sign

stm32mp1: shres: configure ETZPC protection

With this change, platform configures the ETZPC firewall
according to shared peripheral being assigned to either the
secure or the non-secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: shres: check RCC secure hardening

This change add a platform consistency test between shared
resource registering and SoC RCC hardening.

When secure resources are registered, RCC secure h

stm32mp1: shres: check RCC secure hardening

This change add a platform consistency test between shared
resource registering and SoC RCC hardening.

When secure resources are registered, RCC secure hardening
must be enabled unless what secure world cannot guaranty
the resource reliability.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: shres: secure clock parents

Add API function stm32mp_register_clock_parents_secure().
The function registers as secure the parent clock(s) of the
target clock reference. This API is used b

stm32mp1: shres: secure clock parents

Add API function stm32mp_register_clock_parents_secure().
The function registers as secure the parent clock(s) of the
target clock reference. This API is used by shared_resources.c
when a clock is registered as secure so that its dependencies
are also registered as secure.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: shres: registering shared resources

This change implements a driver for the stm32mp1 resources that may
be assigned to either secure or non-secure worlds upon the platform
configuration.

stm32mp1: shres: registering shared resources

This change implements a driver for the stm32mp1 resources that may
be assigned to either secure or non-secure worlds upon the platform
configuration.

Other drivers shall register their resources (when applicable) using
the API functions stm32mp_register_{secure|non_secure}_periph*():
- stm32mp_register_*_periph() registers a resource from its
platform ID.
- stm32mp_register_*_periph_iomem() registers a resource from its
IOMEM base address.
- stm32mp_register_*_periph_gpio() registers a resource from its
GPIO reference, bank and position.

Shared resource driver exports some APIs to query a resource
registration state, stm32mp_periph_is_*(),
stm32mp_gpio_bank_is_*(), stm32mp_clock_is_*().

The driver saves the peripheral assignation. The API does not
allow peripherals to change state at runtime. Moverover, to
prevent testing a resource status before it is registered,
the first query on a resource state locks further registering.
Later attempt to register a peripheral will panic the core.

Resources are either secure on non-secure but clock that maybe
shared in which case it will be assigned to the secure world but
a platform service will allow non-secure to access the resource
(i.e. enable/disable the clock). Note such service is out of the
scope of this change, yet this explains API stm32mp_clock_is_shared().

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_gpio: fix inline comment on GPIO bank verification

Local function ckeck_gpio_bank() panics if expected conditions
are not met. This change corrects inline comment that state
the function retur

stm32_gpio: fix inline comment on GPIO bank verification

Local function ckeck_gpio_bank() panics if expected conditions
are not met. This change corrects inline comment that state
the function returns a error code.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_i2c: handle pinctrl

Get pinctrl support from stm32_gpio.h into STM32 I2C driver.
When device tree content defines pins related to an I2C interface,
the I2C driver saves the pins configuration

stm32_i2c: handle pinctrl

Get pinctrl support from stm32_gpio.h into STM32 I2C driver.
When device tree content defines pins related to an I2C interface,
the I2C driver saves the pins configuration instances and set the
registered pins in the expected power mode at runtime.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: fix ordering in IOMEM mapping registering

Swap RCC_BASE and PWR_BASE mapping registering for a nice alpha
ordering of the mapping definitions.

Signed-off-by: Etienne Carriere <etienne.car

stm32mp1: fix ordering in IOMEM mapping registering

Swap RCC_BASE and PWR_BASE mapping registering for a nice alpha
ordering of the mapping definitions.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: prefer vaddr_t to uintptr_t

Use vaddr_t and paddr_t instead of uintptr_t where applicable.

This change also simplifies some platform get-base-address functions
to use io_pa_or_va().

Sign

stm32mp1: prefer vaddr_t to uintptr_t

Use vaddr_t and paddr_t instead of uintptr_t where applicable.

This change also simplifies some platform get-base-address functions
to use io_pa_or_va().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: make all local variables be initialized

Update platform to conform with OP-TEE directive about local variables
initialization.

Also rename variable labels excep into exceptions as more ex

stm32mp1: make all local variables be initialized

Update platform to conform with OP-TEE directive about local variables
initialization.

Also rename variable labels excep into exceptions as more explicit.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_uart: assert clock and register base address

Assert clock and UART base address were found from
DTB instead of panicking. This can help debugging.
Invalid clock or iomem base address already l

stm32_uart: assert clock and register base address

Assert clock and UART base address were found from
DTB instead of panicking. This can help debugging.
Invalid clock or iomem base address already lead to
core panic, an assertion here is far enough.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...