stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@lin

stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: remove CFG_DYN_SHM_CAP

Removes the now obsolete CFG_DYN_SHM_CAP. CFG_CORE_DYN_SHM should be
used instead to enable/disable support for dynamic shared memory.

Reviewed-by: Etienne Carriere <et

core: remove CFG_DYN_SHM_CAP

Removes the now obsolete CFG_DYN_SHM_CAP. CFG_CORE_DYN_SHM should be
used instead to enable/disable support for dynamic shared memory.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_RESERVED_SHM

Introduces CFG_CORE_RESERVED_SHM which if set to y enables reserved shared
memory, else disables support for reserved shared memory.

Reviewed-by: Etienne Carri

core: introduce CFG_CORE_RESERVED_SHM

Introduces CFG_CORE_RESERVED_SHM which if set to y enables reserved shared
memory, else disables support for reserved shared memory.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_DYN_SHM

Introduces CFG_CORE_DYN_SHM which if set to y enables dynamic shared
memory, else disables support for dynamic shared memory. In contrast
with CFG_DYN_SHM_CAP it act

core: introduce CFG_CORE_DYN_SHM

Introduces CFG_CORE_DYN_SHM which if set to y enables dynamic shared
memory, else disables support for dynamic shared memory. In contrast
with CFG_DYN_SHM_CAP it actually removes the support instead of just
omit reporting it.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use
huk_subkey_derive() to derive a unique die ID based on the hardware
unique key.

N

core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use
huk_subkey_derive() to derive a unique die ID based on the hardware
unique key.

Note that the SSK derivation retains backwards compatibility if
CFG_CORE_HUK_SUBKEY_COMPAT is set to 'y' and tee_otp_get_die_id() wasn't
replaced with a platform specific implementation.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: derive RPMB key using huk_subkey_derive()

tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead
of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CO

core: derive RPMB key using huk_subkey_derive()

tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead
of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_C

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from the hardware unique key.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: mutex: remove owner_id

mutex::owner_id was used for debugging purposes only.
Since commit 8aff6c039ee5 ("core: remove thread_{add,rem}_mutex()"), it is
never set to a valid thread ID anym

core: arm: mutex: remove owner_id

mutex::owner_id was used for debugging purposes only.
Since commit 8aff6c039ee5 ("core: remove thread_{add,rem}_mutex()"), it is
never set to a valid thread ID anymore. Let's just remove the field.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey: Add support for UART2

UART2 is console interface provided on the 40-pin Low Speed
Connector in addition to the default UART3.

Reviewed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-b

hikey: Add support for UART2

UART2 is console interface provided on the 40-pin Low Speed
Connector in addition to the default UART3.

Reviewed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>

show more ...

core: user_ta: load_elf(): return meaningful error code

If any error is encountered when the TEE core attempts to load a TA from
TA storage, the next storage is tried and so on until the TA is
succe

core: user_ta: load_elf(): return meaningful error code

If any error is encountered when the TEE core attempts to load a TA from
TA storage, the next storage is tried and so on until the TA is
successfully loaded or there is no more storage to try. In this case, a
generic error code (TEE_ERROR_ITEM_NOT_FOUND) is returned to the caller
of load_elf() and ultimately to the client. This is not super useful,
especially when debug traces are disabled, because the user has no way
to differentiate a true "not found" situation (which might be a
configuration or deployement issue) from an issue with the TA file
itself or an out-of-memory condition etc.

This commit changes the return code of load_elf() to better reflect the
errors. When load_elf_from_store() returns TEE_ERROR_ITEM_NOT_FOUND or
TEE_ERROR_STORAGE_NOT_AVAILABLE, the next storage is tried.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: bcm_gpio: add IPROC GPIO driver

low level driver for Broadcom IPROC GPIO controller.

Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Etienne Carriere <etienne.car

drivers: bcm_gpio: add IPROC GPIO driver

low level driver for Broadcom IPROC GPIO controller.

Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>

show more ...

plat-bcm: update platform configurations

-add more device ranges and definitions.
-fix dynamic shm api.
-cleanup plaform def.
-enable PL022 SPI, bcm HWRNG and bcm SOTP driver.

Acked-by: Etienne Car

plat-bcm: update platform configurations

-add more device ranges and definitions.
-fix dynamic shm api.
-cleanup plaform def.
-enable PL022 SPI, bcm HWRNG and bcm SOTP driver.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>

show more ...

core: arm: imx: handle errata 845369

Under very rare timing circumstances, a data corruption might occur on
a dirty cache line that is evicted from the L1 Data Cache due to another
cache line being

core: arm: imx: handle errata 845369

Under very rare timing circumstances, a data corruption might occur on
a dirty cache line that is evicted from the L1 Data Cache due to another
cache line being entirely written.
Configurations affected:
This erratum affects configurations with either:
- One processor if the ACP is present
- Two or more processors

This erratum can be worked round by setting bit[22] of the undocumented
Diagnostic Control Register to 1. This register is encoded as
CP15 c15 0 c0 1. The bit can be written in Secure state only, with the
following.
Read/Modify/Write code sequence:
MRC p15,0,rt,c15,c0,1
ORR rt,rt,#0x00400000
MCR p15,0,rt,c15,c0,1

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm: imx: a9: tune ACTLR

Tune ACTLR. To SLL, the value is 0xE at runtime.
To others, the value should be 0x4F at runtime.
Bit3 will be enabled when enable L2.

The SMP bit for i.MX6SLL needs t

core: arm: imx: a9: tune ACTLR

Tune ACTLR. To SLL, the value is 0xE at runtime.
To others, the value should be 0x4F at runtime.
Bit3 will be enabled when enable L2.

The SMP bit for i.MX6SLL needs to be make ldrex/strex
instruction work properly.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm: imx: a7: set L1 Data prefetch

The default value of L1PCTL field in ACTLR is 0x3, which is
"3 outstanding pre-fetches permitted", the value should not
be override with 0 to decrease the pe

core: arm: imx: a7: set L1 Data prefetch

The default value of L1PCTL field in ACTLR is 0x3, which is
"3 outstanding pre-fetches permitted", the value should not
be override with 0 to decrease the performance.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: ltc: fix preallocation of MPI bignums

Fixes the preallocation to make room for the actual content also in
crypto_bignum_allocate() by calling mbedtls_mpi_grow().

Acked-by: Etienne Carriere <e

core: ltc: fix preallocation of MPI bignums

Fixes the preallocation to make room for the actual content also in
crypto_bignum_allocate() by calling mbedtls_mpi_grow().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Introduce OPTEE_SMC_GET_THREAD_COUNT

This call should be used to query OP-TEE about number of threads
(basically, CFG_NUM_THREADS build option).

It is introduced after discussion at [1] about

core: Introduce OPTEE_SMC_GET_THREAD_COUNT

This call should be used to query OP-TEE about number of threads
(basically, CFG_NUM_THREADS build option).

It is introduced after discussion at [1] about possibility to read
number of supported threads. It is needed for XEN OP-TEE mediator to
mitigate possible DoS from virtual guest. If XEN knows number of
OP-TEE threads, it can limit number of standard calls from the guest
on own side.

Also, it can be used by optee client driver, to ratelimit number of calls
from its side.

Link: [1] https://lists.xenproject.org/archives/html/xen-devel/2019-01/msg01460.html

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pl022, pl061: add missing pager constraint on _ops struct

Add KEEP_PAGER() for pl022_ops and pl061_ops structs.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <je

pl022, pl061: add missing pager constraint on _ops struct

Add KEEP_PAGER() for pl022_ops and pl061_ops structs.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pl022_spi: fix non-trivial typo

read16() was replaced with io_read8() instead of io_read16() so fix it.

Fixes: 918bb3a5 ("core: upgrade from write32() to io_write32() and friends")

Signed-off-by:

pl022_spi: fix non-trivial typo

read16() was replaced with io_read8() instead of io_read16() so fix it.

Fixes: 918bb3a5 ("core: upgrade from write32() to io_write32() and friends")

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pl022_spi: simplify receive of remaining data

If the expected number of packets are not received during the
transmit+receive cycle, just receive the remaining data after the
cycle if the Receive FIF

pl022_spi: simplify receive of remaining data

If the expected number of packets are not received during the
transmit+receive cycle, just receive the remaining data after the
cycle if the Receive FIFO (SSPSR_RNE) is not empty, without depending
on the busy (SSPSR_BSY) flag, else we might miss reading some data as
indicated in [1].

LINK: [1] https://github.com/OP-TEE/optee_os/issues/1461#issuecomment-306156463

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: storage: set data length after truncation

After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.

Signed-off-by: Christopher Tam <godtamit@google.

core: storage: set data length after truncation

After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.

Signed-off-by: Christopher Tam <godtamit@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)

show more ...

core: arm: kern.ld.S: minimize padding between .heap1 and .nozi

When OP-TEE is build with CFG_WITH_LPAE=y, the things stored in the
.nozi section do not need to be aligned on more than 4 KiB. Only t

core: arm: kern.ld.S: minimize padding between .heap1 and .nozi

When OP-TEE is build with CFG_WITH_LPAE=y, the things stored in the
.nozi section do not need to be aligned on more than 4 KiB. Only the
non-LPAE case requires 16 KiB alignment for the L1 page table.

Use an #ifdef to minimize the extra space between .heap1 and .nozi,
thus making the heap size closer to what is requested by
CFG_CORE_HEAP_SIZE. This can be useful when trying to minimize the
size of the TEE core binary, which could otherwise be bigger than
necessary by as much as 12 KiB.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: kern.ld.S: use ABSOLUTE() in some assertions

Symbols defined inside output sections are relative to the section
start. Therefore, when we want to check the actual address, we need
to appl

core: arm: kern.ld.S: use ABSOLUTE() in some assertions

Symbols defined inside output sections are relative to the section
start. Therefore, when we want to check the actual address, we need
to apply the ABSOLUTE() builtin function to the symbol.

Note that symbols defined outside output sections are absolute by
default, and therefore need not be treated the same.

kern.ld.S has two incorrect assertions which can never fail, because
the value that is checked is in fact 0 (since we are at the beginning
of a section in both cases).

Fix the code by adding the missing ABSOLUTE().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...