stm32mp1: reset driver for platform peripheral interfaces

Reset API functions:
- stm32_reset_assert(id) asserts reset signal on target resource.
- stm32_reset_deassert(id) releases reset signal on t

stm32mp1: reset driver for platform peripheral interfaces

Reset API functions:
- stm32_reset_assert(id) asserts reset signal on target resource.
- stm32_reset_deassert(id) releases reset signal on target resource.

Driver API relies on resource IDs defined in the platform DT bindings
header file dt-bindings/reset/stm32mp1_reset.h.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: phys_to_virt_io(): warn if PA has both S and NS mappings

phys_to_virt_io() converts a physical address previously registered with
type MEM_AREA_IO_SEC or MEM_AREA_IO_NSEC to a virtual addr

core_mmu: phys_to_virt_io(): warn if PA has both S and NS mappings

phys_to_virt_io() converts a physical address previously registered with
type MEM_AREA_IO_SEC or MEM_AREA_IO_NSEC to a virtual address.
If both secure and non-secure mappings exist for the PA, the secure
mapping is used. This is usually fine, but some platforms may not allow
accessing a non-secure PA with a secure mapping.

Therefore, either overlaps should be avoided when registering memory,
or phys_to_virt(pa, type) should be used instead of phys_to_virt_io().

This commit adds a warning message in case phys_to_virt_io() finds two
mappings.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: do not restrict device memory mapping to PGDIR_SIZE granularity

Device memory registered via register_phys_mem() is currently rounded
up/down to CORE_MMU_PGDIR_SIZE (1 MiB, or 2 MiB for LP

core_mmu: do not restrict device memory mapping to PGDIR_SIZE granularity

Device memory registered via register_phys_mem() is currently rounded
up/down to CORE_MMU_PGDIR_SIZE (1 MiB, or 2 MiB for LPAE). This is not
needed and possibly incorrect for SoCs that define I/O memory maps with
regions aligned on a small page (4 KiB), because using a larger
granularity could result in overlaps between secure and non-secure
mappings. This could cause issues depending on the type of memory
firewall used by the SoC and its configuration. In any case, memory
types other than MEM_AREA_IO_{SEC,NSEC} *can* be mapped with small page
granularity using register_phys_mem(), so the situation is a bit
inconsistent.

This commit removes the rounding by default and provides a new macro:
register_phys_mem_pgdir(). Platforms that still need to use PGDIR_SIZE
granularity (typically because it consumes less page table space) need
to replace register_phys_mem() by register_phys_mem_pgdir().

In order to avoid any functional change in platform code, all calls to
register_phys_mem() with device memory are replaced with
register_phys_mem_pgdir(). In addition, CORE_MMU_DEVICE_SIZE is removed
and replaced with CORE_MMU_PGDIR_SIZE since there is no unique mapping
size for device memory anymore.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: change io_{clr|set|clrset}bits32() address argument type

Change API for io_clrbits32(), io_setbits32() and io_clrsetbits32() to
have a vaddr_t type address argument, rather than uintptr_t as
p

core: change io_{clr|set|clrset}bits32() address argument type

Change API for io_clrbits32(), io_setbits32() and io_clrsetbits32() to
have a vaddr_t type address argument, rather than uintptr_t as
previously.

This change updates accordingly the callers of these functions
that cover only stm32mp1 related resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: embed GPIO/pin control driver

Platform provides resources expected by the GPIO driver: those deal
with the relationship between platform GPIO banks identifiers and
the bank resources (base

stm32mp1: embed GPIO/pin control driver

Platform provides resources expected by the GPIO driver: those deal
with the relationship between platform GPIO banks identifiers and
the bank resources (base address, clock).

Platform maps all non-secure GPIOs as secure world may use non-secure
interfaces, i.e a non-secure UART console.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_gpio: driver for GPIO and pin control

Driver is embedded upon CFG_STM32_GPIO=y.

STM32 GPIO driver API main functions:
- stm32_gpio_set_output_level() sets target output GPIO level,
- stm32_gp

stm32_gpio: driver for GPIO and pin control

Driver is embedded upon CFG_STM32_GPIO=y.

STM32 GPIO driver API main functions:
- stm32_gpio_set_output_level() sets target output GPIO level,
- stm32_gpio_get_input_level() returns target input GPIO level,
- stm32_pinctrl_load_active_cfg() loads interface pin mux active state,
- stm32_pinctrl_load_standby_cfg() loads interface pin mux standby state,
- stm32_pinctrl_fdt_get_pinctrl() save pin configuration from DT content,
- stm32_gpio_set_secure_cfg() sets secure state for target GPIO/pin mux.

GPIO driver does not register to PM framework. It is the GPIO/pin owner
responsibility to call stm32_pinctrl_load_{active|standby}_cfg() on
peripherals power state transitions.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: platform enables STM32 ETZPC driver

Platform defines the macro used for DECPROT IDs in the STM32 ETZPC
driver interface.

When platform embeds a secure DTB, it is used to initialize the ET

stm32mp1: platform enables STM32 ETZPC driver

Platform defines the macro used for DECPROT IDs in the STM32 ETZPC
driver interface.

When platform embeds a secure DTB, it is used to initialize the ETZPC
driver. When not using DT, platform shall call ETZPC initialization
API function.

Platform initialization loads a static configuration for the platform
resources statically assigned to either secure or non-secure worlds.

This change updates the stm32mp157c SoC description DT source file
to explicitly enable ETZPC support in the secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32_etzpc: STM32 Extended TrustZone Protection Controller

ETZPC is a hardware instance that control access permissions to
some stm32mp SoC peripheral interfaces and internal memories.

This change

stm32_etzpc: STM32 Extended TrustZone Protection Controller

ETZPC is a hardware instance that control access permissions to
some stm32mp SoC peripheral interfaces and internal memories.

This change introduce the stm32_etzpc driver. It is embedded upon
build directive CFG_STM32_ETZPC=y.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu BELOU <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: get root clocks frequency from DTB

Get the frequency of the root oscillator clocks from
a secure device tree, that is the embedded DTB.

Secure status state in the DTB defines whether RCC

stm32mp1: get root clocks frequency from DTB

Get the frequency of the root oscillator clocks from
a secure device tree, that is the embedded DTB.

Secure status state in the DTB defines whether RCC
subsystem shall be secure or not. If not, non-secure
world can access all clock interfaces hence secure world
cannot guaranty its configuration. Yet, the DT allows
such a debug/test configuration.

Most clock tree configuration is under the responsibility
of an earlier boot stage. Configuration of parenthood
and related divisors as well as configuration of
intermediate PLLs found in the DT are ignored.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: platform clocks driver

Introduce the stm32mp1 clock driver. This change defines the
structures used to describe the clock tree and the driver main API
functions:
- stm32_clock_enable()
- s

stm32mp1: platform clocks driver

Introduce the stm32mp1 clock driver. This change defines the
structures used to describe the clock tree and the driver main API
functions:
- stm32_clock_enable()
- stm32_clock_disable()
- stm32_clock_is_enabled()
- stm32_clock_get_rate()

The API is exported from stm32_util.h. Drivers are expected to include
stm32_util.h to access the platform clock support.

Note stm32_clock_get_rate() needs the root oscillator frequency values
Oscillators frequency depend on the board a.k.a the platform.
This information is currently missing in the driver. Introducing
CFG_xxx build directives it not the preferred way which is the DTB.
This change does not read root oscillators frequency value from the DTB.

Map RCC interface registers from RCC_BASE. RCC is the interface for
SoC clock configuration and control.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: update RCC driver

Add and refine some RCC register descriptions.
Remove declaration of stm32_rcc_secure(), not used.
Implement stm32_rcc_is_secure() and stm32_rcc_is_mckprot(). These
refle

stm32mp1: update RCC driver

Add and refine some RCC register descriptions.
Remove declaration of stm32_rcc_secure(), not used.
Implement stm32_rcc_is_secure() and stm32_rcc_is_mckprot(). These
reflect 2 security hardening states of the RCC in the SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Remove memalign()

Removes the unused memalign() function. Usage of this function will
cause severe fragmentation of the heap.

Another problem is with the implementation which is added on top of bge

Remove memalign()

Removes the unused memalign() function. Usage of this function will
cause severe fragmentation of the heap.

Another problem is with the implementation which is added on top of bget
while still depending heavily on internals of bget. The implementation was
somewhat buggy since it can sometimes can cause:
E/TC:0 0 assertion 'bn->prevfree == 0' failed at lib/libutils/isoc/bget_malloc.c
:423 <create_free_block>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: PWR support

PWR is a memory mapped SoC interface for power control. This change
maps and defines the interface for the stm32mp1 platform.

Signed-off-by: Etienne Carriere <etienne.carriere

stm32mp1: PWR support

PWR is a memory mapped SoC interface for power control. This change
maps and defines the interface for the stm32mp1 platform.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Fix alignment of data for mempool_alloc_pool()

Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_allo

Fix alignment of data for mempool_alloc_pool()

Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_alloc_pool() requires the alignment of long.
This will work in 32-bit mode, but could lead to alignment problem in
64-bit mode. The same problem can happen with
lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.

Incorrect alignment can result in errors like:
E/TA: assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()

This fix introduces MEMPOOL_ALIGN which specifies required alignment of
data supplied to mempool_alloc_pool().

Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pseudo_ta: fix query buffer size for SDP

Accepts query buffer size when invoking pseudo TAs with
CFG_SECURE_DATA_PATH=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by

core: pseudo_ta: fix query buffer size for SDP

Accepts query buffer size when invoking pseudo TAs with
CFG_SECURE_DATA_PATH=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

entry_fast: enable hypervisor calls

There are two fast SMC calls from hypervisor:

OPTEE_SMC_VM_CREATED is called during virtual guest creation. Only
after successful return hypervisor should forwar

entry_fast: enable hypervisor calls

There are two fast SMC calls from hypervisor:

OPTEE_SMC_VM_CREATED is called during virtual guest creation. Only
after successful return hypervisor should forward any SMC calls from
guest to OP-TEE.

OPTEE_SMC_VM_DESTROYED is called during VM destruction. Hypervisor
should ensure that all virtual CPUs are stopped. This will ensure, that
there are no active threads from destroyed VM in OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: add virtualization support

Don't create boot thread and don't initialize TEE runtime
if virtualization is enabled. This will be done by virtualization
framework for each virtual guest

generic_boot: add virtualization support

Don't create boot thread and don't initialize TEE runtime
if virtualization is enabled. This will be done by virtualization
framework for each virtual guest separately.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: move all runtime initialization to init_tee_runtime()

This one function can be called in init_primary_helper() in default
configuration or by virtualization framework for each virtual

generic_boot: move all runtime initialization to init_tee_runtime()

This one function can be called in init_primary_helper() in default
configuration or by virtualization framework for each virtual guest
separately if virtualization is enabled.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: use nexus allocator during memory discovery

If virtualization support is enabled, malloc memory pool is not initialized
at this stage. When virtualization is disabled, nex_malloc and n

generic_boot: use nexus allocator during memory discovery

If virtualization support is enabled, malloc memory pool is not initialized
at this stage. When virtualization is disabled, nex_malloc and nex_calloc
are aliases for malloc/calloc so no problem will be there.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

threads: add support for virtualization

If virtualization is enabled, we need do configure right context
upon entry from SMCs. Also we need to switch back to default context
when leaving OP-TEE.

Si

threads: add support for virtualization

If virtualization is enabled, we need do configure right context
upon entry from SMCs. Also we need to switch back to default context
when leaving OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

tee_mmu: read TA memory ranges from virtualization subsystem

Virtualization subsystem maintains different TA memory ranges
for every virtual guest. So, if virtualization support is enabled,
tee_mmu

tee_mmu: read TA memory ranges from virtualization subsystem

Virtualization subsystem maintains different TA memory ranges
for every virtual guest. So, if virtualization support is enabled,
tee_mmu should get memory configuration there.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu_lpae: increase number of xlat tables for virtualization

Because of different memory layout, we need more page tables when
virtualization support is enabled.

Signed-off-by: Volodymyr Babchu

core_mmu_lpae: increase number of xlat tables for virtualization

Because of different memory layout, we need more page tables when
virtualization support is enabled.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: reshape memory layout for virtualization

If CFG_VIRTUALIZATION is enabled, then initial memory layout does not need
TA_RAM, TEE sections (.bss and .data) but it needs core sections
(.nex_b

core_mmu: reshape memory layout for virtualization

If CFG_VIRTUALIZATION is enabled, then initial memory layout does not need
TA_RAM, TEE sections (.bss and .data) but it needs core sections
(.nex_bss and .nex_data) mapped.
.data section should be mapped as RO, so it can serve as a template for
virtual guests .data sections.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: add core_mmu_init_virtualization() function

This function will be called at OP-TEE initialization to
configure memory subsystem of virtualization framework.

Signed-off-by: Volodymyr Babch

core_mmu: add core_mmu_init_virtualization() function

This function will be called at OP-TEE initialization to
configure memory subsystem of virtualization framework.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

virt: add virtualization subsystem

This patch adds virtualization framework to OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>