core: dt: introduce _fdt_fill_device_info()

_fdt_fill_device_info() gets some generic properties from a given
node in a single always successful sequence.

Retrieved device information from the DT:

core: dt: introduce _fdt_fill_device_info()

_fdt_fill_device_info() gets some generic properties from a given
node in a single always successful sequence.

Retrieved device information from the DT:
- The status/secure-status state as per DT_STATUS_*,
- The first register base address found or DT_INFO_INVALID_REG (zero).
If there are several register base addresses others are ignored.
- The first clock identifier found or DT_INFO_INVALID_CLOCK (negative).
- This first reset identifier found or DT_INFO_INVALID_RESET (negative).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: more flexible console init from DT

Introduce get_console_node_from_dt() that collects the references
to the console configuration in the DTB.

Existing configure_console_from_dt() relies on it

core: more flexible console init from DT

Introduce get_console_node_from_dt() that collects the references
to the console configuration in the DTB.

Existing configure_console_from_dt() relies on it when initiating
the console from the early core inits based on registered matching
device tables.

get_console_node_from_dt() allows a driver probed from the driver
initialization sequence (i.e registered from driver_init()) to
get the console DT directive.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

synquacer: Enable rng-pta as kernel device

Add TA_FLAG_DEVICE_ENUM flag to rng-pta header.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

synquacer: Enable rng-pta as kernel device

Add TA_FLAG_DEVICE_ENUM flag to rng-pta header.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: Add device pseudo TA

This pseudo TA enumerates OP-TEE pseudo TAs which can act as devices/
services for Linux TEE bus driver. For differentiation of such devices,
added TA_FLAG_DEVICE_ENU

core: pta: Add device pseudo TA

This pseudo TA enumerates OP-TEE pseudo TAs which can act as devices/
services for Linux TEE bus driver. For differentiation of such devices,
added TA_FLAG_DEVICE_ENUM optional flag in pseudo TA header.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pseudo_ta: Pass null memref as valid param

GlobalPlatform spec allows null memory reference parameters as valid.
So update copy_in_params for pseudo_ta accordingly.

Also add check for mobj pt

core: pseudo_ta: Pass null memref as valid param

GlobalPlatform spec allows null memory reference parameters as valid.
So update copy_in_params for pseudo_ta accordingly.

Also add check for mobj ptr being NULL before dereference as it causes
a data abort in case REE has passed NULL buffer ptr with size > 0 as
memref param.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix thread_excp_vect_end and literal pool

The two symbols thread_excp_vect and thread_excp_vect_end are used to
mark the part of the privileged code that still to be mapped in order to
transit

core: fix thread_excp_vect_end and literal pool

The two symbols thread_excp_vect and thread_excp_vect_end are used to
mark the part of the privileged code that still to be mapped in order to
transition between user mode and privileged mode when compiled with
CFG_CORE_UNMAP_CORE_AT_EL0=y.

Prior to this patch it was assumed that thread_excp_vect_end would mark
the end of the thread_excp_vect() assembly function including literals
emitted by the assembler. This assumption was wrong and an extra .pool
directive is added before the thread_excp_vect_end to guarantee that all
literals will be included in the section starting with thread_excp_vect
and ending with thread_excp_vect_end.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Reported-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: imx: add iMX7D PICO MBL board definition

This patch adds an OP-TEE port for the i.MX7D PICO for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {popul

arm: imx: add iMX7D PICO MBL board definition

This patch adds an OP-TEE port for the i.MX7D PICO for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {populates DTB overlay}
u-boot -> FIT {DTB, Kernel, initramfs}
Merges DTB and OPTEE DTB-overlay
Linux

CFG_NS_ENTRY_ADDR = 0x87800000 is the entry point of u-boot
CFG_DT_OVERLAY = y adds DTB overlay fragments to the passed DTB

make PLATFORM=mx7dpico_mbl

Signed-off-by: Jun Nie <jun.nie@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

probe_max_it overwrite the value of GICD_ISENABLER

probe_max_it save the original value of GICD_ISENABLER
and write 0xffffffff into GICD_ISENABLER to probe
the largest interrupt number.

Instead of

probe_max_it overwrite the value of GICD_ISENABLER

probe_max_it save the original value of GICD_ISENABLER
and write 0xffffffff into GICD_ISENABLER to probe
the largest interrupt number.

Instead of writing the original GICD_ISENABLER value
into GICD_ISENABLER, probe_max_it write the value into GICD_ICENABLER
and cause the original GICD_ISENABLER value bit flipping.

Signed-off-by: Lin Huang-Sen <r94922102@gmail.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: benchmark: drop reference on freed memory

Add missing reset of the benchmark buffer mobj reference when
it is freed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by:

core: benchmark: drop reference on freed memory

Add missing reset of the benchmark buffer mobj reference when
it is freed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

synquacer: rng-pta: Add rng info invoke command

Add rng info invoke command to provide information like rng data-rate
and quality/entropy of output rng data.

Signed-off-by: Sumit Garg <sumit.garg@l

synquacer: rng-pta: Add rng info invoke command

Add rng info invoke command to provide information like rng data-rate
and quality/entropy of output rng data.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: syscall_storage_obj_rename(): fix handling of .rename() return status

Any error returned by fops->rename() should be reflected by
syscall_storage_obj_rename(). There is no reason why errors ot

core: syscall_storage_obj_rename(): fix handling of .rename() return status

Any error returned by fops->rename() should be reflected by
syscall_storage_obj_rename(). There is no reason why errors other than
TEE_ERROR_GENERIC should be ignored.

Fixes the following test case: create two persistent objects (o1 and o2),
close o1, rename o2 to the name of o1. TEE_RenamePersistentObject() should
return TEE_ERROR_ACCESS_CONFLICT, but TEE_SUCCESS is returned instead.

Fixes: https://github.com/OP-TEE/optee_os/issues/2707
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Chao Liu <chao.liu@amlogic.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: psci: switch secondary boot cpu offline

Secondary boot core can be switched OFF from a functional view by
being reset. To get the core back on line, it shall be woken through
catching secu

stm32mp1: psci: switch secondary boot cpu offline

Secondary boot core can be switched OFF from a functional view by
being reset. To get the core back on line, it shall be woken through
catching secure SGI0 interrupt then proceeding to same sequence as
when getting the core online from a cold reset.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: stm32mp_bkpreg() returns the backup register address

Rename bckreg_address() into stm32mp_bkpreg()to get the address of the
32bit backup register specified by ID defined in boot_api.h.

Si

stm32mp1: stm32mp_bkpreg() returns the backup register address

Rename bckreg_address() into stm32mp_bkpreg()to get the address of the
32bit backup register specified by ID defined in boot_api.h.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: psci: implement affinity_info

This change implements PSCI_AFFINITY_INFO for platform stm32mp1.
The cores state are saved in a local array and accessed with SMP
locking protection. Note the

stm32mp1: psci: implement affinity_info

This change implements PSCI_AFFINITY_INFO for platform stm32mp1.
The cores state are saved in a local array and accessed with SMP
locking protection. Note these do not lock/unlock if executed with
the MMU disabled.

CPU shall call stm32mp_register_online_cpu() when online in the
secure world. GIC CPU interface initialization is used to register
online primary and secondary boot cores.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: internal change for GIC support

This change exports GIC CPU interfaces base address to the platform.

This change is needed by a later change where the platform needs
to specific GIC suppo

stm32mp1: internal change for GIC support

This change exports GIC CPU interfaces base address to the platform.

This change is needed by a later change where the platform needs
to specific GIC support not available through the GIC driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: RCC support

RCC if the SoC interface for clocks, reset and some low power features.
The drivers is very specific to the platform stm32mp1 hence located
next to the platform specific source

stm32mp1: RCC support

RCC if the SoC interface for clocks, reset and some low power features.
The drivers is very specific to the platform stm32mp1 hence located
next to the platform specific source files.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: move PSCI in pm/psci.c

Source file pm/psci.c will soon hold several PSCI functions and sequences.
Move now the existing PSCI_CPU_ON support to pm/psci.c.

Signed-off-by: Etienne Carriere <

stm32mp1: move PSCI in pm/psci.c

Source file pm/psci.c will soon hold several PSCI functions and sequences.
Move now the existing PSCI_CPU_ON support to pm/psci.c.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move io_pa_va support out of serial drivers

io_pa_or_va() is generic enough to be useful for non serial driver
matters. Move it to core_mem_prot.h.

Signed-off-by: Etienne Carriere <etienne.ca

core: move io_pa_va support out of serial drivers

io_pa_or_va() is generic enough to be useful for non serial driver
matters. Move it to core_mem_prot.h.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32_uart: timeout to escape waiting loops

Add a timeout in output console waiting loops. This is useful if
the secure world relies on a non-secure UART that may be suspended
or disabled from the n

stm32_uart: timeout to escape waiting loops

Add a timeout in output console waiting loops. This is useful if
the secure world relies on a non-secure UART that may be suspended
or disabled from the non-secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: timeout detection support

Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.

timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided micr

core: timeout detection support

Introduce timeout_init_us/timeout_elapsed() delay tracking with CNTPCT.

timeout_init_us(some_timeout_us); returns a reference to detect
timeout for the provided microsecond delay value from current time.

timeout_elapsed(reference) return true/false whether the reference
timeout is elapsed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Introduce CFG_USER_TA_TARGETS to select user mode architecture(s)

This change introduces CFG_USER_TA_TARGETS to allow the configuration
directives to select the architectures for which userspace TA

Introduce CFG_USER_TA_TARGETS to select user mode architecture(s)

This change introduces CFG_USER_TA_TARGETS to allow the configuration
directives to select the architectures for which userspace TA and TA
libraries shall be built. The only use case for the moment is to be able
to build only 32 or 64-bit libraries and TAs when the platform would
otherwise support both 32 and 64-bit. See the example below.

If CFG_USER_TA_TARGETS is undefined or empty, all the architectures
supported by the platform are built.

If CFG_USER_TA_TARGETS contains an unsupported value, the build will
report an error.

Examples:

$ make PLATFORM=hikey CFG_ARM64_core=y
# Builds both 32 and 64-bit userspace
$ make PLATFORM=hikey CFG_ARM64_core=y \
CFG_USER_TA_TARGETS="ta_arm32 ta_arm64"
# Same as above
$ make PLATFORM=hikey CFG_ARM64_core=y CFG_USER_TA_TARGETS=ta_arm32
# Builds only 32-bit userspace

Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Platforms set supported TA targets as $(supported-ta-targets)

Rename $(ta-targets) to $(supported-ta-targets) in the platform
configuration files, in preparation for the next patch.

Suggested-by: J

Platforms set supported TA targets as $(supported-ta-targets)

Rename $(ta-targets) to $(supported-ta-targets) in the platform
configuration files, in preparation for the next patch.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Factor out ta-targets from platform config

Platforms use the same basic pattern again and again:

ta-targets = ta_arm32
ifeq ($(CFG_ARM64_core),y)
ta-targets += ta_arm64
endif

Let's move this p

Factor out ta-targets from platform config

Platforms use the same basic pattern again and again:

ta-targets = ta_arm32
ifeq ($(CFG_ARM64_core),y)
ta-targets += ta_arm64
endif

Let's move this pattern to core/arch/arm/arm.mk, make it the default, and
cleanup the platform configuration files.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

synquacer: Add RNG pseudo TA

This platform provides 7 on-chip thermal sensors accessible from secure
world only. So, using thermal noise from these sensors we have tried to
create an entropy source

synquacer: Add RNG pseudo TA

This platform provides 7 on-chip thermal sensors accessible from secure
world only. So, using thermal noise from these sensors we have tried to
create an entropy source as a pseudo TA.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

synquacer: Enable secure timer interrupt framework

Currently there is no means to perform background housekeeping in
secure world on Synquacer platforms. Use an (optional) periodic
timer to allow an

synquacer: Enable secure timer interrupt framework

Currently there is no means to perform background housekeeping in
secure world on Synquacer platforms. Use an (optional) periodic
timer to allow any housekeeping to be performed.

Although it could be expanded, at present the code is fairly simple
because we expect only a single PTA to exploit the timer interrupt.
The secure timer interrupt is configured to fire every 2ms.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...