core: arm64: Add Secure EL1 physical timer framework

As an implementation of generic timer, arm64 platforms provides secure
EL1 physical timer. So enable corresponding framework. For more
informatio

core: arm64: Add Secure EL1 physical timer framework

As an implementation of generic timer, arm64 platforms provides secure
EL1 physical timer. So enable corresponding framework. For more
information refer to section: D6.1.5 Timers - ARMv8-A RM.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

libtomcrypt: Import SHA512/256 approved hash algorithm

SHA-512/256 is an approved hash algorithm and a vetted conditioner as
per NIST.SP.800-90B spec. We have used it to condition raw thermal
sensor

libtomcrypt: Import SHA512/256 approved hash algorithm

SHA-512/256 is an approved hash algorithm and a vetted conditioner as
per NIST.SP.800-90B spec. We have used it to condition raw thermal
sensor noise on Developerbox to condense entropy.

It is imported from libtomcrypt:
Git url: https://github.com/libtom/libtomcrypt.git, release tag: v1.18.0.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: io_{set|clr|clrset}bits32() helpers

Introduce new iomem util functions to set, clear or set and clear
bit masks in peripheral interfaces.

io_setbits32(addr, mask) sets the bits enabled in mas

core: io_{set|clr|clrset}bits32() helpers

Introduce new iomem util functions to set, clear or set and clear
bit masks in peripheral interfaces.

io_setbits32(addr, mask) sets the bits enabled in mask at address.
io_clrbits32(addr, mask) clears the bits enabled in mask.
io_clrsetbits32(addr, clear_mask, set_mask) clears the bits enabled in
clear_mask and sets the bits enabled in set_mask.

These functions are more friendly in instruction blocks to sets and
clears bitmasks in peripheral registers. They provide a more readable
implementation than playing with io_mask32() for the equivalent
sequence, for example, extracted from a DDR controller driver:

(...)
/* IOs powering down (PUBL registers) */

io_setbits32(ddrphy_base + DDRPHYC_ACIOCR, DDRPHYC_ACIOCR_ACPDD);
io_setbits_32(ddrphy_base + DDRPHYC_ACIOCR, DDRPHYC_ACIOCR_ACPDR);

io_clrsetbits32(ddrphy_base + DDRPHYC_ACIOCR,
DDRPHYC_ACIOCR_CKPDD_MASK, DDRPHYC_ACIOCR_CKPDD_0);

io_clrsetbits32(ddrphy_base + DDRPHYC_ACIOCR,
DDRPHYC_ACIOCR_CKPDR_MASK, DDRPHYC_ACIOCR_CKPDR_0);

io_clrsetbits32(ddrphy_base + DDRPHYC_ACIOCR,
DDRPHYC_ACIOCR_CSPDD_MASK, DDRPHYC_ACIOCR_CSPDD_0);
(...)

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {po

arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {populates DTB overlay}
u-boot -> FIT {DTB, Kernel, initramfs}
Merges DTB and OPTEE DTB-overlay
Linux

The current warp7 port looks like
BootROM -> u-boot
u-boot -> Load {Kernel, OPTEE, DTB}
OPTEE
Linux

In order to support the ATF bootflow a new port of OP-TEE with slightly
tweaked parameters is added here.

CFG_NS_ENTRY_ADDR = 0x87800000 is the entry point of u-boot
CFG_DT_OVERLAY = y adds DTB overlay fragments to the passed DTB

make PLATFORM=imx-mx7swarp7_mbl

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

imx: wdog: Introduce CFG_IMX_WDOG_EXT_RESET for non-DTB mode

When resetting a system that has not booted up with a full DTB in memory
the value ext_reset will always be false.

This patch introduces

imx: wdog: Introduce CFG_IMX_WDOG_EXT_RESET for non-DTB mode

When resetting a system that has not booted up with a full DTB in memory
the value ext_reset will always be false.

This patch introduces a platform define to tell the watchdog driver to
drive ext_reset.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

imx: wdog: Skip DTB wdog init on DTB overlay

When OPTEE is providing a DTB overlay to a subsequent boot stage CFG_DT
will be true as will CFG_EXTERNAL_DTB_OVERLAY.

In this case there will be no DTB

imx: wdog: Skip DTB wdog init on DTB overlay

When OPTEE is providing a DTB overlay to a subsequent boot stage CFG_DT
will be true as will CFG_EXTERNAL_DTB_OVERLAY.

In this case there will be no DTB for the imx watchdog driver to consume so
do not try to do so.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't corrupted always save the
entire register file before modifying it. This is now the same behavior
on both ARMv8-A and ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: framework to register PM callbacks

Introduce a framework for power management callback registering.

Drivers and services can register a callback function for the platform
suspend and resume s

core: framework to register PM callbacks

Introduce a framework for power management callback registering.

Drivers and services can register a callback function for the platform
suspend and resume sequences. A private address handle can be registered
with the callback and retrieved from the callback. Callback can be
registered with a specific call order as defined per PM_CB_ORDER_*.

Callback shall return an error if failing to complete target transition.
This information may be used by the platform to resume a platform on
non-fatal failure to suspend.

Callbacks are related to a callback level. It defines the callbacks
call ordering, allowing core low level drivers (as clocks or the GIC)
to be suspended after all drivers and resume before these.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disable

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disabled, is_unpaged() always returns true.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has b

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has been switched to
use SP_EL1. At this point, a synchronous exception would take the CPU to
the 0x200 offset in the exception vector, which corresponds to
[workaround_]el1_sync_sp1 and is an error-catching infinite loop. This
explains the behavior described in [1].

Add the requisite KEEP_PAGER so that the function is kept in the unpaged
area.

Fixes: [1] https://github.com/OP-TEE/optee_os/issues/2684
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix dependency in embedded DTB build

Correct the name of the script used to embed a DTB in the core
when added to the core dependency list.

Signed-off-by: Etienne Carriere <etienne.carriere@l

core: fix dependency in embedded DTB build

Correct the name of the script used to embed a DTB in the core
when added to the core dependency list.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even wo

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even working right now. Therefore, remove it.

- The reserved syscalls are still present, but return
TEE_ERROR_NOT_SUPPORTED
- The TEE_SE* functions (GlobalPlatform TEE Secure Element API,
GPD_SPE_024) are removed from libutee.a and the header file
tee_internal_se_api.h is removed as well

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-ls: NXP LX2160ARDB platform support is added

Added support for armv8 platform flavour.
- PLATFORM = ls-lx2160ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Foris

plat-ls: NXP LX2160ARDB platform support is added

Added support for armv8 platform flavour.
- PLATFORM = ls-lx2160ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-imx: add i.MX8MQ/MM EVK support

Add i.MX8MQ/MM EVK support.

i.MX8M family use Cortex-A53 as the CPU core, the i.MX8MQ EVK has
3GB DRAM memory, and i.MX8MM EVK has 2GB DRAM memory.

Signed-off-

plat-imx: add i.MX8MQ/MM EVK support

Add i.MX8MQ/MM EVK support.

i.MX8M family use Cortex-A53 as the CPU core, the i.MX8MQ EVK has
3GB DRAM memory, and i.MX8MM EVK has 2GB DRAM memory.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

tee: entry_fast: correct tee_entry_generic_get_api_call_count

There are actually 11 API calls in tee_entry_fast.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@

tee: entry_fast: correct tee_entry_generic_get_api_call_count

There are actually 11 API calls in tee_entry_fast.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: console: allow fallback to /chosen/stdout-path

Makes chosen console selection more flexible being probed
from either secure-chosen node or chosen node and from
either secure embedded DTB or no

core: console: allow fallback to /chosen/stdout-path

Makes chosen console selection more flexible being probed
from either secure-chosen node or chosen node and from
either secure embedded DTB or non-secure external DTB.

Secure-chosen node has precedence over chosen node. Chosen console
from the secure DTB as precedence over chosen console defined by
the non-secure device tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: concurrent external and embedded DTBs

Introduce get_external_dt() as opposed to get_embedded_dt().

Change get_dt() to return embedded DTB location and falls back
to external DTB location.

Si

core: concurrent external and embedded DTBs

Introduce get_external_dt() as opposed to get_embedded_dt().

Change get_dt() to return embedded DTB location and falls back
to external DTB location.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: introduce get_embedded_dt()

get_embedded_dt() returns the location (virtual address) of the
embedded DTB or NULL if there is no embedded DTB.

Signed-off-by: Etienne Carriere <etienne.carriere

core: introduce get_embedded_dt()

get_embedded_dt() returns the location (virtual address) of the
embedded DTB or NULL if there is no embedded DTB.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: discover memory before updating external DTB

When core updates the external DTB with OP-TEE node resources
it may load memory address ranges node that depend of information
read from the D

core: dt: discover memory before updating external DTB

When core updates the external DTB with OP-TEE node resources
it may load memory address ranges node that depend of information
read from the DTB. This change ensures non-secure memory is
discovered (possibly from the external DTB) before core modifies
the external DTB for a former boot stage.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: explicit external DTB scope in generic boot

Rename few functions, routines and variables dedicated to the
external DTB with an explicit `external_dt` labeling reference.

reset_dt_references()

core: explicit external DTB scope in generic boot

Rename few functions, routines and variables dedicated to the
external DTB with an explicit `external_dt` labeling reference.

reset_dt_references() is renamed release_external_dt() as more
explicit.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rename get_dt_blob() into get_dt()

Rename get_dt_blob() into get_dt() to get some consistency in `dt`,
`dtb`, `fdt` labelling in generic_boot.c

Signed-off-by: Etienne Carriere <etienne.carrie

core: rename get_dt_blob() into get_dt()

Rename get_dt_blob() into get_dt() to get some consistency in `dt`,
`dtb`, `fdt` labelling in generic_boot.c

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

stm32mp1: add a platform banner

Platform banner stating platform flavor and embedded DTB if any.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissi

stm32mp1: add a platform banner

Platform banner stating platform flavor and embedded DTB if any.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: device tree platform description

This change introduces the device tree source files describing boards
EV1 and ED1 and the related bindings.

The stm32mp1 DTS files and bindings header fil

stm32mp1: device tree platform description

This change introduces the device tree source files describing boards
EV1 and ED1 and the related bindings.

The stm32mp1 DTS files and bindings header files are dumped from
latest Linux kernel (v4.19). Bindings documentation is not stored in
OP-TEE OS source tree, one shall refer to the bindings documentation
from latest Linux kernel source tree.

Note that license terms where changed for binding header file gpio.h
to release them under dual 2-Clause DSB/GPLv2.0 instead of GPLv2.0 as
release in the Linux kernel.

Platform relies on DT source file (CFG_EMBED_DTB_SOURCE_FILE) to
distinguish between the platform flavors for the few configuration
directive that are static and cannot be provided only through FDT.

Default configuration locates the secure DDR area (TZDRAM) from
the base address of the last 32MBytes of the DDR over 30Mbyte.
The last 2MBytes of the DDR are the OP-TEE static shared memory.

Many contributors not listed below.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: release constraint on core count

Minor cleaning and allow CFG_TEE_CORE_NB_CORE to be set to 1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wik

stm32mp1: release constraint on core count

Minor cleaning and allow CFG_TEE_CORE_NB_CORE to be set to 1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...