drivers: imx_wdog driver cleanup

use WDT_WCR defined in watchdog specific imx_wdog.h
instead of WCR_OFF defined in the platform imx-regs.h

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>

drivers: imx_wdog driver cleanup

use WDT_WCR defined in watchdog specific imx_wdog.h
instead of WCR_OFF defined in the platform imx-regs.h

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: make stack trace robust

Makes stack trace robust by checking addresses before copying data.
Kernel stack traces are a bit more relaxed as we have crashed already.

Reviewed-by: Jerome Forissie

core: make stack trace robust

Makes stack trace robust by checking addresses before copying data.
Kernel stack traces are a bit more relaxed as we have crashed already.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960 AArch32, Aarch64)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno, QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix offset in assign_mobj_to_param_mem()

Prior to this patch assign_mobj_to_param_mem() stored the offset
supplied with a non-contiguous buffer in mem->offs. Since that offset
already is store

core: fix offset in assign_mobj_to_param_mem()

Prior to this patch assign_mobj_to_param_mem() stored the offset
supplied with a non-contiguous buffer in mem->offs. Since that offset
already is stored inside the resulting MOBJ that offset is added twice.
This patch fixes this by initializing mem->offs to 0 instead.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: update max pa after discovered nsec ddr

Once non-secure DDR is discovered either via FDT or via register_ddr()
maximum output address is updated.

Note that is only has an effect in AAr

core: arm64: update max pa after discovered nsec ddr

Once non-secure DDR is discovered either via FDT or via register_ddr()
maximum output address is updated.

Note that is only has an effect in AArch64.

Fixes: https://github.com/OP-TEE/optee_os/issues/2402
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Reported-by: Rouven Czerwinski <rouven@czerwinskis.de>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno, FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add TCR_EL1_IPS_MASK

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-stm: fix MIN/MAX macro issue in platform_config.h

Use MIN_UNSAFE/MAX_UNSAFE macros as MAX/MIN macros fail to build
from in current platform_config.h imaplement with the error trace
below:

In f

plat-stm: fix MIN/MAX macro issue in platform_config.h

Use MIN_UNSAFE/MAX_UNSAFE macros as MAX/MIN macros fail to build
from in current platform_config.h imaplement with the error trace
below:

In file included from core/arch/arm/include/arm.h:8:0,
from core/arch/arm/include/kernel/thread.h:11,
from core/arch/arm/kernel/asm-defines.c:7:
lib/libutils/ext/include/util.h:24:16: error: missing binary operator before token "("
(__extension__({ __typeof__(a) _a = (a); \
^
core/arch/arm/plat-stm/./platform_config.h:190:25: note: in expansion of macro ‘MAX’
#define STM_SECDDR_END MAX(TZSRAM_BASE + TZSRAM_SIZE, \
^~~
core/arch/arm/plat-stm/./platform_config.h:204:6: note: in expansion of macro ‘STM_SECDDR_END’
#if (STM_SECDDR_END < 0x80000000ULL)
^~~~~~~~~~~~~~
make: *** [out/core/include/generated/.asm-defines.s] Error 1

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: tzc380: fix tzc_configure_region api

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

benchmark: change the way of timestamp buffer allocation.

In case if timestamp buffer is allocated in userspace and new register
user memory API is used for its registering in OP-TEE (introduced in

benchmark: change the way of timestamp buffer allocation.

In case if timestamp buffer is allocated in userspace and new register
user memory API is used for its registering in OP-TEE (introduced in
optee_client commit 27888d73d156 ("tee_client_api: register user memory")),
there is no possibility to keep this mapping permanent among different
TEEC_InvokeCommand invocations, as all SHM are automatically unmapped from
OP-TEE VA space after TEEC_InvokeCommand is handled by OP-TEE.

Timestamp buffer is now allocated with thread_rpc_alloc_global_payload().

Fixes: https://github.com/OP-TEE/optee_os/issues/1979
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

core: tee: update objectSize/keySize for ECDSA/ECDH Objects

objectSize/keySize was not getting updated when an ECDSA/ECDH
object was imported.
Updating the ObjectSize/keySize based on the EC Curve.

core: tee: update objectSize/keySize for ECDSA/ECDH Objects

objectSize/keySize was not getting updated when an ECDSA/ECDH
object was imported.
Updating the ObjectSize/keySize based on the EC Curve.

Fixes: https://github.com/OP-TEE/optee_os/issues/2386
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: reformat OP-TEE images to stm32 format

OP-TEE core images are reformatted into a STM32 compliant format
expected by the platform flashing tools.

Signed-off-by: Etienne Carriere <etie

plat-stm32mp1: reformat OP-TEE images to stm32 format

OP-TEE core images are reformatted into a STM32 compliant format
expected by the platform flashing tools.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: stm32_uart driver

Used by platform stm32mp1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <je

core: stm32_uart driver

Used by platform stm32mp1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: add initial support

Introduce platform stm32mp1 with board stm32mp1-stm32mp157c-ev1 based
on stm32mp1 SoC family integrating Arm Cortex-A7 technology. In its
default configuration, st

plat-stm32mp1: add initial support

Introduce platform stm32mp1 with board stm32mp1-stm32mp157c-ev1 based
on stm32mp1 SoC family integrating Arm Cortex-A7 technology. In its
default configuration, stm32mp1 OP-TEE core operates in a 256kB secure
RAM with pager support enabled.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@lina

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmpa: remove mpa_set_random_generator()

MPA is used in two configurations, either in kernel mode or in user mode.

In kernel mode random is always drawn with crypto_rng_read() and in
user mode ute

libmpa: remove mpa_set_random_generator()

MPA is used in two configurations, either in kernel mode or in user mode.

In kernel mode random is always drawn with crypto_rng_read() and in
user mode utee_cryp_random_number_generate() is used instead.

This patch makes the code easier to follow by replacing the call via a
function pointer to a normal function call instead.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation repla

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.

Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.

plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.

The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.

plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.

[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: split tee_pager_init()

Splits tee_pager_init() into tee_pager_set_alias_area() and
tee_pager_generate_authenc_key(). The former function is called where
tee_pager_init() used to be called and

core: split tee_pager_init()

Splits tee_pager_init() into tee_pager_set_alias_area() and
tee_pager_generate_authenc_key(). The former function is called where
tee_pager_init() used to be called and the latter function is called
after the crypto API and RNG has been initialized.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: don't divide by sizeof(*mem) for ddr nsec memory

Since the two addresses are already of type struct core_mmu_phys_mem, do
not divide by sizeof(struct core_mmu_phys_mem). This broke dynamic sha

core: don't divide by sizeof(*mem) for ddr nsec memory

Since the two addresses are already of type struct core_mmu_phys_mem, do
not divide by sizeof(struct core_mmu_phys_mem). This broke dynamic shared
memory on Juno r0, since nelem would be zero for two slots.

Tested on Juno r0.

Fixes: 2f82082fada3 ("core: add ddr overall register")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>

show more ...

plat-sunxi: Add plat-sunxi

Initial version support for Allwinner H2+ platform. Specific to Banana Pi
M2 zero board currently.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Je

plat-sunxi: Add plat-sunxi

Initial version support for Allwinner H2+ platform. Specific to Banana Pi
M2 zero board currently.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

core: add mdelay() function

checkpatch will check if udelay value is too large. Use udelay() to
implement mdelay() when we want to delay more than 10000 us.

Reviewed-by: Jens Wiklander <jens.wiklan

core: add mdelay() function

checkpatch will check if udelay value is too large. Use udelay() to
implement mdelay() when we want to delay more than 10000 us.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

core: drivers: serial8250_uart: Add DT support

Add DT support for serial8250 uart driver. The matchtable currently
supports allwinner H2+ SoC.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org

core: drivers: serial8250_uart: Add DT support

Add DT support for serial8250 uart driver. The matchtable currently
supports allwinner H2+ SoC.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

show more ...

Add new platform for the TI K3 class of SoCs

Add platform 'k3' for the TI K3 family. These are ARMv8 devices
and are quite different from our line of existing ARMv7 OMAP style
SoCs, hence the new pl

Add new platform for the TI K3 class of SoCs

Add platform 'k3' for the TI K3 family. These are ARMv8 devices
and are quite different from our line of existing ARMv7 OMAP style
SoCs, hence the new platform.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: arm64 ce: update AES CBC routines

Update the Aarch64 Crypto Extension accelerated CBC encryption/decryption
routines to the latest upstream implementation in the Linux kernel
(v4.17-rc

core: crypto: arm64 ce: update AES CBC routines

Update the Aarch64 Crypto Extension accelerated CBC encryption/decryption
routines to the latest upstream implementation in the Linux kernel
(v4.17-rc7).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2355
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix syscall_cryp_obj_get_attr() with null buffer

Prior to this patch when syscall_cryp_obj_get_attr() is called with a
NULL buffer to query buffer size the function returns
TEE_ERROR_ACCESS_DE

core: fix syscall_cryp_obj_get_attr() with null buffer

Prior to this patch when syscall_cryp_obj_get_attr() is called with a
NULL buffer to query buffer size the function returns
TEE_ERROR_ACCESS_DENIED while TEE_ERROR_SHORT_BUFFER is expected. This
patch fixes syscall_cryp_obj_get_attr() to return TEE_ERROR_SHORT_BUFFER
if supplied buffer parameter is NULL.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: cleanup and fix CE accelerated AES CTR

There is a problem with how the counter is incremented in our Aarch32
implementation of ce_aes_ctr_encrypt(). When 3 or more 16-byte blocks of
da

core: crypto: cleanup and fix CE accelerated AES CTR

There is a problem with how the counter is incremented in our Aarch32
implementation of ce_aes_ctr_encrypt(). When 3 or more 16-byte blocks of
data are processed, the counter is incremented one time too many and
invalid data is produced as a result [1].

More generally, the way the counter is handled is quite convoluted. It is
incremented:
- In the generic LibTomCrypt code in ctr_encrypt_sub(),
- In the Crypto Extension glue layer in aes_ctr_encrypt_nblocks(),
- In the CE accelerated assembly code in ce_aes_ctr_encrypt().
We can easily get rid of the second one. We can also avoid always calling
the non-accelerated function on the first block of data.

This commit simplifies the C code to reflect the following rules:
- The core encryption functions (accelerated or not) should use the
counter value as is to process the first block of data,
- They should increment it for each block that is processed and return it
as an output parameter

The AArch32 and AArch64 CE assembler implementations are updated to the
latest available in the upstream Linux kernel (v4.17-rc7), thus
incorporating further improvements/simplifications by Ard Biesheuvel.
These functions handle the counter as described above so they fit our use
case perfectly.

Fixes: [1] https://github.com/OP-TEE/optee_os/issues/2305
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, 32/64, CE/no CE)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...