drivers: stm32_iwdg: remove useless device list

STM32 watchdog driver does not manage several instances of IWDG hence
remove the useless code. To simplify code, remove stm32_iwdg_register()
local fu

drivers: stm32_iwdg: remove useless device list

STM32 watchdog driver does not manage several instances of IWDG hence
remove the useless code. To simplify code, remove stm32_iwdg_register()
local function.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_iwdg: remove registering to shared_resources driver

Remove registering of STM32 IWDG driver to platform shared_resources
driver that is deprecated since integration of the firewall fr

drivers: stm32_iwdg: remove registering to shared_resources driver

Remove registering of STM32 IWDG driver to platform shared_resources
driver that is deprecated since integration of the firewall framework
in stm32mp1 platforms. Since this integration, OP-TEE only consider
IWDG secure instances hence remove the useless code for IWDG assigned
to non-secure world.

As watchdog drivers are only used when registering to OP-TEE watchdog
services (CFG_WDT_SM_HANDLER) simplify the code to always register
IWDG instance.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: CFG_STM32_IWDG requires CFG_WDT_SM_HANDLER

Driver stm32_iwdg only aims at exposing an OP-TEE watchdog
service hence declare CFG_STM32_IWDG dependency on CFG_WDT and
CFG_WDT_SM_HANDLER

plat-stm32mp1: CFG_STM32_IWDG requires CFG_WDT_SM_HANDLER

Driver stm32_iwdg only aims at exposing an OP-TEE watchdog
service hence declare CFG_STM32_IWDG dependency on CFG_WDT and
CFG_WDT_SM_HANDLER in stm32mp1 platform configuration file.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-vexpress: increase QEMU heap size

The core heap usage is increased by around 20kB with fTPM enabled so it
makes sense if this has to be compensated.

Increase heap size for the QEMU variants:
-

plat-vexpress: increase QEMU heap size

The core heap usage is increased by around 20kB with fTPM enabled so it
makes sense if this has to be compensated.

Increase heap size for the QEMU variants:
- QEMU v7 from 64kB to 96kB
- QEMU v8 from 128kB to 192kB

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: secstore: decrease TA buffer

install_ta() uses a buffer allocated from the heap while hashing a TA
while installing it. The buffer size is 8kB which is a bit large to
reliably allocate fr

core: pta: secstore: decrease TA buffer

install_ta() uses a buffer allocated from the heap while hashing a TA
while installing it. The buffer size is 8kB which is a bit large to
reliably allocate from the heap, so decrease it to 1kB.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: conf: default enable CFG_PKCS11_TA_RSA_X_509

Default enable PKCS#11 TA config switch CFG_PKCS11_TA_RSA_X_509 to
embed this feature in the TA test environment. Raw RSA is no more
a rec

plat-vexpress: conf: default enable CFG_PKCS11_TA_RSA_X_509

Default enable PKCS#11 TA config switch CFG_PKCS11_TA_RSA_X_509 to
embed this feature in the TA test environment. Raw RSA is no more
a recommended feature but can be required for some TLS v1.2
feature support. Therefore CFG_PKCS11_TA_RSA_X_509 has been disable
in PKCS#11 TA default configuration but should still be supported
hence we enable it in vexpress platforms that are intended to
test and development environments.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR A

dts: stm32: disable stm32mp15 SD switch regulator node

SD switch regulator is not used by OP-TEE on STM32MP15 based boards
hence disable this node in the OP-TEE secure device tree for boards
DHCOR Avenger96 (stm32mp15xx-dhcor-avenger96.dtsi) ST ED1/EV1
(stm32mp157c-ed1.dts).

This change fixes a issue related to the integration of stm32_gpio
driver as a firewall controller, which is highlighted by ab error trace
message like:

E/TC:0 0 stm32_gpio_get_dt:837 node regulator-sd_switch requests secure GPIO F14 that cannot be secured
E/TC:0 0 Panic

Fixes: 4675225ed84f ("drivers: stm32_gpio: check secure state of consumed GPIOs")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guest

core: arm: add CFG_NS_VIRTUALIZATION boot log

Add a log entry when CFG_NS_VIRTUALIZATION is enabled, for example:
D/TC:0 0 boot_init_primary_late:1028 NS-Virtualization enabled, supporting 2 guests

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in c

core: merge core_mmu_init_phys_mem() and core_mmu_init_virtualization()

Moves the implementation of core_mmu_init_virtualization() into
core_mmu_init_phys_mem().

This simplifies init_primary() in core/arch/arm/kernel/boot.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init

core: initialize guest physical memory early

Initialize guest physical memory in virt_guest_created() before the
first entry into the guest from normal world. This replaces the call to
core_mmu_init_phys_mem() in init_tee_runtime().

Remove unused code in core_mmu_init_phys_mem() and the now unused
functions core_mmu_get_ta_range() and virt_get_ta_ram().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_

core: mm: allocate temporary memory map array

With CFG_BOOT_MEM enabled, allocate a temporary memory map array using
boot_mem_alloc_tmp() instead of using the global static_mmap_regions[].
core_mmu_save_mem_map() is added and called from
boot_init_primary_late() before the temporary memory is reused.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory internally when configured.
The non-pager configuration will unmap the memory and make it available
for TAs if needed.

__FLATMAP_PAGER_TRAILING_SPACE is removed from the link script,
collect_mem_ranges() in core/mm/core_mmu.c maps the memory following
VCORE_INIT_RO automatically.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

core: arm: add boot_cached_mem_end

Add boot_cached_mem_end in C code, replacing the previous read-only
mapped cached_mem_end. This allows updates to boot_cached_mem_end after
MMU has been enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_BOOT_MEM and boot_mem_*() functions

Adds CFG_BOOT_MEM to support stack-like memory allocations during boot
before a heap has been configured.

Signed-off-by: Jens Wiklander <jens.wikl

core: add CFG_BOOT_MEM and boot_mem_*() functions

Adds CFG_BOOT_MEM to support stack-like memory allocations during boot
before a heap has been configured.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm,pager: map remaining physical memory

For CFG_WITH_PAGER=y map the remaining memory following the
VCORE_INIT_RO memory to make sure that all physical TEE memory is mapped
even if VCORE_INIT_

core: mm,pager: map remaining physical memory

For CFG_WITH_PAGER=y map the remaining memory following the
VCORE_INIT_RO memory to make sure that all physical TEE memory is mapped
even if VCORE_INIT_RO doesn't cover it entirely.

This will be used in later patches to use the temporarily unused memory
while booting.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm,pager: make __vcore_init_ro_start follow __vcore_init_rx_end

This concerns configurations with CFG_WITH_PAGER=y. Until this patch,
even if __vcore_init_ro_size (VCORE_INIT_RO_SZ) is 0 for

core: arm,pager: make __vcore_init_ro_start follow __vcore_init_rx_end

This concerns configurations with CFG_WITH_PAGER=y. Until this patch,
even if __vcore_init_ro_size (VCORE_INIT_RO_SZ) is 0 for
CFG_CORE_RODATA_NOEXEC=n, __vcore_init_ro_start was using some value
smaller than __vcore_init_rx_end. To simplify code trying to find the
end of VCORE_INIT_RX and VCORE_INIT_RO parts of the binary, make sure
that __vcore_init_ro_start follows right after __vcore_init_rx_end.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: map memory using requested block size

TEE memory is always supposed to be mapped with 4k pages for maximum
flexibility, but can_map_at_level() doesn't check the requested block
size for a

core: mm: map memory using requested block size

TEE memory is always supposed to be mapped with 4k pages for maximum
flexibility, but can_map_at_level() doesn't check the requested block
size for a region, so fix that. However, assign_mem_granularity()
assigns smaller than necessary block sizes on page aligned regions, so
fix that by only requesting 4k granularity for TEE memory and PGDIR
granularity for the rest.

This is needed in later patches where some TEE memory is unmapped.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: core_mmu_v7.c: increase MAX_XLAT_TABLES by 2

Increase MAX_XLAT_TABLES by 2 to be able to map all TEE memory with 4k
pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: arm: core_mmu_v7.c: increase MAX_XLAT_TABLES by 2

Increase MAX_XLAT_TABLES by 2 to be able to map all TEE memory with 4k
pages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: phys_mem_core_alloc() use both pools

With CFG_NS_VIRTUALIZATION=y let phys_mem_core_alloc() allocate from
both the core_pool and ta_pool since both pools keep equally secure
memory. This

core: virt: phys_mem_core_alloc() use both pools

With CFG_NS_VIRTUALIZATION=y let phys_mem_core_alloc() allocate from
both the core_pool and ta_pool since both pools keep equally secure
memory. This is needed in later patches when some translation tables are
dynamically allocated from spare physical core memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: unify secure core and TA memory

In configurations where secure core and TA memory is allocated from the
same contiguous physical memory block, carve out the memory needed by
OP-TEE core an

core: mm: unify secure core and TA memory

In configurations where secure core and TA memory is allocated from the
same contiguous physical memory block, carve out the memory needed by
OP-TEE core and make the rest available as TA memory.

This is needed by later patches where more core memory is allocated as
needed from the pool of TA memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But sec

core: mm: replace MEM_AREA_TA_RAM

Replace MEM_AREA_TA_RAM with MEM_AREA_SEC_RAM_OVERALL.

All read/write secure memory is covered by MEM_AREA_SEC_RAM_OVERALL,
sometimes using an aliased map. But secure read-only or execute core
memory is not covered as that would defeat the purpose of
CFG_CORE_RWDATA_NOEXEC.

Since the partition TA memory isn't accessed via MEM_AREA_TA_RAM any
longer, don't map it using the partition specific map.

This is needed later where unification of OP-TEE core and physical TA
memory is possible.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: allow unmapping VCORE_FREE

Allow unmapping core memory in the VCORE_FREE range when the original
boot mapping isn't needed any more.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.o

core: mm: allow unmapping VCORE_FREE

Allow unmapping core memory in the VCORE_FREE range when the original
boot mapping isn't needed any more.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add VCORE_FREE_{PA,SZ,END_PA}

Add VCORE_FREE_{PA,SZ,END_PA} defines to identify the unused and free
memory range at the end of TEE_RAM_START..(TEE_RAM_START +
TEE_RAM_VA_SIZE).

VCORE_FREE_SZ

core: add VCORE_FREE_{PA,SZ,END_PA}

Add VCORE_FREE_{PA,SZ,END_PA} defines to identify the unused and free
memory range at the end of TEE_RAM_START..(TEE_RAM_START +
TEE_RAM_VA_SIZE).

VCORE_FREE_SZ is 0 in a pager configuration since all the memory is
used by the pager.

The VCORE_FREE range is excluded from the TEE_RAM_RW area for
CFG_NS_VIRTUALIZATION=y and instead put in a separate NEX_RAM_RW area.
This makes each partition use a bit less memory and leaves the
VCORE_FREE range available for the Nexus.

The VCORE_FREE range is added to the TEE_RAM_RW area for the normal
configuration with CFG_NS_VIRTUALIZATION=n and CFG_WITH_PAGER=n. It's in
practice unchanged behaviour in this configuration.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove CORE_MEM_TA_RAM

The buffer attribute CORE_MEM_TA_RAM isn't used to query the status of a
buffer anywhere. So remove the attribute to allow future
simplifications.

Signed-off-by: Jens W

core: remove CORE_MEM_TA_RAM

The buffer attribute CORE_MEM_TA_RAM isn't used to query the status of a
buffer anywhere. So remove the attribute to allow future
simplifications.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: add vaddr_to_phys()

Add a wrapper function for virt_to_phys() using vaddr_t instead of a
void pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Foriss

core: mm: add vaddr_to_phys()

Add a wrapper function for virt_to_phys() using vaddr_t instead of a
void pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...