core: arm64: increase thread stack size for debug

Increase STACK_THREAD_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Foriss

core: arm64: increase thread stack size for debug

Increase STACK_THREAD_SIZE when CFG_CORE_DEBUG_CHECK_STACKS=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: scmi-msg: fix clock min/max/step triplet description support

The return value of plat_scmi_clock_rates_array() is one of "SCMI_DENIED",
"SCMI_GENERIC_ERROR" and "SCMI_SUCCESS".
The code in

drivers: scmi-msg: fix clock min/max/step triplet description support

The return value of plat_scmi_clock_rates_array() is one of "SCMI_DENIED",
"SCMI_GENERIC_ERROR" and "SCMI_SUCCESS".
The code in scmi_clock_describe_rates() for clock min/max/step triplet
description support would never be executed due to the return value of
plat_scmi_clock_rates_array() could never be "SCMI_NOT_SUPPORTED".
Fix by modifying the return value of plat_scmi_clock_rates_array().

Signed-off-by: Tony Han <tony.han@microchip.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: drivers: Add some trace message for TI-SCI calls

These could be good for debugging tracing of TI-SCI messages

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manor

plat-k3: drivers: Add some trace message for TI-SCI calls

These could be good for debugging tracing of TI-SCI messages

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Remove ti_sci_get_response function

Currently since all the code is under mutex, it makes sense to remove
this function and keep it all under ti_sci_do_xfer for easier
readability.

plat-k3: drivers: Remove ti_sci_get_response function

Currently since all the code is under mutex, it makes sense to remove
this function and keep it all under ti_sci_do_xfer for easier
readability.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Move message_sequence updates inside ti_sci_do_xfer

To avoid potential race condition, set the message_sequence inside
ti_sci_do_xfer itself as the send and receive paths are prote

plat-k3: drivers: Move message_sequence updates inside ti_sci_do_xfer

To avoid potential race condition, set the message_sequence inside
ti_sci_do_xfer itself as the send and receive paths are protected by a
mutex and avoid race conditions on message_sequence.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-k3: drivers: Add mutex lock for ti_sci_do_xfer

Current TI-SCI calls are not protected by any locks. OP-TEE running on
multiple threads can end up receiving different message response then
the o

plat-k3: drivers: Add mutex lock for ti_sci_do_xfer

Current TI-SCI calls are not protected by any locks. OP-TEE running on
multiple threads can end up receiving different message response then
the one they sent due to no queuing model.

*I/TC: Message with sequence ID <> is not expected

Add mutex lock to prevent such issues.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

plat-rockchip: allow specifying DRAM via CFG options

It's currently not possible to use CFG_CORE_DYN_SHM with the Rockchip
platforms, because OP-TEE doesn't know what non-secure memory is
available;

plat-rockchip: allow specifying DRAM via CFG options

It's currently not possible to use CFG_CORE_DYN_SHM with the Rockchip
platforms, because OP-TEE doesn't know what non-secure memory is
available; Device tree is not used and no DDR ranges are registered.

This precludes interacting with OP-TEE from barebox and U-Boot, which
currently only implement OP-TEE communication with dynamic shared
memory.

Make it possible to use CFG_CORE_DYN_SHM=y by adding two sets of config
variables to register memory:

CFG_DRAM_BASE, CFG_DRAM_SIZE:
For the main memory in the first 4G up to the MMIO range beyond
the end of the first RAM bank

CFG_NSEC_DDR_1_BASE, CFG_NSEC_DDR_1_SIZE:
For the remainder of the main memory above the MMIO regions.

OP-TEE will take care to carve out the secure memory ranges.

This has been tested on an RK3399 with barebox using OP-TEE's HWRNG TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>

show more ...

plat-stm32mp1: shared_resources: remove pin/GPIO secure state management

Remove the pin and GPIO secure state management from shared_resources
platform driver since this is now managed using the fir

plat-stm32mp1: shared_resources: remove pin/GPIO secure state management

Remove the pin and GPIO secure state management from shared_resources
platform driver since this is now managed using the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: remove gpio/pinctrl API function to set secure state

Remove stm32_gpio_set_secure_cfg() and stm32_pinctrl_set_secure_cfg()
functions that are no more used since the STM32 GPIO a

drivers: stm32_gpio: remove gpio/pinctrl API function to set secure state

Remove stm32_gpio_set_secure_cfg() and stm32_pinctrl_set_secure_cfg()
functions that are no more used since the STM32 GPIO and pins secure
configurations are managed only through the firewall framework
facilities.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: stm32mp1_stpmic: remove use of shared_resource for pinctrl

Remove use of shared_resources platform driver in STM32MP15 PMIC driver
to manage the secure state of the pins of a pinctrl

plat-stm32mp1: stm32mp1_stpmic: remove use of shared_resource for pinctrl

Remove use of shared_resources platform driver in STM32MP15 PMIC driver
to manage the secure state of the pins of a pinctrl state since this is
now managed using the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_uart: remove use of shared_resource for pinctlr

Remove use of shared_resources platform driver to manage the secure
state of the pins of a pinctrl state since this is now managed usin

drivers: stm32_uart: remove use of shared_resource for pinctlr

Remove use of shared_resources platform driver to manage the secure
state of the pins of a pinctrl state since this is now managed using
the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_uart: remove use of stm32_pinctrl_set_secure_cfg()

Remove use of stm32_pinctrl_set_secure_cfg() to set the secure state
of the pins of a pinctrl state since this is now handled from S

drivers: stm32_uart: remove use of stm32_pinctrl_set_secure_cfg()

Remove use of stm32_pinctrl_set_secure_cfg() to set the secure state
of the pins of a pinctrl state since this is now handled from STM32
GPIO driver based on the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_i2c: remove use of stm32_pinctrl_set_secure_cfg()

Remove use of stm32_pinctrl_set_secure_cfg() to set the secure state
of the pins of a pinctrl state since this is now handled from ST

drivers: stm32_i2c: remove use of stm32_pinctrl_set_secure_cfg()

Remove use of stm32_pinctrl_set_secure_cfg() to set the secure state
of the pins of a pinctrl state since this is now handled from STM32
GPIO driver based on the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: shared_resources: do not manage pins secure state

Remove management of GPIO and pinctrl secure state since this is
now handled from STM32 ETZPC driver based through the firewall
frame

plat-stm32mp1: shared_resources: do not manage pins secure state

Remove management of GPIO and pinctrl secure state since this is
now handled from STM32 ETZPC driver based through the firewall
framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: check secure state of pinctrl states

Make STM32 GPIO driver to verify that any all pins of applied pinctrl
states be accessed and has the expected secure hardening configuration

drivers: stm32_gpio: check secure state of pinctrl states

Make STM32 GPIO driver to verify that any all pins of applied pinctrl
states be accessed and has the expected secure hardening configuration
when used.

Non-secure pins must have the STM32_PIN_NSEC bit set in the pin
handler argument unless what the pin is expected to be secure. The
driver returns an error when the expected secure state of a pin does
not match its effective secure state or it cannot be accessed, unless
CFG_INSECURE is enabled in which case the driver only prints an info
level trace message.

If a driver attempts to consume a pinctrl with pins that do not exist,
core panics.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: check secure state of consumed GPIOs

STM32 GPIO driver now verifies that any GPIO consumed by OP-TEE can
be accessed and has the expected secure hardening configuration.
If a dr

drivers: stm32_gpio: check secure state of consumed GPIOs

STM32 GPIO driver now verifies that any GPIO consumed by OP-TEE can
be accessed and has the expected secure hardening configuration.
If a driver attempts to consume a GPIO that cannot be accessed
by OP-TEE, core panics. When a GPIO is used with an inappropriate
secure configuration state, STM32 GPIO driver panics or prints an
info level message, depending on CFG_INSECURE.

This change is based on the recently added GPIO_STM32_NSEC bindings macro
in STM32 GPIO driver DT bindings header file that is a hint on whether
a consumed GPIO is expected secure or shared with non-secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: acquire semaphore when GPIO/pinctrl are used

Release RIF semaphore taken at GPIO bank initialization and acquire
them only when the GPIO or pinctrl is used or when a firewall
co

drivers: stm32_gpio: acquire semaphore when GPIO/pinctrl are used

Release RIF semaphore taken at GPIO bank initialization and acquire
them only when the GPIO or pinctrl is used or when a firewall
configuration is requested.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: register to firewall framework

Register secure aware STM32 GPIO banks to the firewall framework
as a firewall controller to allow GPIO and pinctrl consumer devices
to load alter

drivers: stm32_gpio: register to firewall framework

Register secure aware STM32 GPIO banks to the firewall framework
as a firewall controller to allow GPIO and pinctrl consumer devices
to load alternate configurations for pins.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: factorize apply_rif_config()

Change apply_rif_config() to be able to call it for a subset of pins
in a GPIO bank.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

drivers: stm32_gpio: factorize apply_rif_config()

Change apply_rif_config() to be able to call it for a subset of pins
in a GPIO bank.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_gpio: check GPIO is not already consumed

Check that a GPIO requested by a consumer is not already consumed by
another device.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.s

drivers: stm32_gpio: check GPIO is not already consumed

Check that a GPIO requested by a consumer is not already consumed by
another device.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP25 secure/non-secure USART2 pinctrl states

Explicitly state that legacy pinctrl phandles usart2_pins_a
refer to non-secure USART2 pin muxing, used in STM32MP23 and
STM32MP2

dts: stm32: refine STM32MP25 secure/non-secure USART2 pinctrl states

Explicitly state that legacy pinctrl phandles usart2_pins_a
refer to non-secure USART2 pin muxing, used in STM32MP23 and
STM32MP25 based boards for OP-TEE console using a non-secure UART bus.

Define secure USART2 bus pinctrl states for board that needs
to use the USART2 bus in secure state.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP13 secure/non-secure USART4 pinctrl states

Explicitly state that legacy pinctrl phandles usart4_pins_a
refer to non-secure USART4 pin muxing, used in STM32MP13 based
boards

dts: stm32: refine STM32MP13 secure/non-secure USART4 pinctrl states

Explicitly state that legacy pinctrl phandles usart4_pins_a
refer to non-secure USART4 pin muxing, used in STM32MP13 based
boards for OP-TEE console using a non-secure UART bus.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: refine STM32MP15 secure/non-secure I2C4 pinctrl states

Explicitly state that legacy pinctrl phandles i2c4_pins_a and
i2c4_sleep_pins_a refer to non-secure I2C4 pin muxing on STM32MP15
ba

dts: stm32: refine STM32MP15 secure/non-secure I2C4 pinctrl states

Explicitly state that legacy pinctrl phandles i2c4_pins_a and
i2c4_sleep_pins_a refer to non-secure I2C4 pin muxing on STM32MP15
based platforms.

Define secure I2C4 bus pinctrl states for boards that use the I2C4 bus
in secure state on STM32MP15 SoCs.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: most stm32mp15 UARTs pinctrl are non-secure

On STM32MP15 based devices, UART2/3/4/5/6/7/8 cannot be secured.
Explicitly state that in the pinctrl nodes. This change ease the use
of a non

dts: stm32: most stm32mp15 UARTs pinctrl are non-secure

On STM32MP15 based devices, UART2/3/4/5/6/7/8 cannot be secured.
Explicitly state that in the pinctrl nodes. This change ease the use
of a non-secure UART for OP-TEE output console on STM32MP15 based boards.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: define SoC GPIO banks that are firewall controllers

Add property #access-controller-cells to GPIO banks that register
to the firewall framework.

Signed-off-by: Etienne Carriere <etienne

dts: stm32: define SoC GPIO banks that are firewall controllers

Add property #access-controller-cells to GPIO banks that register
to the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...