core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers

core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers x0-x17 to support passing arguments and results
according to SMC Calling Convention (SMCCC) version 1.2.

The difference is that before this change x8-x17 couldn't be used as
argument nor result and the content was preserved. With this patch are
x8-x17 returned as zeroes. New FF-A SMCs can take and return values in
the full range x0-x17.

64-bit SMCCC version 1.1 and earlier specified x4-x17 as unpredictable
or scratch registers. FF-A has specified x0-x7 as argument and result
registers, regardless of SMCCC. This has changed with SMCCC version 1.2
where the two standards harmonize on this.

struct thread_smc_1_2_regs is added in a 32-bit version for
compatibility, but it only covers r0-r7.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: mm: dynamic allocation of v7 translation tables

With CFG_DYN_CONFIG enabled allocate translation tables using the
boot_mem_*() functions. Static allocation from global variables is still

core: arm: mm: dynamic allocation of v7 translation tables

With CFG_DYN_CONFIG enabled allocate translation tables using the
boot_mem_*() functions. Static allocation from global variables is still
used with CFG_DYN_CONFIG disabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: mm: dynamic allocation of LPAE translation tables

With CFG_DYN_CONFIG enabled allocate translation tables using the
boot_mem_*() functions. Static allocation from global variables is stil

core: arm: mm: dynamic allocation of LPAE translation tables

With CFG_DYN_CONFIG enabled allocate translation tables using the
boot_mem_*() functions. Static allocation from global variables is still
used with CFG_DYN_CONFIG disabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: mm: refactor LPAE translation table handling

Refactor translation table handling to use a more flexible layout of the
translation tables in memory. Instead of relying on multidimensional

core: arm: mm: refactor LPAE translation table handling

Refactor translation table handling to use a more flexible layout of the
translation tables in memory. Instead of relying on multidimensional
array use helper functions to calculate the address of each translation
table as needed.

Preparing for future changes, no change in behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: extend temporary dummy memory map

core_init_mmu_map() uses a temporary dummy memory map for the
virt_to_phys() and phys_to_virt() conversions to avoid asserting while
setting up translatio

core: mm: extend temporary dummy memory map

core_init_mmu_map() uses a temporary dummy memory map for the
virt_to_phys() and phys_to_virt() conversions to avoid asserting while
setting up translation tables before the MMU is enabled. CFG_DYN_CONFIG
will need a larger range of memory since translation tables might not be
allocated from .nozi memory only. So for CFG_DYN_CONFIG extend of end of
the unused memory range that the boot_mem_*() functions allocate memory
from.

Introduce CFG_DYN_CONFIG, enabled by default if CFG_BOOT_MEM is enabled
and CFG_WITH_PAGER disabled. CFG_DYN_CONFIG conflicts with
CFG_WITH_PAGER since the pager uses a different mechanism for memory
allocation.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: add boot mem paddings to the heap

Add the paddings added due to requested alignment in boot mem
allocations to the heap.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-b

core: arm: add boot mem paddings to the heap

Add the paddings added due to requested alignment in boot mem
allocations to the heap.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: boot_mem: keep track of padding

When boot_mem_alloc() allocates memory up to alignment - 1 number of
bytes may have be skipped to satisfy the required alignment of the
returned pointer. If the

core: boot_mem: keep track of padding

When boot_mem_alloc() allocates memory up to alignment - 1 number of
bytes may have be skipped to satisfy the required alignment of the
returned pointer. If the skipped bytes, or padding, is large enough,
it's recorded in a list of padding. The list of paddings can be
processed and consumed with boot_mem_foreach_padding(). This allows
sufficiently large paddings to be added to for instance the heap instead
of being wasted.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: boot_mem: allow NULL pointers while relocating

In boot_mem_relocate() when relocating registered pointers, allow the
pointer to be NULL. NULL pointers are not relocated.

Signed-off-by: Jens W

core: boot_mem: allow NULL pointers while relocating

In boot_mem_relocate() when relocating registered pointers, allow the
pointer to be NULL. NULL pointers are not relocated.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: allow partially unmapped MEM_AREA_TEE_RAM_RW

Add special checks in phys_to_virt_tee_ram() to see that a virtual
address indeed is mapped before return the address if the memory area is
MEM_ARE

core: allow partially unmapped MEM_AREA_TEE_RAM_RW

Add special checks in phys_to_virt_tee_ram() to see that a virtual
address indeed is mapped before return the address if the memory area is
MEM_AREA_TEE_RAM_RW since the VCORE_FREE may be unmapped.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: zero initialize tee_mm pool structures

Zero initialize tee_mm_pool_t instance when such pool is initialized.
This change fixes an issue where phys_mem pool max_allocated
field may contain

core: mm: zero initialize tee_mm pool structures

Zero initialize tee_mm_pool_t instance when such pool is initialized.
This change fixes an issue where phys_mem pool max_allocated
field may contain a fuzzy value because it was not zero-initialized
when allocated by the commit referred below.

Fixes: c596d8359eb3 ("core: add phys_mem allocation functions")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: rpmb: fix mutex in directory populate

Fix mutex unlocking in rpmb_fs_dir_populate() that should protect
fat_entry_dir_deinit() execution.

Fixes: 5f68d7848fe8 ("core: RPMB FS: Caching for FAT

core: rpmb: fix mutex in directory populate

Fix mutex unlocking in rpmb_fs_dir_populate() that should protect
fat_entry_dir_deinit() execution.

Fixes: 5f68d7848fe8 ("core: RPMB FS: Caching for FAT FS entries")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: rk3588: add TRNG support

Add TRNG support for Rockchip rk3588

Signed-off-by: Ed Tubbs <ectubbs@gmail.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wik

plat-rockchip: rk3588: add TRNG support

Add TRNG support for Rockchip rk3588

Signed-off-by: Ed Tubbs <ectubbs@gmail.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rpmb: handle not-implemented error code on device probing

Consider that non-secure world may report TEE_ERROR_NOT_IMPLEMENTED
error code on OPTEE_RPC_CMD_RPMB_PROBE_RESET RPC command when that

core: rpmb: handle not-implemented error code on device probing

Consider that non-secure world may report TEE_ERROR_NOT_IMPLEMENTED
error code on OPTEE_RPC_CMD_RPMB_PROBE_RESET RPC command when that
RPC command is not supported. This is needed to support U-Boot
that provides this return code, at least up to its release tag
v2025.01 [1].

Without this change, OP-TEE fails to communicate with U-Boot RPMB
RPC service since RPMB probe capability was merged in OP-TEE
(Fixes: tag below).

Link: https://source.denx.de/u-boot/u-boot/-/blame/v2025.01/drivers/tee/optee/supplicant.c?ref_type=tags#L96 [1]
Reported-by: Gavin Liu <gavin.liu@mediatek.com>
Closes: https://github.com/OP-TEE/optee_os/issues/7200
Fixes: 8dfdf3927214 ("core: rpmb: probe for kernel RPMB driver")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: microchip_pit: fix the length used for comparing the clock names

sizeof("syspll") equals to 7 with a character '\0' in count, adjust the
length used for the comparison to obtain the expecte

drivers: microchip_pit: fix the length used for comparing the clock names

sizeof("syspll") equals to 7 with a character '\0' in count, adjust the
length used for the comparison to obtain the expected result.
Move the test of "parent" into the while loop to improve debug convenience.

Fixes: 8796ab4a984f ("drivers: microchip_pit: add driver for sama7g54's pit64b")
Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: microchip_pit: fix the path of "dt_driver.h" included

change "#include <dt_driver.h>" to "#include <kernel/dt_driver.h>" due to
"dt_driver.h" is located at "core/include/kernel/" and the pa

drivers: microchip_pit: fix the path of "dt_driver.h" included

change "#include <dt_driver.h>" to "#include <kernel/dt_driver.h>" due to
"dt_driver.h" is located at "core/include/kernel/" and the path is not in
the include paths which would cause compile errors.

Fixes: 8796ab4a984f ("drivers: microchip_pit: add driver for sama7g54's pit64b")
Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-sam: enable SCMI reset domain management protocol and rstctrl driver

Enable CFG_SCMI_MSG_RESET_DOMAIN and CFG_DRIVERS_RSTCTRL.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienn

plat-sam: enable SCMI reset domain management protocol and rstctrl driver

Enable CFG_SCMI_MSG_RESET_DOMAIN and CFG_DRIVERS_RSTCTRL.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-sam: scmi_server: use SCMI reset to manage USB reset for sama7g5

Enable "reset domain management protocol", add reset domains to SCMI
channel and add functions for SCMI reset domain.

Signed-of

plat-sam: scmi_server: use SCMI reset to manage USB reset for sama7g5

Enable "reset domain management protocol", add reset domains to SCMI
channel and add functions for SCMI reset domain.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_rstc: probe RSTC with reset controller and reset lines

Update the type of RSTC driver to DT_DRIVER_RSTCTRL and probe RSTC with
the concept of controller and lines.

Signed-off-by: Ton

drivers: atmel_rstc: probe RSTC with reset controller and reset lines

Update the type of RSTC driver to DT_DRIVER_RSTCTRL and probe RSTC with
the concept of controller and lines.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_rstc: add functions to allocate/get reset controller/lines

Define new functions for getting the reset controller, find or allocate
the reset lines.

Signed-off-by: Tony Han <tony.han@

drivers: atmel_rstc: add functions to allocate/get reset controller/lines

Define new functions for getting the reset controller, find or allocate
the reset lines.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: atmel_rstc: new data and functions to handle reset assert/deassert

Define new struct and functions for handling the reset controller, reset
lines and the reset operations (assert, deassert)

drivers: atmel_rstc: new data and functions to handle reset assert/deassert

Define new struct and functions for handling the reset controller, reset
lines and the reset operations (assert, deassert).

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: sam: rename the sama7g5 UTMI clocks for USB PHY

The UTMI clocks for USB PHY are handled in OP-TEE due to they are
controlled by the registers from RSTC (reset controller) which is
alwa

drivers: clk: sam: rename the sama7g5 UTMI clocks for USB PHY

The UTMI clocks for USB PHY are handled in OP-TEE due to they are
controlled by the registers from RSTC (reset controller) which is
always-secured.
SCMI "reset domain management protocol" makes it prossible to handle the
resets from the kernel running in normal world. So the code in kernel for
these clocks need to be enabled. Here renaming the clocks to avoid
registering them failed from the kernel.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

clk: clk-stm32-core: fix use of ROUNDUP2_DIV() in stm32_div_get_rate()

Replace the use of ROUNDUP2_DIV() by ROUNDUP_DIV() in stm32_div_get_rate()
as some dividers may not be a power of two. In this

clk: clk-stm32-core: fix use of ROUNDUP2_DIV() in stm32_div_get_rate()

Replace the use of ROUNDUP2_DIV() by ROUNDUP_DIV() in stm32_div_get_rate()
as some dividers may not be a power of two. In this case, the platform
panics.

Fixes: 76d6685e5f3b ("tree-wide: use power-of-2 rounding macros where applicable")
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

core: notif_default: support ns-virtualization

Add support for CFG_NS_VIRTUALIZATION=y in the default notification
implementation used with the SMC ABI.

virt_add_guest_spec_data() is used to add st

core: notif_default: support ns-virtualization

Add support for CFG_NS_VIRTUALIZATION=y in the default notification
implementation used with the SMC ABI.

virt_add_guest_spec_data() is used to add struct notif_vm_bitmap for
bookkeeping per guest, similarly to the implementation for the FF-A ABI.

This takes care of and removes the assert for "!guest" in
notif_send_async().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Yuvraj Sakshith <ysakshith@gmail.com>
Tested-by: Yuvraj Sakshith <ysakshith@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: guest ID test for notif and VM creation

Block normal world from calling OPTEE_SMC_VM_CREATED with reserved
hypervisor client-id (0) as VMID parameter.

Normal world calls OPTEE_SMC_VM_CRE

core: arm: guest ID test for notif and VM creation

Block normal world from calling OPTEE_SMC_VM_CREATED with reserved
hypervisor client-id (0) as VMID parameter.

Normal world calls OPTEE_SMC_VM_CREATED with guest VMID in a1 and
HYP_CLNT_ID in a7. This eventually leads to copying of __data_start
to __data_end from the default partition to the guest's MMU partition.
Everything goes well until normal world passes HYP_CLNT_ID into a1 which
goes unchecked in OPTEE. When the "second VM" is created from normal
world, the first VM's MMU partition's __data_start is copied into
the new VM's MMU partition which eventually breaks the bpool freelist
pointers.

This can deliberately be used by normal world to put OP-TEE into panic.

Set guest ID when NOTIF_EVENT_STARTED is called preventing assetion
failure in get_notif_data().

Fixes: d237e616e155 ("core: make generic notifications virtualization-aware")
Signed-off-by: Yuvraj Sakshith <ysakshith@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: pass guest ID to SMC_ENABLE_ASYNC_NOTIF

notif_deliver_atomic_event() expects guest_id which
is used to retrieve struct guest_partition* from
virt_get_guest(). The guest_id passed is stati

core: arm: pass guest ID to SMC_ENABLE_ASYNC_NOTIF

notif_deliver_atomic_event() expects guest_id which
is used to retrieve struct guest_partition* from
virt_get_guest(). The guest_id passed is static (0),
which causes trouble when OPTEE_SMC_ENABLE_ASYNC_NOTIF
comes from a guest. When this happens, virt_get_guest()
returns NULL which fails the assertion in get_notif_data()
which exclusively checks for CONFIG_NS_VIRTUALIZATION.

Signed-off-by: Yuvraj Sakshith <ysakshith@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...