dt-bindings: pinctrl: stm32mp: flags for non-secure pins

Define stm32 pinctrl DT bindings bit flags for pins that are
expected to be used in non-secure state.

Signed-off-by: Etienne Carriere <etien

dt-bindings: pinctrl: stm32mp: flags for non-secure pins

Define stm32 pinctrl DT bindings bit flags for pins that are
expected to be used in non-secure state.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dt-bindings: gpio: stm32mp: flags for non-secure GPIOs

Define STM32 GPIO DT bindings bit flags for GPIOs that are to be used
in non-secure state.

Signed-off-by: Etienne Carriere <etienne.carriere@f

dt-bindings: gpio: stm32mp: flags for non-secure GPIOs

Define STM32 GPIO DT bindings bit flags for GPIOs that are to be used
in non-secure state.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-rockchip: add support for Rockchip rk3588

Enables support for NanoPC-T6
Based on support for ROCK 4

Signed-off-by: Ed Tubbs <ectubbs@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@lin

plat-rockchip: add support for Rockchip rk3588

Enables support for NanoPC-T6
Based on support for ROCK 4

Signed-off-by: Ed Tubbs <ectubbs@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Heiko Stuebner <heiko.stuebner@cherry.de> (BSD-3)
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RCC RIF configuration for the stm32mp257f-ev1 board

Add the RIF configuration for the stm32mp257f-ev1 board. Some clocks
are in semaphore mode with only CID1 authorized. This is a tr

dts: stm32: add RCC RIF configuration for the stm32mp257f-ev1 board

Add the RIF configuration for the stm32mp257f-ev1 board. Some clocks
are in semaphore mode with only CID1 authorized. This is a trick to
benefit from a hardware synchronization in low-power sequences.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

clk: stm32mp25: add support for RIF configuration application

This driver now implements RIF configuration for RCC, which is a RIF
aware IP. It means that the RCC driver is in charge of configuring

clk: stm32mp25: add support for RIF configuration application

This driver now implements RIF configuration for RCC, which is a RIF
aware IP. It means that the RCC driver is in charge of configuring its
own RIF restrictions and that the RCC has dedicated RIF configuration
registers.

To avoid issues when manipulating clocks during OP-TEE boot or low-power
sequences, apply the RIF configuration for RCC resources at
driver_init_late level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Improve macros for set/clear bits CSR operations

Rename `set_csr` to `read_set_csr` and `clear_csr` to `read_clear_csr`
because they perform atomic reads and set/clear bits in the CSR.

core: riscv: Improve macros for set/clear bits CSR operations

Rename `set_csr` to `read_set_csr` and `clear_csr` to `read_clear_csr`
because they perform atomic reads and set/clear bits in the CSR. These
two macros will return the previous value of the CSR.

Introduce new macros `set_csr` and `clear_csr`: `set_csr` uses the
RISC-V `csrs` assembler pseudoinstruction to set bits in the CSR when
the old value is not needed, while `clear_csr` uses the `csrc`
pseudoinstruction to clear bits in the CSR, also discarding the old
value.

Signed-off-by: Huang Borong <huangborong@bosc.ac.cn>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: ltc: Ed25519 sign correctly returns TEE_ERROR_SHORT_BUFFER

Returns TEE_ERROR_SHORT_BUFFER when there is not enough space to hold
signature so applications using the API can determine the requi

core: ltc: Ed25519 sign correctly returns TEE_ERROR_SHORT_BUFFER

Returns TEE_ERROR_SHORT_BUFFER when there is not enough space to hold
signature so applications using the API can determine the required
buffer size when supplying 0 sized signature buffer.

This is happening from PKCS#11 TA when client library uses 1. method
from "5.2 Conventions for functions returning output in a
variable-length buffer" defined in PKCS#11 v3.0 spec.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Matej Zachar <zachar.matej@gmail.com>

show more ...

plat-imx: Add phyBOARD-Pollux support

phyBOARD-Pollux i.MX 8M Plus is an SBC based on the i.MX 8M Plus SoC.
Add the board to the mx8mp-flavorlist and set board specific configs.

Signed-off-by: Yann

plat-imx: Add phyBOARD-Pollux support

phyBOARD-Pollux i.MX 8M Plus is an SBC based on the i.MX 8M Plus SoC.
Add the board to the mx8mp-flavorlist and set board specific configs.

Signed-off-by: Yannic Moog <y.moog@phytec.de>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

plat-versal2: add support for AMD Versal Gen 2

Add support for AMD Versal Gen 2 platform.
AMD Versal Gen 2 is a new SoC based on ARM A78AE with GICv3 and UART
over pl011.

Signed-off-by: Akshay Bels

plat-versal2: add support for AMD Versal Gen 2

Add support for AMD Versal Gen 2 platform.
AMD Versal Gen 2 is a new SoC based on ARM A78AE with GICv3 and UART
over pl011.

Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Signed-off-by: Amey Avinash Raghatate <ameyavinash.raghatate@amd.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: sm: fix SM partition permission in SMAG registers

SM partition SMAG1 permissions were wrongly set for generating DEK blob
which results in error while decapsulating DEK blob during HA

drivers: caam: sm: fix SM partition permission in SMAG registers

SM partition SMAG1 permissions were wrongly set for generating DEK blob
which results in error while decapsulating DEK blob during HAB
encrypted boot.
Setting the permissions correctly fix this issue.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes: 2a12ae237796 ("drivers: caam: add CAAM secure memory driver")

show more ...

plat-stm32mp2: default enable TAMP peripheral support

Default enable TAMP peripheral support for stm32mp2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: E

plat-stm32mp2: default enable TAMP peripheral support

Default enable TAMP peripheral support for stm32mp2x platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_tamp: configure the backup registers when driver is probing

Update the driver to be able to configure the backup registers when
the driver is probing and remove call to stm32_tamp_set

drivers: stm32_tamp: configure the backup registers when driver is probing

Update the driver to be able to configure the backup registers when
the driver is probing and remove call to stm32_tamp_set_secure_bkpregs()
in plat-stm32mp1 main.c.

Remove old implementation of stm32_bkpregs_conf structure and rename
stm32_bkpregs_conf_new to stm32_bkpregs_conf.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add TAMP RIF configuration for stm32mp257f-ev1 board

Add a TAMP RIF configuration for stm32mp257f-ev1 board to configure
backup registers and TAMP resources.

Signed-off-by: Gatien Cheva

dts: stm32: add TAMP RIF configuration for stm32mp257f-ev1 board

Add a TAMP RIF configuration for stm32mp257f-ev1 board to configure
backup registers and TAMP resources.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add TAMP peripheral node in stm32mp251.dtsi

Add TAMP peripheral node in stm32mp251.dtsi. The TAMP peripheral manages
monotonic counters, tamper events and backup registers.

Signed-off-b

dts: stm32: add TAMP peripheral node in stm32mp251.dtsi

Add TAMP peripheral node in stm32mp251.dtsi. The TAMP peripheral manages
monotonic counters, tamper events and backup registers.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_tamp: add stm32mp25 support for RIF configuration

Add support for the RIF configuration of the TAMP peripheral. It covers
the TAMP resources such as monotonic counters but also backup

drivers: stm32_tamp: add stm32mp25 support for RIF configuration

Add support for the RIF configuration of the TAMP peripheral. It covers
the TAMP resources such as monotonic counters but also backup registers
regions and sub-regions.

Create a stm32_tamp_platdata structure to hold platform data.

Add temporary stm32_bkpregs_conf_new structure that will be used by the
new implementation and renamed to stm32_bkpregs_conf when the old one
disappear.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add st,backup-zones property in TAMP node in stm32mp151.dtsi

Add st,backup-zones property in TAMP node in stm32mp151.dtsi.
It defines the topology of the backup registers zones. The numb

dts: stm32: add st,backup-zones property in TAMP node in stm32mp151.dtsi

Add st,backup-zones property in TAMP node in stm32mp151.dtsi.
It defines the topology of the backup registers zones. The number of zones
on stm32mp13x platforms is 3.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add st,backup-zones property in TAMP node in stm32mp131.dtsi

Add st,backup-zones property in TAMP node in stm32mp131.dtsi.
It defines the topology of the backup registers zones. The numb

dts: stm32: add st,backup-zones property in TAMP node in stm32mp131.dtsi

Add st,backup-zones property in TAMP node in stm32mp131.dtsi.
It defines the topology of the backup registers zones. The number of zones
on stm32mp13x platforms is 3.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: check return value from tee_mm_init()

Check return value from tee_mm_init() function.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carrier

core: mm: check return value from tee_mm_init()

Check return value from tee_mm_init() function.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes: c596d8359eb3 ("core: add phys_mem allocation functions")

show more ...

drivers: caam: enable/disable prediction resistance based on CONFIG flag

With prediction resistance enabled, on every random number request
CAAM is forced to do reseeding of DRBG, which is time taki

drivers: caam: enable/disable prediction resistance based on CONFIG flag

With prediction resistance enabled, on every random number request
CAAM is forced to do reseeding of DRBG, which is time taking process
which leads to lower Random number generation performance.
So to give user the flexibility to enable/disable this feature a flag
CFG_CAAM_RNG_RUNTIME_PR is introduced.
By default it will be disabled and user can enable it as per its
requirement.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: caam: disable RNG buffering

Previous design of keeping RNG data in a buffer and giving random number
to user from that buffer is vulnerable to attacks and also not NIST/FIPS
compliant.
So to

driver: caam: disable RNG buffering

Previous design of keeping RNG data in a buffer and giving random number
to user from that buffer is vulnerable to attacks and also not NIST/FIPS
compliant.
So to make it more secure and NIST/FIPS compliant, will get random
number from CAAM on each user request.

Reference: Section 2.7 of NIST SP 800-90C

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: veraison_attestation: integrate Veraison remote attestation PTA

Copy remote attestation PTA functionality from the repository:
https://github.com/iisec-suzaki/optee-ra (commit: 80ca8ef), and ma

pta: veraison_attestation: integrate Veraison remote attestation PTA

Copy remote attestation PTA functionality from the repository:
https://github.com/iisec-suzaki/optee-ra (commit: 80ca8ef), and make
the following adjustments for integration:

- Add build configuration for remote attestation PTA by introducing
the CFG_VERAISON_ATTESTATION_PTA option to align with the new naming
convention.
- Replace the custom base64 implementation with the base64 library
added in PR OP-TEE#7007.
- Update QCBOR integration by removing custom QCBOR files and using
the standard library, adjusting paths as necessary.
- Apply region validation improvements introduced in PR OP-TEE#6195.
- Update API calls in sign.c to align with libmbedtls changes from
PR OP-TEE#6151.
- Calculate the required buffer size at runtime to minimize memory
allocation.
- Refactor code to improve readability and maintainability.
- Add SPDX license identifier (BSD-2-Clause) and copyright notice.

Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp>
Reviewed-by: Thomas Fossati <thomas.fossati@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lib: qcbor: add build configuration for QCBOR library

Add the necessary build configuration for integrating the QCBOR
library. Update to core.mk ensure that the library is included
when CFG_QC

core: lib: qcbor: add build configuration for QCBOR library

Add the necessary build configuration for integrating the QCBOR
library. Update to core.mk ensure that the library is included
when CFG_QCBOR is enabled. A sub.mk file is also added to define
the source files and global include directories for QCBOR.

Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lib: qcbor: add SPDX license identifiers to QCBOR files

Add SPDX license identifiers to QCBOR files as per
BSD-3-Clause licensing requirements, ensuring clear license
information across both h

core: lib: qcbor: add SPDX license identifiers to QCBOR files

Add SPDX license identifiers to QCBOR files as per
BSD-3-Clause licensing requirements, ensuring clear license
information across both header and source files.

Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: import QCBOR library

Import QCBOR v1.4.1 from https://github.com/laurencelundblade/QCBOR
Commit 4487f10e1bf258434fb8a39e4f59c29e31910ad0 (tag v1.4.1)

Certain files will never be needed and ar

core: import QCBOR library

Import QCBOR v1.4.1 from https://github.com/laurencelundblade/QCBOR
Commit 4487f10e1bf258434fb8a39e4f59c29e31910ad0 (tag v1.4.1)

Certain files will never be needed and are thus removed (reducing number
of lines to almost 60%):
rm -f CMakeLists.txt Makefile SECURITY.md
rm -f .gitignore
rm -f cmd_line_main.c example.c example.h ub-example.c ub-example.h
rm -rf QCBOR.xcodeproj doc doxygen test
rm -rf .git .github

Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: change tree trace level

Change regulator trace level of print tree so that
it can bee seen when it is requested by
xtest --stats --regulators.

Signed-off-by: Pascal Paillet <p.p

drivers: regulator: change tree trace level

Change regulator trace level of print tree so that
it can bee seen when it is requested by
xtest --stats --regulators.

Signed-off-by: Pascal Paillet <p.paillet@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...