dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gati

dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevall

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Re

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Che

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: Update comments in ECC driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: Update comments in RSA driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@a

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ET

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ETZPC
related code.

While there, revert commit 326382a059a8 ("drivers: stm32_rng: MP15 RNG is
non-secure when PRNG is enable") and prefer to use ETZPC API.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as a firewall provider.

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions for
which no firewall operations will be done when CFG_INSECURE is set.
This allows, for example, to share a console with the non-secure world
for development purposes.

The ETZPC driver register the following ops:
-set_conf
-acquire_access
-acquire_memory_access

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration wil

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration will not be
checked before probing a peripheral. Default enable this switch for
DH platforms that use non-securable peripherals in OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Che

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device tree to
get it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

On this platform, only the ETZPC is a

plat-stm32mp1: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

On this platform, only the ETZPC is a firewall controller for now.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: define ETZPC as an access controller for stm32mp13 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp13 platforms. Also add t

dts: stm32: define ETZPC as an access controller for stm32mp13 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp13 platforms. Also add the "simple-bus"
compatible for backward compatibility and "#access-controllers-cells"
to the ETZPC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: define ETZPC as an access controller for stm32mp15 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp15x platforms. Also add

dts: stm32: define ETZPC as an access controller for stm32mp15 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp15x platforms. Also add the "simple-bus"
compatible for backward compatibility and "#access-controllers-cells"
to the ETZPC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Johann Neuhauser <jneuhauser@dh-electronics.com>

show more ...

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some incl

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some includes to fix the path errors.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: disable VREFBUF on stm32mp15-dkx platforms

VREFBUF is currently not used on stm32mp15-dkx platforms,
so disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Revi

dts: stm32: disable VREFBUF on stm32mp15-dkx platforms

VREFBUF is currently not used on stm32mp15-dkx platforms,
so disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Revi

dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore defaul

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with mobj_get(). Fix that by calling mobj_get() before
unlocking reg_shm_slist_lock.

Fixes: b96514926b8e ("core: reference count struct mobj")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot, OP-TEE and TF-A set the JR0 to the non-secure
domain that leads to a HAB failure when trying to decrypt the kernel.

To fix the issue, this commit introduces CFG_JR_HAB_INDEX that specifies
which JR the HAB uses. OPTEE will skip the initialization of
CFG_JR_HAB_INDEX and leave it as secure.

It will also disable its usage in the device tree to inform the kernel.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...