drivers: stm32_fmc: update and fix CID filtering configuration

The conditions to acquire or release RIF semaphores when applying
the CID filtering configuration were incorrect. Add
handle_available_

drivers: stm32_fmc: update and fix CID filtering configuration

The conditions to acquire or release RIF semaphores when applying
the CID filtering configuration were incorrect. Add
handle_available_semaphores() to handle correctly the RIF semaphores.
Also remove FMC_NB_MAX_CID_SUPPORTED and use generic MAX_CID_SUPPORTED.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Fixes: 778a36bf91d2 ("drivers: add FMC driver with RIF support")

show more ...

drivers: stm32_fmc: do not make RIF configuration mandatory

It should not be mandatory to apply a RIF configuration for a FMC.
Remove this constraint by allocating a RIF configuration structure only

drivers: stm32_fmc: do not make RIF configuration mandatory

It should not be mandatory to apply a RIF configuration for a FMC.
Remove this constraint by allocating a RIF configuration structure only
when the "st,protreg" property is present in the device tree to be
able to check if it has been allocated later.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_hpdma: update and fix CID filtering configuration

The conditions to acquire or release RIF semaphores when applying
the CID filtering configuration were incorrect. Add
handle_availabl

drivers: stm32_hpdma: update and fix CID filtering configuration

The conditions to acquire or release RIF semaphores when applying
the CID filtering configuration were incorrect. Add
handle_available_semaphores() to handle correctly the RIF semaphores.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Fixes: 0cf1cd13ceb6 ("drivers: add HPDMA driver with RIF support")

show more ...

drivers: stm32_hpdma: do not make RIF configuration mandatory

It should not be mandatory to apply a RIF configuration for a HPDMA.
Remove this constraint by allocating a RIF configuration structure

drivers: stm32_hpdma: do not make RIF configuration mandatory

It should not be mandatory to apply a RIF configuration for a HPDMA.
Remove this constraint by allocating a RIF configuration structure only
when the "st,protreg" property is present in the device tree to be
able to check if it has been allocated later.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rif: update and fix RIF configuration parsing

Fix the parsing of the RIF configuration by using device tree bindings,
when necessary. Generalize RIF bit fields and use them when deali

drivers: stm32_rif: update and fix RIF configuration parsing

Fix the parsing of the RIF configuration by using device tree bindings,
when necessary. Generalize RIF bit fields and use them when dealing
with generic RIF functions. Update drivers that use stm32_rif_parse_cfg()
accordingly.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Fixes: 1506f47af917 ("drivers: firewall: add stm32_rif driver for common RIF features")

show more ...

core: thread: clarify thread_rpc_alloc_*_payload() inline description

The thread_rpc_alloc_*_payload APIs are consistent with the thread_shm_type
enumerations, as seen in the alloc_shm function. How

core: thread: clarify thread_rpc_alloc_*_payload() inline description

The thread_rpc_alloc_*_payload APIs are consistent with the thread_shm_type
enumerations, as seen in the alloc_shm function. However, the name and
comments of thread_rpc_alloc_payload might be misleading, suggesting it is
a universal API. To maintain backward compatibility, only the code comments
have been updated for clarity.

Signed-off-by: Yitong Cheng <santongding@foxmail.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: cache align Key blob modifier

An array was used as Key blob modifier, changed it cache aligned
dynamic memory.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens W

drivers: caam: cache align Key blob modifier

An array was used as Key blob modifier, changed it cache aligned
dynamic memory.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: use firewall framework to configure internal RAMs

Use firewall API functions in stm32mp1 platform implementation to
configure the secure state of internal RAMs.

This change is a step

plat-stm32mp1: use firewall framework to configure internal RAMs

Use firewall API functions in stm32mp1 platform implementation to
configure the secure state of internal RAMs.

This change is a step in the removal of the shared_resource driver
that will be deprecated once the stm32mp1 platform drivers fully
move to the firewall framework resources.

This change also removes local SCMI_SHM_IS_IN_SRAMX macro (for
sake of simplicity) which can be replaced by testing
CFG_STM32MP1_SCMI_SHM_BASE!=0 that denotes that the SCMI shared
memory is not in an internal RAM in the platform configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: add memory configuration firewall API

Implement the .set_memory_conf() firewall ops that allows to reconfigure
memory regions managed by the platform ETZPC firewall c

drivers: firewall: stm32_etzpc: add memory configuration firewall API

Implement the .set_memory_conf() firewall ops that allows to reconfigure
memory regions managed by the platform ETZPC firewall controller.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: define STM32MP13 SRAMs and STM32MP15 RETRAM

Define some platform internal RAMs base address and sizes for STM32MP13
and STM32MP15 SoCs.

Signed-off-by: Etienne Carriere <etienne.carri

plat-stm32mp1: define STM32MP13 SRAMs and STM32MP15 RETRAM

Define some platform internal RAMs base address and sizes for STM32MP13
and STM32MP15 SoCs.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: firewall: add memory range firewall controller ops

Add a firewall driver operation handle and a firewall framework API
function to configure memory access rights, base on physical address
rang

core: firewall: add memory range firewall controller ops

Add a firewall driver operation handle and a firewall framework API
function to configure memory access rights, base on physical address
range arguments.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: allow valid locked configuration

Change stm32_etzpc driver to not trigger an error when the
requested firewall configuration matches an already configured
and locked

drivers: firewall: stm32_etzpc: allow valid locked configuration

Change stm32_etzpc driver to not trigger an error when the
requested firewall configuration matches an already configured
and locked configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: pager SRAMs must be secure

STM32MP15 SRAMs used by pager can only be configured as secure access
only.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

drivers: firewall: stm32_etzpc: pager SRAMs must be secure

STM32MP15 SRAMs used by pager can only be configured as secure access
only.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: remoteproc: stm32_remoteproc: Don't use SRAMs used by pager

Forbid stm32_remoteproc driver to use SRAMx that are used by OP-TEE pager.

Signed-off-by: Etienne Carriere <etienne.carriere@fos

drivers: remoteproc: stm32_remoteproc: Don't use SRAMs used by pager

Forbid stm32_remoteproc driver to use SRAMx that are used by OP-TEE pager.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: add stm32mp1_ram_intersect_pager_ram()

Add stm32mp1_ram_intersect_pager_ram() helper function to ease checking
when a memory range falls into OP-TEE pager pool. This will be needed
la

plat-stm32mp1: add stm32mp1_ram_intersect_pager_ram()

Add stm32mp1_ram_intersect_pager_ram() helper function to ease checking
when a memory range falls into OP-TEE pager pool. This will be needed
later to ensure memory used by OP-TEE pager is not re-assigned to
another purpose. This change only consider STM32MP15 variant where
OP-TEE pager can be used in internal RAMs.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: add stm32mp1_pa_or_sram_alias_pa()

Add stm32mp1_pa_or_sram_alias_pa() helper function to ease handling
SRAMx physical addresses that have aliases on STM32MP15 SoC.

Signed-off-by: Eti

plat-stm32mp1: add stm32mp1_pa_or_sram_alias_pa()

Add stm32mp1_pa_or_sram_alias_pa() helper function to ease handling
SRAMx physical addresses that have aliases on STM32MP15 SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: fix DECPROT values

Correct sanitize_decprot_config() implementation: label values to
enumerated type etzpc_decprot_attributes are prefixed ETZPC_.

Fixes: 9c22da4b29d

drivers: firewall: stm32_etzpc: fix DECPROT values

Correct sanitize_decprot_config() implementation: label values to
enumerated type etzpc_decprot_attributes are prefixed ETZPC_.

Fixes: 9c22da4b29de ("firewall: stm32_etzpc: check consistency of RCC vs DECPROT secure config")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: print DECPROT values as strings

Print ETZPC attribute strings instead of numerical value in trace
messages.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st

drivers: firewall: stm32_etzpc: print DECPROT values as strings

Print ETZPC attribute strings instead of numerical value in trace
messages.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: firewall: stm32_etzpc: explicit index in DECPROT string names

Explicit the indices assigned to DECPROT helper string names.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
R

drivers: firewall: stm32_etzpc: explicit index in DECPROT string names

Explicit the indices assigned to DECPROT helper string names.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: caam: check only format bit in operation

operation variable has been updated after entering the function
so we cannot check against full RSA operations.
Updated to check only format bit in

drivers: caam: check only format bit in operation

operation variable has been updated after entering the function
so we cannot check against full RSA operations.
Updated to check only format bit in operation

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix CFG_CORE_BIGNUM_MAX_BITS

CFG_CORE_BIGNUM_MAX_BITS should be 4576
4096 (RSA Max key size) +
8 * 60 (Header serialization and Black blob overhead in bytes)

Signed-off-by: Sahil Mal

drivers: caam: fix CFG_CORE_BIGNUM_MAX_BITS

CFG_CORE_BIGNUM_MAX_BITS should be 4576
4096 (RSA Max key size) +
8 * 60 (Header serialization and Black blob overhead in bytes)

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: change get_core_pos_mpidr() to support hypervisor

The secure hypervisor, such as Hafnium, is expected to manipulate
MPIDR_EL1 to indicate a VCPU ID.

This commit makes get_core_pos_mpidr() not

core: change get_core_pos_mpidr() to support hypervisor

The secure hypervisor, such as Hafnium, is expected to manipulate
MPIDR_EL1 to indicate a VCPU ID.

This commit makes get_core_pos_mpidr() not calculate a CPU ID
using the affinity bitfields of MPIDR_EL1 when there is a hypervisor
in SEL2.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>

show more ...

crypto: se05x: improve object deletion logs

For SE05x, only private keys are stored in the secure element: the
OP-TEE secure storage REE/RPMB retains the full public key but just a
handle to the pri

crypto: se05x: improve object deletion logs

For SE05x, only private keys are stored in the secure element: the
OP-TEE secure storage REE/RPMB retains the full public key but just a
handle to the private key.

If the secure element's persistent storage is erased, but OP-TEE's
secure storage remains, the public key can still be accessed while the
private key is inaccessible. However, in such cases, the 'key' will
still appear as present in the PKCS#11 database.

When CFG_CORE_SE05X_BLOCK_OBJ_DEL_ON_ERROR is enabled (not by default)
and the key pointed to by the handle is not present in the secure
element, OP-TEE PKCS#11 clients will encounter an error when attempting
to delete the private key information held in the OP-TEE secure
storage.

If the setting is disabled, the PKCS#11 storage clears the
private key handle without errors.

This commit removes some ambiguity, so users do not see error messages
when operations complete successfully.

It also fails on sss_se05x_key_object_init errors unconditionally since
a failure on this function can only signify some form of stack
corruption.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: shared_resource stops checking clock dependencies

Remove management of STM32MP15 secure clock support from the
platform specific share_resource.c driver. It is not needed STM32
ETZPC

plat-stm32mp1: shared_resource stops checking clock dependencies

Remove management of STM32MP15 secure clock support from the
platform specific share_resource.c driver. It is not needed STM32
ETZPC and RCC platform drivers now checks these dependencies.

Therefore the change removes stm32mp_register_clock_parents_secure()
and its related and ensures stm32mp_register_[non_]secure_xxx()
(from shared_resource.c driver) is not used for a clock (here PLL3).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: clk: stm32mp15: default disable mckprot hardening

Default disable RCC MCKPROT hardening configuration for STM32MP15
platforms since remoteproc driver enables it when required.

Remove disab

drivers: clk: stm32mp15: default disable mckprot hardening

Default disable RCC MCKPROT hardening configuration for STM32MP15
platforms since remoteproc driver enables it when required.

Remove disabling of RCC MCKPROT from STM32MP15 shared_resource driver
since this is now done from the STM32MP15 clock driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...