drivers: remoteproc: stm32mp15: check Cortex-M isolation

Set Cortex-M RCC isolation (MCKPROT) configuration when STM32MP15
remote processor secure loading is embedded in the platform.

Signed-off-by

drivers: remoteproc: stm32mp15: check Cortex-M isolation

Set Cortex-M RCC isolation (MCKPROT) configuration when STM32MP15
remote processor secure loading is embedded in the platform.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

firewall: stm32_etzpc: check consistency of RCC vs DECPROT secure config

Ensures that when an ETZPC DECPROT configuration is secure (resp.
MCU isolated) that SoC RCC is also secure (resp. MCKPROT is

firewall: stm32_etzpc: check consistency of RCC vs DECPROT secure config

Ensures that when an ETZPC DECPROT configuration is secure (resp.
MCU isolated) that SoC RCC is also secure (resp. MCKPROT isolated).

This change helps to remove dependency on shared_resource.c driver
that is no longer needed since integration of the firewall framework.

By the way, fix include files order.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

plat-ls: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienn

plat-ls: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienn

drivers: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etien

core: mm: use fdt_reg_info()

Use fdt_reg_info() instead of fdt_reg_base_address() and fdt_reg_size()
to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: dt: add and use fdt_reg_info()

Implement fdt_reg_info() instead of fdt_reg_base_address() and
fdt_reg_size() to optimize look up in the DT due to finding parent node.

Signed-off-by: E

core: kernel: dt: add and use fdt_reg_info()

Implement fdt_reg_info() instead of fdt_reg_base_address() and
fdt_reg_size() to optimize look up in the DT due to finding parent node.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: cache embedded DTB node information

Optimize OP-TEE boot time regarding parsing of the embedded DTB
content when using libfdt. The library functions fdt_parent_offset()
and fdt_node_offset

core: dt: cache embedded DTB node information

Optimize OP-TEE boot time regarding parsing of the embedded DTB
content when using libfdt. The library functions fdt_parent_offset()
and fdt_node_offset_by_phandle() are not very efficient since they
parse the DTB from root node to target node to look up for,
respectively, the node offset of a node parent and the node offset
related to a node phandle. Helper functions fdt_reg_base_address()
and fdt_reg_size() are also affected since they are based on
fdt_parent_offset() to find the #address-cells and #size-cells
properties of a node parent.

Optimize this by parsing the embedded DT once and caching node
information (parent node, phandle value, parent node #address-cells
and #size-cells values) in a array. Parse the array instead of the
DT for find these information.

We made few tests to use bisection or hash tables for look up the
information in the cache array. The gain was very small, likely due
to the number of DT node involved in the platform is relatively small
(only several hundreds or nodes).

This feature is enabled upon configuration switch CFG_DT_CACHED_NODE_INFO.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: move sanity of RCC secure state against BSEC state

Move implementation that verifies STM32MP1 device Secure Closed state
(read from BSEC OTP fuses) against RCC secure hardening config

plat-stm32mp1: move sanity of RCC secure state against BSEC state

Move implementation that verifies STM32MP1 device Secure Closed state
(read from BSEC OTP fuses) against RCC secure hardening configuration.
It is moved from shared_resource.c platform driver to platform main.c.
This change prepares the removal of shared_resource.c driver that is
no longer needed since integration of the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA regi

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA register values were taken from i.MX6 Security Reference
Manual rev 0.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

plat-stm32mp1: remove unused stm32mp_nsec_can_access_pmic_regu()

Remove unused platform function stm32mp_nsec_can_access_pmic_regu().

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

plat-stm32mp1: remove unused stm32mp_nsec_can_access_pmic_regu()

Remove unused platform function stm32mp_nsec_can_access_pmic_regu().

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: remove useless assertion on rstctrl

Remove useless assertion on reset controller handle value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by

plat-stm32mp1: scmi_server: remove useless assertion on rstctrl

Remove useless assertion on reset controller handle value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: permit MCU reset upon remoteproc security

Forbid SCMI accesses to MCU reset controllers when remote processor
is to be managed through OP-TEE remoteproc services.

Signed

plat-stm32mp1: scmi_server: permit MCU reset upon remoteproc security

Forbid SCMI accesses to MCU reset controllers when remote processor
is to be managed through OP-TEE remoteproc services.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled throu

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled through OP-TEE remoteproc secure services.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

core: mm: fix mobj_tee_ram_rw initialization

Until this patch, for CFG_CORE_RWDATA_NOEXEC=n and CFG_CORE_ASLR=y
there's an error in mobj_init() when the length of the combined
TEE_RAM_RWX is calcula

core: mm: fix mobj_tee_ram_rw initialization

Until this patch, for CFG_CORE_RWDATA_NOEXEC=n and CFG_CORE_ASLR=y
there's an error in mobj_init() when the length of the combined
TEE_RAM_RWX is calculated.

The relocatable address VCORE_UNPG_RW_PA is mixed with the absolute
address TEE_RAM_START. Relocated addresses only changes with
CFG_CORE_ASLR=y so before ASLR this expression was correct.

The combined TEE_RAM_RWX is only used with CFG_CORE_RWDATA_NOEXEC=n so
that is also a prerequisite for the error. The calculated length field
is usually not more wrong than code depending on
mobj_tee_ram_rw/mobj_tee_ram_rx still works. So the error wasn't visible
until length checks for phys_to_virt() was introduced with the commit
c2e4eb43b7b7 ("core_mmu: fix phys_to_virt() to check length").

Fix this by using VCORE_START_VA instead of TEE_RAM_START since the
former is a relocated address.

Fixes: c2e4eb43b7b7 ("core_mmu: fix phys_to_virt() to check length")
Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: disable PRNG by default for all K3

All K3 devices already have PRNG disabled, remove the check and
set this unconditionally.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Foris

plat-k3: disable PRNG by default for all K3

All K3 devices already have PRNG disabled, remove the check and
set this unconditionally.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Et

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Car

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gati

dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevall

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Re

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Che

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: Update comments in ECC driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: Update comments in RSA driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>