dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Revi

dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore defaul

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with mobj_get(). Fix that by calling mobj_get() before
unlocking reg_shm_slist_lock.

Fixes: b96514926b8e ("core: reference count struct mobj")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot, OP-TEE and TF-A set the JR0 to the non-secure
domain that leads to a HAB failure when trying to decrypt the kernel.

To fix the issue, this commit introduces CFG_JR_HAB_INDEX that specifies
which JR the HAB uses. OPTEE will skip the initialization of
CFG_JR_HAB_INDEX and leave it as secure.

It will also disable its usage in the device tree to inform the kernel.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp2: force CFG_DRIVERS_FIREWALL when supporting RIF controllers

When firewall controllers drivers that implements firewall framework
support are embedded such as RISAB or RIFSC, then CFG_D

plat-stm32mp2: force CFG_DRIVERS_FIREWALL when supporting RIF controllers

When firewall controllers drivers that implements firewall framework
support are embedded such as RISAB or RIFSC, then CFG_DRIVERS_FIREWALL
should be forced enabled.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: move firewall dt-bindings include at SoC level

Firewall controllers are present on every variant of stm32mp25 SoCs.
Therefore, move the inclusion of their dt-bindings at SoC level.

Sign

dts: stm32: move firewall dt-bindings include at SoC level

Firewall controllers are present on every variant of stm32mp25 SoCs.
Therefore, move the inclusion of their dt-bindings at SoC level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAB configurations for the stm32mp257f-ev1 platform

Add the internal memory layout and RIF configuration for the
stm32mp257f-ev1 platform.

Signed-off-by: Gatien Chevallier <gatien

dts: stm32: add RISAB configurations for the stm32mp257f-ev1 platform

Add the internal memory layout and RIF configuration for the
stm32mp257f-ev1 platform.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAB nodes in the stm32mp251 SoC DT file

Add the RISAB1/2/3/4/5/6 and default enable all of them except for the
RISAB6 that protects the VDERAM.

Signed-off-by: Gatien Chevallier <g

dts: stm32: add RISAB nodes in the stm32mp251 SoC DT file

Add the RISAB1/2/3/4/5/6 and default enable all of them except for the
RISAB6 that protects the VDERAM.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable RISAB on stm32mp2 platforms

Default enable RISAB driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

plat-stm32mp2: default enable RISAB on stm32mp2 platforms

Default enable RISAB driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configur

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configuration
has been delegated, configures the firewall attributes necessary to
access a page.

Each RISAB is dedicated to a internal memory and can cover 128KBytes of
data, separated in 32 pages of 4 KBytes, containing 8 blocks each.

It is possible to align a RISAB secure and privilege regions
allocations with an ARM Cortex M, which defines in its address space
configurable regions with a 256Bytes granularity. The configuration
would be 512Bytes block-based in order to align the two.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32mp25 RISAB bindings

Add stm32mp25 specific RISAB device tree bindings. This file contains
device tree contains helpers and RISABPROT macro that is used to
define the RIF config

dt-bindings: add stm32mp25 RISAB bindings

Add stm32mp25 specific RISAB device tree bindings. This file contains
device tree contains helpers and RISABPROT macro that is used to
define the RIF configuration for a RISAB region.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: add RISAB1/2 base addresses in platform configuration

Add RISAB1/2 base addresses in platform configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed

plat-stm32mp2: add RISAB1/2 base addresses in platform configuration

Add RISAB1/2 base addresses in platform configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: add VDERAM SYSCFG support

Adds support for the VDERAM configuration that is present in SYSCFG.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne C

plat-stm32mp2: add VDERAM SYSCFG support

Adds support for the VDERAM configuration that is present in SYSCFG.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: MP15 RNG is non-secure when PRNG is enable

Register stm32_rng device as non-secure when software PRNG is enabled
instead of testing the firewall configuration that is applied fro

drivers: stm32_rng: MP15 RNG is non-secure when PRNG is enable

Register stm32_rng device as non-secure when software PRNG is enabled
instead of testing the firewall configuration that is applied from
stm32mp1_init_final_shres() at driver_init_late initcall level, far
after RNG initialization.

Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: imx: disable ELE support on i.MX91 by default

On i.MX91, there is only one MU to communicate with ELE,
which cannot be dedicated on OP-TEE side all the time.
There may be ELE services running

core: imx: disable ELE support on i.MX91 by default

On i.MX91, there is only one MU to communicate with ELE,
which cannot be dedicated on OP-TEE side all the time.
There may be ELE services running on Linux side, which can
cause conflict with OP-TEE.
So disabling ELE by default for now.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: gic: accept GIC version 4 if CFG_ARM_GICV3 is enabled

GIC v4 is backwards compatible with GIC v3, Accept GIC
version 4 if CFG_ARM_GICV3 is enabled.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy

core: gic: accept GIC version 4 if CFG_ARM_GICV3 is enabled

GIC v4 is backwards compatible with GIC v3, Accept GIC
version 4 if CFG_ARM_GICV3 is enabled.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rd1ae: introduce RD-1 AE platform support

Add initial support for RD-1 AE platform, this includes:
1- GIC and console initialization functions.
2- Memory layout.
3- Make files.
4- Assembly func

plat-rd1ae: introduce RD-1 AE platform support

Add initial support for RD-1 AE platform, this includes:
1- GIC and console initialization functions.
2- Memory layout.
3- Make files.
4- Assembly function `get_core_pos_mpidr` to compute the
linear core position from MPIDR.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce Arm Cortex-v9 and Neoverse-v2 CPU support

Introduce cortex-armv9.mk file and use it to support the
Armv9 Neoverse v2 CPU.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-

core: introduce Arm Cortex-v9 and Neoverse-v2 CPU support

Introduce cortex-armv9.mk file and use it to support the
Armv9 Neoverse v2 CPU.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
cloc

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
clock gates with a disable init state overflow the gate refcount to -1
and clock gates with a enable init state take a refcount that is never
released.

For this purpose, add stm32_gate_set_init_state() function in
stm32 clock core driver for STM32MP13 gate clocks initialization
expects to set some clock gate hardware state (enabled or disabled)
before any refcount is considered.

Fixes: 2b028a2ba197 ("clk: implement multi-gate management at core level")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default

Use the platform tee_otp_get_die_id() implementation to generate the SSK
key.

Signed-off-by: Clement Faure <clement.faure@nxp.

core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default

Use the platform tee_otp_get_die_id() implementation to generate the SSK
key.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable attestation PTA

Enable the attestation PTA by default for i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.co

core: imx: enable attestation PTA

Enable the attestation PTA by default for i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Improve thread user mode record

Make the asm definitions be more human-readable.

Besides, it's unnecessary to save and restore kernel SP and GP into
thread_user_mode_rec, since they wi

core: riscv: Improve thread user mode record

Make the asm definitions be more human-readable.

Besides, it's unnecessary to save and restore kernel SP and GP into
thread_user_mode_rec, since they will be setup by system call trap
handler before executing thread_unwind_user_mode().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

core: riscv: Ensure XSTATUS is restored before XIE

In previous implementation, we found some accidental interrupts during
entering user mode and resuming of thread. We fixed it by clearing
XSTATUS.X

core: riscv: Ensure XSTATUS is restored before XIE

In previous implementation, we found some accidental interrupts during
entering user mode and resuming of thread. We fixed it by clearing
XSTATUS.XIE first, which is global interrupt enable bit, to ensure there
are no interrupts during those operations.

Now we found the better solution: restore XSTATUS before restoring XIE.
This can ensure the global interrupt bit in XSTATUS is cleared before we
restore the individual interrupt bits in XIE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

drivers: crypto: stm32: fix SAES driver set_field_u32 usage

set_field_u32() is a function that allows you to change a specific bit
in a register by using a mask. The function returns the full value

drivers: crypto: stm32: fix SAES driver set_field_u32 usage

set_field_u32() is a function that allows you to change a specific bit
in a register by using a mask. The function returns the full value of
the register, which means that the use of bitwise OR here is a mistake.
The current code works here only because the modified registers are
initialized. Moreover, I've reverted a commit as there is no
need to shift the value as the function already does it.

Fix the usage of the function in the SAES driver by replacing
bitwise OR assignments with simple assignments.

Fixes: c83a542f3734 ("drivers: crypto: stm32: fix SAES key selection")
Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

notif: fix build when NS_VIRTUALIZATION is enabled

Right now OP-TEE build fails if CFG_NS_VIRTUALIZATION=y and
CFG_CORE_ASYNC_NOTIF=n with the following error:

core/kernel/notif.c: In function 'nex

notif: fix build when NS_VIRTUALIZATION is enabled

Right now OP-TEE build fails if CFG_NS_VIRTUALIZATION=y and
CFG_CORE_ASYNC_NOTIF=n with the following error:

core/kernel/notif.c: In function 'nex_init_notif':
core/kernel/notif.c:185:42: error: 'notif_data_id' undeclared (first use in this function); did you mean 'notif_wait'?
185 | return virt_add_guest_spec_data(&notif_data_id,
| ^~~~~~~~~~~~~
| notif_wait
core/kernel/notif.c:185:42: note: each undeclared identifier is reported only once for each function it appears in
core/kernel/notif.c:186:48: error: invalid application of 'sizeof' to incomplete type 'struct notif_data'
186 | sizeof(struct notif_data), NULL);
| ^~~~~~
core/kernel/notif.c:187:1: warning: control reaches end of non-void function [-Wreturn-type]
187 | }
| ^

Move `#ifdef CFG_NS_VIRTUALIZATION` section under
`#ifdef CFG_CORE_ASYNC_NOTIF` to fix this.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...