drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@a

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ET

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ETZPC
related code.

While there, revert commit 326382a059a8 ("drivers: stm32_rng: MP15 RNG is
non-secure when PRNG is enable") and prefer to use ETZPC API.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as a firewall provider.

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions for
which no firewall operations will be done when CFG_INSECURE is set.
This allows, for example, to share a console with the non-secure world
for development purposes.

The ETZPC driver register the following ops:
-set_conf
-acquire_access
-acquire_memory_access

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration wil

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration will not be
checked before probing a peripheral. Default enable this switch for
DH platforms that use non-securable peripherals in OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Che

drivers: stm32_etzpc: move the stm32_etzpc driver to the firewall folder

The ETZPC is a firewall controller. Therefore, move the stm32_etzpc driver
to the firewall folder.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device

drivers: stm32_etzpc: update driver to set ETZPC configuration from DT

Remove old implementation where the ETZPC configuration was a hard
coded table in the shared resources file and use the device tree to
get it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

On this platform, only the ETZPC is a

plat-stm32mp1: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

On this platform, only the ETZPC is a firewall controller for now.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: define ETZPC as an access controller for stm32mp13 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp13 platforms. Also add t

dts: stm32: define ETZPC as an access controller for stm32mp13 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp13 platforms. Also add the "simple-bus"
compatible for backward compatibility and "#access-controllers-cells"
to the ETZPC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: define ETZPC as an access controller for stm32mp15 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp15x platforms. Also add

dts: stm32: define ETZPC as an access controller for stm32mp15 platforms

ETZPC is a firewall controller. Add the access-controllers property to
all ETZPC sub-nodes on stm32mp15x platforms. Also add the "simple-bus"
compatible for backward compatibility and "#access-controllers-cells"
to the ETZPC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-

dts: stm32: add the ETZPC configuration table for stm32mp1x boards

Add the tables defining the ETZPC firewall controller configuration
that will be set at boot time on stm32mp1x boards.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Johann Neuhauser <jneuhauser@dh-electronics.com>

show more ...

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some incl

dt-bindings: add platform specific ETZPC bindings

Define ETZPC bindings for STM32MP15 and STM32MP13 and add these
header files into the stm32mp_dt_bindings helper. While there, also
update some includes to fix the path errors.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-

dts: stm32: use st,stm32mp15-i2c-non-secure compatible for the I2C4

Use st,stm32mp15-i2c-non-secure compatible for the I2C4 as it is
currently non-secure on stm32mp15 dkx and evx platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: disable VREFBUF on stm32mp15-dkx platforms

VREFBUF is currently not used on stm32mp15-dkx platforms,
so disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Revi

dts: stm32: disable VREFBUF on stm32mp15-dkx platforms

VREFBUF is currently not used on stm32mp15-dkx platforms,
so disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Revi

dts: stm32: disable ADC2 on stm32mp135f-dk

Remove ADC2 configuration in stm32mp135-dk.dts since OP-TEE does not
use the device.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore defaul

dts: stm32: default disable DMA at SoC level for stm32mp15 platforms

DMA node in stm32mp15* SoC DTSI files shouldn't be enabled by default,
we don't even have a driver to handle it. Therefore default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with

core: fix race in mobj_reg_shm_get_by_cookie()

Until this patch in mobj_reg_shm_get_by_cookie() there's a small window
after cpu_spin_unlock_xrestore() before the reference counter is
increased with mobj_get(). Fix that by calling mobj_get() before
unlocking reg_shm_slist_lock.

Fixes: b96514926b8e ("core: reference count struct mobj")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot

drivers: caam: skip JR init of CFG_JR_HAB_INDEX

On iMX8M SoC, the HAB requires the JR0 to be set to secure world to
decrypt the kernel image when loading the image in U-Boot.

Before reaching u-boot, OP-TEE and TF-A set the JR0 to the non-secure
domain that leads to a HAB failure when trying to decrypt the kernel.

To fix the issue, this commit introduces CFG_JR_HAB_INDEX that specifies
which JR the HAB uses. OPTEE will skip the initialization of
CFG_JR_HAB_INDEX and leave it as secure.

It will also disable its usage in the device tree to inform the kernel.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp2: force CFG_DRIVERS_FIREWALL when supporting RIF controllers

When firewall controllers drivers that implements firewall framework
support are embedded such as RISAB or RIFSC, then CFG_D

plat-stm32mp2: force CFG_DRIVERS_FIREWALL when supporting RIF controllers

When firewall controllers drivers that implements firewall framework
support are embedded such as RISAB or RIFSC, then CFG_DRIVERS_FIREWALL
should be forced enabled.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: move firewall dt-bindings include at SoC level

Firewall controllers are present on every variant of stm32mp25 SoCs.
Therefore, move the inclusion of their dt-bindings at SoC level.

Sign

dts: stm32: move firewall dt-bindings include at SoC level

Firewall controllers are present on every variant of stm32mp25 SoCs.
Therefore, move the inclusion of their dt-bindings at SoC level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAB configurations for the stm32mp257f-ev1 platform

Add the internal memory layout and RIF configuration for the
stm32mp257f-ev1 platform.

Signed-off-by: Gatien Chevallier <gatien

dts: stm32: add RISAB configurations for the stm32mp257f-ev1 platform

Add the internal memory layout and RIF configuration for the
stm32mp257f-ev1 platform.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAB nodes in the stm32mp251 SoC DT file

Add the RISAB1/2/3/4/5/6 and default enable all of them except for the
RISAB6 that protects the VDERAM.

Signed-off-by: Gatien Chevallier <g

dts: stm32: add RISAB nodes in the stm32mp251 SoC DT file

Add the RISAB1/2/3/4/5/6 and default enable all of them except for the
RISAB6 that protects the VDERAM.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable RISAB on stm32mp2 platforms

Default enable RISAB driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

plat-stm32mp2: default enable RISAB on stm32mp2 platforms

Default enable RISAB driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configur

drivers: stm32_risab: add RISAB internal memory firewall driver

This driver implements the RISAB driver. Through RISAB registers, a
trusted compartment, or the compartment to which the page configuration
has been delegated, configures the firewall attributes necessary to
access a page.

Each RISAB is dedicated to a internal memory and can cover 128KBytes of
data, separated in 32 pages of 4 KBytes, containing 8 blocks each.

It is possible to align a RISAB secure and privilege regions
allocations with an ARM Cortex M, which defines in its address space
configurable regions with a 256Bytes granularity. The configuration
would be 512Bytes block-based in order to align the two.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32mp25 RISAB bindings

Add stm32mp25 specific RISAB device tree bindings. This file contains
device tree contains helpers and RISABPROT macro that is used to
define the RIF config

dt-bindings: add stm32mp25 RISAB bindings

Add stm32mp25 specific RISAB device tree bindings. This file contains
device tree contains helpers and RISABPROT macro that is used to
define the RIF configuration for a RISAB region.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...