core: riscv: Set exception return PC into XEPC for entering user mode

Instead of setting exception return PC into "ra" register and assign it
to XEPC, we should directly set exception return PC into

core: riscv: Set exception return PC into XEPC for entering user mode

Instead of setting exception return PC into "ra" register and assign it
to XEPC, we should directly set exception return PC into "XEPC" CSR to
improve code redability.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

core: plat-corstone1000: Increase TZDRAM size

Increased TZDRAM size using space.

NS_SHARED_RAM region is not used by Corstone1000 platform. It is
removed to create more space in secure RAM for BL32

core: plat-corstone1000: Increase TZDRAM size

Increased TZDRAM size using space.

NS_SHARED_RAM region is not used by Corstone1000 platform. It is
removed to create more space in secure RAM for BL32 image.
Thus, there is more space in the secure RAM that can be used by OP-TEE.

Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: stm32_rng: use default PRNG init if RNG is disabled in the DT

In case RNG peripheral is not enabled in device tree, fallback to the
default RNG initialization implementation.

Signed-off-by

drivers: stm32_rng: use default PRNG init if RNG is disabled in the DT

In case RNG peripheral is not enabled in device tree, fallback to the
default RNG initialization implementation.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: define plat_rng_init() as a weak alias of __plat_rng_init()

Rename the function plat_rng_init() to __plat_rng_init() and define
plat_rng_init() as a weak alias of __plat_rng_init().
This allow

core: define plat_rng_init() as a weak alias of __plat_rng_init()

Rename the function plat_rng_init() to __plat_rng_init() and define
plat_rng_init() as a weak alias of __plat_rng_init().
This allow to use the default RNG initialization in the platform
plat_rng_init() function.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: timeout_elapsed(): fix expiration threshold

Fix timeout threshold that should return once the time expires,
not 1 tick after it has expired. This change makes udelay(0) to
immediately return a

core: timeout_elapsed(): fix expiration threshold

Fix timeout threshold that should return once the time expires,
not 1 tick after it has expired. This change makes udelay(0) to
immediately return and not wait a generic timer counter increment.

This change fixes an issue where a driver stops the counter feeding
Arm generic timer counter and indirectly calls IO_READ32_POLL_TIMEOUT()
with a delay of 0us. It that case, since counter never increments, the
udelay(0) call in IO_READ32_POLL_TIMEOUT() never returns while we expect
the macro to endlessly poll (as timeout would never be detected) until
poll condition is met or system watchdog is triggered.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: allow enabling CFG_TEE_CORE_DEBUG for virt machine

Allow enabling CFG_TEE_CORE_DEBUG to make assertions useful.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed

riscv: plat-virt: allow enabling CFG_TEE_CORE_DEBUG for virt machine

Allow enabling CFG_TEE_CORE_DEBUG to make assertions useful.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: core_mmu: don't use check_va_matches_pa() on RISC-V

The arch_va2pa_helper() in the RISC-V implements a software page table
walker. It requires phys_to_virt() to convert the physical page o

core: mm: core_mmu: don't use check_va_matches_pa() on RISC-V

The arch_va2pa_helper() in the RISC-V implements a software page table
walker. It requires phys_to_virt() to convert the physical page on the
PTE to the virtual address of the next level page table. The process
can lead to a stack overflow caused by indirect recursion as below:

phys_to_virt() <--------------------------------.
-> check_va_matches_pa() |
-> virt_to_phys() |
-> arch_va2pa_helper() |
-> core_mmu_xlat_table_entry_pa2va()-'

As arch_va2pa_helper() can return true if va matches pa, we
don't use and check_va_matches_pa() when CFG_TEE_CORE_DEBUG
is enabled.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: core_mmu: add core_mmu_user_va_range_is_defined() for RISC-V

The function hasn't been implemented for RISC-V, so move the
core_mmu_user_va_range_is_defined() definition to generic
core_mmu

core: mm: core_mmu: add core_mmu_user_va_range_is_defined() for RISC-V

The function hasn't been implemented for RISC-V, so move the
core_mmu_user_va_range_is_defined() definition to generic
core_mmu.h and function implementations to arch-specific files.

Also, update the assertions where checks if user va range is defined.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: core_mmu_arch: fix compile error for bit_test()

Fix the compile error in the bit_test() macro, which mistakenly
uses the address of g_asid as the parameter.

Signed-off-by: Yu Chien Pet

core: riscv: core_mmu_arch: fix compile error for bit_test()

Fix the compile error in the bit_test() macro, which mistakenly
uses the address of g_asid as the parameter.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: mm: fix arch_va2pa_helper() on superpage translation

Any level of PTE may be a leaf PTE in RISC-V page table, if the
page is not 4KiB, the page offset should be extended to VPN fields
o

core: riscv: mm: fix arch_va2pa_helper() on superpage translation

Any level of PTE may be a leaf PTE in RISC-V page table, if the
page is not 4KiB, the page offset should be extended to VPN fields
of virtual address.

e.g. on Sv39, if there is a leaf PTE on level-1 (2MiB megapage),
it maps to physical page with (va[20:12] | va[11:0]) as the page
offset.

Sv39 Virtual address:
|<--- superpage offset --->|
38_______30_29______21|20______12_11____________0|
| VPN[2] | VPN[1] | VPN[0] | page offset |
‾‾‾‾9‾‾‾‾‾‾‾‾‾‾9‾‾‾‾‾|‾‾‾‾9‾‾‾‾‾‾‾‾‾‾‾‾12‾‾‾‾‾‾‾|
| |
Physical address: | |
| |
55___________30_29______21|20______12_11____________0|
| PPN[2] | PPN[1] | PPN[0] | page offset |
‾‾‾‾‾‾26‾‾‾‾‾‾‾‾‾‾‾9‾‾‾‾‾'‾‾‾‾9‾‾‾‾‾‾‾‾‾‾‾‾12‾‾‾‾‾‾‾'

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routi

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routing it must know in advance that OP-TEE supports it.
By masking the capability the kernel will route all RPMB commands to
tee-supplicant.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add flag to enumerate TAs when secure storage is ready

Add TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE with similar usage as
TA_FLAG_DEVICE_ENUM_SUPP except that it is used to add an enumeration
p

core: add flag to enumerate TAs when secure storage is ready

Add TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE with similar usage as
TA_FLAG_DEVICE_ENUM_SUPP except that it is used to add an enumeration
point when secure storage is ready.

The new TA function PTA_CMD_GET_DEVICES_RPMB is added to the device PTA
to report TAs depending on RPMB.

PTA_CMD_GET_DEVICES_RPMB will if CFG_REE_FS!=y and CFG_RPMB_FS=y first
try to initialize RPMB and only if successful will it return eventual
TAs with the TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE flag set.

PTA_CMD_GET_DEVICES_SUPP will if CFG_REE_FS=y include TAs with the
TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE flag set in the list of TAs to
return.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTE

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTEE_RPC_CMD_RPMB_FRAMES.

OPTEE_RPC_CMD_RPMB_PROBE_RESET resets probing to a well known state and
returns the shared memory type needed when allocating shared memory for
communication with later RPMB functions.

OPTEE_RPC_CMD_RPMB_PROBE_NEXT selects the next RPMB device and returns
its device information. Later calls to OPTEE_RPC_CMD_RPMB will use this
selected device.

OPTEE_RPC_CMD_RPMB_FRAMES sends the raw RPMB frames to normal world for
further routing to the RPMB device.

tee_rpmb_reinit() is added to allow re-initializing the RPMB FS if a
boot stage has used RPMB.

Backwards compatibility is maintained by falling back to the old type of
initialization if OPTEE_RPC_CMD_RPMB_PROBE_RESET returns
TEE_ERROR_NOT_SUPPORTED.

Whether RPMB devices are probed by the kernel or tee-supplicant is
decided by the kernel driver where the shared memory type returned by
OPTEE_RPC_CMD_RPMB_PROBE_RESET plays a vital role.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: use thread_rpc_shm_cache_alloc()

Use thread_rpc_shm_cache_alloc() to cache shared memory allocations to
simplify and make the code slightly more efficient.

Signed-off-by: Jens Wiklander

core: rpmb: use thread_rpc_shm_cache_alloc()

Use thread_rpc_shm_cache_alloc() to cache shared memory allocations to
simplify and make the code slightly more efficient.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add THREAD_SHM_CACHE_USER_RPMB

Add an enum to cache RPMB shared memory allocations.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@l

core: add THREAD_SHM_CACHE_USER_RPMB

Add an enum to cache RPMB shared memory allocations.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: set device ID in tee_rpmb_init()

Until now, when initializing RPMB the devices ID has been passed to
tee_rpmb_init(), but there isn't any flexibility since it's always
CFG_RPMB_FS_DEV_ID

core: rpmb: set device ID in tee_rpmb_init()

Until now, when initializing RPMB the devices ID has been passed to
tee_rpmb_init(), but there isn't any flexibility since it's always
CFG_RPMB_FS_DEV_ID passed along. So simplify the code a bit and
use CFG_RPMB_FS_DEV_ID directly in tee_rpmb_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: rstctrl: Fix function description

Fix the description of functions rstctrl_dt_get_func() and
rstctrl_register_provider() and rstctrl_get_exclusive().

By the way, append parentheses ("()")

drivers: rstctrl: Fix function description

Fix the description of functions rstctrl_dt_get_func() and
rstctrl_register_provider() and rstctrl_get_exclusive().

By the way, append parentheses ("()") to function names in
inline description comment for consistency in core header files.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Let platform choose native and foreign interrupts

Platform may want to choose different types of native and foreign
interrupts. This commit adds two definitions for the platforms:
1. PL

core: riscv: Let platform choose native and foreign interrupts

Platform may want to choose different types of native and foreign
interrupts. This commit adds two definitions for the platforms:
1. PLAT_THREAD_EXCP_FOREIGN_INTR: to define platform specific foreign
interrupts
2. PLAT_THREAD_EXCP_NATIVE_INTR: to define platform specific native
interrupts.

For RISC-V virt machine, we define all external/mtimer/software
interrupts as foreign interrupts. For RISC-V spike platform, we define
external interrupts as foreign interrupts, and mtimer/software
interrupts as native interrupts.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Update thread core local flags for native interrupts

Record the type of stack and the type of interrupt into thread core
local flags before handling the native interrupts. Once we finis

core: riscv: Update thread core local flags for native interrupts

Record the type of stack and the type of interrupt into thread core
local flags before handling the native interrupts. Once we finish the
handling of the native interrupts, we clear the previous flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Determine foreign interrupts during interrupt handling

The foreign interrupts are defined in THREAD_EXCP_FOREIGN_INTR, whose
bit fields are corresponding to RISC-V MIP/SIP CSR. Thus, we

core: riscv: Determine foreign interrupts during interrupt handling

The foreign interrupts are defined in THREAD_EXCP_FOREIGN_INTR, whose
bit fields are corresponding to RISC-V MIP/SIP CSR. Thus, we can
determine whether the coming interrupt is foreign interrupt or not by
THREAD_EXCP_FOREIGN_INTR.

However, the trap information is encoded in XCAUSE CSR. Thus, we must
translate the value of XCAUSE to XIP first, and then compare the XIP
with THREAD_EXCP_FOREIGN_INTR. For example, if the coming interrupt is
supervisor timer interrupt, the value of SCAUSE will be
0x8000000000000005 on RV64 system. We need to translate it to be
sip.STIP, which is 0x20. Then, we can further compare 0x20 with
THREAD_EXCP_FOREIGN_INTR. If 0x20 is subset of THREAD_EXCP_FOREIGN_INTR,
it is determined as a foreign interrupt. Finally, we call
thread_foreign_interrupt_handler() to further handle it.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Implement foreign interrupt handler

In SMP based OP-TEE system, the foreign interrupts, which are handled
outside OP-TEE, might be injected during the execution of OP-TEE. When
OP-TEE r

core: riscv: Implement foreign interrupt handler

In SMP based OP-TEE system, the foreign interrupts, which are handled
outside OP-TEE, might be injected during the execution of OP-TEE. When
OP-TEE receives such foreign interrupts, it should suspend current
thread and yield the execution to the foreign domains to handle those
foreign interrupts.

This commit implements thread_foreign_interrupt_handler(), which is
expected to be called during trap handling. The job of this function are
suspending the current thread, and returning to the other domain to let
them handle the foreign interrupts.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Rename and re-order parameters of the interrupt handlers

Rename thread_interrupt_handler() to thread_native_interrupt_handler(),
since we are going to support the foreign interrupt hand

core: riscv: Rename and re-order parameters of the interrupt handlers

Rename thread_interrupt_handler() to thread_native_interrupt_handler(),
since we are going to support the foreign interrupt handler.

The native interrupts are handled in OP-TEE side, while the foreign
interrupts are handled outside OP-TEE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Ac

driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...