core: arm: refactor struct mobj_ffa

Moves the non-secure shared memory specific fields of struct mobj_ffa
into the new struct mobj_ffa_shm which in turn embeds struct mobj_ffa.

This prepares for an

core: arm: refactor struct mobj_ffa

Moves the non-secure shared memory specific fields of struct mobj_ffa
into the new struct mobj_ffa_shm which in turn embeds struct mobj_ffa.

This prepares for another derivate of struct mobj_ffa that deals with
another kind of memory.

No change in functionality.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ABI description for dynamic protected memory

Extend the SMC and FF-A ABI to handle dynamic protected memory lending.
The capability bits OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM and
OPTEE_FFA_SEC_CAP

core: ABI description for dynamic protected memory

Extend the SMC and FF-A ABI to handle dynamic protected memory lending.
The capability bits OPTEE_SMC_SEC_CAP_DYNAMIC_PROTMEM and
OPTEE_FFA_SEC_CAP_PROTMEM respectively tells its availability.

OPTEE_MSG_CMD_GET_PROTMEM_CONFIG tells the minimal size and required
alignment of protected memory to lend.

For the SMC ABI, OPTEE_MSG_CMD_LEND_PROTMEM lends protected memory
and OPTEE_MSG_CMD_RECLAIM_PROTMEM returns the memory to normal world use.

For the FF-A ABI, FFA_LEND framework request followed by
OPTEE_MSG_CMD_ASSIGN_PROTMEM lends protected memory and
OPTEE_FFA_RELEASE_PROTMEM followed by the FFA_RECLAIM framework
request returns the memory to normal world use.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: SMC ABI to return protected memory configuration

Extend the SMC ABI to return the protect memory configuration.

A capability bit, OPTEE_SMC_SEC_CAP_PROTMEM, is added to announce that
the

core: arm: SMC ABI to return protected memory configuration

Extend the SMC ABI to return the protect memory configuration.

A capability bit, OPTEE_SMC_SEC_CAP_PROTMEM, is added to announce that
the new SMC fast call OPTEE_SMC_GET_PROTMEM_CONFIG is available.
OPTEE_SMC_GET_PROTMEM_CONFIG returns the physical memory range of
reserved protected memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sync ABI description files

Syncs the ABI description files optee_ffa.h and optee_msg.h with their
counterpart in the Linux kernel driver. Small changes in comments and
introduction of uint8_t

core: sync ABI description files

Syncs the ABI description files optee_ffa.h and optee_msg.h with their
counterpart in the Linux kernel driver. Small changes in comments and
introduction of uint8_t octets[24] as an alternative to struct
optee_msg_param_value value.

No ABI changes or extensions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat: rpi5: add basic Raspberry Pi 5 support

RPi5 is based on new BCM2712 SoC which is based on quad Cortex-A76.

BCM2712 still does not provide secure memory so we are free to locate
OP-TEE anythin

plat: rpi5: add basic Raspberry Pi 5 support

RPi5 is based on new BCM2712 SoC which is based on quad Cortex-A76.

BCM2712 still does not provide secure memory so we are free to locate
OP-TEE anything we want. It would be most beneficial to locate OP-TEE
right after TF-A, at address 0x80000, but RPi5 loader places kernel
there and it's location can't be changed.

According to PCB silkscreen, RPi5 boards can have 1GB, 2GB, 4GB or 8GB
of memory. To be compatible with any variant, OP-TEE is placed close
to the end of the first gigabyte.

BCM2712 uses PL011 as debug UART so we enable its driver.

According to specification, BCM2712 includes cryptography extensions,
but this basic port does not enable them.

As there is no way to load OP-TEE image into memory during boot
process, TF-A with OPTEE_ALLOW_SMC_LOAD=1 option should be used. In
this case OP-TEE can be loaded via Linux kernel or U-Boot.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Co-developed-by: Hugo Trippaers <htrippaers@schubergphilis.com>
Signed-off-by: Hugo Trippaers <htrippaers@schubergphilis.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

mmu: ignore VA spaces in core_mmu_get_type_by_pa

VA spaces have no valid PA addresses stored in memory map, so they are
not valid return values for core_mmu_get_type_by_pa() function.

This issues w

mmu: ignore VA spaces in core_mmu_get_type_by_pa

VA spaces have no valid PA addresses stored in memory map, so they are
not valid return values for core_mmu_get_type_by_pa() function.

This issues was discovered when OP-TEE tried to access a device tree
that was stored at the very beginning of physical address space. In
may case it had PA address 0x112C0, which was "covered" by
RES_VASPACE:

D/TC:0 0 dump_mmap_table:838 type RES_VASPACE va 0x1d800000..0x1e1fffff pa 0x00000000..0x009fffff size 0x00a00000 (pgdir)

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: ele: remove sab_init() initialization

ELE firmware has been divided into 2 firmwares for i.MX8ULP and i.MX95:
Primary and secondary firmware.
SAB init command is in Secondary firmware, whic

drivers: ele: remove sab_init() initialization

ELE firmware has been divided into 2 firmwares for i.MX8ULP and i.MX95:
Primary and secondary firmware.
SAB init command is in Secondary firmware, which will be loaded when
rootfs comes up, so this command is not available when OP-TEE is
initializing.
Moreover, we are not using any ELE command which is available in
secondary firmware, So removing sab_init() function.
Will add it when it will be used in driver.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: ele: update struct get_info_rsp{} fields

There has been an addition of PQC related fields in
Get Info Command response for i.MX95.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Ac

drivers: ele: update struct get_info_rsp{} fields

There has been an addition of PQC related fields in
Get Info Command response for i.MX95.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: ele: enable getting HUK/RNG from ELE on imx95

Enable support of getting HUK and RNG from ELE on imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.

drivers: ele: enable getting HUK/RNG from ELE on imx95

Enable support of getting HUK and RNG from ELE on imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable MU and ELE drivers for imx95

Enable both MU and ELE driver for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: add MU_BASE and MU_SIZE for imx95

Add MU Base address and MU size for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: imx: mu: add support for imx95

Add MU driver support for imx95

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.ma

drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by:

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens W

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
[SG: cleaned up the driver]
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

show more ...

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in a hash tree with an incomplete header and a counter value of 0.
If attempting to read this file subsequently leads to a
TEE_ERROR_CORRUPT_OBJECT error.

Instead of returning TEE_ERROR_CORRUPT_OBJECT, continue the
initialization flow to support subsequent functionality.

Link: https://github.com/OP-TEE/optee_os/issues/7512
Fixes: 50a814981d8b ("core: provide a hash tree for secure storage")

Signed-off-by: Ox Yeh <ox.yeh@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling tha

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling that interrupt.

The RTC interrupt line is only used if the RTC is set as a wakeup source
or RTC is secured by the RIF (only for STM32MP2x) and RTC PTA and
async notif are enabled.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Clément Le Goffic <legoffic.clement@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourg

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

S

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read w

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read will return that no HUK was present and generate a new key.
The previous all-zero HUK may already have been used, which violates the
assumption that a HUK doesn't change.

Since a HUK that consists of all zeros is likely an error in the TRNG,
reject the generated HUK, report an error and let upper layers handle
the error.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This i

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This issue is circumvented by reading the HUK once and caching it in
memory for later use. As a side-effect, this reduces the accesses/reads
from the OTP area.

Unfortunately, I don't know the root cause for the timeout while reading
the fuses. I guess that there is a disabled clock which prevents the
read, but I didn't look further, since caching works fine.

While the documentation recommends to never process the HUK in software,
it is read and processed anyway if it can be read from the fuses. Thus,
I don't think that caching has an effect on the security of the HUK.
The caching is inspired by the HUK handling implemented in the nvmem
driver.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

Extract the OTP write and read support to a separate driver to make it
available for other modules.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...