core: console: Allow setting logging verbosity during runtime

The default console can be disabled at runtime for power management. Any
prints after boot from OP-TEE could cause a bus data abort if t

core: console: Allow setting logging verbosity during runtime

The default console can be disabled at runtime for power management. Any
prints after boot from OP-TEE could cause a bus data abort if the UART has
been disabled. Add an option to change the log level after boot has
completed which can be used to disable the console log.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: enable IWDG1 on stm32mp257f-dk board

Enable IWDG1 node and set a 32s timeout.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier

dts: stm32: enable IWDG1 on stm32mp257f-dk board

Enable IWDG1 node and set a 32s timeout.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: arm: refactor RD-1AE and RD-Aspen into automotive_rd flavors

This change moves RD-1AE and RD-Aspen under a single
automotive_rd platform with per-flavor configuration.

Key updates:
- Introduc

core: arm: refactor RD-1AE and RD-Aspen into automotive_rd flavors

This change moves RD-1AE and RD-Aspen under a single
automotive_rd platform with per-flavor configuration.

Key updates:
- Introduce plat-automotive_rd/ with shared main.c,
platform_config.h and Makefiles.
- Define RD-1AE and RD-Aspen are selected
via PLATFORM_FLAVOR rd1ae or rdaspen.
- Merge flavor settings (UART/GIC/DRAM/topology)
into platform_config.h and conf.mk files.
- Use default get_core_pos_mpidr() by setting appropriate
CFG_CORE_CLUSTER_SHIFT / CFG_CORE_THREAD_SHIFT for rdaspen,
eliminating custom assembly where not required.

Benefits:
- Consistent with OP-TEE’s platform/variant framework.
- Reduces code duplication between RD-1AE and RD-Aspen.
- Simplifies adding new automotive reference design flavors
in the future.

Usage:
- Set PLATFORM=automotive_rd
- Set PLATFORM_FLAVOR to rdaspen or rd1ae

Signed-off-by: Ahmed Tiba <ahmed.tiba@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: align the address of transfer entry

Fix two issues in transfer_list_add() and transfer_list_add_with_align(),
which cause incompliance with the Firmware Handoff spec v1.0 [1].

1. Avoi

core: kernel: align the address of transfer entry

Fix two issues in transfer_list_add() and transfer_list_add_with_align(),
which cause incompliance with the Firmware Handoff spec v1.0 [1].

1. Avoid adding entries at an unaligned address.
2. Remove the implicit padding at the end of a transfer entry which is
included by 'tl->size'.

[1] https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v1.0

Fixes: a12225022bd5 ("core: add transfer list API")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: stmm_sp: return FFA_NOT_SUPPORTED for undefined FFA functions

edk2's patch ("ArmFfaLib: Add Rx/Tx support for Stmm secure partition") [0]
added Rx/Tx buffer mapping support to ArmFfaStand

core: arm: stmm_sp: return FFA_NOT_SUPPORTED for undefined FFA functions

edk2's patch ("ArmFfaLib: Add Rx/Tx support for Stmm secure partition") [0]
added Rx/Tx buffer mapping support to ArmFfaStandaloneMm(Core)Lib.

However, stmm_sp does not require Rx/Tx buffer mapping and
its SVC handler is lightweight. Therefore, when it receives
an undefined FFA function, it is sufficient to return FFA_NOT_SUPPORTED to
StandaloneMm instead of panicking.

This also aligns with the FF-A specification, which requires returning
FFA_NOT_SUPPORTED when an unimplemented function ID is received.

If StandaloneMm fails to initialize, it will return FFA_ERROR.
In this case, there is no way to keep the stmm_sp TA alive,
so panic is called.
Otherwise, StandaloneMm will return with DIRECT_MSG_RESP.

Link: https://github.com/tianocore/edk2/pull/11080/commits/75ca159e57dbe081b89373046280f34d67571852 [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Mikko Rapeli <mikko.rapeli@linaro.org>

show more ...

core: riscv: add build config for MPXY/RPMI support

Enable compilation of MPXY/RPMI support by introducing the build
option `CFG_RISCV_SBI_MPXY_RPMI`.

This commit:
- Adds sbi_mpxy_rpmi.c to the bui

core: riscv: add build config for MPXY/RPMI support

Enable compilation of MPXY/RPMI support by introducing the build
option `CFG_RISCV_SBI_MPXY_RPMI`.

This commit:
- Adds sbi_mpxy_rpmi.c to the build when the option is enabled
- Forces `CFG_RISCV_SBI_MPXY` when MPXY/RPMI is selected
- Enables CFG_RISCV_SBI_MPXY_RPMI in plat-virt by default

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: add initial RPMI/MPXY integration support

This commit introduces infrastructure to support RPMI communication via
the SBI MPXY extension. MPXY allows supervisor software to send and
rec

core: riscv: add initial RPMI/MPXY integration support

This commit introduces infrastructure to support RPMI communication via
the SBI MPXY extension. MPXY allows supervisor software to send and
receive RPMI messages through M-mode firmware acting as a proxy.

Functions added by this commit are sufficient to implement the
RequestForward service group.

Support for asynchronous events, notifications, and MSI-based message
delivery will be added in future commits.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

riscv: sbi_mpxy_rpmi.h: add RPMI protocol-specific definitions for MPXY

Introduce sbi_mpxy_rpmi.h, a header defining RPMI message protocol
attributes and message types specific to the MPXY SBI exten

riscv: sbi_mpxy_rpmi.h: add RPMI protocol-specific definitions for MPXY

Introduce sbi_mpxy_rpmi.h, a header defining RPMI message protocol
attributes and message types specific to the MPXY SBI extension.
This includes enums for attribute and message type identifiers, a
unified RPMI message structure, and helper initializers to simplify
message construction.

These definitions serve as the interface between supervisor-level RPMI
clients and the underlying MPXY transport.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

riscv: rpmi.h: add defines of RISC-V RPMI messaging protocol

The RPMI messaging protocol includes all the RPMI messages exchanged
over a RPMI transport channel.

*NOTE*: The RISC-V RPMI specificatio

riscv: rpmi.h: add defines of RISC-V RPMI messaging protocol

The RPMI messaging protocol includes all the RPMI messages exchanged
over a RPMI transport channel.

*NOTE*: The RISC-V RPMI specification is not yet ratified
as a full standard. This is based on the v0.99 draft released during
May–June 2025 The draft is frozen and in public review.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: introduce CFG_RISCV_SBI_MPXY flag for MPXY SBI support

Add a new build-time configuration flag CFG_RISCV_SBI_MPXY to enable
compilation of MPXY SBI extension support in OP-TEE. When ena

core: riscv: introduce CFG_RISCV_SBI_MPXY flag for MPXY SBI support

Add a new build-time configuration flag CFG_RISCV_SBI_MPXY to enable
compilation of MPXY SBI extension support in OP-TEE. When enabled, this
automatically forces CFG_RISCV_SBI to ensure the SBI infrastructure is
included.

Also update the build system to conditionally compile sbi_mpxy.c based
on this flag.

Enable CFG_RISCV_SBI_MPXY by default for the virt platform.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: implement MPXY SBI extension

Introduce support for the MPXY SBI extension (EID #0x4D505859),
which enables supervisor software to exchange messages through
an abstract SBI interface dec

core: riscv: implement MPXY SBI extension

Introduce support for the MPXY SBI extension (EID #0x4D505859),
which enables supervisor software to exchange messages through
an abstract SBI interface decoupled from any specific protocol.

MPXY allows setting up per-hart shared memory for transferring
messages between the supervisor and an SBI implementation.
It serves as a generic backend to build messaging clients,
while being agnostic of message protocol semantics.

This step provides the foundation for future inter-domain
message exchange.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: include: misc_arch.h: include stdint.h for uint32_t type

Added <stdint.h> to ensure types like uint32_t are correctly defined,
resolving implicit type issues when including this header.

core: riscv: include: misc_arch.h: include stdint.h for uint32_t type

Added <stdint.h> to ensure types like uint32_t are correctly defined,
resolving implicit type issues when including this header.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: expose sbi_ecall helper in public header

Move `sbi_ecall()` and `struct sbiret` to sbi.h to allow reuse across
individual SBI extension implementations. This prepares for modular

core: riscv: sbi.h: expose sbi_ecall helper in public header

Move `sbi_ecall()` and `struct sbiret` to sbi.h to allow reuse across
individual SBI extension implementations. This prepares for modularizing
each SBI extension (e.g., HSM, MPXY) into its own file while
centralizing the ecall interface.

Removes the now-duplicated inline definition from sbi.c.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: add SBI_EXT_MPXY definition

Added `SBI_EXT_MPXY` (0x4D505859) as per latest RISC-V SBI extensions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvi

core: riscv: sbi.h: add SBI_EXT_MPXY definition

Added `SBI_EXT_MPXY` (0x4D505859) as per latest RISC-V SBI extensions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: extend SBI error codes

Add more SBI error codes to synchronize with SBI specification.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alv

core: riscv: sbi.h: extend SBI error codes

Add more SBI error codes to synchronize with SBI specification.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

plat-vexpress: add QEMU sbsa-ref platform

Add support for the QEMU sbsa-ref platform. This platform is similar to
the QEMU virt platform, but with different memory configuration and
device addresses

plat-vexpress: add QEMU sbsa-ref platform

Add support for the QEMU sbsa-ref platform. This platform is similar to
the QEMU virt platform, but with different memory configuration and
device addresses.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: discover non-secure memory from manifest

If an FF-A manifest is available, try to discover non-secure memory from
the manifest.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: ffa: discover non-secure memory from manifest

If an FF-A manifest is available, try to discover non-secure memory from
the manifest.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: tpm: fix TPM log address parsing to use full 64-bit address

Remove ARM32-specific address parsing that only used the lower 32 bits
of the TPM event log address. ARM32 systems can have 64-bit p

core: tpm: fix TPM log address parsing to use full 64-bit address

Remove ARM32-specific address parsing that only used the lower 32 bits
of the TPM event log address. ARM32 systems can have 64-bit physical
addresses, so the full 64-bit address from the device tree property
should be parsed regardless of architecture.

The fix ensures both ARM32 and ARM64 architectures use the same
64-bit address construction: (property[0] << 32) | property[1],
preventing potential address truncation issues on ARM32 systems
with 64-bit physical address spaces.

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tpm: fix TPM log area zeroing condition to avoid manifest DT write fault

Change the condition for zeroing TPM event log address in device tree
from CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. When CFG

core: tpm: fix TPM log area zeroing condition to avoid manifest DT write fault

Change the condition for zeroing TPM event log address in device tree
from CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. When CFG_CORE_FFA is enabled,
the device tree comes from the manifest DT which is mapped as read-only,
not from the external device tree. Attempting to zero the
tpm_event_log_addr property in the manifest DT would cause a write
permission fault exception.

The fix prevents this fault by ensuring the zeroing operation only occurs
when using the external device tree (CFG_CORE_FFA=n), where write access
is permitted.

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct d

core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct device
tree source is used:

- When CFG_CORE_FFA is enabled: use manifest DT (get_manifest_dt())
- When CFG_CORE_FFA is disabled: use external DT (get_external_dt())

The fix aligns the device tree source selection with the broader FFA
configuration, ensuring TPM log area mapping works correctly across
all FFA-enabled platforms regardless of the specific SPMC variant
(S-EL1, S-EL2, or EL3).

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: mx8mp_phyboard_pollux: reduce DDR_SIZE

Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Acked-by: Sahil Malho

core: imx: mx8mp_phyboard_pollux: reduce DDR_SIZE

Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Yannic Moog <y.moog@phytec.de>

show more ...

core: imx: add imx8mp-libra-fpsc

The Libra i.MX 8M Plus FPSC is a development board utilizing the FPSC
standard paired with the i.MX 8M Plus FPSC System-on-Module [1].
It shares RAM configuration wi

core: imx: add imx8mp-libra-fpsc

The Libra i.MX 8M Plus FPSC is a development board utilizing the FPSC
standard paired with the i.MX 8M Plus FPSC System-on-Module [1].
It shares RAM configuration with the phyBOARD-Pollux i.MX 8M Plus of
1-4GiB.
Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Link: https://www.phytec.eu/en/produkte/system-on-modules/phycore-imx-8m-plus-fpsc/ [1]
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Yannic Moog <y.moog@phytec.de>

show more ...

plat-imx: add phytec imx8mm based boards

phyGATE-Tauri-L i.MX 8M Mini [1] and phyBOARD-Polis i.MX8M Mini [2] are
SBCs based on the i.MX 8M Mini SoC. Add the boards to the
mx8mm-flavorlist and set bo

plat-imx: add phytec imx8mm based boards

phyGATE-Tauri-L i.MX 8M Mini [1] and phyBOARD-Polis i.MX8M Mini [2] are
SBCs based on the i.MX 8M Mini SoC. Add the boards to the
mx8mm-flavorlist and set board specific configs.
phyGATE-Tauri-L has 2 GiB of main memory, while phyBOARD-Polis has
1-4GiB depending on variant of the System-on-Module populated on the
board.

Link: https://www.phytec.eu/en/produkte/fertige-geraete-oem/phygate-tauri-l/ [1]
Link: https://www.phytec.eu/en/produkte/single-board-computer/phyboard-polis-imx8m-mini/ [2]
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Yannic Moog <y.moog@phytec.de>

show more ...

core: asan: mark redzones as inaccessible for globals

For read-only globals (e.g. in .rodata), ASan marks the entire region as
accessible. This could hide buffer overflows, if redzones are not used.

core: asan: mark redzones as inaccessible for globals

For read-only globals (e.g. in .rodata), ASan marks the entire region as
accessible. This could hide buffer overflows, if redzones are not used.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add ASan test for read-only global overflow

Adds a test case that triggers an out-of-bounds read on a read-only
global buffer to verify that ASan properly detects overflows on .rodata.

Signed

core: add ASan test for read-only global overflow

Adds a test case that triggers an out-of-bounds read on a read-only
global buffer to verify that ASan properly detects overflows on .rodata.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...