core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wikland

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: remoteproc: Add command to release remote processor resources

This patch introduces a new PTA command `PTA_REMOTEPROC_RELEASE` to
release the resources associated with a remote processor.

- De

pta: remoteproc: Add command to release remote processor resources

This patch introduces a new PTA command `PTA_REMOTEPROC_RELEASE` to
release the resources associated with a remote processor.

- Definition of the `PTA_REMOTEPROC_RELEASE` PTA command the header file
- Implement the command in the stm32mp remote proc PTA to request the
clean of the remoteproc memories.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_remoteproc: Add remote processor memories cleanup function

This patch introduces a new function stm32_rproc_clean_up_memories() to
clean up the memory regions used by the remote proce

drivers: stm32_remoteproc: Add remote processor memories cleanup function

This patch introduces a new function stm32_rproc_clean_up_memories() to
clean up the memory regions used by the remote processor.
The function iterates over each memory region, maps it, clears the memory
by setting it to zero, and then unmaps it.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: plat-virt: Set CFG_BOOT_SYNC_CPU=n

On RISC-V QEMU virt platform, OP-TEE OS runs as S-mode. There is a
secure monitor runs as M-mode and controls the hart state of the
secondary CPUs in SMP sy

riscv: plat-virt: Set CFG_BOOT_SYNC_CPU=n

On RISC-V QEMU virt platform, OP-TEE OS runs as S-mode. There is a
secure monitor runs as M-mode and controls the hart state of the
secondary CPUs in SMP system (e.g., by SBI HSM extension) during OP-TEE
OS secondary CPUs booting.

Thus, RISC-V virt platform does not need CFG_BOOT_SYNC_CPU.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layou

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layout each time.

CFG_CORE_ASLR_SEED requires CFG_INSECURE=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header

core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header file.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can de

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can detect if the required protection is not available.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etien

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Et

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
b

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
base address with phys_to_virt(). Add core_mmu_xlat_table_entry_pa2va()
to handle this address translation.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a p

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a physical address,
and thus does not require translation.

Additionally, since the ASID always set to 0, replaced the redundant
assertions with a explicit check to ensure the MMU is disabled in the
context.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG_CORE_DEBUG_CHECK_STACKS=y, we increase
the size of abort stack to 4096 bytes and size of thread stack to 10240
bytes.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries trie

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to get
random_stack_canaries which requires the TRNG driver to be setup. Since
it was being setup as part of driver_init, it lead to crash on K3
platforms.

Change driver_init to service_init_crypto which is meant to be used for
initialization of crypto operations. Also, for the TISCI services to be
available before service_init_crypto, change init_ti_sci invocation to
early_init_late.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the o

core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the object.
We should not treat all errors as corrupt, so remove the error
code translation.

Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on su

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on such event is platform-specific. Therefore, its definition must be
done at platform level.

Also add CFG_STM32_PANIC_ON_IAC_EVENT and CFG_STM32_PANIC_ON_SERC_EVENT
to choose if the platform should panic upon receiving an IAC or a
SERC event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatie

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon such event, the platform panics as it is an
undesired event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.ch

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallie

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls() to be called with PAUTH enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...