core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header

core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header file.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can de

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can detect if the required protection is not available.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etien

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Et

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
b

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
base address with phys_to_virt(). Add core_mmu_xlat_table_entry_pa2va()
to handle this address translation.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a p

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a physical address,
and thus does not require translation.

Additionally, since the ASID always set to 0, replaced the redundant
assertions with a explicit check to ensure the MMU is disabled in the
context.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG_CORE_DEBUG_CHECK_STACKS=y, we increase
the size of abort stack to 4096 bytes and size of thread stack to 10240
bytes.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries trie

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to get
random_stack_canaries which requires the TRNG driver to be setup. Since
it was being setup as part of driver_init, it lead to crash on K3
platforms.

Change driver_init to service_init_crypto which is meant to be used for
initialization of crypto operations. Also, for the TISCI services to be
available before service_init_crypto, change init_ti_sci invocation to
early_init_late.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...

core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the o

core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the object.
We should not treat all errors as corrupt, so remove the error
code translation.

Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on su

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on such event is platform-specific. Therefore, its definition must be
done at platform level.

Also add CFG_STM32_PANIC_ON_IAC_EVENT and CFG_STM32_PANIC_ON_SERC_EVENT
to choose if the platform should panic upon receiving an IAC or a
SERC event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatie

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon such event, the platform panics as it is an
undesired event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.ch

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallie

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls() to be called with PAUTH enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-of

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add call_{early,service,driver}_initcalls()

Add more fine-grained replacements for call_initcalls() to enable
initcalls at several separate stages.

Signed-off-by: Jens Wiklander <jens.wikland

core: add call_{early,service,driver}_initcalls()

Add more fine-grained replacements for call_initcalls() to enable
initcalls at several separate stages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: use thread specific PAUTH keys

Use thread specific PAUTH keys during boot while using thread specific
stack pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked

core: arm: boot: use thread specific PAUTH keys

Use thread specific PAUTH keys during boot while using thread specific
stack pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This is needed in later patches to enabled PAUTH before

core: arm: introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This is needed in later patches to enabled PAUTH before
boot_init_primary_final() is called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: scmi-msg: fix clock rates description remaining count

Fix value of remaining clocks to describe on SCMI clock protocol
message CLOCK_DESCRIBE_RATES that does not take into account the
numbe

drivers: scmi-msg: fix clock rates description remaining count

Fix value of remaining clocks to describe on SCMI clock protocol
message CLOCK_DESCRIBE_RATES that does not take into account the
number of returned clock in the response.

Fixes: 90252e2a52c7 ("drivers: scmi-msg: clock adapts to output buffer size")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: scmi-msg: correct voltage domain protocol version

Fix the version ID of the implemented SCMI voltage domain protocol that
is v2.0 (ID 0x20000), not v3.0 (ID 0x30000).

Fixes: 006d89b8f49f (

drivers: scmi-msg: correct voltage domain protocol version

Fix the version ID of the implemented SCMI voltage domain protocol that
is v2.0 (ID 0x20000), not v3.0 (ID 0x30000).

Fixes: 006d89b8f49f ("drivers: scmi-msg: add SCMI Voltage Domain protocol")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-sam: implement PL310 SMC protocol

When Linux runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
Let CFG_PL310_SIP_PROTOCOL=y, and the L2 ca

plat-sam: implement PL310 SMC protocol

When Linux runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
Let CFG_PL310_SIP_PROTOCOL=y, and the L2 cache will be left untouched
until the OS enables it.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...