drivers: atmel_wdt: upgrade to support sama7g5 watchdog

In sama7g5 there's a DWDT (Dual Watchdog Timer) and the registers
are not the same as the wdt for sama5d2. Here the DWD is handled
as 2 watchd

drivers: atmel_wdt: upgrade to support sama7g5 watchdog

In sama7g5 there's a DWDT (Dual Watchdog Timer) and the registers
are not the same as the wdt for sama5d2. Here the DWD is handled
as 2 watchdogs.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: reset cancellation mask on TA exit

Before this patch, the TA cancellation mask was only reset when the
session was created, but the GP spec requires the cancellation mask to
be reset each time

core: reset cancellation mask on TA exit

Before this patch, the TA cancellation mask was only reset when the
session was created, but the GP spec requires the cancellation mask to
be reset each time a TA is entered via one of its entry points. So fix
this by resetting the cancellation mask each time a TA returns.

Link: https://github.com/OP-TEE/optee_test/issues/731
Fixes: b01047730e77 ("Open-source the TEE Core")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

vexpress-qemu_armv8a: increase CFG_CORE_HEAP_SIZE to 131072

Set the default core heap size for QEMUv8 to 128K because 64K is not
enough to complete the "make check" test with CFG_RPMB_FS=y
CFG_RPMB_

vexpress-qemu_armv8a: increase CFG_CORE_HEAP_SIZE to 131072

Set the default core heap size for QEMUv8 to 128K because 64K is not
enough to complete the "make check" test with CFG_RPMB_FS=y
CFG_RPMB_WRITE_KEY=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_i2c: protect bus access with a mutex

Protect concurrent accesses to an STM32 I2C bus with a PM aware mutex.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by:

drivers: stm32_i2c: protect bus access with a mutex

Protect concurrent accesses to an STM32 I2C bus with a PM aware mutex.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: stm32_rifsc: remove use of CFG_PM

Remove use of CFG_PM from STM32 RIFSC driver since this configuration
switch is not defined in OP-TEE OS.

Reviewed-by: Gatien Chevallier <gatien

drivers: firewall: stm32_rifsc: remove use of CFG_PM

Remove use of CFG_PM from STM32 RIFSC driver since this configuration
switch is not defined in OP-TEE OS.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: remove use of CFG_PM

Remove use of CFG_PM from STM32 RNG driver since this configuration
switch is not defined in OP-TEE OS.

Reviewed-by: Gatien Chevallier <gatien.chevallier@fo

drivers: stm32_rng: remove use of CFG_PM

Remove use of CFG_PM from STM32 RNG driver since this configuration
switch is not defined in OP-TEE OS.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32_cryp: add pm to CRYP driver

Add power management support to the CRYP driver through suspend/resume
callbacks.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Sig

drivers: crypto: stm32_cryp: add pm to CRYP driver

Add power management support to the CRYP driver through suspend/resume
callbacks.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32_cryp: add delay when resetting CRYP peripheral.

Add 2 us of delay between reset assert and reset deassert to ensure the
peripheral is properly reset.

Signed-off-by: Thomas Bo

drivers: crypto: stm32_cryp: add delay when resetting CRYP peripheral.

Add 2 us of delay between reset assert and reset deassert to ensure the
peripheral is properly reset.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32_cryp: remove reset binding requirements

Remove panic during probe when "resets" property is not found because
it's optional in most cases.

Signed-off-by: Thomas Bourgoin <tho

drivers: crypto: stm32_cryp: remove reset binding requirements

Remove panic during probe when "resets" property is not found because
it's optional in most cases.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: hisilicon: init HPRE hardware block

The HiSilicon HPRE is a High Performance RSA Engine.
This module implement the hardware initialization of
the HPRE.

Signed-off-by: loubaihui <lo

drivers: crypto: hisilicon: init HPRE hardware block

The HiSilicon HPRE is a High Performance RSA Engine.
This module implement the hardware initialization of
the HPRE.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: Fix typo in __do_panic()

Must be "preemption" instead of "prehemption".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: regulator: use mutex_pm_aware

Use newly introduced struct mutex_pm_aware semaphore to protect
regulator accesses.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Eti

drivers: regulator: use mutex_pm_aware

Use newly introduced struct mutex_pm_aware semaphore to protect
regulator accesses.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: replace clock main spinlock with a mutex

Change clock framework lock from an interrupts masked spinning lock
to a mutex. This allows the clock framework to better handle slow
stabilizi

drivers: clk: replace clock main spinlock with a mutex

Change clock framework lock from an interrupts masked spinning lock
to a mutex. This allows the clock framework to better handle slow
stabilizing clocks as PLLs without masking the system interrupt
which can have side effects on the REE or even the TEE.

To support clock accesses during low power state transition sequences
while non-secure world is no operating, the lock is not taken when
the execution is not in the scope of a TEE thread.

This change is not expected to impact supported platforms that currently
only access clock operation from thread contexts or atomic PM sequences.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: mutex compliant with PM sequences

Add mutex_pm_aware_*() functions for mutex used on resources accessed
at runtime using a conventional mutex and also during low power
sequences that e

core: kernel: mutex compliant with PM sequences

Add mutex_pm_aware_*() functions for mutex used on resources accessed
at runtime using a conventional mutex and also during low power
sequences that execute in a non-thread context.

This change defines MUTEX_PM_AWARE_INITIALIZER macro from a new
header file (mutex_pm_aware.h) instead of existing mutex.h to prevent
a circular dependency between spinlock.h (requires thread.h), thread.h
(indirectly includes mutex.h) and mutex.h (that would depend on
spinlock.h for definition of the SPINLOCK_UNLOCK macro ).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: thread spin locking

Add thread_spin_lock() and thread_spin_unlock() for active spinning
locks in situation where we need an exclusive lock in a thread and
interruptible context even at

core: kernel: thread spin locking

Add thread_spin_lock() and thread_spin_unlock() for active spinning
locks in situation where we need an exclusive lock in a thread and
interruptible context even at the cost of a high CPU usage.

These function are intended to be used in thread context hence
they assert being executed in such a context. This is to prevent
on mistakenly spin in an atomic context which potentially leads
to a deadlock situation.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc, sp: cleanup FF-A ID handling

When OP-TEE implements the S-EL1 SPMC, from an FF-A point-of-view the
core OP-TEE functionality is running in a logical SP that resides at the
same exception

core: spmc, sp: cleanup FF-A ID handling

When OP-TEE implements the S-EL1 SPMC, from an FF-A point-of-view the
core OP-TEE functionality is running in a logical SP that resides at the
same exception level as the SPMC. This means that the SPMC and the SP
should have separate FF-A IDs, i.e. the SPMC ID and a normal endpoint ID
for the SP. The SPMC ID is described in the SPMC manifest which gets
parsed by the SPMD, so this ID should be queried from the SPMD. OP-TEE's
endpoint ID is assigned by the SPMC.

Currently OP-TEE's FF-A endpoint ID and the SPMC ID are mixed together
and hardcoded, this patch implements the correct ID handling mechanism
as described above.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the ph

core: riscv: Prepare SATP for each hart

To support multiple harts environment, we have allocated root page table
for each hart. Further more, we need to prepare value of CSR SATP, which
holds the physical page number (PPN) of the root page table, for each
hart.

This commit enlarges the "struct core_mmu_config" for RISC-V
architecture to hold the value of CSR SATP for all the harts. In early
boot stage, each hart should initialize its CSR SATP from "struct
core_mmu_config".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the

core: riscv: Allocate root page table for each hart

To support multiple hart environment, each hart must have its dedicated
root page table. This commit enlarges the root page table. Also, when
the primary hart initializes the page table, we also copy the contents
of its root page table to the secondary harts' root page tables.
Therefore, all the harts have initial page tables at the boot time.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64: increase STACK_ABT_SIZE from 1024 to 3072 when log level is 0

When adding "make check CFG_WITH_PAGER=y CFG_TEE_CORE_LOG_LEVEL=0" to
the QEMUv8 CI job, I noticed that OP-TEE fails to boo

core: arm64: increase STACK_ABT_SIZE from 1024 to 3072 when log level is 0

When adding "make check CFG_WITH_PAGER=y CFG_TEE_CORE_LOG_LEVEL=0" to
the QEMUv8 CI job, I noticed that OP-TEE fails to boot and hangs with no
message printed on the console. The root cause is memory corruption of
the translation tables triggered by a stack overflow. Indeed, the pager
uses the abort stack to handle unmapped pages, and therefore it requires
quite a bit of stack space. The log level is not very relevant.
Therefore, fix the issue by removing the particular case for log level 0.

More debugging info:

build$ make -j$(nproc) CFG_WITH_PAGER=y CFG_TEE_CORE_LOG_LEVEL=0 \
CFG_CORE_ASLR=n
build$ aarch64-linux-gnu-nm -n ../optee_os/out/arm/core/tee.elf
...
000000000e115000 B __nozi_start
000000000e115000 b thread_user_kdata_page
000000000e116000 b xlat_tables_ul1
000000000e118000 b xlat_tables
000000000e11d000 b base_xlation_table
000000000e11d100 B __nozi_end
000000000e11d100 B __nozi_stack_start
000000000e11d100 b stack_abt
000000000e11e200 B stack_tmp
...
build$ make run-only
optee_qemuv8$ gdb-multiarch
(gdb) symbol-file optee_os/out/arm/core/tee.elf
(gdb) target remote localhost:1234
(gdb) p sizeof(base_xlation_table)
$1 = 256
(gdb) watch *(char [256]*)base_xlation_table
(gdb) c # 5 times
Thread 1 hit Hardware watchpoint 1: *(char [256]*)base_xlation_table
(gdb) bt

At this point the call stack is:

hash_sha256_check()
fobj_load_page()
pager_deploy_page()
pager_get_page()
tee_pager_handle_fault()
abort_handler()
el1_sync_abort()

This code is indeed not supposed to touch base_xlation_table, it does
so due to the overflow of stack_abt.

Suggested-by: Jens Wikander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE(

core: replace REGISTER_TIME_SOURCE()

Remove REGISTER_TIME_SOURCE() and implement tee_time_get_sys_time() and
tee_time_get_sys_time_protection_level() directly in the file where
REGISTER_TIME_SOURCE() was used previously.

By avoiding indirect calls the linker can optimize the dependency tree
properly and we can remove the DECLARE_KEEP_PAGER() directive needed for
arm_cntpct_time_source.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor af

core: riscv: Apply SM-based boot flow for secondary harts

When the system adopts M-mode secure monitor based solution, the
secondary harts need to hand over the control back to the secure
monitor after the initial boot sequence. Add related code for this
purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasibl

core: riscv: Do not restrict primary hart to hart ID 0 only

The ID of primary hart should not be restricted to zero. Thus,
determining primary hart and secondart harts by zero hart ID is not
feasible.

We refer to RISC-V linux kernel [1] to fix this issue, by adding a
"hart_lottery" variable. The first hart who enters OP-TEE will win the
lottery, atomically increment this variable, and be the primary hart.
Other harts enter OP-TEE later won't win the lottery, so they execute
the secondary boot sequence.

[1]:
https://github.com/torvalds/linux/blob/v6.7/arch/riscv/kernel/head.S#L244

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untruse

core: riscv: Change the condition of communication with untrusted domain

Use CFG_RISCV_WITH_M_MODE_SM to determine if OP-TEE uses M-mode secure
monitor based solution to communicate with the untrusetd domain.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CF

riscv: plat-virt: Set CFG_RISCV_WITH_M_MODE_SM as 'y'

In RISC-V QEMU virtual platform, OP-TEE OS uses M-mode secure monitor
based solution to communicate with the untrusted domain. Therefore, set
CFG_RISCV_WITH_M_MODE_SM to 'y' in its configuration file.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct mes

core: riscv: Add CFG_RISCV_WITH_M_MODE_SM and dependency checking

OP-TEE may communicate with the untrusted domain by different solutions,
such as M-mode secure monitor based solution, or direct messaging based
solution. This commit adds CFG_RISCV_WITH_M_MODE_SM to indicate that
OP-TEE uses M-mode secure monitor based solution for the communication.

The CFG_RISCV_WITH_M_MODE_SM should depend on CFG_RISCV_S_MODE and
CFG_RISCV_SBI, since we are using "ecall" to trap into M-mode secure
monitor.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...