core: spmc: fix direct request handler

The FF-A direct request handling has an error: if the destination ID is
the SPMC ID, the handler is trying to forward the message to an SP with
this ID, which

core: spmc: fix direct request handler

The FF-A direct request handling has an error: if the destination ID is
the SPMC ID, the handler is trying to forward the message to an SP with
this ID, which is obviously non-existent so this gives an error.

Fixes: 19ad526cb139 ("core: spmc, sp: cleanup FF-A ID handling")
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

drivers: pm: sam: map SFRBU with DT_MAP_SECURE attribute for sama7g5

As sama7g5's SFRBU is always secured map it as secured and do not
need to configure the security through the matrix.

Signed-off-

drivers: pm: sam: map SFRBU with DT_MAP_SECURE attribute for sama7g5

As sama7g5's SFRBU is always secured map it as secured and do not
need to configure the security through the matrix.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: pm: sam: rename pm_init functions for later sama7g5 support

PM support for sama7g5 will reuse some existing functions.
Rename sama5d2_pm_init() to sam_pm_init().
Rename sama5d2_pm_init_all(

drivers: pm: sam: rename pm_init functions for later sama7g5 support

PM support for sama7g5 will reuse some existing functions.
Rename sama5d2_pm_init() to sam_pm_init().
Rename sama5d2_pm_init_all() to sam_pm_init_all().

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: atmel_shdwc: enable RTT (Real-time Timer) Wake-up

For sama7g5 the Wake-up can be caused by RTT.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@li

drivers: atmel_shdwc: enable RTT (Real-time Timer) Wake-up

For sama7g5 the Wake-up can be caused by RTT.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: atmel_shdwc: update to call the initialize for PM for sama7g5

For sama7g5 case do not return before calling the initialize function
for PM.

Signed-off-by: Tony Han <tony.han@microchip.com>

drivers: atmel_shdwc: update to call the initialize for PM for sama7g5

For sama7g5 case do not return before calling the initialize function
for PM.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: use fdt64_ld() to read possibly unaligned kaslr-seed

Read possibly unaligned kaslr-seed using `fdt64_ld()`
to avoid ubsan panic while booting with `CFG_CORE_ASLR=y`

Acked-by: Jens Wiklan

core: arm: use fdt64_ld() to read possibly unaligned kaslr-seed

Read possibly unaligned kaslr-seed using `fdt64_ld()`
to avoid ubsan panic while booting with `CFG_CORE_ASLR=y`

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Abhishek Revadekar <abhishek.rvdkr@yahoo.com>

show more ...

core: fix undefined references to ubsan functions

Add UBSan handlers for `__ubsan_handle_type_mismatch_v1` and
`__ubsan_handle_pointer_overflow` to remove undefined references error.

Acked-by: Jens

core: fix undefined references to ubsan functions

Add UBSan handlers for `__ubsan_handle_type_mismatch_v1` and
`__ubsan_handle_pointer_overflow` to remove undefined references error.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Abhishek Revadekar <abhishek.rvdkr@yahoo.com>

show more ...

core: callout: disable obsolete timeouts

In callout_service_cb() when a timeout interrupt is received there's a
check to see if this is the last scheduled CPU. If not the interrupt is
ignored, but n

core: callout: disable obsolete timeouts

In callout_service_cb() when a timeout interrupt is received there's a
check to see if this is the last scheduled CPU. If not the interrupt is
ignored, but not disabled causing it to trigger again and again. So fix
this by disabling the timeout too.

Fixes: cf707bd0d695 ("core: add callout service")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mmu: fix memory regions found from ff-a manifest

Fix the 6th parameter of add_phys_mem() in collect_device_mem_ranges()
that has to be the size of memory region and not the end address of the

core: mmu: fix memory regions found from ff-a manifest

Fix the 6th parameter of add_phys_mem() in collect_device_mem_ranges()
that has to be the size of memory region and not the end address of the
region.

Fixes: 72a6827a6353 ("core: arm: SPMC obtain device memory info from DTB")
Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers:implement HiSilicon Security Engine(SEC) module.

HiSilicon SEC is used in security applications such as
authentication and data encryption and decryption. This
module implement the hardware

drivers:implement HiSilicon Security Engine(SEC) module.

HiSilicon SEC is used in security applications such as
authentication and data encryption and decryption. This
module implement the hardware initialization of the SEC.

Signed-off-by: leisen <leisen1@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: hisilicon: add DH algorithm

add operation of DH algorithm, including alloc_keypair,
gen_keypair and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Acked-by: Etienne Car

drivers: crypto: hisilicon: add DH algorithm

add operation of DH algorithm, including alloc_keypair,
gen_keypair and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: fix ce_aes_xts_{de,en}crypt()

In ce_aes_xts_encrypt() and ce_aes_xts_decrypt(), if the main interleave
loop (.LxtsencNx or .LxtsdecNx) ends with all blocks completed the v7
register doe

core: arm64: fix ce_aes_xts_{de,en}crypt()

In ce_aes_xts_encrypt() and ce_aes_xts_decrypt(), if the main interleave
loop (.LxtsencNx or .LxtsdecNx) ends with all blocks completed the v7
register doesn't hold the needed .Lxts_mul_x needed to compute the next
tweak correctly. So fix this by loading .Lxts_mul_x in v7 before ending
the loop.

Fixes: 06d2e4167a6b ("core: add accelerated AES routines")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ltc: sub.mk: reorganize and simplify

Reorganize the LTC sub.mk by collecting configuration and files in
groups by algorithm or feature.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.or

core: ltc: sub.mk: reorganize and simplify

Reorganize the LTC sub.mk by collecting configuration and files in
groups by algorithm or feature.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it a

core: ltc: merge sub.mk's into a single sub.mk

Merge all sub.mk's below core/lib/libtomcrypt/src at the end of
core/lib/libtomcrypt/sub.mk.

It gives an easier overview of what is compiled, but it also makes it
easier when syncing core/lib/libtomcrypt/src with LTC upstream since
it's out of the way.

Unused sub.mk's are removed.

Removes the now unused _CFG_CORE_LTC_CIPHER, _CFG_CORE_LTC_AUTHENC and
_CFG_CORE_LTC_MAC from core/crypto.mk.

The global LTC build flag -Wno-declaration-after-statement is removed and
only supplied to the few source files that need it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (Encry

core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires
implementations to support public exponent 3 for backwards compatibility.
Add CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.

Link: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: lib: scmi-server: add CMake defines for embedded modules

Enable CMake directive CMAKE_C_COMPILER_WORKS to prevent SCP-firmware
CMake configuration sequence to check the cross compilation toolc

core: lib: scmi-server: add CMake defines for embedded modules

Enable CMake directive CMAKE_C_COMPILER_WORKS to prevent SCP-firmware
CMake configuration sequence to check the cross compilation toolchain
since it is not needed here: OP-TEE only uses CMake to configure
SCP-firmware, not to build source files. This change is required when
building OP-TEE with CFG_SCMI_SCPFW=y and using a CMake >= 3.27.0.

Suggested-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: include standard header files from stpmic1_regulator.h

Add missing inclusion of stdbool.h and stddef.h in stpmic1_regulator.h.
The issue was revealed when upgrading to latest SCP-firmware s

drivers: include standard header files from stpmic1_regulator.h

Add missing inclusion of stdbool.h and stddef.h in stpmic1_regulator.h.
The issue was revealed when upgrading to latest SCP-firmware source tree.

Fixes: 9cb0d51670f2 ("drivers: stpmic1: export regulators API in a specific header file")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-sam: remove CFG_PL310_LOCKED

When locking the PL310 cache, it behaves as disable which lead to poor
performances in Linux.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-b

plat-sam: remove CFG_PL310_LOCKED

When locking the PL310 cache, it behaves as disable which lead to poor
performances in Linux.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestec

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards v

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards via the seed CSR.

Note that this driver cannot be used unless access is explicitly
granted by M-mode, e.g. OpenSBI have to set mseccfg.SSEED for
OP-TEE OS.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the us

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the use of CSRs is allowed in
the privileged mode where OP-TEE OS is running. Add a helper
for this specific purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: add IPCC1/2 nodes in stm32mp251.dtsi

Add Inter-Processor Communication Controller 1/2(IPCC) nodes and default
disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.c

dts: stm32: add IPCC1/2 nodes in stm32mp251.dtsi

Add Inter-Processor Communication Controller 1/2(IPCC) nodes and default
disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support IPCC driver

Default enable IPCC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carri

plat-stm32mp2: conf: support IPCC driver

Default enable IPCC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restric

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restrictions and that the IPCC has dedicated RIF configuration
registers.

RIF configuration data is part of the ipcc_pdata structure.

CID filtering is applied to the entirety of the channels of a processor.
When CID filtering is enabled for a processor, it enables the filtering and
the IPCC interrupt routing for all of its IPCC channels.

However, security and privilege configuration granularity go as far as
configuration for each IPCC channel.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add HSEM node in stm32mp251.dtsi

Add the Hardware SEMaphore(HSEM) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carrier

dts: stm32: add HSEM node in stm32mp251.dtsi

Add the Hardware SEMaphore(HSEM) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...