core: add platform-specific abort handler

Platforms may have specific code to handle an abort when fault type
is FAULT_TYPE_IGNORE. Add plat_abort_handler() that can be overridden
at platform level

core: add platform-specific abort handler

Platforms may have specific code to handle an abort when fault type
is FAULT_TYPE_IGNORE. Add plat_abort_handler() that can be overridden
at platform level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks()

core: arm: refactor boot

Introduce CFG_BOOT_INIT_THREAD_CORE_LOCAL0 to indicate that
thread_core_local[0] is initialized before the boot_init_* functions are
called.

thread_init_core_local_stacks() and thread_init_thread_core_local() are
replaced by a new version of thread_init_thread_core_local() for
CFG_BOOT_INIT_THREAD_CORE_LOCAL0=y.

Move initialization of thread_core_local[] from very early to
boot_init_primary_late() where various DTBs containing run-time
configuration are available. This will be needed in later patches when
the number of configured cores can be read from DT or some other
run-time configuration.

Move the "OP-TEE version" print and following code from
boot_init_primary_late() to boot_init_primary_final()

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: extend temporary dummy memory map

core_init_mmu_map() uses a temporary dummy memory map for the
virt_to_phys() and phys_to_virt() conversions to avoid asserting while
setting up translatio

core: mm: extend temporary dummy memory map

core_init_mmu_map() uses a temporary dummy memory map for the
virt_to_phys() and phys_to_virt() conversions to avoid asserting while
setting up translation tables before the MMU is enabled. CFG_DYN_CONFIG
will need a larger range of memory since translation tables might not be
allocated from .nozi memory only. So for CFG_DYN_CONFIG extend of end of
the unused memory range that the boot_mem_*() functions allocate memory
from.

Introduce CFG_DYN_CONFIG, enabled by default if CFG_BOOT_MEM is enabled
and CFG_WITH_PAGER disabled. CFG_DYN_CONFIG conflicts with
CFG_WITH_PAGER since the pager uses a different mechanism for memory
allocation.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Update CHANGELOG for 4.5.0

Update CHANGELOG for 4.5.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Amey Avinash Raghatate <ameyavinash.raghatate@amd.co

Update CHANGELOG for 4.5.0

Update CHANGELOG for 4.5.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Amey Avinash Raghatate <ameyavinash.raghatate@amd.com> (versal2)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-135F_DK)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey620)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (rockchip-rk3399 Rockpi4B)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com> (risc-v qemu-virt)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1012A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx91evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx95evk)
Tested-by: Sungmin Han <sungminhan@telechips.com> (telechips-tcc805x)

show more ...

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory

core: arm: enable CFG_BOOT_MEM unconditionally

Enable CFG_BOOT_MEM unconditionally and call the boot_mem_*() functions
as needed from entry_*.S and boot.c.

The pager will reuse all boot_mem memory internally when configured.
The non-pager configuration will unmap the memory and make it available
for TAs if needed.

__FLATMAP_PAGER_TRAILING_SPACE is removed from the link script,
collect_mem_ranges() in core/mm/core_mmu.c maps the memory following
VCORE_INIT_RO automatically.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_BOOT_MEM and boot_mem_*() functions

Adds CFG_BOOT_MEM to support stack-like memory allocations during boot
before a heap has been configured.

Signed-off-by: Jens Wiklander <jens.wikl

core: add CFG_BOOT_MEM and boot_mem_*() functions

Adds CFG_BOOT_MEM to support stack-like memory allocations during boot
before a heap has been configured.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Squashed commit upgrading to mbedtls-3.6.2

Squash merging branch import/mbedtls-3.6.2.

85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MEBDTLS_UNSAFE_MODEXP")
1e9c6f15ef0f ("libm

Squashed commit upgrading to mbedtls-3.6.2

Squash merging branch import/mbedtls-3.6.2.

85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MEBDTLS_UNSAFE_MODEXP")
1e9c6f15ef0f ("libmbedtls: allow inclusion of arm_neon.h")
fab5313d7598 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
58c8b24bac04 ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
50e013c6c306 ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
c363a3c7e7e1 ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
91d9fe4fad38 ("libmbedtls: add SM2 curve")
b03fbd7006aa ("libmbedtls: fix no CRT issue")
bed9eb0c5209 ("libmbedtls: add interfaces in mbedtls for context memory operation")
65e7ec82d894 ("libmedtls: mpi_miller_rabin: increase count limit")
5e0191a043cb ("libmbedtls: add mbedtls_mpi_init_mempool()")
bf7ce25bb90f ("libmbedtls: make mbedtls_mpi_mont*() available")
04a9845a09b4 ("mbedtls: configure mbedtls to reach for config")
3f98104bba82 ("mbedtls: remove default include/mbedtls/config.h")
4d211f365152 ("Import mbedtls-3.6.2")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: veraison_attestation: integrate Veraison remote attestation PTA

Copy remote attestation PTA functionality from the repository:
https://github.com/iisec-suzaki/optee-ra (commit: 80ca8ef), and ma

pta: veraison_attestation: integrate Veraison remote attestation PTA

Copy remote attestation PTA functionality from the repository:
https://github.com/iisec-suzaki/optee-ra (commit: 80ca8ef), and make
the following adjustments for integration:

- Add build configuration for remote attestation PTA by introducing
the CFG_VERAISON_ATTESTATION_PTA option to align with the new naming
convention.
- Replace the custom base64 implementation with the base64 library
added in PR OP-TEE#7007.
- Update QCBOR integration by removing custom QCBOR files and using
the standard library, adjusting paths as necessary.
- Apply region validation improvements introduced in PR OP-TEE#6195.
- Update API calls in sign.c to align with libmbedtls changes from
PR OP-TEE#6151.
- Calculate the required buffer size at runtime to minimize memory
allocation.
- Refactor code to improve readability and maintainability.
- Add SPDX license identifier (BSD-2-Clause) and copyright notice.

Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp>
Reviewed-by: Thomas Fossati <thomas.fossati@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: change tree trace level

Change clock trace level of print tree so that
it can bee seen when it is requested by
xtest --stats --clocks.

Signed-off-by: Pascal Paillet <p.paillet@foss.st

drivers: clk: change tree trace level

Change clock trace level of print tree so that
it can bee seen when it is requested by
xtest --stats --clocks.

Signed-off-by: Pascal Paillet <p.paillet@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt: cache embedded DTB node information

Optimize OP-TEE boot time regarding parsing of the embedded DTB
content when using libfdt. The library functions fdt_parent_offset()
and fdt_node_offset

core: dt: cache embedded DTB node information

Optimize OP-TEE boot time regarding parsing of the embedded DTB
content when using libfdt. The library functions fdt_parent_offset()
and fdt_node_offset_by_phandle() are not very efficient since they
parse the DTB from root node to target node to look up for,
respectively, the node offset of a node parent and the node offset
related to a node phandle. Helper functions fdt_reg_base_address()
and fdt_reg_size() are also affected since they are based on
fdt_parent_offset() to find the #address-cells and #size-cells
properties of a node parent.

Optimize this by parsing the embedded DT once and caching node
information (parent node, phandle value, parent node #address-cells
and #size-cells values) in a array. Parse the array instead of the
DT for find these information.

We made few tests to use bisection or hash tables for look up the
information in the cache array. The gain was very small, likely due
to the number of DT node involved in the platform is relatively small
(only several hundreds or nodes).

This feature is enabled upon configuration switch CFG_DT_CACHED_NODE_INFO.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update CHANGELOG for 4.4.0

Update CHANGELOG for 4.4.0 and collect Tested-by tags.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.

Update CHANGELOG for 4.4.0

Update CHANGELOG for 4.4.0 and collect Tested-by tags.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Imre Kis <imre.kis@arm.com> (fvp-ts)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx91evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx95evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1012A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399) (Rockpi4B)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_ED1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-135F_DK)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (rockchip-rk3399, Rockpi4B)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)

show more ...

mk: config: default enable CFG_NOTIF_TEST_WD based on dependencies

Set CFG_NOTIF_TEST_WD ?= y only when the features it needs are enabled.
Fixes the following warning on platforms that enable
CFG_EN

mk: config: default enable CFG_NOTIF_TEST_WD based on dependencies

Set CFG_NOTIF_TEST_WD ?= y only when the features it needs are enabled.
Fixes the following warning on platforms that enable
CFG_ENABLE_EMBEDDED_TESTS but not CFG_CORE_ASYNC_NOTIF or CFG_CALLOUT:

mk/config.mk:1039: Warning: Disabling CFG_NOTIF_TEST_WD [requires CFG_CALLOUT CFG_CORE_ASYNC_NOTIF]

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routi

core: add CFG_RPMB_ANNOUNCE_PROBE_CAP

Add CFG_RPMB_ANNOUNCE_PROBE_CAP to control whether RPMB probe capability
should be announced to the kernel. For the kernel driver to enable
in-kernel RPMB routing it must know in advance that OP-TEE supports it.
By masking the capability the kernel will route all RPMB commands to
tee-supplicant.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layou

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layout each time.

CFG_CORE_ASLR_SEED requires CFG_INSECURE=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Update CHANGELOG for 4.3.0

Update CHANGELOG for 4.3.0 and collect Tested-by tags.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v

Update CHANGELOG for 4.3.0

Update CHANGELOG for 4.3.0 and collect Tested-by tags.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qxpmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (rockchip-rk3399, Rockpi4B)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Imre Kis <imre.kis@arm.com> (fvp-ts)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (stm32mp1-135F_DK)

show more ...

core: mm: add CFG_PGT_CACHE_ENTRIES

Add CFG_PGT_CACHE_ENTRIES to allow platforms to customize the page
table cache size. This is needed for example when a platform is to
support very large TAs of se

core: mm: add CFG_PGT_CACHE_ENTRIES

Add CFG_PGT_CACHE_ENTRIES to allow platforms to customize the page
table cache size. This is needed for example when a platform is to
support very large TAs of several dozen of Mbytes of private memory
(code/data).

Move PGT_CACHE_SIZE macro definition from pgt_cache.h to pgt_cache.c
since it is used only in that source file.

By the way, fix pgt_cache.h layout to have header files includes first
followed by macro definitions.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: Add FFA_CONSOLE based console driver for log

This console driver uses FFA_CONSOLE ABI to write the trace logs.

If CFG_FFA_CONSOLE is enabled, OP-TEE will try to initialize the console
driv

drivers: Add FFA_CONSOLE based console driver for log

This console driver uses FFA_CONSOLE ABI to write the trace logs.

If CFG_FFA_CONSOLE is enabled, OP-TEE will try to initialize the console
driver that uses FFA interface to print trace logs.

Signed-off-by: Sungbae Yoo <sungbaey@nvidia.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (Encry

core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires
implementations to support public exponent 3 for backwards compatibility.
Add CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.

Link: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make sure tee_entry_get_os_revision() uses a proper TEE_IMPL_GIT_SHA1

tee_entry_get_os_revision() stores TEE_IMPL_GIT_SHA1 into a 32 or
64-bit register, depending on the platform. Unfortunatel

core: make sure tee_entry_get_os_revision() uses a proper TEE_IMPL_GIT_SHA1

tee_entry_get_os_revision() stores TEE_IMPL_GIT_SHA1 into a 32 or
64-bit register, depending on the platform. Unfortunately the command
that creates TEE_IMPL_GIT_SHA1 does not provide any guarantee that the
value will fit. For instance it can happen that 8 characters are not
enough to disambiguate two commits in the repository, in which case
git rev-parse --short=8 will happily return 9 or more characters. In
this case a 32-bit build would display a warning and TEE_IMPL_GIT_SHA1
would be truncated in a way we don't want (discarding the most
significant bits).

Therefore, make sure TEE_IMPL_GIT_SHA1 is exactly 8 or 16 hexadecimal
characters (plus the leading 0x).

The OPTEE_FFA_GET_OS_VERSION operation in handle_blocking_call() has to
be modified since the output is a 32-bit register, and SPMC being a 64-bit
TEE core, TEE_IMPL_GIT_SHA1 is a 64-bit value too.

CI needs updating to avoid the following error:

fatal: detected dubious ownership in repository at
'/__w/optee_os/optee_os'

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Closes: https://github.com/OP-TEE/optee_os/issues/6783
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Update CHANGELOG for 4.2.0

Update CHANGELOG for 4.2.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm

Update CHANGELOG for 4.2.0

Update CHANGELOG for 4.2.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-135F_DK w/ pkcs11)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI w/ pkcs11)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1 w/ RPMB)
Tested-by: Imre Kis <imre.kis@arm.com> (fvp-ts)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399) (Rockpi4B)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qxpmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1012A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)

show more ...

core: introduce CFG_NOTIF_TEST_WD

Add CFG_NOTIF_TEST_WD to control if the notification based test watchdog
should be enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by:

core: introduce CFG_NOTIF_TEST_WD

Add CFG_NOTIF_TEST_WD to control if the notification based test watchdog
should be enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add CFG_CALLOUT

Add CFG_CALLOUT with a default value assigned from CFG_CORE_ASYNC_NOTIF
to control if the callout service should be enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@lina

core: add CFG_CALLOUT

Add CFG_CALLOUT with a default value assigned from CFG_CORE_ASYNC_NOTIF
to control if the callout service should be enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: Implement semihosting based console driver for log

Implement a simple console driver which uses semihosting operations to
read/write the trace messages. There are two paths to output the tr

drivers: Implement semihosting based console driver for log

Implement a simple console driver which uses semihosting operations to
read/write the trace messages. There are two paths to output the trace
messages:
- If the caller of semihosting_console_init() provides the path of the
file, the driver will try to open that file, and output the log to
that host side file.
- If the caller of semihosting_console_init() does not provide the path
of the file, the driver will connect the console to the host debug
console directly.

If CFG_SEMIHOSTING_CONSOLE is enabled, OP-TEE will try to initialize the
semihosting console driver by given CFG_SEMIHOSTING_CONSOLE_FILE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: Add semihosting functions

Semihosting is a mechanism that enables target to communicate and use
I/O facilities on a host computer which is running a debugger, such as
GDB. The I/O faci

core: kernel: Add semihosting functions

Semihosting is a mechanism that enables target to communicate and use
I/O facilities on a host computer which is running a debugger, such as
GDB. The I/O facilities include character {read|write} {from|to} the
semihosting host side console or a file. In other words, OP-TEE OS can
output log to the host side console or the host side file, if there is a
semihosting host and OP-TEE OS requests the semihosting operations to
that host.

If CFG_SEMIHOSTING is enabled, some semihosting functions will be
compiled into OP-TEE kernel, including:
- semihosting_sys_readc()
- semihosting_sys_writec()
- semihosting_open()
- semihosting_read()
- semihosting_write()
- semihosting_close()

Note that the architectures which support semihosting should provide
their implementation of __do_semihosting(), which performs semihosting
instruction to raise the semihosting request.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: set default cross-compilers

Similar to what is done when ARCH=arm, set the default CROSS_COMPILE/
CROSS_COMPILE32/CROSS_COMPILE64 values to something sensible when
ARCH=riscv. This simplifies

riscv: set default cross-compilers

Similar to what is done when ARCH=arm, set the default CROSS_COMPILE/
CROSS_COMPILE32/CROSS_COMPILE64 values to something sensible when
ARCH=riscv. This simplifies build command lines.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...