MAINTAINERS: extend the Qualcomm entry

Add myself as platform/driver co-maintainer

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualco

MAINTAINERS: extend the Qualcomm entry

Add myself as platform/driver co-maintainer

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Tony Hamilton <tonyh@qti.qualcomm.com>

show more ...

plat: qcom: add platform banner

Display a basic platform banner.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-b

plat: qcom: add platform banner

Display a basic platform banner.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Tony Hamilton <tonyh@qti.qualcomm.com>

show more ...

drivers: qcom: prng: add PRNG driver

The Qualcomm PRNG hardware generates cryptographic keys and random
numbers.

The PRNG is configured by the first-stage bootloader. This includes the
reseed frequ

drivers: qcom: prng: add PRNG driver

The Qualcomm PRNG hardware generates cryptographic keys and random
numbers.

The PRNG is configured by the first-stage bootloader. This includes the
reseed frequency.

This driver only consumes the generated output.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Tony Hamilton <tonyh@qti.qualcomm.com>

show more ...

drivers: qcom: ramblur: configure pIMEM access

Configure memory access to enable execution of Trusted Applications.

OP-TEE and its Trusted Applications execute from pIMEM, a region protected
by the

drivers: qcom: ramblur: configure pIMEM access

Configure memory access to enable execution of Trusted Applications.

OP-TEE and its Trusted Applications execute from pIMEM, a region protected
by the RAMBLUR IP block.

RAMBLUR provides anti-rollback protection as well as confidentiality and
integrity guarantees for the memory region under its control.

Any agent accessing the pIMEM-protected region performs normal reads or
writes to the pIMEM address range in the SNoC. The SNoC routes these
transactions to the pIMEM slave port, and pIMEM remasters them to DDR.

For write transactions, pIMEM applies the required cryptographic
operations before committing data to DDR.

For read transactions, pIMEM applies the corresponding cryptographic
operations before returning the data from DDR to the requesting master.

The reserved DDR region used by pIMEM to store cryptographically
processed data and associated cryptographic state is referred to as the
pIMEM vault.

With the current U-Boot (tag 2026.01-rc3), the pIMEM Vault DDR
reservation is derived from the TZ node in U-Boot’s built-in device tree
(specifically the trusted_apps_mem reserved-memory node).

U-Boot uses this node to construct the EFI memory map that is later
passed to the kernel.

A future update will remove this dependency on the built-in device tree.
Instead, U-Boot will obtain the memory configuration directly from SMEM.
Because of this transition, the current version of the driver does not
generate a DT overlay for U-Boot to consume.

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez@oss.qualcomm.com>
Reviewed-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Tony Hamilton <tonyh@qti.qualcomm.com>

show more ...

libutee: make TEE_SetOperationKey2() panic if operation is NULL or not in initial state

The Internal Core API specification v1.3.1 has the following panic
conditions for TEE_SetOperationKey2(), same

libutee: make TEE_SetOperationKey2() panic if operation is NULL or not in initial state

The Internal Core API specification v1.3.1 has the following panic
conditions for TEE_SetOperationKey2(), same as v1.1:

- If operation is not a valid opened operation handle.
- If operation is not in initial state.

Therefore, it should call __GP11_TEE_SetOperationKey2() not the internal
function set_operation_key2(). Then operation is guaranteed to be
non-NULL and the test may be replaced by an assertion.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: make TEE_SetOperationKey() panic if handle state is initialized

According to the TEE Internal Core API specification v1.3.1 section
6.2.6, TEE_SetOperationKey() should panic if the flag
TEE

libutee: make TEE_SetOperationKey() panic if handle state is initialized

According to the TEE Internal Core API specification v1.3.1 section
6.2.6, TEE_SetOperationKey() should panic if the flag
TEE_HANDLE_FLAG_INITIALIZED is set on the operation. Update
TEE_SetOperationKey() accordingly.

A NULL operation should cause a panic, too. Since this condition is
caught in both TEE_SetOperationKey() and __GP11_TEE_SetOperationKey(),
we can drop the NULL check in set_operation_key() and assert instead.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: rk3588: assert buffer is size of HUK

The size of the buffer that is used to persist the HUK in the OTP and
the size of the buffer that is used to read the HUK from the OTP must
have t

plat-rockchip: rk3588: assert buffer is size of HUK

The size of the buffer that is used to persist the HUK in the OTP and
the size of the buffer that is used to read the HUK from the OTP must
have the same size as the HUK key data.

Add a static_assert to ensure that this is actually the case.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add Clang build with log level 0 and no debug

Clang sometimes warns about unused variables that GCC doesn't report.
For example, see [1]. Therefore, add a "release" build of OP-TEE with
Clang to

ci: add Clang build with log level 0 and no debug

Clang sometimes warns about unused variables that GCC doesn't report.
For example, see [1]. Therefore, add a "release" build of OP-TEE with
Clang to the CI.

Link: https://github.com/OP-TEE/optee_os/pull/7654
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_mode_ctx: fix unused warning when disable log

When compiled with clang 22.0 and set CFG_TEE_CORE_LOG_LEVEL to 0,
the variable n becomes unused and the compiler generates a warning,
which

core: user_mode_ctx: fix unused warning when disable log

When compiled with clang 22.0 and set CFG_TEE_CORE_LOG_LEVEL to 0,
the variable n becomes unused and the compiler generates a warning,
which can fail the build process if -Werror is enabled.

core/kernel/user_mode_ctx.c:14:9: warning: variable 'n' set but not used [-Wunused-but-set-variable]
14 | size_t n = 0;
| ^
1 warning generated.

Signed-off-by: Leo Chen <shf.chen@mediatek.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: disable regression_1034 for SPMC_AT_EL=2

The regression test case 1034 loads a large TA that depending on how
fragmented the memory used by tee-supplicant, can use more memory than
usual to desc

ci: disable regression_1034 for SPMC_AT_EL=2

The regression test case 1034 loads a large TA that depending on how
fragmented the memory used by tee-supplicant, can use more memory than
usual to describe the physical pages involved. For Hafnium this can
cause a panic since it expects that everything should fit in 4 kB.

Here's an error log with the Hafnium panic:
D/TC:3 0 mobj_ffa_get_by_cookie:684 Populating mobj from rx buffer, cookie 0x3
Panic: check failed (ffa_retrieved_memory_region_init( retrieve_request, to_locked.vm->ffa_version, HF_MAILBOX_SIZE, memory_region->sender, attributes, memory_region->flags, handle, permissions, receiver, 1, memory_access_desc_size, composite->page_count, composite->constituent_count, share_state->fragments[0], share_state->fragment_constituent_counts[0], &total_length, &fragment_length)) at ../../src/ffa_memory.c:3437
[ 102.392292] rcu: INFO: rcu_preempt detected stalls

The log above is from a build with Hafnium v2.12.0, but the error also
exists in the latest version, v2.14.0. This is obviously a bug, but
until it's resolved disable the troublesome test case.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-corstone1000: Add Cortex-A320 support

Convert arm64-platform-cpuarch from a hard-coded cortex-a35 into a “?=”
(default) assignment so users can override it (for example to
cortex-a320) via the

plat-corstone1000: Add Cortex-A320 support

Convert arm64-platform-cpuarch from a hard-coded cortex-a35 into a “?=”
(default) assignment so users can override it (for example to
cortex-a320) via the make command line.

The Cortex-A320 core is not yet supported via -mcpu=cortex-a320.
When arm64-platform-cpuarch is set to cortex-a320, switch to
-march=armv9.2-a.

The new Corstone-1000 variant with Cortex-A320 replaces the original
GIC-400 (v2) interrupt controller with a GIC-600, which is
architecturally compliant with GICv3. Since OP-TEE already provides
a generic GICv3 driver, only minimal platform changes are needed
to expose the updated register map and initialize the GICv3 interface.

**Changes introduced**

* When `cortex-a320` is selected:
* Force `CFG_ARM_GICV3=y`.
* Map the Redistributor region (`GICR_BASE`).
* Use `gic_init_v3(…)` instead of the v2 helper for Cortex-A320 builds.
* Add `GICR_BASE`, `GIC_REDIST_REG_SIZE`, and related offsets.
* Retain legacy `GICC_BASE` definitions under the GICv2 path so that
the Cortex-A35 + GIC-400 variant continues to build unchanged.

Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Add support for TI mailbox driver

New devices like the AM62L use a mailbox to communicate with the
security firmware. Add mailbox driver here to support the mailbox
hardware.

Sign

plat-k3: drivers: Add support for TI mailbox driver

New devices like the AM62L use a mailbox to communicate with the
security firmware. Add mailbox driver here to support the mailbox
hardware.

Signed-off-by: Aniket Sarkar <a-sarkar1@ti.com>
Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

plat-k3: drivers: Refactor sec_proxy driver

Since the underneath transport layer may or may not always be sec_proxy
it doesn't make sense to keep following the k3_sec_proxy_* convention
for the TI_S

plat-k3: drivers: Refactor sec_proxy driver

Since the underneath transport layer may or may not always be sec_proxy
it doesn't make sense to keep following the k3_sec_proxy_* convention
for the TI_SCI message transports.
Rename them to something more generic like ti_sci_transport_*.

Signed-off-by: Aniket Sarkar <a-sarkar1@ti.com>
Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

plat-k3: drivers: Set SEC_PROXY_MAX_MSG_SIZE to 56

Currently, SEC_PROXY_MAX_MSG_SIZE is set to 60. However, its max size
(including the secure header) is 56. Therefore correct this macro.

Signed-of

plat-k3: drivers: Set SEC_PROXY_MAX_MSG_SIZE to 56

Currently, SEC_PROXY_MAX_MSG_SIZE is set to 60. However, its max size
(including the secure header) is 56. Therefore correct this macro.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

ci: notify_maintainers.py: filter out comment authors

This is a small bug fix for the notify_maintainers.py script which
should not mention a user who has already been involved in the
discussion. Cu

ci: notify_maintainers.py: filter out comment authors

This is a small bug fix for the notify_maintainers.py script which
should not mention a user who has already been involved in the
discussion. Currently, it filters out users that have explicitly been
mentioned (via '@user'), either by the CI bot or by a real user. But
it does not consider the comment authors. This is a mistake. Update
the code accordingly.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Open TRNG firewall for TIFS on all k3 devs

On k3 devices, TRNG is firewalled to be accessed only by OPTEE.

TIFS needs this for the encryption and decryption services to support
di

plat-k3: drivers: Open TRNG firewall for TIFS on all k3 devs

On k3 devices, TRNG is firewalled to be accessed only by OPTEE.

TIFS needs this for the encryption and decryption services to support
different low power modes. So, open firewall to TIFS as well.

There is no concurrent usage of TRNG, as TIFS uses TRNG only at suspend
when OPTEE is down and resume, when firewalls are restored but OPTEE is
not up yet.

As this is a firewall that required to be shared along with TIFS on all
devices, making this a common change and open on all devs.

Signed-off-by: Prasanth Babu Mantena <p-mantena@ti.com>
Reviewed-by: Manorit Chawdhry <m-chawdhry@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

compiler.h: detect builtin arithmetic overflow support with __has_builtin

Using the __has_builtin macro to check if the compiler has builtin
arithmetic overflow function. This makes OP-TEE use more

compiler.h: detect builtin arithmetic overflow support with __has_builtin

Using the __has_builtin macro to check if the compiler has builtin
arithmetic overflow function. This makes OP-TEE use more efficient
code when compiled with clang.

Tested with clang 21.0.0 on arm64 platform, the generated assembly
is using the CPU flags to check overflow.

Signed-off-by: Leo Chen <shf.chen@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutils: add integer overflow multiplication from LLVM compiler-rt

Add integer overflow multiplication function __mulodi4() needed for
__builtin_mul_overflow() to work on a few platforms.

Selected

libutils: add integer overflow multiplication from LLVM compiler-rt

Add integer overflow multiplication function __mulodi4() needed for
__builtin_mul_overflow() to work on a few platforms.

Selected files are imported from the compiler-rt directory in LLVM
version 20.1.3, tag llvmorg-20.1, to lib/libutils/compiler-rt with no
local changes except for the sub.mk file.

Signed-off-by: Leo Chen <shf.chen@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: free disk space earlier and in all jobs

Address two new "no space left on device" errors in CI:

- The first one appeared in the QEMUv8_checks_image_build job. To fix
it, avoid cloning the OP-TE

ci: free disk space earlier and in all jobs

Address two new "no space left on device" errors in CI:

- The first one appeared in the QEMUv8_checks_image_build job. To fix
it, avoid cloning the OP-TEE repository which is not needed in that job
i.e., remove the checkout action, and also run the host cleanup script.
The two other "image_build" jobs are updated as well for consistency.

- The second one happens in the _checks jobs. The fix consists in
running the host cleanup script earlier, before loading the Docker
image.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: add missing field in memory access descriptor

FF-A v1.2 introduced a 16 byte implementation-defined field in the
endpoint memory access descriptor. Update all handling of struct
ffa_mem_a

core: ffa: add missing field in memory access descriptor

FF-A v1.2 introduced a 16 byte implementation-defined field in the
endpoint memory access descriptor. Update all handling of struct
ffa_mem_access to for correct access regardless of FF-A version.

With this patch, OP-TEE will use the updated memory access descriptor,
but ignore the impdef field.

Suggested-by: Olivier Deprez <olivier.deprez@arm.com>
Fixes: bef959c837fe ("core: arm: ffa: switch to FF-A version 1.2")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: ele: update struct get_info_rsp{} fields

update struct get_info_rsp{} fields

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.or

drivers: ele: update struct get_info_rsp{} fields

update struct get_info_rsp{} fields

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: ele: enable getting HUK/RNG from ELE on i.MX943

Enable support for getting HUK/RNG from ELE on i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <r

drivers: ele: enable getting HUK/RNG from ELE on i.MX943

Enable support for getting HUK/RNG from ELE on i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable MU and ELE driver on i.MX943

Enable MU and ELE driver on i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>

core: imx: enable MU and ELE driver on i.MX943

Enable MU and ELE driver on i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add MU_BASE and MU_SIZE for i.MX943

Add MU_BASE and MU_SIZE for i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>

core: imx: add MU_BASE and MU_SIZE for i.MX943

Add MU_BASE and MU_SIZE for i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_mu: add support for i.MX943

Enable MU driver support for i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked

drivers: imx_mu: add support for i.MX943

Enable MU driver support for i.MX943

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...