plat-stm32mp1: pager use SYSRAM last page if possible

Update stm32mp1 with pager TZSRAM size to use SYSRAM last page
now that pager implementation issue pager pageable boundary is
addressed.

Signed

plat-stm32mp1: pager use SYSRAM last page if possible

Update stm32mp1 with pager TZSRAM size to use SYSRAM last page
now that pager implementation issue pager pageable boundary is
addressed.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: ensure all pager VA space is mapped with small pages

Fix can_map_at_level() to ensure all memory areas related the pager
pageable virtual memory are mapped with small pages. This change
fi

core: mm: ensure all pager VA space is mapped with small pages

Fix can_map_at_level() to ensure all memory areas related the pager
pageable virtual memory are mapped with small pages. This change
fixes an issue found when the pager physical RAM ends on a section
boundary (e.g. 512MB or 2MB on LPAE case) making the virtual memory
mapping above that boundary to be prepared with pgdir or wider MMU tables
while pager implementation expects 4kB page MMU tables.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: stm32: add an error trace when registering CRYP and SAES

Drvcrypt framework can only register one symmetric cipher driver.
Add an explicit error trace in function stm32_register_cip

drivers: crypto: stm32: add an error trace when registering CRYP and SAES

Drvcrypt framework can only register one symmetric cipher driver.
Add an explicit error trace in function stm32_register_cipher() when
several cipher drivers are registered.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32_saes: SAES depends on RNG clock

Fixes missing dependency of SAES device on RNG clock.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bou

drivers: crypto: stm32_saes: SAES depends on RNG clock

Fixes missing dependency of SAES device on RNG clock.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

dts: stm32: add SAES dependency on RNG clock for stm32mp13

Adds missing RNG clock resource in SAES and PKA nodes in stm32mp13
SoC DTSI files.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st

dts: stm32: add SAES dependency on RNG clock for stm32mp13

Adds missing RNG clock resource in SAES and PKA nodes in stm32mp13
SoC DTSI files.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: crypto: stm32_saes: add PM to SAES driver

Add power management support to the SAES driver through suspend/resume
callbacks.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
S

drivers: crypto: stm32_saes: add PM to SAES driver

Add power management support to the SAES driver through suspend/resume
callbacks.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

driver: crypto: hisilicon: add ECC gen_keypair and ECDH

add ECC gen_keypair and ECDH

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

Update CHANGELOG for 4.3.0

Update CHANGELOG for 4.3.0 and collect Tested-by tags.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v

Update CHANGELOG for 4.3.0

Update CHANGELOG for 4.3.0 and collect Tested-by tags.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qxpmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (rockchip-rk3399, Rockpi4B)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Imre Kis <imre.kis@arm.com> (fvp-ts)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (stm32mp1-135F_DK)

show more ...

core: mm: strip the tag of VA when check_pa_matches_va

When CFG_TEE_CORE_DEBUG=y and CFG_MEMTAG=y, core will crash, if there are
some modules call virt_to_phys() or core_vbuf_is() and so on.
Because

core: mm: strip the tag of VA when check_pa_matches_va

When CFG_TEE_CORE_DEBUG=y and CFG_MEMTAG=y, core will crash, if there are
some modules call virt_to_phys() or core_vbuf_is() and so on.
Because the MM can not find map by the tagged VA, so strip the tag of
VA when check_pa_matches_va().

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: wentao.sun <wentao.sun@amlogic.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm32: ftrace: skip profiling of __aeabi functions

When compiling the __aeabi functions, skip profiling unconditionally to
avoid recursive calls.

Reported-by: Jerome Forissier <jerome.forissier@lin

arm32: ftrace: skip profiling of __aeabi functions

When compiling the __aeabi functions, skip profiling unconditionally to
avoid recursive calls.

Reported-by: Jerome Forissier <jerome.forissier@linaro.org>
Closes: https://github.com/OP-TEE/optee_os/issues/6870
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)

show more ...

core: arm64: fix compiling warning when enable BTI.

Fix compiling warning in sm4_armv8a_ce_a64.S when CFG_CORE_BTI=y:
aarch64-none-linux-gnu-ld.bfd: out/core/arch/arm/crypto/sm4_armv8a_ce_a64.o:
war

core: arm64: fix compiling warning when enable BTI.

Fix compiling warning in sm4_armv8a_ce_a64.S when CFG_CORE_BTI=y:
aarch64-none-linux-gnu-ld.bfd: out/core/arch/arm/crypto/sm4_armv8a_ce_a64.o:
warning: BTI turned on by -z force-bti when all inputs do not have BTI in NOTE section.

Signed-off-by: wentao.sun <wentao.sun@amlogic.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Fix TA_FLAGS_MASK

Add missing TA_FLAG_DONT_CLOSE_HANDLE_ON_CORRUPT_OBJECT to
TA_FLAGS_MASK.

Fixes: 138c5102ef4c ("GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject")
Suggested-by: Mik

Fix TA_FLAGS_MASK

Add missing TA_FLAG_DONT_CLOSE_HANDLE_ON_CORRUPT_OBJECT to
TA_FLAGS_MASK.

Fixes: 138c5102ef4c ("GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject")
Suggested-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: firewall: fix warning when compiling with no trace.

When compiling with CFG_TEE_CORE_LOG_LEVEL=0 this warning is raised :
core/drivers/firewall/firewall.c: In function ‘firewall_dt_probe_bus’:

core: firewall: fix warning when compiling with no trace.

When compiling with CFG_TEE_CORE_LOG_LEVEL=0 this warning is raised :
core/drivers/firewall/firewall.c: In function ‘firewall_dt_probe_bus’:
core/drivers/firewall/firewall.c:297:62: error: unused parameter ‘ctrl’ [-Werror=unused-parameter]
297 | struct firewall_controller *ctrl)

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: drivers: relicense hisi_trng.c as BSD-2-Clause

The file core/drivers/hisi_trng.c should not have been committed with a
GPL-2.0 license. Relicense it as BSD-2-Clause.

Signed-off-by: Jerome For

core: drivers: relicense hisi_trng.c as BSD-2-Clause

The file core/drivers/hisi_trng.c should not have been committed with a
GPL-2.0 license. Relicense it as BSD-2-Clause.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Closes: https://github.com/OP-TEE/optee_os/issues/6834
Acked-by: loubaihui <loubaihui1@huawei.com>
Acked-by: leisen <leisen1@huawei.com>

show more ...

core: arm64: Fixing SHA3-224 failed when using ARMv8.2-A cryptographic extensions

The block size of SHA3-224 is 144 bytes. In sha3_armv8a_ce_a64.S, it is
reading 152 bytes and deriving incorrect re

core: arm64: Fixing SHA3-224 failed when using ARMv8.2-A cryptographic extensions

The block size of SHA3-224 is 144 bytes. In sha3_armv8a_ce_a64.S, it is
reading 152 bytes and deriving incorrect result.

Observing SHA3-224 failed on long input message.

o regression_4001.8 Hash case 7 algo 0x50000008
regression_4001.8 OK
o regression_4001.9 Hash case 8 algo 0x50000008
vendor/amlogic/common/optee_test/host/xtest/regression_4000.c:1336: out has an unexpected content:
Got
06:F9:E6:CB 65:6C:15:4B 04:79:00:72 E5:F0:61:24 ....el.K.y.r..a$
F6:DE:1E:F8 B6:DB:33:9F A5:0B:38:CF ......3...8.
Expected
AA:B2:3C:9E 7F:B9:D7:DA CE:FD:FD:0B 1A:E8:5A:B1 ..<...........Z.
37:4A:BF:F7 C4:E3:F7:55 6E:CA:E4:12 7J.....Un...
...
vendor/amlogic/common/optee_test/host/xtest/regression_4000.c:1388: out has an unexpected content:
Got
C8:8E:8D:D6 ....
Expected
AA:B2:3C:9E ..<.
vendor/amlogic/common/optee_test/host/xtest/regression_4000.c:1401: out has an unexpected content:

Signed-off-by: Matthew Shyu <matthew.shyu@amlogic.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: bottom half uart driver with non-secure virtualization

Enable the bottom half uart driver with FF-A and non-secure
virtualization enabled.

The console struct itr_handler and struct n

plat-vexpress: bottom half uart driver with non-secure virtualization

Enable the bottom half uart driver with FF-A and non-secure
virtualization enabled.

The console struct itr_handler and struct notif_driver are moved into
nexus memory as needed.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: make S-EL1 notifications virtualization-aware

Add new defines for the ABI functions FFA_NOTIFICATION_GET and
FFA_NOTIFICATION_INFO_GET to support a more complete implementation of
the ABI

core: ffa: make S-EL1 notifications virtualization-aware

Add new defines for the ABI functions FFA_NOTIFICATION_GET and
FFA_NOTIFICATION_INFO_GET to support a more complete implementation of
the ABI.

The bookkeeping of the notification state is moved into a guest specific
struct notif_vm_bitmap.

Asynchronous notification is enabled per guest. Each guest defines its
own notification ID to request bottom half processing.

The FFA_NOTIFICATION_INFO_GET handler is updated to be able to report
multiple guest IDs.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make generic notifications virtualization-aware

Makes the generic notification handling aware of virtualization. Atomic
events are delivered with a guest_id parameter and asynchronous
notifica

core: make generic notifications virtualization-aware

Makes the generic notification handling aware of virtualization. Atomic
events are delivered with a guest_id parameter and asynchronous
notifications are started per guest_id.

struct notif_data is added as guest specific data to be able to track if
notifications are started for a guest.

While this patch compiles it doesn't work as intended without patches
handling the ABI specific side of things.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: add guest specific data

Add virt_add_guest_spec_data() and virt_get_guest_spec_data() to handle
guest specific data.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by:

core: virt: add guest specific data

Add virt_add_guest_spec_data() and virt_get_guest_spec_data() to handle
guest specific data.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: support iterating over partitions

Add support to iterate over partitions using virt_next_guest().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <e

core: virt: support iterating over partitions

Add support to iterate over partitions using virt_next_guest().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: get guest ID of a guest partition

Add the function virt_get_guest_id() to return the guest ID of a guest
partition.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: E

core: virt: get guest ID of a guest partition

Add the function virt_get_guest_id() to return the guest ID of a guest
partition.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: get current guest partition

Add the function virt_get_current_guest() to get a pointer to the
current guest partition. The returned guest partition has its reference
counter increased wh

core: virt: get current guest partition

Add the function virt_get_current_guest() to get a pointer to the
current guest partition. The returned guest partition has its reference
counter increased which must be restored with a matching call to
virt_put_guest() when the caller is done with the guest partition.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: virt: get guest partition by guest ID

Add the function virt_get_guest() to get the pointer to a guest
partition with a certain guest ID. The returned guest partition has its
reference counter

core: virt: get guest partition by guest ID

Add the function virt_get_guest() to get the pointer to a guest
partition with a certain guest ID. The returned guest partition has its
reference counter increased which must be restored with a matching call
to virt_put_guest() when the caller is done with the guest partition.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa+virt: avoid changing nexus mappings

Don't unmap nexus mapped rxtx buffers when configured for non-secure
virtualization.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by

core: ffa+virt: avoid changing nexus mappings

Don't unmap nexus mapped rxtx buffers when configured for non-secure
virtualization.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: conf: restore generic default heap size

Remove reduced default heap size configuration of 48kB when pager is
enabled on stm32mp1 platforms. 48kB of core heap may not always be enough

plat-stm32mp1: conf: restore generic default heap size

Remove reduced default heap size configuration of 48kB when pager is
enabled on stm32mp1 platforms. 48kB of core heap may not always be enough
to pass OP-TEE Test regression test 4011 related to Bleichenbacher attack
since it consumes 4.5kB more memory on in OP-TEE core since we upgraded
to Mbed TLS library 3.6.0. The platform now default uses the generic 64kB
default heap size set from mk/config.mk.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...