driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Ac

driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

checkpatch: add ignore=STRLCPY

Checkpatch complains over strlcpy:
WARNING: Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89

However, OP-TEE doesn't have a strscpy() functi

checkpatch: add ignore=STRLCPY

Checkpatch complains over strlcpy:
WARNING: Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89

However, OP-TEE doesn't have a strscpy() function to use, so silence the
warning until one is available.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add phys_mem allocation functions

Add nex_phys_mem and phys_mem allocation functions. These functions are
intended to replace the previous calls to tee_mm functions on with the
virt_mapper_poo

core: add phys_mem allocation functions

Add nex_phys_mem and phys_mem allocation functions. These functions are
intended to replace the previous calls to tee_mm functions on with the
virt_mapper_pool or tee_mm_sec_ddr as arguments.

The pool of physical memory is divided into two parts, core and ta. All
physical TA memory allocations are done from the core pool if a ta pool
isn't added. This might be the case if core and ta physical memory
resides in the same physical memory range.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Simplify SP setup in setup_unwind_user_mode()

The parameter "regs" is the stack pointer which is allocated to store
system call registers when calling thread_scall_handler(). Thus, we c

core: riscv: Simplify SP setup in setup_unwind_user_mode()

The parameter "regs" is the stack pointer which is allocated to store
system call registers when calling thread_scall_handler(). Thus, we can
simply get the original stack pointer by "regs + 1" equation, and use it
to exit user mode.

The code is referenced from ARM's setup_unwind_user_mode().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in c

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in core/kernel/thread.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutils: malloc.h: add nex_malloc_buffer_overlaps_heap()

Add the macros nex_malloc_buffer_overlaps_heap() and
nex_malloc_buffer_is_within_alloced() as aliases for
malloc_buffer_overlaps_heap() and

libutils: malloc.h: add nex_malloc_buffer_overlaps_heap()

Add the macros nex_malloc_buffer_overlaps_heap() and
nex_malloc_buffer_is_within_alloced() as aliases for
malloc_buffer_overlaps_heap() and malloc_buffer_is_within_alloced() when
virtualization isn't enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: add PADDR_MAX and PADDR_SIZE_MAX

Add defines for the maximum values of paddr_t and paddr_size_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <j

libutils: add PADDR_MAX and PADDR_SIZE_MAX

Add defines for the maximum values of paddr_t and paddr_size_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wikland

core: arm: kern.ld.S: assert enough RAM for paging

Update the assert for enough ram for paging to take hash data and
relocation information into account.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-

vexpress-qemu_armv8a: increase CFG_CORE_TZSRAM_EMUL_SIZE to 512 kB

Set the default emulated SRAM to 512 kB since the default 448 kB isn't
enough to build with CFG_CORE_ASLR=y with a margin.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: remoteproc: add command to release remote processor firmware

This patch introduces a new command `TA_RPROC_CMD_RELEASE_FW` to release
the firmware images and associated resources of a remote pro

ta: remoteproc: add command to release remote processor firmware

This patch introduces a new command `TA_RPROC_CMD_RELEASE_FW` to release
the firmware images and associated resources of a remote processor.

This command can be called by the non-secure context to release the loaded
firmware if the remoteproc is not running.

The command can be used, for instance, in case an error occurs in the
non-secure context between the load request and the start of the
remote processor. Calling the command allows releasing the loaded firmware
and going back to the REMOTEPROC_OFF state.

This command should also be called after the stop of the
remote processor to release associated resources.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: remoteproc: Add command to release remote processor resources

This patch introduces a new PTA command `PTA_REMOTEPROC_RELEASE` to
release the resources associated with a remote processor.

- De

pta: remoteproc: Add command to release remote processor resources

This patch introduces a new PTA command `PTA_REMOTEPROC_RELEASE` to
release the resources associated with a remote processor.

- Definition of the `PTA_REMOTEPROC_RELEASE` PTA command the header file
- Implement the command in the stm32mp remote proc PTA to request the
clean of the remoteproc memories.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_remoteproc: Add remote processor memories cleanup function

This patch introduces a new function stm32_rproc_clean_up_memories() to
clean up the memory regions used by the remote proce

drivers: stm32_remoteproc: Add remote processor memories cleanup function

This patch introduces a new function stm32_rproc_clean_up_memories() to
clean up the memory regions used by the remote processor.
The function iterates over each memory region, maps it, clears the memory
by setting it to zero, and then unmaps it.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: plat-virt: Set CFG_BOOT_SYNC_CPU=n

On RISC-V QEMU virt platform, OP-TEE OS runs as S-mode. There is a
secure monitor runs as M-mode and controls the hart state of the
secondary CPUs in SMP sy

riscv: plat-virt: Set CFG_BOOT_SYNC_CPU=n

On RISC-V QEMU virt platform, OP-TEE OS runs as S-mode. There is a
secure monitor runs as M-mode and controls the hart state of the
secondary CPUs in SMP system (e.g., by SBI HSM extension) during OP-TEE
OS secondary CPUs booting.

Thus, RISC-V virt platform does not need CFG_BOOT_SYNC_CPU.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layou

core: add CFG_CORE_ASLR_SEED

Add CFG_CORE_ASLR_SEED to override the used seed if CFG_CORE_ASLR=y.
CFG_CORE_ASLR_SEED is intended to help debugging ASLR related issues
by using the same address layout each time.

CFG_CORE_ASLR_SEED requires CFG_INSECURE=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header

core: drivers: riscv_zkr_rng: limit seed reading time

If the attempts to read SEED exceed 1 second for 16-bit
randomness, we consider it a failure.

Also, move seed CSR field encodings to the header file.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can de

core: spmc: handle BTI/PAUTH info in SP manifest

Provide information to the SP whether BTI and PAUTH are enabled in
OP-TEE by updating the relevant DT node in the SP manifest.
This way the SP can detect if the required protection is not available.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etien

core: Enable pointer authentication for SPs

Add support to pauth keys for SPs if pointer authentication is enabled.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Et

core: spmc: Enable BTI for binary SPs

Enable BTI (Branch Target Identification) if the
GP attribute is set and the region is executable.

Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
b

core: riscv: core_mmu_arch: fix next level page-table translation

If arch_va2pa_helper() and core_mmu_find_table() are called when
the MMU is disabled, we don't need to convert the next level page
base address with phys_to_virt(). Add core_mmu_xlat_table_entry_pa2va()
to handle this address translation.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a p

core: riscv: core_mmu_arch: remove address translation when initializing SATP

Fix the handling of the page table base address (pgt) by removing
the unnecessary virt_to_phys(). The pgt is already a physical address,
and thus does not require translation.

Additionally, since the ASID always set to 0, replaced the redundant
assertions with a explicit check to ensure the MMU is disabled in the
context.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG

core: riscv: Increase size of stacks and extra check space

To support CFG_CORE_DEBUG_CHECK_STACKS=y for RISC-V, we set
STACK_CHECK_EXTRA as 1536 like what ARM does.

To avoid stack overruns when CFG_CORE_DEBUG_CHECK_STACKS=y, we increase
the size of abort stack to 4096 bytes and size of thread stack to 10240
bytes.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries trie

plat-k3: drivers: Change SA2UL_init service to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to get
random_stack_canaries which requires the TRNG driver to be setup. Since
it was being setup as part of driver_init, it lead to crash on K3
platforms.

Change driver_init to service_init_crypto which is meant to be used for
initialization of crypto operations. Also, for the TISCI services to be
available before service_init_crypto, change init_ti_sci invocation to
early_init_late.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Kamlesh Gurudasani <kamlesh@ti.com>
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>

show more ...