core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (Encry

core: add CFG_RSA_PUB_EXPONENT_3

When generating RSA key pairs, OP-TEE currently enforces a minimum public
exponent size of 65537 per NIST SP800-56B recommendations. However, AOSP
KeyMint VTS (EncryptionOperationsTest.RsaNoPaddingSuccess [1]) requires
implementations to support public exponent 3 for backwards compatibility.
Add CFG_RSA_PUB_EXPONENT_3 to allow public exponents >= 3.

Link: https://android.googlesource.com/platform/hardware/interfaces/+/refs/heads/main/security/keymint/aidl/vts/functional/KeyMintTest.cpp#5258 [1]
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: lib: scmi-server: add CMake defines for embedded modules

Enable CMake directive CMAKE_C_COMPILER_WORKS to prevent SCP-firmware
CMake configuration sequence to check the cross compilation toolc

core: lib: scmi-server: add CMake defines for embedded modules

Enable CMake directive CMAKE_C_COMPILER_WORKS to prevent SCP-firmware
CMake configuration sequence to check the cross compilation toolchain
since it is not needed here: OP-TEE only uses CMake to configure
SCP-firmware, not to build source files. This change is required when
building OP-TEE with CFG_SCMI_SCPFW=y and using a CMake >= 3.27.0.

Suggested-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: include standard header files from stpmic1_regulator.h

Add missing inclusion of stdbool.h and stddef.h in stpmic1_regulator.h.
The issue was revealed when upgrading to latest SCP-firmware s

drivers: include standard header files from stpmic1_regulator.h

Add missing inclusion of stdbool.h and stddef.h in stpmic1_regulator.h.
The issue was revealed when upgrading to latest SCP-firmware source tree.

Fixes: 9cb0d51670f2 ("drivers: stpmic1: export regulators API in a specific header file")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-sam: remove CFG_PL310_LOCKED

When locking the PL310 cache, it behaves as disable which lead to poor
performances in Linux.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-b

plat-sam: remove CFG_PL310_LOCKED

When locking the PL310 cache, it behaves as disable which lead to poor
performances in Linux.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ldelf: Fix dumping physical address of ELF segment

Fix the strange values of "pa" when TA ELF mappings is dumped. The
function argument of print_seg() should be explicit physical address of
mapping

ldelf: Fix dumping physical address of ELF segment

Fix the strange values of "pa" when TA ELF mappings is dumped. The
function argument of print_seg() should be explicit physical address of
mapping rather than offset of the segment.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Yu Chien Peter Lin <peterlin@andestech.com>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestec

riscv: plat-virt: Enable CFG_HWRNG_PTA

Enable CFG_HWRNG_PTA with the implementation of the RISC-V
Zkr driver which provides the hardware entropy source.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards v

drivers: Add RISC-V Zkr hardware random number generator support

The RISC-V Zkr entropy source extension introduces a physical
entropy source compliant with NIST SP 800-90B or BSI AIS-31
standards via the seed CSR.

Note that this driver cannot be used unless access is explicitly
granted by M-mode, e.g. OpenSBI have to set mseccfg.SSEED for
OP-TEE OS.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the us

core: riscv: Add seed CSR detection helper

Any attempted access to unimplemented or restricted CSRs will
raise an illegal instruction, so we can set up a temporary
trap handler to validate if the use of CSRs is allowed in
the privileged mode where OP-TEE OS is running. Add a helper
for this specific purpose.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: add IPCC1/2 nodes in stm32mp251.dtsi

Add Inter-Processor Communication Controller 1/2(IPCC) nodes and default
disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.c

dts: stm32: add IPCC1/2 nodes in stm32mp251.dtsi

Add Inter-Processor Communication Controller 1/2(IPCC) nodes and default
disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support IPCC driver

Default enable IPCC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carri

plat-stm32mp2: conf: support IPCC driver

Default enable IPCC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restric

drivers: add IPCC driver and its RIF support

This driver implements RIF configuration for IPCC, which is a RIF
aware IP. It means that the IPCC driver is in charge of configuring its
own RIF restrictions and that the IPCC has dedicated RIF configuration
registers.

RIF configuration data is part of the ipcc_pdata structure.

CID filtering is applied to the entirety of the channels of a processor.
When CID filtering is enabled for a processor, it enables the filtering and
the IPCC interrupt routing for all of its IPCC channels.

However, security and privilege configuration granularity go as far as
configuration for each IPCC channel.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add HSEM node in stm32mp251.dtsi

Add the Hardware SEMaphore(HSEM) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carrier

dts: stm32: add HSEM node in stm32mp251.dtsi

Add the Hardware SEMaphore(HSEM) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support HSEM driver

Default enable HSEM driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carri

plat-stm32mp2: conf: support HSEM driver

Default enable HSEM driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add RIF support driver for HSEM

This driver implements RIF configuration for HSEM, which is a RIF
aware IP. It means that the HSEM driver is in charge of configuring its
own RIF restriction

drivers: add RIF support driver for HSEM

This driver implements RIF configuration for HSEM, which is a RIF
aware IP. It means that the HSEM driver is in charge of configuring its
own RIF restrictions and that the HSEM has dedicated RIF configuration
registers.

HSEM has two types of CID filtering registers.
-For processor filtering : HSEM_CnCIDCFGR
When CFEN is enabled: processor[n] CID filtering enabled for HSEM_(S)CnIER,
HSEM_(S)CnICR, HSEM_(S)CnISR, and HSEM_(S)CnMISR registers and for allowed
list filter usage in HSEM_GpCIDCFGR.SEM_WLIST_Cn. The CID is put in the
CID bitfield.

-For semaphore group filtering : HSEM_GpCIDCFGR
Used to apply CID filtering over a group of semaphore. The same policy
applies to all semaphores present in the group. This register handles
what are the processor's CID who are white-listed for the group in the
SEM_WLIST_C bitfield.

Therefore, both these registers are interconnected.

Security and privilege configuration granularity expands to each individual
semaphore.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add HPDMA1/2/3 nodes in stm32mp251.dtsi

Add HPDMA1/2/3 nodes and default disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etien

dts: stm32: add HPDMA1/2/3 nodes in stm32mp251.dtsi

Add HPDMA1/2/3 nodes and default disable them.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support HPDMA driver

Default enable HPDMA driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.car

plat-stm32mp2: conf: support HPDMA driver

Default enable HPDMA driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add HPDMA driver with RIF support

This driver implements RIF configuration for HPDMA, which is a RIF aware
IP. It means that the HPDMA driver is in charge of configuring its own RIF
restric

drivers: add HPDMA driver with RIF support

This driver implements RIF configuration for HPDMA, which is a RIF aware
IP. It means that the HPDMA driver is in charge of configuring its own RIF
restrictions and that the HPDMA has dedicated RIF configuration registers.

RIF configuration is possible when the executing context is TDCID.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add FMC node in stm32mp251.dtsi

Add the Flexible Memory Controller(FMC) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne C

dts: stm32: add FMC node in stm32mp251.dtsi

Add the Flexible Memory Controller(FMC) node and default disable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: support FMC driver

Default enable FMC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carrier

plat-stm32mp2: conf: support FMC driver

Default enable FMC driver for platform stm32mp2.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add FMC driver with RIF support

This driver implements RIF configuration for FMC, which is a RIF aware IP.
It means that the FMC driver is in charge of configuring its own RIF
restrictions

drivers: add FMC driver with RIF support

This driver implements RIF configuration for FMC, which is a RIF aware IP.
It means that the FMC driver is in charge of configuring its own RIF
restrictions and that the FMC has dedicated RIF configuration registers.

Additional check on RIF configuration is added for this IP when debug is
on.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mutex: add support timeout condvar

Add support timeout condvar based on timeout notify

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org

core: mutex: add support timeout condvar

Add support timeout condvar based on timeout notify

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: notif: add support timeout notify

Add support timeout notification, allowing to
avoid waiting indefinitely for the completion of an event

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Rev

core: notif: add support timeout notify

Add support timeout notification, allowing to
avoid waiting indefinitely for the completion of an event

Signed-off-by: Gavin Liu <gavin.liu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make sure tee_entry_get_os_revision() uses a proper TEE_IMPL_GIT_SHA1

tee_entry_get_os_revision() stores TEE_IMPL_GIT_SHA1 into a 32 or
64-bit register, depending on the platform. Unfortunatel

core: make sure tee_entry_get_os_revision() uses a proper TEE_IMPL_GIT_SHA1

tee_entry_get_os_revision() stores TEE_IMPL_GIT_SHA1 into a 32 or
64-bit register, depending on the platform. Unfortunately the command
that creates TEE_IMPL_GIT_SHA1 does not provide any guarantee that the
value will fit. For instance it can happen that 8 characters are not
enough to disambiguate two commits in the repository, in which case
git rev-parse --short=8 will happily return 9 or more characters. In
this case a 32-bit build would display a warning and TEE_IMPL_GIT_SHA1
would be truncated in a way we don't want (discarding the most
significant bits).

Therefore, make sure TEE_IMPL_GIT_SHA1 is exactly 8 or 16 hexadecimal
characters (plus the leading 0x).

The OPTEE_FFA_GET_OS_VERSION operation in handle_blocking_call() has to
be modified since the output is a 32-bit register, and SPMC being a 64-bit
TEE core, TEE_IMPL_GIT_SHA1 is a 64-bit value too.

CI needs updating to avoid the following error:

fatal: detected dubious ownership in repository at
'/__w/optee_os/optee_os'

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Closes: https://github.com/OP-TEE/optee_os/issues/6783
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: firewall: move RIFPROT binding

Move RIFPROT macro definition in stm32mp25-rif.h as it is common
to all RIF-based peripherals.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.s

dt-bindings: firewall: move RIFPROT binding

Move RIFPROT macro definition in stm32mp25-rif.h as it is common
to all RIF-based peripherals.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: fix stm32_rif_semaphore_enabled_and_ok() prototype

The stm32_rif_semaphore_enabled_and_ok() function checks a single CID
at a time, not a bit field.

Fixes: 1506f47af917 ("drivers

drivers: firewall: fix stm32_rif_semaphore_enabled_and_ok() prototype

The stm32_rif_semaphore_enabled_and_ok() function checks a single CID
at a time, not a bit field.

Fixes: 1506f47af917 ("drivers: firewall: add stm32_rif driver for common RIF features")
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...