dts: stm32: enable IWDG1 on stm32mp257f-dk board

Enable IWDG1 node and set a 32s timeout.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier

dts: stm32: enable IWDG1 on stm32mp257f-dk board

Enable IWDG1 node and set a 32s timeout.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

Update OPTEE MAINTAINERS list

This commit add Arm Automotive Reference Design
platform to the MAINTAINERS list

Signed-off-by: Ahmed Tiba <ahmed.tiba@arm.com>
Acked-by: Jerome Forissier <jerome.fori

Update OPTEE MAINTAINERS list

This commit add Arm Automotive Reference Design
platform to the MAINTAINERS list

Signed-off-by: Ahmed Tiba <ahmed.tiba@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: Fix handling of failed TA_CreateEntryPoint() in keep-alive TAs

Do not mark init as done if init fails. This is necessary to avoid
running a TA uninitialized. Also, add a new marker indicati

libutee: Fix handling of failed TA_CreateEntryPoint() in keep-alive TAs

Do not mark init as done if init fails. This is necessary to avoid
running a TA uninitialized. Also, add a new marker indicating if the
malloc pool and other runtime setup has been performed - this part
of the init must not be repeated.

This issue could cause a NULL pointer dereference in PKCS#11 TA if
the TA's init failed. F.ex., if `tee-supplicant` was unavailable, the
PKCS#11 TA's `TA_CreateEntryPoint()` would fail to init its tokens,
and an error value would be returned. This in itself is fine, but the
problem is that the init would be marked as done. Hence, for the next
session, the TA's `TA_CreateEntryPoint()` would be omitted during init.

Link: https://github.com/OP-TEE/optee_os/pull/7443
Signed-off-by: Johan Korsnes <johan.korsnes@remarkable.no>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: refactor RD-1AE and RD-Aspen into automotive_rd flavors

This change moves RD-1AE and RD-Aspen under a single
automotive_rd platform with per-flavor configuration.

Key updates:
- Introduc

core: arm: refactor RD-1AE and RD-Aspen into automotive_rd flavors

This change moves RD-1AE and RD-Aspen under a single
automotive_rd platform with per-flavor configuration.

Key updates:
- Introduce plat-automotive_rd/ with shared main.c,
platform_config.h and Makefiles.
- Define RD-1AE and RD-Aspen are selected
via PLATFORM_FLAVOR rd1ae or rdaspen.
- Merge flavor settings (UART/GIC/DRAM/topology)
into platform_config.h and conf.mk files.
- Use default get_core_pos_mpidr() by setting appropriate
CFG_CORE_CLUSTER_SHIFT / CFG_CORE_THREAD_SHIFT for rdaspen,
eliminating custom assembly where not required.

Benefits:
- Consistent with OP-TEE’s platform/variant framework.
- Reduces code duplication between RD-1AE and RD-Aspen.
- Simplifies adding new automotive reference design flavors
in the future.

Usage:
- Set PLATFORM=automotive_rd
- Set PLATFORM_FLAVOR to rdaspen or rd1ae

Signed-off-by: Ahmed Tiba <ahmed.tiba@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: align the address of transfer entry

Fix two issues in transfer_list_add() and transfer_list_add_with_align(),
which cause incompliance with the Firmware Handoff spec v1.0 [1].

1. Avoi

core: kernel: align the address of transfer entry

Fix two issues in transfer_list_add() and transfer_list_add_with_align(),
which cause incompliance with the Firmware Handoff spec v1.0 [1].

1. Avoid adding entries at an unaligned address.
2. Remove the implicit padding at the end of a transfer entry which is
included by 'tl->size'.

[1] https://github.com/FirmwareHandoff/firmware_handoff/releases/tag/v1.0

Fixes: a12225022bd5 ("core: add transfer list API")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: stmm_sp: return FFA_NOT_SUPPORTED for undefined FFA functions

edk2's patch ("ArmFfaLib: Add Rx/Tx support for Stmm secure partition") [0]
added Rx/Tx buffer mapping support to ArmFfaStand

core: arm: stmm_sp: return FFA_NOT_SUPPORTED for undefined FFA functions

edk2's patch ("ArmFfaLib: Add Rx/Tx support for Stmm secure partition") [0]
added Rx/Tx buffer mapping support to ArmFfaStandaloneMm(Core)Lib.

However, stmm_sp does not require Rx/Tx buffer mapping and
its SVC handler is lightweight. Therefore, when it receives
an undefined FFA function, it is sufficient to return FFA_NOT_SUPPORTED to
StandaloneMm instead of panicking.

This also aligns with the FF-A specification, which requires returning
FFA_NOT_SUPPORTED when an unimplemented function ID is received.

If StandaloneMm fails to initialize, it will return FFA_ERROR.
In this case, there is no way to keep the stmm_sp TA alive,
so panic is called.
Otherwise, StandaloneMm will return with DIRECT_MSG_RESP.

Link: https://github.com/tianocore/edk2/pull/11080/commits/75ca159e57dbe081b89373046280f34d67571852 [0]
Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Tested-by: Mikko Rapeli <mikko.rapeli@linaro.org>

show more ...

core: riscv: add build config for MPXY/RPMI support

Enable compilation of MPXY/RPMI support by introducing the build
option `CFG_RISCV_SBI_MPXY_RPMI`.

This commit:
- Adds sbi_mpxy_rpmi.c to the bui

core: riscv: add build config for MPXY/RPMI support

Enable compilation of MPXY/RPMI support by introducing the build
option `CFG_RISCV_SBI_MPXY_RPMI`.

This commit:
- Adds sbi_mpxy_rpmi.c to the build when the option is enabled
- Forces `CFG_RISCV_SBI_MPXY` when MPXY/RPMI is selected
- Enables CFG_RISCV_SBI_MPXY_RPMI in plat-virt by default

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: add initial RPMI/MPXY integration support

This commit introduces infrastructure to support RPMI communication via
the SBI MPXY extension. MPXY allows supervisor software to send and
rec

core: riscv: add initial RPMI/MPXY integration support

This commit introduces infrastructure to support RPMI communication via
the SBI MPXY extension. MPXY allows supervisor software to send and
receive RPMI messages through M-mode firmware acting as a proxy.

Functions added by this commit are sufficient to implement the
RequestForward service group.

Support for asynchronous events, notifications, and MSI-based message
delivery will be added in future commits.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

riscv: sbi_mpxy_rpmi.h: add RPMI protocol-specific definitions for MPXY

Introduce sbi_mpxy_rpmi.h, a header defining RPMI message protocol
attributes and message types specific to the MPXY SBI exten

riscv: sbi_mpxy_rpmi.h: add RPMI protocol-specific definitions for MPXY

Introduce sbi_mpxy_rpmi.h, a header defining RPMI message protocol
attributes and message types specific to the MPXY SBI extension.
This includes enums for attribute and message type identifiers, a
unified RPMI message structure, and helper initializers to simplify
message construction.

These definitions serve as the interface between supervisor-level RPMI
clients and the underlying MPXY transport.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

riscv: rpmi.h: add defines of RISC-V RPMI messaging protocol

The RPMI messaging protocol includes all the RPMI messages exchanged
over a RPMI transport channel.

*NOTE*: The RISC-V RPMI specificatio

riscv: rpmi.h: add defines of RISC-V RPMI messaging protocol

The RPMI messaging protocol includes all the RPMI messages exchanged
over a RPMI transport channel.

*NOTE*: The RISC-V RPMI specification is not yet ratified
as a full standard. This is based on the v0.99 draft released during
May–June 2025 The draft is frozen and in public review.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

remoteproc: fix potential overflows in TLV parsing

This commit is fixing two issues:
- Verify that the end of the buffer is not reached before reading the
tag and value.
- Verify that the entire TLV

remoteproc: fix potential overflows in TLV parsing

This commit is fixing two issues:
- Verify that the end of the buffer is not reached before reading the
tag and value.
- Verify that the entire TLV fits into the TLV chunk

Signed-off-by: Alexandre Gonzalo <alexandre.gonzalo@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: introduce CFG_RISCV_SBI_MPXY flag for MPXY SBI support

Add a new build-time configuration flag CFG_RISCV_SBI_MPXY to enable
compilation of MPXY SBI extension support in OP-TEE. When ena

core: riscv: introduce CFG_RISCV_SBI_MPXY flag for MPXY SBI support

Add a new build-time configuration flag CFG_RISCV_SBI_MPXY to enable
compilation of MPXY SBI extension support in OP-TEE. When enabled, this
automatically forces CFG_RISCV_SBI to ensure the SBI infrastructure is
included.

Also update the build system to conditionally compile sbi_mpxy.c based
on this flag.

Enable CFG_RISCV_SBI_MPXY by default for the virt platform.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: implement MPXY SBI extension

Introduce support for the MPXY SBI extension (EID #0x4D505859),
which enables supervisor software to exchange messages through
an abstract SBI interface dec

core: riscv: implement MPXY SBI extension

Introduce support for the MPXY SBI extension (EID #0x4D505859),
which enables supervisor software to exchange messages through
an abstract SBI interface decoupled from any specific protocol.

MPXY allows setting up per-hart shared memory for transferring
messages between the supervisor and an SBI implementation.
It serves as a generic backend to build messaging clients,
while being agnostic of message protocol semantics.

This step provides the foundation for future inter-domain
message exchange.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: riscv: include: misc_arch.h: include stdint.h for uint32_t type

Added <stdint.h> to ensure types like uint32_t are correctly defined,
resolving implicit type issues when including this header.

core: riscv: include: misc_arch.h: include stdint.h for uint32_t type

Added <stdint.h> to ensure types like uint32_t are correctly defined,
resolving implicit type issues when including this header.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: expose sbi_ecall helper in public header

Move `sbi_ecall()` and `struct sbiret` to sbi.h to allow reuse across
individual SBI extension implementations. This prepares for modular

core: riscv: sbi.h: expose sbi_ecall helper in public header

Move `sbi_ecall()` and `struct sbiret` to sbi.h to allow reuse across
individual SBI extension implementations. This prepares for modularizing
each SBI extension (e.g., HSM, MPXY) into its own file while
centralizing the ecall interface.

Removes the now-duplicated inline definition from sbi.c.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: add SBI_EXT_MPXY definition

Added `SBI_EXT_MPXY` (0x4D505859) as per latest RISC-V SBI extensions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvi

core: riscv: sbi.h: add SBI_EXT_MPXY definition

Added `SBI_EXT_MPXY` (0x4D505859) as per latest RISC-V SBI extensions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

core: riscv: sbi.h: extend SBI error codes

Add more SBI error codes to synchronize with SBI specification.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alv

core: riscv: sbi.h: extend SBI error codes

Add more SBI error codes to synchronize with SBI specification.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com>

show more ...

ci: add build for PLATFORM=vexpress-qemu_sbsa

Add a compile test for PLATFORM=vexpress-qemu_sbsa.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carri

ci: add build for PLATFORM=vexpress-qemu_sbsa

Add a compile test for PLATFORM=vexpress-qemu_sbsa.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: add QEMU sbsa-ref platform

Add support for the QEMU sbsa-ref platform. This platform is similar to
the QEMU virt platform, but with different memory configuration and
device addresses

plat-vexpress: add QEMU sbsa-ref platform

Add support for the QEMU sbsa-ref platform. This platform is similar to
the QEMU virt platform, but with different memory configuration and
device addresses.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: discover non-secure memory from manifest

If an FF-A manifest is available, try to discover non-secure memory from
the manifest.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: ffa: discover non-secure memory from manifest

If an FF-A manifest is available, try to discover non-secure memory from
the manifest.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: tpm: fix TPM log address parsing to use full 64-bit address

Remove ARM32-specific address parsing that only used the lower 32 bits
of the TPM event log address. ARM32 systems can have 64-bit p

core: tpm: fix TPM log address parsing to use full 64-bit address

Remove ARM32-specific address parsing that only used the lower 32 bits
of the TPM event log address. ARM32 systems can have 64-bit physical
addresses, so the full 64-bit address from the device tree property
should be parsed regardless of architecture.

The fix ensures both ARM32 and ARM64 architectures use the same
64-bit address construction: (property[0] << 32) | property[1],
preventing potential address truncation issues on ARM32 systems
with 64-bit physical address spaces.

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tpm: fix TPM log area zeroing condition to avoid manifest DT write fault

Change the condition for zeroing TPM event log address in device tree
from CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. When CFG

core: tpm: fix TPM log area zeroing condition to avoid manifest DT write fault

Change the condition for zeroing TPM event log address in device tree
from CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. When CFG_CORE_FFA is enabled,
the device tree comes from the manifest DT which is mapped as read-only,
not from the external device tree. Attempting to zero the
tpm_event_log_addr property in the manifest DT would cause a write
permission fault exception.

The fix prevents this fault by ensuring the zeroing operation only occurs
when using the external device tree (CFG_CORE_FFA=n), where write access
is permitted.

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct d

core: boot: fix TPM log area mapping to use correct device tree source

Change the conditional compilation for TPM log area mapping from
CFG_CORE_SEL1_SPMC to CFG_CORE_FFA. This ensures the correct device
tree source is used:

- When CFG_CORE_FFA is enabled: use manifest DT (get_manifest_dt())
- When CFG_CORE_FFA is disabled: use external DT (get_external_dt())

The fix aligns the device tree source selection with the broader FFA
configuration, ensuring TPM log area mapping works correctly across
all FFA-enabled platforms regardless of the specific SPMC variant
(S-EL1, S-EL2, or EL3).

Signed-off-by: Joseph Lo <josephl@nvidia.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: mx8mp_phyboard_pollux: reduce DDR_SIZE

Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Acked-by: Sahil Malho

core: imx: mx8mp_phyboard_pollux: reduce DDR_SIZE

Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Yannic Moog <y.moog@phytec.de>

show more ...

core: imx: add imx8mp-libra-fpsc

The Libra i.MX 8M Plus FPSC is a development board utilizing the FPSC
standard paired with the i.MX 8M Plus FPSC System-on-Module [1].
It shares RAM configuration wi

core: imx: add imx8mp-libra-fpsc

The Libra i.MX 8M Plus FPSC is a development board utilizing the FPSC
standard paired with the i.MX 8M Plus FPSC System-on-Module [1].
It shares RAM configuration with the phyBOARD-Pollux i.MX 8M Plus of
1-4GiB.
Set pollux CFG_DDR_SIZE to 1GiB to let the conf.mk automatically set the
TZDRAM_START (to a valid address for 1GiB variants).

Link: https://www.phytec.eu/en/produkte/system-on-modules/phycore-imx-8m-plus-fpsc/ [1]
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Benjamin Hahn <B.Hahn@phytec.de>
Signed-off-by: Yannic Moog <y.moog@phytec.de>

show more ...