core: notif_register_driver() assert ndrv is nexus memory

Notification drivers defined by struct notif_driver are processed from
the nexus when non-secure virtualization is enabled. Add an assert in

core: notif_register_driver() assert ndrv is nexus memory

Notification drivers defined by struct notif_driver are processed from
the nexus when non-secure virtualization is enabled. Add an assert in
notif_register_driver() to check that the passed driver struct is
located in nexus memory.

Move all notif global state variables into nexus memory. The mutex used
for yielding notifications is the exception since notif_deliver_event()
is called from a partition outside of the nexus.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move _time_source into __nex_bss

To make tee_time_get_sys_time() work reliably with
CFG_NS_VIRTUALIZATION=y move _time_source into nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@

core: move _time_source into __nex_bss

To make tee_time_get_sys_time() work reliably with
CFG_NS_VIRTUALIZATION=y move _time_source into nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add nex_*init-calls

Add nex_*init-calls for drivers and services that resides in the nexus
in case of virtualization. In case of virtualization the init-calls are
based on final calls, while o

core: add nex_*init-calls

Add nex_*init-calls for drivers and services that resides in the nexus
in case of virtualization. In case of virtualization the init-calls are
based on final calls, while otherwise are the same as the non-nex
counterpart.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move multi_core_panic_handler into __nex_data

Multi core panic interrupts are delivered on all cores on panic. For
this to work reliably with CFG_NS_VIRTUALIZATION=y make sure that
multi_core_

core: move multi_core_panic_handler into __nex_data

Multi core panic interrupts are delivered on all cores on panic. For
this to work reliably with CFG_NS_VIRTUALIZATION=y make sure that
multi_core_panic_handler is located in nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add is_nexus() and refactor is_unpaged()

Add the function is_nexus() to tell if an address is an address
available to the nexus when non-secure virtualization is enabled
(CFG_NS_VIRTUALIZATION

core: add is_nexus() and refactor is_unpaged()

Add the function is_nexus() to tell if an address is an address
available to the nexus when non-secure virtualization is enabled
(CFG_NS_VIRTUALIZATION=y). The function is stubbed to return true for
non-null arguments if non-secure virtualization isn't enabled, else
false.

Make the argument for is_unpaged() const void * for consistency with the
is_nexus() function. The stubbed version of is_unpaged() when paging
isn't enabled is updated to perform a NULL check on the argument.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ta: pkcs11: fix build warning on unused arguments

Add missing __maybe_unused attribute for function arguments not
used when the pkcs11 TA is built with NDEBUG directive, as shown
by the following bu

ta: pkcs11: fix build warning on unused arguments

Add missing __maybe_unused attribute for function arguments not
used when the pkcs11 TA is built with NDEBUG directive, as shown
by the following build trace message:

ta/pkcs11/src/pkcs11_attributes.c: In function ‘get_default_value’:
ta/pkcs11/src/pkcs11_attributes.c:261:61: warning: unused parameter ‘id’ [-Wunused-parameter]
261 | static enum pkcs11_rc get_default_value(enum pkcs11_attr_id id, void **value,
| ~~~~~~~~~~~~~~~~~~~~^~
ta/pkcs11/src/pkcs11_attributes.c: In function ‘check_created_attrs_against_processing’:
ta/pkcs11/src/pkcs11_attributes.c:1647:73: warning: unused parameter ‘head’ [-Wunused-parameter]
1647 | struct obj_attrs *head)
| ~~~~~~~~~~~~~~~~~~^~~~

Fixes: 63f89caa9022 ("ta: pkcs11: attribute helper functions")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: se050: fix default configuration for the SE applet

Invalid character was merged in the fixed commit.

Fixes: fb559031c25f ("drivers: se050: allow configuring the Secure Element applet")
Sig

drivers: se050: fix default configuration for the SE applet

Invalid character was merged in the fixed commit.

Fixes: fb559031c25f ("drivers: se050: allow configuring the Secure Element applet")
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
S

core: kernel: fix typo in huk_subkey.h inline comment

Fix a typo in `huk_subkey.h` inline comment where TEE_SUCCES should be
TEE_SUCCESS.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Niklas Kirschall <niki.nice1203@gmail.com>

show more ...

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookie

core: arm: fix lock in virt_add_cookie_to_current_guest()

Prior to this patch was virt_add_cookie_to_current_guest() only masking
interrupts while adding a shared memory cookie to the list of cookies.
Proper locking is needed to serialize access to the cookie list, replace
the interrupt masking with a cpu_spin_lock_xsave().

Fixes: a65dd3a6b64d ("core: spmc: support virtualization with SPMC at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
fun

core: crypto: fix crypto_asym_get_ecc_keypair_ops() stub

Correct definition of crypto_asym_get_ecc_keypair_ops() stub inline
function when CFG_CRYPTO_ECC is disabled. The definition used a wrong
function label.

Fixes: 5516c6cd78da ("core: ecc: support the crypto driver")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: qemuv8: preventively avoid "no space left on device" errors

During my testing of build.git PR 731 ("optee_rust_examples_ext: Fix Rust
toolchain conflicts"), I noticed that the "no space left on

ci: qemuv8: preventively avoid "no space left on device" errors

During my testing of build.git PR 731 ("optee_rust_examples_ext: Fix Rust
toolchain conflicts"), I noticed that the "no space left on device"
error was triggered yet again (obviously due to more size being taken on
the disk by the Rust toolchain and the OP-TEE Rust examples).

Therefore, preventively apply the same fix as for other jobs. This way
the CI should pass when 731 is merged.

Link: https://github.com/OP-TEE/build
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: pta: widevine: Add the init implementation

On the new ChromeOS mediatek platform, we will use the device tree to
pass hardware unique key and the parameters for widevine TAs.

Signed-off-by: Y

core: pta: widevine: Add the init implementation

On the new ChromeOS mediatek platform, we will use the device tree to
pass hardware unique key and the parameters for widevine TAs.

Signed-off-by: Yi Chou <yich@google.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: dts: lx2160a: add memory region

With patch 8a6ca14 (core: arm: get DDR range from embedded DTB)
now DDR ranges are taken from Embedded DTB if enabled and will
ignore DDR ranges defined by regi

core: dts: lx2160a: add memory region

With patch 8a6ca14 (core: arm: get DDR range from embedded DTB)
now DDR ranges are taken from Embedded DTB if enabled and will
ignore DDR ranges defined by register_ddr().
Since Dynamic shared memory and Embedded DTB config is enabled
on LX2160A platforms, need to add the DDR ranges to the DTS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: fix integer overflow in generic_timer_{handler,start}()

In generic_timer_handler() and generic_timer_start(), read_cntfrq() can
return a pretty large 32-bit number, multiplying that with

core: arm: fix integer overflow in generic_timer_{handler,start}()

In generic_timer_handler() and generic_timer_start(), read_cntfrq() can
return a pretty large 32-bit number, multiplying that with a delay of
1000 ms can overflow. Fix that by casting the result from read_cntfrq()
to a uint64_t to avoid overflow during the calculation.

Fixes: ba6b29591828 ("core: arm64: Add Secure EL1 physical timer framework")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: update actions/checkout@v3 to v4

Updatate the "checkout" action to fix the following warning:

Node.js 16 actions are deprecated. Please update the following
actions to use Node.js 20: actions

ci: update actions/checkout@v3 to v4

Updatate the "checkout" action to fix the following warning:

Node.js 16 actions are deprecated. Please update the following
actions to use Node.js 20: actions/checkout@v3. [...]

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: fix SAES key selection

Correction selection of key in STM32 SAES driver that missed a
left bit shift operation. The bug was not experienced before as
current platform tests i

drivers: crypto: stm32: fix SAES key selection

Correction selection of key in STM32 SAES driver that missed a
left bit shift operation. The bug was not experienced before as
current platform tests involve only the software key selection
(_SAES_CR_KEYSEL_SOFT) which value is 0 and matches the SoC default
key selection register value.

Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: xen: fix "no space left in device" error"

We recently hit a "No space left on device" error with the
QEMUv8_Xen_check job. Apply the same workaround than in commit
a03aafed30c2 ("ci: hafnium: fi

ci: xen: fix "no space left in device" error"

We recently hit a "No space left on device" error with the
QEMUv8_Xen_check job. Apply the same workaround than in commit
a03aafed30c2 ("ci: hafnium: fix "no space left on device" error") and
commit 788069fa88ed ("ci: rust: fix "no space left in device" error").

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: use serial callbacks rx_intr_{en,dis}able()

Use the serial callbacks rx_intr_enable() and rx_intr_disable() to
enable and disable interrupts from the console.

Signed-off-by: Jens Wik

plat-vexpress: use serial callbacks rx_intr_{en,dis}able()

Use the serial callbacks rx_intr_enable() and rx_intr_disable() to
enable and disable interrupts from the console.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pl011: implement rx_intr_{enable,disable}() callbacks

Implement the optional callbacks to enable and disable receive
interrupts from the PL011 UART. The receive timeout interrupt for the
UART

core: pl011: implement rx_intr_{enable,disable}() callbacks

Implement the optional callbacks to enable and disable receive
interrupts from the PL011 UART. The receive timeout interrupt for the
UART isn't used so don't enable it when initializing the UART.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: serial: add rx_intr_{enable,disable}() callbacks

Add optional callbacks to enable and disable receive interrupts from a
serial device.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: serial: add rx_intr_{enable,disable}() callbacks

Add optional callbacks to enable and disable receive interrupts from a
serial device.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: fix internal AES-GCM counter implementation

We have several AES-GCM implementations in crypto libraries and
internal. The internal implementation comes in two flavours, with Arm
crypto

core: crypto: fix internal AES-GCM counter implementation

We have several AES-GCM implementations in crypto libraries and
internal. The internal implementation comes in two flavours, with Arm
crypto extensions (CFG_CRYPTO_WITH_CE=y) and a pure software
implementation.

Each block to be encrypted is xored with an encrypted counter block of
equal size (16 bytes). For each block the counter is increased.

Prior to this patch the entire counter block was increased as a 128-bit
integer, but that's not how AES-GCM is defined. In AES-GCM only the
least significant 32 bits of the counter block are increased, leaving
the rest untouched. The difference is only noticeable when the 32 bits
has reached 0xffffffff and wraps to 0x00000000 on next increment. With a
128-bit integer this would propagate into other parts of the block.

Fix this by only incrementing the last 32-bit word in the counter block,
both in the pure software implementation and when using Arm crypto
extensions.

Link: https://github.com/OP-TEE/optee_os/issues/6659
Fixes: 1fca7e269b13 ("core: crypto: add new AES-GCM implementation")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ltc: add missing string_ext.h include

Add a missing include <string_ext.h> needed to fix:
core/lib/libtomcrypt/gcm.c: In function ‘crypto_aes_gcm_dec_final’:
core/lib/libtomcrypt/gcm.c:198:13:

core: ltc: add missing string_ext.h include

Add a missing include <string_ext.h> needed to fix:
core/lib/libtomcrypt/gcm.c: In function ‘crypto_aes_gcm_dec_final’:
core/lib/libtomcrypt/gcm.c:198:13: error: implicit declaration of function ‘consttime_memcmp’ [-Werror=implicit-function-declaration]
198 | if (consttime_memcmp(dst_tag, tag, tag_len) != 0)

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: fix indentation in stm32mp13 clock driver

Fix indentation issues in STM32MP13 clock driver.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clocks for STM32MP13")
Reviewed-by: Gatien Ch

drivers: clk: fix indentation in stm32mp13 clock driver

Fix indentation issues in STM32MP13 clock driver.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clocks for STM32MP13")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: fix some stm32mp13 clock controls

Correct control field definitions for some STM32MP13 clock.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clocks for STM32MP13")
Reviewed-by: Gatien

drivers: clk: fix some stm32mp13 clock controls

Correct control field definitions for some STM32MP13 clock.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clocks for STM32MP13")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: fix stm32mp13 RNG1 parent clock

Correct RNG1 clock parent list as LSE is not part of according to the
STM32MP13xx reference manual.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clock

drivers: clk: fix stm32mp13 RNG1 parent clock

Correct RNG1 clock parent list as LSE is not part of according to the
STM32MP13xx reference manual.

Fixes: 5436921f6866 ("clk: stm32mp13: add all clocks for STM32MP13")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...