drivers: stm32_rng: add stm32mp25 support

Add stm32mp25 platform support in stm32_rng driver.
On this platform, a security clock is shared between some hardware
blocks. For the RNG, it is the RNG ke

drivers: stm32_rng: add stm32mp25 support

Add stm32mp25 platform support in stm32_rng driver.
On this platform, a security clock is shared between some hardware
blocks. For the RNG, it is the RNG kernel clock. Therefore, the
clock gate is no more shared between the RNG bus and kernel clocks as
on STM32MP1x platforms and the bus clock has to be managed on its own.

Define the number of clock in the compatible data.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: E

core: pta: drop benchmark

Drop Benchmark PTA as current implementation is non-function
and obsolete, and it's not supported anymore.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-T

arm: plat: rcar: gen4: adjust memory map

Adjust the OP-TEE memory map for Gen4/S4 SoC to reflect changes of IPL
layout made by Renesas. Now BL31 starts at 0x46400000, so we have less
memory for OP-TEE.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to

arm: virtualization: don't allow hypervisor to issue std calls

There is standing issue with having two versions of OP-TEE binary:
with virtualization enabled and without it. Correct variant needs to
be present on board before booting rest of the system.

If non-virtualized variant is present and user tries to boot a
hypervisor, hypervisor can (and should) detect that OP-TEE does not
provide OPTEE_SMC_SEC_CAP_VIRTUALIZATION capability and fail
gracefully.

On other hand, when virtualized variant of OP-TEE is booted, but user
then boots directly into Linux (or any other OS), OP-TEE crashes:

E/TC:0 0 0 Core data-abort at address 0xffffffffffffffa0 (translation fault)
E/TC:0 0 0 esr 0x96000044 ttbr0 0x4418d000 ttbr1 0x00000000 cidr 0x0
E/TC:0 0 0 cpu #0 cpsr 0x00000184
E/TC:0 0 0 x0 0000000032000004 x1 0000000000000004
E/TC:0 0 0 x2 000000008183c000 x3 0000000000000000
E/TC:0 0 0 x4 0000000000000000 x5 0000000000000000
E/TC:0 0 0 x6 0000000000000000 x7 0000000000000000
E/TC:0 0 0 x8 0000000000000000 x9 0000000000000000
E/TC:0 0 0 x10 0000000000000000 x11 0000000000000000
E/TC:0 0 0 x12 0000000000000000 x13 0000000000000000
E/TC:0 0 0 x14 0000000000000000 x15 0000000000000000
E/TC:0 0 0 x16 0000000000000000 x17 0000000000000000
E/TC:0 0 0 x18 0000000000000000 x19 0000000000000000
E/TC:0 0 0 x20 0000000000000000 x21 0000000000000000
E/TC:0 0 0 x22 0000000000000000 x23 0000000000000000
E/TC:0 0 0 x24 0000000000000000 x25 0000000000000000
E/TC:0 0 0 x26 0000000000000000 x27 0000000000000000
E/TC:0 0 0 x28 0000000000000000 x29 0000000000000000
E/TC:0 0 0 x30 0000000044103ce4 elr 0000000044106314
E/TC:0 0 0 sp_el0 0000000000000000
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44106314 thread_handle_std_smc at core/arch/arm/kernel/thread_optee_smc.c:62
E/TC:0 0 0 Panic 'unhandled pageable abort' at core/arch/arm/kernel/abort.c:584 <abort_handler>
E/TC:0 0 0 TEE load address @ 0x44100000
E/TC:0 0 0 Call stack:
E/TC:0 0 0 0x44107e14 print_kernel_stack at core/arch/arm/kernel/unwind_arm64.c:89
E/TC:0 0 0 0x44114ffc __do_panic at core/kernel/panic.c:73
E/TC:0 0 0 0x44107050 get_fault_type at core/arch/arm/kernel/abort.c:500

This crash happens because virtualization code has special case for
guest_id == HYP_CLNT_ID. This case is needed to allow hypervisor to
call fast SMCs, so it can check OP-TEE version, capabilities and ask
OP-TEE to create/destroy guest partitions. Problem is that
thread_handle_std_smc() assumes that virt_set_guest() really sets the
guest partition, which does not happen in this special case.

This patch removes this special case from virt_set_guest(). Instead
thread_handle_fast_smc() function checks for HYP_CLNT_ID explicitly.

If hypervisor really want to be able to issue STD calls, it should
create a partition for itself using OPTEE_SMC_VM_CREATED call.

With this patch applied, virtualized variant of OP-TEE does not crash
anymore when users tries to boot into a baremetal setup.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: sam: use header file "platform_config.h" instead of "sama5d2.h"

As "sama5d2.h" is included in "platform_config.h" it's better to use
"#include <platform_config.h>" for support more devices

drivers: sam: use header file "platform_config.h" instead of "sama5d2.h"

As "sama5d2.h" is included in "platform_config.h" it's better to use
"#include <platform_config.h>" for support more devices later.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: atmel_rtc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RTC is always secure for sama7g5 no need to configure
its security through matri

drivers: atmel_rtc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RTC is always secure for sama7g5 no need to configure
its security through matrix.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_rstc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RSTC is always secure for sama7g5 no need to configure
its security through mat

drivers: atmel_rstc: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.
As RSTC is always secure for sama7g5 no need to configure
its security through matrix.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_trng: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.w

drivers: atmel_trng: update to compatible with sama7g5

Add the compatible string to device match table for sama7g5.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

drivers: atmel_piobu: update compatible with sama7g5

The number of tamper pins and some offsets of the registers are different
for sama7g5 and sama5d2.

Signed-off-by: Tony Han <tony.han@microchip.c

drivers: atmel_piobu: update compatible with sama7g5

The number of tamper pins and some offsets of the registers are different
for sama7g5 and sama5d2.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Akshay Bhat <akshay.bhat@timesys.com>

show more ...

core: msg_param: remove recursion in included headers

kernel/msg_param.h includes itself.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.s

core: msg_param: remove recursion in included headers

kernel/msg_param.h includes itself.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ldelf: check val for NULL dereference

Check if val pointer is different from NULL before assigning value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.

ldelf: check val for NULL dereference

Check if val pointer is different from NULL before assigning value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to

core: tee: initialize dirfile|tadb_entry objects

Coverity reports many errors where dirfile_entry{} and tadb_entry{}
objects are used un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: check returned value of mbedtls_pk_rsa()

Check returned pointer of mbedtls_pk_rsa() as it can return NULL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Foris

ta: pkcs11: check returned value of mbedtls_pk_rsa()

Check returned pointer of mbedtls_pk_rsa() as it can return NULL.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: check if string to uuid conversion succeed

Check return value of tee_uuid_from_str().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@lina

core: check if string to uuid conversion succeed

Check return value of tee_uuid_from_str().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: check if binary to bignum conversion succeed

Check return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier

core: check if binary to bignum conversion succeed

Check return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mmu: assert pointer to manifest device tree

Assert pointer to manifest device tree before using it in
fdt_node_offset_by_compatible().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Rev

core: mmu: assert pointer to manifest device tree

Assert pointer to manifest device tree before using it in
fdt_node_offset_by_compatible().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: dt: check return values from snprintf()

Check return values from snprintf() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.foriss

core: kernel: dt: check return values from snprintf()

Check return values from snprintf() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: fix dead code when ARM32 is not defined

Remove dead code warning when ARM32=n.
When ARM32=n, ret is always equal to TEE_ERROR_NOT_SUPPORTED. It makes
the following if() else if () useless

core: arm: fix dead code when ARM32 is not defined

Remove dead code warning when ARM32=n.
When ARM32=n, ret is always equal to TEE_ERROR_NOT_SUPPORTED. It makes
the following if() else if () useless.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: check device tree property pointer

Assert `prop` pointer before using it in fdt32_to_cpu().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.

core: kernel: check device tree property pointer

Assert `prop` pointer before using it in fdt32_to_cpu().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ldelf: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklande

ldelf: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <

ta: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens

plat-vexpress: remove unnecessary includes

Remove unnecessary includes.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

riscv: mm: Set A/D bits of PTE(page table entry) by default

According to RISC-V privileged ISA manual:
Each leaf PTE contains an accessed (A) and dirty (D) bit. The A bit
indicates the virtual page

riscv: mm: Set A/D bits of PTE(page table entry) by default

According to RISC-V privileged ISA manual:
Each leaf PTE contains an accessed (A) and dirty (D) bit. The A bit
indicates the virtual page has been read, written, or fetched from since
the last time the A bit was cleared. The D bit indicates the virtual
page has been written since the last time the D bit was cleared.
When a virtual page is accessed and the A bit is clear, or is written
and the D bit is clear, a page-fault exception is raised.

And the manual also suggests:
If the supervisor software does not rely on accessed and/or dirty bits,
it should always set them to 1 in the PTE to improve performance.

Since OP-TEE does not rely on A/D bits, we by default set them to 1 to
avoid unnecessary page-fault exceptions when OP-TEE touches those pages.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Rename thread_return_to_ree() to thread_return_to_udomain()

The terminology "udomain", which means untrusted domain, is more precise
terminology for RISC-V architecture, where "domain"

core: riscv: Rename thread_return_to_ree() to thread_return_to_udomain()

The terminology "udomain", which means untrusted domain, is more precise
terminology for RISC-V architecture, where "domain" has already been
defined in RISC-V CoVE and Smmtt specifications.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...