drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.cheval

drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: preserve object when set attribute fails

Preserve original object attributes when C_SetAttributeValue service
fails instead of possibly changing object attributes before the whole
new at

ta: pkcs11: preserve object when set attribute fails

Preserve original object attributes when C_SetAttributeValue service
fails instead of possibly changing object attributes before the whole
new attribute set is validated.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes:

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in memcpy().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int (32 bits, signed),
then sign-extended to type unsigned long (64 bits, unsigned).

If memtag_get_tag(kaddr) << uref_tag_shift is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.

Cast memtag_get_tag(kaddr) to vaddr_t to avoid implicit sign extension.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined acc

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined according to the
C99 standard:

6.5.7 Bitwise shift operators
The integer promotions are performed on each of the operands. The type
of the result is that of the promoted left operand. If the value of
the right operand is negative or is greater than or equal to the width
of the promoted left operand, the behavior is undefined.

Skip the shift operation if the shift value is 0.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@fo

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Review

core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may con

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may continue to read and write
the free memory.
To solve the problem, we alloc buffer which has the same
lifecycle with qm.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the reserved
fields are zero as it is stated in the FF-A spec. With FF-A v1.1 the
memory transaction descriptor's 4 byte field at offset 24 has changed
from reserved (MBZ) to Endpoint memory access descriptor size
(non-zero). With the reserved field not cleared in the v1.0 descriptor,
the caller cannot verify if it got the right version of the memory
transaction descriptor.

This issue only affects the FFA_MEM_RETRIEVE_RESP call at the
S-EL1 <-> S-EL0 interface, in all other cases the descriptors are
cleared properly.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Registe

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Register, which is only 40 bytes long.
From there, it is copied into the PKHA.
If HASH is more than 40bytes, extra bytes become zero, which is not
proper message representative,so signatures generation/verification
go wrong.

This makes a limitation when the hash size is longer than 40 bytes
and the signature component/private key size is longer than 40 bytes
As a workaround when the input is marked as a message representative,
then a different path is taken to bring the value into CAAM,
and the value stays intact.

CFG_NXP_CAAM_C2_CTX_REG_WA config flag is added to enable/disable
this workaround.
Currently it is enabled by default for i.MX8M platforms.

Fixes: 4b383f736e9e ("drivers: caam: implement NXP CAAM Driver - DSA")
Fixes: 503b5c013761 ("drivers: caam: implement NXP CAAM Driver - ECC")
Link: https://github.com/OP-TEE/optee_os/issues/6492
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gat

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etie

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: p

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful st

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful status instead of bad argument error code when
there is no key check value attribute to compute.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
in

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
instead of in the heap since the block is quite small.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:
- Secure access: The data in the cache is only affected by the
the operation if it is secure.
- Non-secure access: The data in the cache is only affected by the
operation if it is non-secure.

Depending on the buffer location, use the secure or non-secure PL310
base address to do physical address based cache operation on the
buffer.

Link: https://developer.arm.com/documentation/ddi0246/a/programmer-s-model/register-descriptions/register-7--cache-maintenance-operations
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to ma

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to match the previous behavior where only the secure
base address was returned.

It is up to the platform to implement that function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in r

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in reset state, and it has to be
re-initialized if in reset state.

Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp:

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp: add new remoteproc PTA")
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...