core: riscv: Fix PTE creation when freeing PTE

The core_mmu_pte_create() is also called when MM core frees the pages,
which means the PTE should be zero. Current implementation always sets
valid bit

core: riscv: Fix PTE creation when freeing PTE

The core_mmu_pte_create() is also called when MM core frees the pages,
which means the PTE should be zero. Current implementation always sets
valid bit (V), which is not proper way when clearing PTE. Fix it by only
honoring pte_bits parameter, which may be constructed in
mattr_to_pte_bits().

The core_mmu_ptp_create() is used to create non-leaf PTE, which points
to the next level of the page table. According to RISC-V privilege Spec,
non-leaf PTE only needs V bit. Therefore, we just give the V bit to
core_mmu_pte_create() when we want to create non-leaf PTE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

core: riscv: Rename mattr_to_perms() to mattr_to_pte_bits()

This function not only constructs permission bits (R, W, X) of PTE, but
also other bits such as valid bit (V), user bit (U), global bit (G

core: riscv: Rename mattr_to_perms() to mattr_to_pte_bits()

This function not only constructs permission bits (R, W, X) of PTE, but
also other bits such as valid bit (V), user bit (U), global bit (G),
accessed bit (A), and dirty bit (D). Rename it to mattr_to_pte_bits()
for greater readability.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

drivers: clk: clk-stm32mp13: round up VCO to the nearest frequency

Round up the vco clock to avoid unexpected clock rate:
- 999,999,023 Hz instead 1,000,000,000 Hz
- 417,755,859 Hz instead 417,800,0

drivers: clk: clk-stm32mp13: round up VCO to the nearest frequency

Round up the vco clock to avoid unexpected clock rate:
- 999,999,023 Hz instead 1,000,000,000 Hz
- 417,755,859 Hz instead 417,800,000 Hz

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: clk-stm32mp13: don't gate/ungate oscillators not wired

If an oscillator is not wired we shouldn't gate it to avoid a panic.
For example the external LSE oscillator may not be supported

drivers: clk: clk-stm32mp13: don't gate/ungate oscillators not wired

If an oscillator is not wired we shouldn't gate it to avoid a panic.
For example the external LSE oscillator may not be supported on a board
in which case node named clk-lse is disabled in the board DTS file.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: clk-stm32mp13: add ADC and SPI clocks

Add definition of ADCs and SPI buses clocks for platform variant
STM32MP13.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed

drivers: clk: clk-stm32mp13: add ADC and SPI clocks

Add definition of ADCs and SPI buses clocks for platform variant
STM32MP13.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: factorize second operation handle

Factorize fields tee_hash_op_handle and tee_op_handle2 of
struct active_processing that both are used as second operation
handle for specific algorithm.

ta: pkcs11: factorize second operation handle

Factorize fields tee_hash_op_handle and tee_op_handle2 of
struct active_processing that both are used as second operation
handle for specific algorithm.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: implement AES GCM operations

Implement AES GCM authenticated encryption and decryption.

AES GCM decryption requires that the output data is revealed only once
decryption is finalized an

ta: pkcs11: implement AES GCM operations

Implement AES GCM authenticated encryption and decryption.

AES GCM decryption requires that the output data is revealed only once
decryption is finalized and the MAC signature successfully verified.
For this operation, the AES GCM context references a dynamically
allocated data buffer to store output data as they are generated by
each call to TEE_AEUpdate().

AES GCM one-shot operation in the pkc11 TA is a bit specific in that
it requires an extra TEE operation handle to save the initialized
operation state in case of one shot processing request (C_Encrypt()
or C_Decrypt() cryptoki API functions) that queries the output buffer
size. GP TEE Internal Core API does not define a single API function
for such one shot operation that could be called to query the output
buffer size. We must first fully process the input data (TEE_AEUpdate())
before we can query the output buffer size with TEE_AEEncryptFinal() or
TEE_AEDecryptFinal(). Consequently we will need to process again the
input data when client provides a well sized output buffer as we are not
sure that input data will be the same. Therefore the implementation
allocates a 2nd operation handle, copy the operation state into after
it is initialized and use this context to restore this initial state in
case the one shot AE operation is returning PKCS11_CKR_BUFFER_TOO_SMALL.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Co-developed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: pkcs11_ta.h: define PKCS11_CKM_AES_GCM

Define PKCS11_CKM_AES_GCM setting its value to 0x01087 according
to libckteec/include/pkcs11_ta.h from OP-TEE Client API.

Reviewed-by: Jerome Fori

ta: pkcs11: pkcs11_ta.h: define PKCS11_CKM_AES_GCM

Define PKCS11_CKM_AES_GCM setting its value to 0x01087 according
to libckteec/include/pkcs11_ta.h from OP-TEE Client API.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mmu: add MEM_AREA_ROM_SEC in check_mem_map()

Handle MEM_AREA_ROM_SEC in check_mem_map() switch case to prevent OP-TEE
core from panicking when such area is mapped.

Fixes: fc7e0cc38b99 ("core:

core: mmu: add MEM_AREA_ROM_SEC in check_mem_map()

Handle MEM_AREA_ROM_SEC in check_mem_map() switch case to prevent OP-TEE
core from panicking when such area is mapped.

Fixes: fc7e0cc38b99 ("core: MEM_AREA_ROM_SEC maps secure read only cached memory")
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

MAINTAINERS: update NXP i.MX platforms and Crypto Driver Interface

Add myself as maintainer for NXP i.MX Platforms and Crypto Driver
Interface.
Remove Clement Faure as maintainer.

Signed-off-by: Sa

MAINTAINERS: update NXP i.MX platforms and Crypto Driver Interface

Add myself as maintainer for NXP i.MX Platforms and Crypto Driver
Interface.
Remove Clement Faure as maintainer.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

drivers: caam: add CAAM key support for DH

Add CAAM key support for DH.
Add DH black key support for shared secret generation.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sa

drivers: caam: add CAAM key support for DH

Add CAAM key support for DH.
Add DH black key support for shared secret generation.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM key support for ECC

Add CAAM key support for ECC.
Add RSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@n

drivers: caam: add CAAM key support for ECC

Add CAAM key support for ECC.
Add RSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM key support for DSA

Add CAAM key support for DSA.
Add DSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@n

drivers: caam: add CAAM key support for DSA

Add CAAM key support for DSA.
Add DSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM key support for RSA

Add CAAM key support for RSA.
Add RSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@n

drivers: caam: add CAAM key support for RSA

Add CAAM key support for RSA.
Add RSA black key support for key pair generation and sign/decrypt
functions.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM key driver

Add CAAM key driver and CAAM key object.
Add key blob encapsulation methods.
Add key serialize and deserialize functions for bignum encapsulation.

Signed-off-by:

drivers: caam: add CAAM key driver

Add CAAM key driver and CAAM key object.
Add key blob encapsulation methods.
Add key serialize and deserialize functions for bignum encapsulation.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix DSA_DUMPDESC macro

Fix typo in DSA_DUMPDESC and replace MP_TRACE with DSA_TRACE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier

drivers: caam: fix DSA_DUMPDESC macro

Fix typo in DSA_DUMPDESC and replace MP_TRACE with DSA_TRACE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: add missing header

Add missing caam_status.h include.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

drivers: caam: add class field to FIFO_ST macro

Add class field to FIFO_ST macro and update existing
usage of FIFO_ST with required CLASS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Sig

drivers: caam: add class field to FIFO_ST macro

Add class field to FIFO_ST macro and update existing
usage of FIFO_ST with required CLASS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: move CFG_CORE_BIGNUM_MAX_BITS default definition

Move CFG_CORE_BIGNUM_MAX_BITS definition to mk/crypto.mk to allow crypto
drivers to override the default value.

Signed-off-by: Clement Faure <

core: move CFG_CORE_BIGNUM_MAX_BITS default definition

Move CFG_CORE_BIGNUM_MAX_BITS definition to mk/crypto.mk to allow crypto
drivers to override the default value.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: add RIFSC compatible to RIFSC node in stm32mp251.dtsi

Add the compatible to allow a match between the driver and the node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.co

dts: stm32: add RIFSC compatible to RIFSC node in stm32mp251.dtsi

Add the compatible to allow a match between the driver and the node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: Add RIFSC configuration support for stm32mp257f-ev1

Defines RIFSC configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by:

dts: stm32: Add RIFSC configuration support for stm32mp257f-ev1

Defines RIFSC configuration for stm32mp257f-ev1 board.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: enable RIFSC driver

Enable the RIFSC driver for STM32MP2x platforms

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carr

plat-stm32mp2: conf: enable RIFSC driver

Enable the RIFSC driver for STM32MP2x platforms

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add RIFSC to default bindings config for STM32MP25

The RIFSC header is now part of default bindings header file for
STM32MP25.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.

dt-bindings: add RIFSC to default bindings config for STM32MP25

The RIFSC header is now part of default bindings header file for
STM32MP25.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add RIFSC bindings

Add bindings for the RIFSC configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.co

dt-bindings: add RIFSC bindings

Add bindings for the RIFSC configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: add stm32 RIFSC support

Add the RIFSC new driver support.

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed

drivers: add stm32 RIFSC support

Add the RIFSC new driver support.

RIFSC (RIF Security Controller) is responsible for the isolation
of hardware resources like memory or peripherals. It is composed of:

-RISC registers(slave peripherals) with RISUP(Resource Isolation
Slave Unit for Peripherals) OR RISAL(Resource Isolation Slave Unit
for Address space - Lite) logics.
-RIMC registers(Non RIF-Aware masters counterpart) with RIMU
(Resource Isolation Master Unit) logic. It is possible for a master to
inherit from its slave port(RISUP) configuration.

This driver parses the RIFSC device tree configuration and applies
it to put the firewall in place. Therefore, the device tree is
mandatory.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...