ta: remoteproc: add remote processor Trusted Application

Add a generic TA for a remote processor firmware management.
This TA should be defined as early TA to allow remote processor
firmware managem

ta: remoteproc: add remote processor Trusted Application

Add a generic TA for a remote processor firmware management.
This TA should be defined as early TA to allow remote processor
firmware management in Linux kernel built-in driver and in boot stages.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ta: remoteproc: add firmware ELF parser

Add a ELF parser that will used by the remoteproc generic TA.
It is in charge of parsing the ELF files to extract segments
to load in the remote processor mem

ta: remoteproc: add firmware ELF parser

Add a ELF parser that will used by the remoteproc generic TA.
It is in charge of parsing the ELF files to extract segments
to load in the remote processor memories.
It also offers an API to retrieve the resource table in the
image. This optional table is defined in a specific section
".resource_table" and is used by the Linux remoteproc driver to
discover services exposed by the remote processor.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: add TEE_U*_FROM/TO_LITTLE_ENDIAN()

The 'TEE_U*_FROM/TO_LITTLE_ENDIAN()' functions perform conversions
between a variable stored in little-endian format and the CPU format.
Currently, OP-TEE

libutee: add TEE_U*_FROM/TO_LITTLE_ENDIAN()

The 'TEE_U*_FROM/TO_LITTLE_ENDIAN()' functions perform conversions
between a variable stored in little-endian format and the CPU format.
Currently, OP-TEE only supports little-endian platforms, so the macro
does not perform any swapping.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: clk_dt: include missing clk.h header file

clk resources are used in this file. Add missing include.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Foriss

drivers: clk_dt: include missing clk.h header file

clk resources are used in this file. Add missing include.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain

dts: stm32: update m4_rproc to support the remoteproc OP-TEE framework

Update device tree to support the load of the remoteproc firmware
by OP-TEE.
- declare m_ipc_shm memory region that can contain the remote processor
resource table and trace buffer,
- update reset to align declaration with the Linux devicetree

To enable the load of the coprocessor firmware by OP-TEE, user have
to update the m4_rproc node compatible property:
-"st,stm32mp1-m4": the load is managed by Linux or U-boot,
-"st,stm32mp1-m4-tee": the load is managed by OP-TEE.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-stm32mp1: Add the remoteproc TA in early TA list

On the stm32mp1 platform, it is possible to load firmware during the
bootloader stage, for instance, by U-boot. To enable this feature,
The remo

plat-stm32mp1: Add the remoteproc TA in early TA list

On the stm32mp1 platform, it is possible to load firmware during the
bootloader stage, for instance, by U-boot. To enable this feature,
The remoteproc TA should be added to the list of early-TAs.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: stm32mp: add new remoteproc PTA

Add remoteproc PTA for the stm32mp1 platform.
The PTA relies on the stm32_remoteproc driver for the remoteproc
management.
It is charge of providing interface fo

pta: stm32mp: add new remoteproc PTA

Add remoteproc PTA for the stm32mp1 platform.
The PTA relies on the stm32_remoteproc driver for the remoteproc
management.
It is charge of providing interface for authenticating firmware images
and managing the remote processor live cycle.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: Add stm32mp1 remoteproc driver

This driver is responsible for configuring the registers and memories of
the remote processor.
- It stores information about memories assigned to the remote p

drivers: Add stm32mp1 remoteproc driver

This driver is responsible for configuring the registers and memories of
the remote processor.
- It stores information about memories assigned to the remote processor
based on the device tree.
- It ensures consistency between the registered memory and the addresses
of the firmware segments to be loaded.
- Additionally, it is responsible for starting and stopping the remote
processor core.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: add new remoteproc PTA API

The remoteproc PTA is charge of providing interface to authenticate
firmware images and managing the remote processor live cycle.
The remoteproc PTA supports plat

libutee: add new remoteproc PTA API

The remoteproc PTA is charge of providing interface to authenticate
firmware images and managing the remote processor live cycle.
The remoteproc PTA supports platform specificity in the
management of a remote processor:
- firmware authentication based on a platform key,
- load of the segments in remote processor memories,
- start/stop of the remote processor,
- remote processor addresses conversion.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possi

drivers: caam: provide plat_rng_init if CFG_WITH_SOFTWARE_PRNG=y

With CFG_NXP_CAAM_RNG_DRV enabled, OP-TEE will use the CAAM
to generate random numbers. Normal world access to the RNG is still
possible as the CAAM is TrustZone aware and provides multiple separate
job rings.

For complete isolation, however, access to CAAM reset and clocks need to
be managed as well. This could be done in theory by restricting access
to the reset and clock controller peripherals to the secure world and
exporting limited access to some resources via SCMI. There is no such
support yet for the i.MX and thus some setups may prefer to avoid using
the CAAM in OP-TEE to stay safe from normal world inducing glitches.

These setups may still need random numbers in OP-TEE. Therefore, access
so have them
access the CAAM only once at startup to initialize OP-TEE's PRNG and
defer subsequent use of the CAAM to the normal world, whenever
CFG_WITH_SOFTWARE_PRNG=y.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resi

drivers: caam: rng: enable prediction resistance if possible

OP-TEE sets the PR bit on shared descriptors since commit 4ff2ce818e56
("drivers: caam: instantiate RNG state handle with prediction resistance"),
but did not make use of it for random number generation with the reason
explained inside the commit message:

Note: current patch does not deal with RNG state handles that have
already been initialized, but without PR support (this could happen if
U-boot would run before OP-TEE etc.). In this case, RNG state handle
would have to be deinstantiated first, and then reinstantiated with
PR support.

There is a simpler workaround than deinstantiation however: Check if the
state handles have been initialized with prediction resistance (whether
from OP-TEE or outside) and if they were, just set the prediction
resistance bit.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

drivers: caam: support querying whether prediction resistance was setup

CAAM shared descriptors initialization may happen inside OP-TEE or
beforehand, either in the bootloader or system controller.

drivers: caam: support querying whether prediction resistance was setup

CAAM shared descriptors initialization may happen inside OP-TEE or
beforehand, either in the bootloader or system controller.

As it's not known at compile-time whether the shared descriptors were
initialized with prediction resistance or not, OP-TEE use of the CAAM
for random number generation omitted requesting prediction resistance.

In preparation for changing that, provide a caam_hal_rng_pr_enabled()
function that queries the state of the PR bits in the shared descriptors.

Reviewed-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>

show more ...

core: fixup of transfer list header size

Add 4 reserved bytes at the tail of the transfer list header.
This fixes a non-8-bytes aligned header when "flags" was introduced
into the header.

Fixes: 50

core: fixup of transfer list header size

Add 4 reserved bytes at the tail of the transfer list header.
This fixes a non-8-bytes aligned header when "flags" was introduced
into the header.

Fixes: 508e2476b232 ("core: update transfer list header and signature")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: fix an issue of multiple tasks using the same qp

Flag in the qp structure is used to indicate whether
the qp is occupied.The new task can find an unused qp
and use it.

Fi

driver: crypto: hisilicon: fix an issue of multiple tasks using the same qp

Flag in the qp structure is used to indicate whether
the qp is occupied.The new task can find an unused qp
and use it.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
c

ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE

Add PKCS11_CKA_CHECK_VALUE as an optional attribute of symmetric
key and certificate objects . As per the PKCS#11 specification, key
check value attribute is optional therefore add pkcs11 TA configuration
switch CFG_PKCS11_TA_CHECK_VALUE_ATTRIBUTE to embed or not the support.

When supported, as per the spec, the attribute can be either the
legitimate value recomputed by the PKCS#11 token or a zero-sized value
called a no-value for when client does not want the attribute to set
in an object.

This change adds the support for the pcks11 TA commands related to
Cryptoki API functions C_GenerateKey(), C_CreateObject(), C_CopyObject(),
C_SetAttributeValue(), C_UnwrapKey() and C_DeriveKey(). TA command
related to C_FindOjects() support the attribute without any change.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: remove unused deprecated gic_cpu_init()

Remove the unused deprecated function gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.

core: remove unused deprecated gic_cpu_init()

Remove the unused deprecated function gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-zynq7k: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-ti: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Andrew Davis <afd@ti.com>

plat-sunxi: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-stm: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etien

plat-stm: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <

plat-stm32mp2: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <

plat-stm32mp1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rzn1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@li

plat-rzn1: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-rockchip: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-rcar: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <vol

plat-rcar: use gic_init_per_cpu()

Call gic_init_per_cpu() instead of the now deprecated gic_cpu_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...