ci: enable CFG_DRIVERS_CLK_PRINT_TREE for stm32mp1-135F_DK build

Enables CFG_DRIVERS_CLK_PRINT_TREE when building stm32mp1-135F_DK.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signe

ci: enable CFG_DRIVERS_CLK_PRINT_TREE for stm32mp1-135F_DK build

Enables CFG_DRIVERS_CLK_PRINT_TREE when building stm32mp1-135F_DK.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: print clock tree summary

Adds clk_print_summary() to print the clock tree current state on core
console using the info trace level. Clock framework spinlock is help
while clock tree is

drivers: clk: print clock tree summary

Adds clk_print_summary() to print the clock tree current state on core
console using the info trace level. Clock framework spinlock is help
while clock tree is printed.

The feature depends on CFG_DRIVERS_CLK_PRINT_TREE being enabled.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

tree-wide: remove useless newline character in *MSG() messages

The *MSG() macros take care of printing a newline. Adding a newline
character ('\n') is useless. Remove it.

Signed-off-by: Vincent Mai

tree-wide: remove useless newline character in *MSG() messages

The *MSG() macros take care of printing a newline. Adding a newline
character ('\n') is useless. Remove it.

Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc.c: allow to pass non-NULL memref of size 0

Allow TAs to pass non-NULL memref of size zero to other TAs by
changing the non-NULL pointer into a NULL one in such a case. GP TEE
Internal

core: tee_svc.c: allow to pass non-NULL memref of size 0

Allow TAs to pass non-NULL memref of size zero to other TAs by
changing the non-NULL pointer into a NULL one in such a case. GP TEE
Internal Core API does not forbid such memref parameter [1] whereas
the previous implementation generated a TEE_ERROR_BAD_PARAMETERS error
code when converting such memref buffer pointer into a physical memory
address.

This change is specifically needed to allow a TA to forward a REE
client memref for which GP TEE Client API explicitly allows such
non-NULL address zero sized memref [2]. It also makes the TA
implementation more flexible when dealing with its own memref.

[1] TEE Internal Core API Specification – Public Release v1.3.1,
§4.9.4 "Operation Parameters in the Internal Client API"
Table 4-15: "Interpretation of params[i] on Entry to Internal Client
API"

[2] TEE Client API Specification v1.0, §4.5.4 TEEC_RegisterSharedMemory,
paragraph "Implementers' Notes"

Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: fixup of transfer list entry overriding

Expand the data size of DTB transfer list entry to the max allocable
size to reserve sufficient space for new nodes.
This fixes a potential issue t

core: arm: fixup of transfer list entry overriding

Expand the data size of DTB transfer list entry to the max allocable
size to reserve sufficient space for new nodes.
This fixes a potential issue that the amended DTB transfer entry
overrides other entries followed by, when inserting new nodes.

When CFG_TRANSFER_LIST is enabled, instead of CFG_DTB_MAX_SIZE,
the DTB max size will be given by a calculation of the remaining space
in the transfer list mapped memory.

Fixes: 66763721fe35 ("core: add support for transfer list")
Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new argument to init_external_dt()

Add argument to function init_external_dt() to allow callers to specify
the maximum size of external DTB to be initialized.

Signed-off-by: Raymond Mao <

core: add new argument to init_external_dt()

Add argument to function init_external_dt() to allow callers to specify
the maximum size of external DTB to be initialized.

Signed-off-by: Raymond Mao <raymond.mao@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: relax CFG_ASAN_SHADOW_OFFSET configuration value

Fixes CFG_ASAN_SHADOW_OFFSET configuration value for vexpress
platform qemu* flavors. Before this change CFG_ASAN_SHADOW_OFFSET
variab

plat-vexpress: relax CFG_ASAN_SHADOW_OFFSET configuration value

Fixes CFG_ASAN_SHADOW_OFFSET configuration value for vexpress
platform qemu* flavors. Before this change CFG_ASAN_SHADOW_OFFSET
variable needed a specific scope to override the default value set
by platform conf.mk file.

Fixes: 24475b562b81 ("plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: relax CFG_TEE_CORE_NB_CORE configuration value

Fixes CFG_TEE_CORE_NB_CORE configuration value for all vexpress
platform flavors. Before this change CFG_TEE_CORE_NB_CORE variable
neede

plat-vexpress: relax CFG_TEE_CORE_NB_CORE configuration value

Fixes CFG_TEE_CORE_NB_CORE configuration value for all vexpress
platform flavors. Before this change CFG_TEE_CORE_NB_CORE variable
needed a specific scope to override the default value set by platform
conf.mk file.

Fixes: 24475b562b81 ("plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

mk: config: clarify CFG_VIRTUALIZATION is deprecated

Ensures that CFG_VIRTUALIZATION and CFG_NS_VIRTUALIZATION configuration
settings do not conflict. If both are set, they shall have the same
value

mk: config: clarify CFG_VIRTUALIZATION is deprecated

Ensures that CFG_VIRTUALIZATION and CFG_NS_VIRTUALIZATION configuration
settings do not conflict. If both are set, they shall have the same
value.

Clarifies CFG_VIRTUALIZATION is deprecated in mk/config.mk inline
comments.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

mk: config.mk: Explicitly warn about CFG_REE_FS_ALLOW_RESET

CFG_REE_FS_ALLOW_RESET weakens rollback protection of REE FS secure
storage and in turns breaks use-cases like rollback protection of TAs

mk: config.mk: Explicitly warn about CFG_REE_FS_ALLOW_RESET

CFG_REE_FS_ALLOW_RESET weakens rollback protection of REE FS secure
storage and in turns breaks use-cases like rollback protection of TAs
etc. So make it explicit that CFG_REE_FS_ALLOW_RESET is intended for
test purposes only. Also, warn user about the additional threat vectors
if this option is enabled for release build.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-stm32mp1: conf: fix order for CFG_REGULATOR_FIXED

Changes CFG_REGULATOR_FIXED config setting location to match alphabetical
order.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
S

plat-stm32mp1: conf: fix order for CFG_REGULATOR_FIXED

Changes CFG_REGULATOR_FIXED config setting location to match alphabetical
order.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: conf: enable support for GPIO regulators

Enables support for GPIO regulators on platform stm32mp1 when
CFG_STM32_GPIO is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.

plat-stm32mp1: conf: enable support for GPIO regulators

Enables support for GPIO regulators on platform stm32mp1 when
CFG_STM32_GPIO is enabled.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: GPIO controlled regulator

Implements a GPIO controlled regulators driver compliant with DT nodes
compatible with regulator-gpio. These regulators use GPIO pins to select
the volt

drivers: regulator: GPIO controlled regulator

Implements a GPIO controlled regulators driver compliant with DT nodes
compatible with regulator-gpio. These regulators use GPIO pins to select
the voltage level. The implementation supports only dual voltage level
selection using a single pin. The DT bindings allows more pins to
select between more voltages but no known platform currently requires
that so we preferred the simplified case.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

B

core: kernel: tee_ta_manager.c: add uuid in open session error trace

Adds the TA UUID in open session error trace to allow to identify
witch TA cause the issue when debug trace are not acitvated.

By the way, fix specifier for res argument that is a uint32_t.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: allow CFG_TZSRAM_START being defined when pager is disabled

Fixes case when a platform configuration defines CFG_TZSRAM_START but
does not use the pager. CFG_TZSRAM_START defines the base

core: arm: allow CFG_TZSRAM_START being defined when pager is disabled

Fixes case when a platform configuration defines CFG_TZSRAM_START but
does not use the pager. CFG_TZSRAM_START defines the based address
of the memory used for resident memory and page pool when CFG_WITH_PAGER
is enabled.

Since below mentioned commit, TZSRAM_BASE being defined makes core_mmu.c
to assume there are 2 secure memories for OP-TEE core internal use. This
change ensures that when CFG_WITH_PAGER is disabled, TZSRAM is not
defined even if the platform configuration sets CFG_TZSRAM_START.

An example of such issues is when testing an STM32MP15 variant of
platform stm32mp1 with pager being disabled. Before this change,
OP-TEE boot sequence fails with a error trace message like:
E/TC:0 0 Panic 'Unexpected TZC configuration on secure region' at core/arch/arm/plat-stm32mp1/plat_tzc400.c:102 <init_stm32mp1_tzc>

Indeed debug trace messages can show that an invalid physical memory
area has been registered by core as TEE_RAM_RO, as shown below. Note that
for that platform, internal secure SYSRAM range is [0x2ffc000 0x30000000]:
D/TC:0 add_phys_mem:667 ram_start type TEE_RAM_RO 0x2ffc0000 size 0xae040000

Fixes: e09739a8a6a1 ("core: core_mmu.c: use secure_only[] where possible")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: report invalid regulator state request

Changes the SCMI return code from SCMI_GENERIC_ERROR to
SCMI_INVALID_PARAMETERS when the requested state is not one of
the 2 suppor

plat-stm32mp1: scmi_server: report invalid regulator state request

Changes the SCMI return code from SCMI_GENERIC_ERROR to
SCMI_INVALID_PARAMETERS when the requested state is not one of
the 2 supported SCMI voltage domain states
(SCMI_VOLTAGE_DOMAIN_CONFIG_ARCH_ON or
SCMI_VOLTAGE_DOMAIN_CONFIG_ARCH_OFF).

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integr

dts: stm32mp15: USBPHY regulator is always-on on ST boards

Sets property regulator-always-on on USB-PHY regulator supply for
ST boards DK1/DK2/ED1/EV1.

This fixes an issue in the commit that integrated the regulator
framework in stm32mp1 scmi_server. On the mentioned boards, the
PWR USB3.3V regulator, exposed through SCMI to Linux/U-Boot, is
supplied by a PMIC regulator (named vdd_usb). The PMIC is connected
on an I2C bus currently assigned to non-secure world as used by mainline
Linux kernel and U-Boot for these boards. Therefore, OP-TEE can
access the PMIC at boot time to enable that PMIC regulator but not
at runtime as it could conflict with Linux kernel/U-Boot accesses on
that bus. Setting that PMIC regulator always-on on OP-TEE side
prevents OP-TEE from accessing the I2C bus to disable PMIC vdd_usb
regulator at runtime when Linux or U-Boot disable the PWR USB-3.3V
regulator using PWR regulator service exposed through SMCI.

On these boards, Linux and U-Boot are not expected to disable this
PMIC regulator. If so, the effect would be that SCMI requests to
enable to enable PWR USB-3.3V would simply return a failure code
and Linux/U-Boot USB stack to not be functional. OP-TEE core itself
does not use any USB resources on these platforms.

A ideal solution would be to assign that I2C bus to OP-TEE
(harden its secure configuration) but mainline Linux and U-Boot
packages are not yet ready for this due to legacy configuration
of these components for the devices connected on these boards. This
will come once mainline Linux kernel and U-Boot are ready.

Fixes: 23e200628dad ("plat-stm32mp1: scmi_server: use registered regulators")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: fix regulator framework integration

Fixes the return value when an SCMI regulator is already in
the expected state. Prior this change the implementation returned
SCMI_GEN

plat-stm32mp1: scmi_server: fix regulator framework integration

Fixes the return value when an SCMI regulator is already in
the expected state. Prior this change the implementation returned
SCMI_GENERIC_ERROR instead of SCMI_SUCCESS.

Fixes: 23e200628dad ("plat-stm32mp1: scmi_server: use registered regulators")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: fix inline comment on async notif interrupt

Fixes the inline comment that describes allowed values for
CFG_CORE_ASYNC_NOTIF_GIC_INTID that can be a SPI or a secure PPI.

Fixes: 9439728550

core: arm: fix inline comment on async notif interrupt

Fixes the inline comment that describes allowed values for
CFG_CORE_ASYNC_NOTIF_GIC_INTID that can be a SPI or a secure PPI.

Fixes: 943972855082 ("core: notif: allow GIC_PPI usage for async notif")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: CFG_INSECURE=y allows insecure RCC configuration

Changes STM32MP1 shared resources to allow insecure RCC protection
with peripherals assigned to secure world when CFG_INSECURE is
enab

plat-stm32mp1: CFG_INSECURE=y allows insecure RCC configuration

Changes STM32MP1 shared resources to allow insecure RCC protection
with peripherals assigned to secure world when CFG_INSECURE is
enabled. This means for example that some SoC resources can be assigned
to OP-TEE without their clock and reset controllers being effectively
protected from non-secure accesses. Such configuration can be useful
for development and test purposes.

This change does not affect devices provisioned with secret that are
in so-called SEC_CLOSED state (BSEC fuses). Indeed this device state
currently requires RCC protection to be enabled as already implemented
in function check_rcc_secure_configuration().

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

tree wide: CFG_INSECURE deprecates CFG_WARN_INSECURE

Replaces configuration switch CFG_WARN_INSECURE with CFG_INSECURE
The new name is better because the switch not only warns but also
change the OP

tree wide: CFG_INSECURE deprecates CFG_WARN_INSECURE

Replaces configuration switch CFG_WARN_INSECURE with CFG_INSECURE
The new name is better because the switch not only warns but also
change the OP-TEE core behavior as, for example, allowing absence
of secure storage rollback protection.

Suggested-by: Jérôme Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: fix mem reclaim error reporting

Until now handle_mem_reclaim() was incorrectly returning the error value
in a1 instead of a2 as mandated by the specification. Successful returns
are not a

core: ffa: fix mem reclaim error reporting

Until now handle_mem_reclaim() was incorrectly returning the error value
in a1 instead of a2 as mandated by the specification. Successful returns
are not affected by this since they use the FFA_SUCCESS_32 FID. So fix this
by supplying the error value in the right register.

Fixes: 1b302ac09816 ("core: enable FF-A with SPM Core at S-EL1")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: check for NULL mobj before thread_rpc_free()

In the SMC and FF-A ABIs check that a mobj representing a shared memory
object isn't NULL before doing an RPC to free it in the normal world
t

core: arm: check for NULL mobj before thread_rpc_free()

In the SMC and FF-A ABIs check that a mobj representing a shared memory
object isn't NULL before doing an RPC to free it in the normal world
too. For the FF-A ABI it's harmless without this check, but the SMC ABI
may cause an NULL pointer dereference in the OP-TEE kernel driver.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other cores when panicking on fvp, juno, qemu_virt and
qemu_armv8a platforms.

Signed-off-by: Gatien Chevallier <gatien.chevalli

plat-vexpress: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt the other cores when panicking on fvp, juno, qemu_virt and
qemu_armv8a platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (vexpress-qemu_armv8a)
Tested-by: Gatien Chevallier <gatien.chevallier@foss.st.com> (vexpress-qemu_virt)

show more ...

plat-stm32mp2: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt other cores when panicking on STM32MP25x platforms. SGI15
is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.cheval

plat-stm32mp2: activate CFG_CORE_HALT_CORES_ON_PANIC

Default halt other cores when panicking on STM32MP25x platforms. SGI15
is used for this purpose.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...