drivers: stm32_i2c: apply pinctrl config at init

Add missing load of stm32_i2c pinctrl state at driver init.

Fixes: 73ba32eb0f6c ("drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL")
Reviewed-by: Gat

drivers: stm32_i2c: apply pinctrl config at init

Add missing load of stm32_i2c pinctrl state at driver init.

Fixes: 73ba32eb0f6c ("drivers: stm32_i2c: support CFG_DRIVERS_PINCTRL")
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_i2c: analog filter config cannot fail

Local function i2c_config_analog_filter() cannot failed. Remove
useless test on bus state and useless return value.

Reviewed-by: Gatien Chevalli

drivers: stm32_i2c: analog filter config cannot fail

Local function i2c_config_analog_filter() cannot failed. Remove
useless test on bus state and useless return value.

Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Update CHANGELOG for 4.1.0

Update CHANGELOG for 4.1.0 and collect Tested-by tags.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399) (Rockpi4B)
Tested-by: Jerome Forissier

Update CHANGELOG for 4.1.0

Update CHANGELOG for 4.1.0 and collect Tested-by tags.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399) (Rockpi4B)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi 3B v1.2)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey + GP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> (Poplar)
Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io> (versal)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (vexpress-qemu_armv8a) (Rust 64-bit TAs)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (vexpress-qemu_armv8a) (Rust 32-bit TAs)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (k3-am62x)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (k3-am64x)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (rcar-salvator_m3_2x4g / virt)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (rcar-salvator_m3_2x4g)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sxsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qxpmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx93evk)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-135F_DK)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: Rust updates

Now that [1] is merged, Rust tests are enabled by default for QEMUv8 and
there is no need for a separate Rust job in CI, so remove it. On the
other hand, a couple of fixes are neede

ci: Rust updates

Now that [1] is merged, Rust tests are enabled by default for QEMUv8 and
there is no need for a separate Rust job in CI, so remove it. On the
other hand, a couple of fixes are needed:

- Update PATH so that the cargo command (which is installed locally
during the build of the Rust SDK) can be found.

- Disable Rust in the BTI+MTE+PAC test because the Rust examples fail to
build with the supplied toolchain:

/usr/local/bin/../lib/gcc/aarch64-unknown-linux-uclibc/12.2.0/../../../../aarch64-unknown-linux-uclibc/bin/ld.bfd: /tmp/rustcmQty55/libcompiler_builtins-76fca0633b54e12b.rlib(45c91108d938afe8-cpu_model.o): in function `init_have_lse_atomics':
/cargo/registry/src/index.crates.io-6f17d22bba15001f/compiler_builtins-0.1.101/./lib/builtins/cpu_model.c:1075: undefined reference to `getauxval'
...

- Also disable Rust in the test that enables ftrace, because the
signature_verification-rs command just hangs in this configuration.

Link: https://github.com/OP-TEE/build/pull/717 [1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ldelf: aarch32: Accept ELFOSABI_ARM as OS ABI

Rust TAs built for no-std mode targeting 32-bit Arm architecture use
ELFOSABI_ARM as the OS ABI within ELF header. So allow ldelf to load
those Rust TAs

ldelf: aarch32: Accept ELFOSABI_ARM as OS ABI

Rust TAs built for no-std mode targeting 32-bit Arm architecture use
ELFOSABI_ARM as the OS ABI within ELF header. So allow ldelf to load
those Rust TAs built for 32-bit Arm.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: imx: disable ELE support on imx8ulp, imx93 by default

On imx8ulp and imx93, there is only one MU to communicate with
ELE, which cannot be dedicated on OP-TEE side all the time.
There may be EL

core: imx: disable ELE support on imx8ulp, imx93 by default

On imx8ulp and imx93, there is only one MU to communicate with
ELE, which cannot be dedicated on OP-TEE side all the time.
There may be ELE services running on Linux side, which can
cause conflict with OP-TEE.
So disablig ELE by default for now.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat: rcar-gen3: disable HWRNG by default

Sometimes ROM code fails to provide random numbers, which leads to
OP-TEE panic with "ROM_GetRndVector() returned error!" message.

So far this behavior was

plat: rcar-gen3: disable HWRNG by default

Sometimes ROM code fails to provide random numbers, which leads to
OP-TEE panic with "ROM_GetRndVector() returned error!" message.

So far this behavior was observed only on M3 Ver.3.0, but it is
unclear if other SoCs are affected. There is a workaround which
retries and operation and this workaround seems to work, but again, it
is unclear if this is the correct way to deal with the issue. So it is
better to disable use of HWRNG by default, until we get clarification
on those errors from Renesas.

This patch moves HWRNG code under CFG_RCAR_GEN3_HWRNG option, so
expert user still can try to use it.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rcar: romapi: retry call to ROM_GetRndVector

Sometimes ROM_GetRndVector() function returns an error, which causes
OP-TEE panic down the call path, as OP-TEE can't handle errors from
the hardwar

plat-rcar: romapi: retry call to ROM_GetRndVector

Sometimes ROM_GetRndVector() function returns an error, which causes
OP-TEE panic down the call path, as OP-TEE can't handle errors from
the hardware random number generator. As a workaround, we can try to
repeat call to the ROM_GetRndVector() because it succeeds on the next
try.

Anyways, this hardly can be considered as a normal behavior so it is
better to disable HW RNG by default, which will be done in a separate
patch.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: fix misnamed 157C_EV1_SCMI flavor

Correct platform flavor name 157C_EV1_SCMI, not 157F_EV1_SCMI.

Fixes: 36f1fd6d4930 ("dts: add stm32mp15*-scmi.dts files for when RCC is secure")
Ack

plat-stm32mp1: fix misnamed 157C_EV1_SCMI flavor

Correct platform flavor name 157C_EV1_SCMI, not 157F_EV1_SCMI.

Fixes: 36f1fd6d4930 ("dts: add stm32mp15*-scmi.dts files for when RCC is secure")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-k3: sa2ul_rng: Use mutex instead of spinlock for critical section

While spinlock are slightly more lightweight, they currently require that
interrupts are disabled during the critical section.

plat-k3: sa2ul_rng: Use mutex instead of spinlock for critical section

While spinlock are slightly more lightweight, they currently require that
interrupts are disabled during the critical section. If this section is
long enough it can have a negative affect on realtime sensitive tasks
that require deterministic preemption.

As our RNG gathering can loop while waiting for new random numbers to
become available we cannot know how long this section will take, so we
should use a mutex. Do that here.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Bryan Brattlof <bb@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: configure CFG_CORE_ASYNC_NOTIF_GIC_INTID

When compiled for SPMC at S-EL1 (CFG_CORE_SEL1_SPMC=y), configure
CFG_CORE_ASYNC_NOTIF_GIC_INTID to an unused secure SGI that can be
donated t

plat-vexpress: configure CFG_CORE_ASYNC_NOTIF_GIC_INTID

When compiled for SPMC at S-EL1 (CFG_CORE_SEL1_SPMC=y), configure
CFG_CORE_ASYNC_NOTIF_GIC_INTID to an unused secure SGI that can be
donated to the normal world.

In boot_primary_init_intc(), only donate the interrupt id if it's in the
predefined secure SGI range.

Fixes: 462028ede02d ("qemu_armv8a: add GIC v3 redistributor base address")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-vexpress: fvp: configure GIC redistributor base address

Configure GIC redistributor base address needed with GICv3.

Fixes: 462028ede02d ("qemu_armv8a: add GIC v3 redistributor base address")
S

plat-vexpress: fvp: configure GIC redistributor base address

Configure GIC redistributor base address needed with GICv3.

Fixes: 462028ede02d ("qemu_armv8a: add GIC v3 redistributor base address")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: ffa: optionally use CFG_CORE_ASYNC_NOTIF_GIC_INTID

Allow an FF-A configuration to optionally use
CFG_CORE_ASYNC_NOTIF_GIC_INTID to configure the interrupt used to notify
the normal world

core: arm: ffa: optionally use CFG_CORE_ASYNC_NOTIF_GIC_INTID

Allow an FF-A configuration to optionally use
CFG_CORE_ASYNC_NOTIF_GIC_INTID to configure the interrupt used to notify
the normal world that there are pending notifications. For FF-A
CFG_CORE_ASYNC_NOTIF_GIC_INTID is only dealt with in platform code so
relax the static assert about interrupt IDs in (the unused)
add_optee_dt_node().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-sam: enable nvmem support

Enable nvmem support to allow reading hardware unique key from the fuses.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thoma

plat-sam: enable nvmem support

Enable nvmem support to allow reading hardware unique key from the fuses.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: sama5d2: add sfc node for the secure fuse controller

Add the definition of the atmel_sfc controller in the sama5d2 device-tree.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-

dts: sama5d2: add sfc node for the secure fuse controller

Add the definition of the atmel_sfc controller in the sama5d2 device-tree.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: nvmem: add atmel_sfc driver

This driver handles the secure fuse controller that is present on the
sama5d2 series. It allows to read a 544 bits user defined area of fuses.
Content is exposed

drivers: nvmem: add atmel_sfc driver

This driver handles the secure fuse controller that is present on the
sama5d2 series. It allows to read a 544 bits user defined area of fuses.
Content is exposed through 17 32 bits registers. Rather than adding
complicated logic in atmel_sfc_read() for individual bytes, read all
the 16 registers at once (which are loaded at SoC startup from fuses)
and store them in an array convenient for copying from it to buffers.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: nvmem: add API for nvmem controllers

Add a nvmem API to access nvmem cells using device-tree description. This
API allows to register nvmeme provider and obtain nvmem cells for consumer.
Mu

drivers: nvmem: add API for nvmem controllers

Add a nvmem API to access nvmem cells using device-tree description. This
API allows to register nvmeme provider and obtain nvmem cells for consumer.
Much like other subsystem, this one relies on the generic dt_driver
mechanism.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: add DT_DRIVER_NVMEM support

Handle DT_DRIVER_NVMEM the same way that DT_DRIVER_PINCTRL is handled.
Indeed, it uses the same kind of DT references (phandle to a subnode of a
controll

core: dt_driver: add DT_DRIVER_NVMEM support

Handle DT_DRIVER_NVMEM the same way that DT_DRIVER_PINCTRL is handled.
Indeed, it uses the same kind of DT references (phandle to a subnode of a
controller) to get a nvmem cell.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.cheval

drivers: stm32_uart: fix incorrect USART_ISR_TXFE value

USART_ISR_TXFE indicates that the FIFO is empty. The register offset is
BIT(23), not BIT(27).

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: preserve object when set attribute fails

Preserve original object attributes when C_SetAttributeValue service
fails instead of possibly changing object attributes before the whole
new at

ta: pkcs11: preserve object when set attribute fails

Preserve original object attributes when C_SetAttributeValue service
fails instead of possibly changing object attributes before the whole
new attribute set is validated.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes:

ta: pkcs11: treat bad KCV size as a bad value case

Return PKCS11_CKR_ATTRIBUTE_VALUE_INVALID instead of a template
inconsistency when the key check value attribute is wrong due to its
size.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in

core: initialize buffer with calloc()

Allocate out_tmp buffer with calloc() instead of malloc()
This relates to a Coverity issue where out_tmp is reported to be
potentially used as uninitialized in memcpy().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int

core: fix unintended sign extension

Suspicious implicit sign extension: memtag_get_tag(kaddr) with type
uint8_t (8 bits, unsigned) is promoted in
memtag_get_tag(kaddr) << uref_tag_shift to type int (32 bits, signed),
then sign-extended to type unsigned long (64 bits, unsigned).

If memtag_get_tag(kaddr) << uref_tag_shift is greater than 0x7FFFFFFF,
the upper bits of the result will all be 1.

Cast memtag_get_tag(kaddr) to vaddr_t to avoid implicit sign extension.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined acc

core: crypto: sm3: fix undefined behavior on right shifting operation

In the expression ROTL(T[j], j), with j=0, we right shift by more than
31 bits (32 in this case). This behavior is undefined according to the
C99 standard:

6.5.7 Bitwise shift operators
The integer promotions are performed on each of the operands. The type
of the result is that of the promoted left operand. If the value of
the right operand is negative or is greater than or equal to the width
of the promoted left operand, the behavior is undefined.

Skip the shift operation if the shift value is 0.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@fo

core: drivers: gpio: check return values from snprintf()

Check return values from snprintf().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...