core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Review

core: pta: check return value of tee_time_get_(sys|ree)_time()

Check return value of tee_time_get_sys_time() and
tee_time_get_ree_time().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may con

driver: crypto: hisilicon: Fix temporary memory risk

When the mailbox operation times out, the software will
free the temporary memory. The hardware does not cancel
the mailbox operation and may continue to read and write
the free memory.
To solve the problem, we alloc buffer which has the same
lifecycle with qm.

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the

core: ffa: Clear FFA_MEM_RETRIEVE_RESP memory descriptor fields

Clear the memory descriptors in FFA_MEM_RETRIEVE_RESP calls in order to
set the reserved fields to zero. The caller might check if the reserved
fields are zero as it is stated in the FF-A spec. With FF-A v1.1 the
memory transaction descriptor's 4 byte field at offset 24 has changed
from reserved (MBZ) to Endpoint memory access descriptor size
(non-zero). With the reserved field not cleared in the v1.0 descriptor,
the caller cannot verify if it got the right version of the memory
transaction descriptor.

This issue only affects the FFA_MEM_RETRIEVE_RESP call at the
S-EL1 <-> S-EL0 interface, in all other cases the descriptors are
cleared properly.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Registe

drivers: caam: Fix for TLS1.3 handshake failure

There is a limitation on some of i.MX8M series platforms.
When the input is marked as a hash value, it is moved first into
the Class 2 Context Register, which is only 40 bytes long.
From there, it is copied into the PKHA.
If HASH is more than 40bytes, extra bytes become zero, which is not
proper message representative,so signatures generation/verification
go wrong.

This makes a limitation when the hash size is longer than 40 bytes
and the signature component/private key size is longer than 40 bytes
As a workaround when the input is marked as a message representative,
then a different path is taken to bring the value into CAAM,
and the value stays intact.

CFG_NXP_CAAM_C2_CTX_REG_WA config flag is added to enable/disable
this workaround.
Currently it is enabled by default for i.MX8M platforms.

Fixes: 4b383f736e9e ("drivers: caam: implement NXP CAAM Driver - DSA")
Fixes: 503b5c013761 ("drivers: caam: implement NXP CAAM Driver - ECC")
Link: https://github.com/OP-TEE/optee_os/issues/6492
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument

drivers: caam: add msg_type argument in DSA_SIGN/VERIFY macro

Add msg_type argument in DSA_SIGN/VERIFY macro.
Based on type of Message whether HASHED, Message representative, will
pass this argument.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed

drivers: stm32_rng: ensure conditional reset sequence is done

Add a check on RNG_CR_CONDRST being cleared before continuing the
program to ensure that the conditional reset sequence is done.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gat

drivers: stm32_rng: fix comment in stm32_rng_pm_resume()

Fix comment about the application of the RNG configuration in
stm32_rng_pm_resume(). Old comment mentioned reserved bits.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etie

drivers: stm32_rng: remove __unused attribute

Removes a useless __unused attribute for stm32_rng_probe() argument.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Ca

drivers: stm32_rng: check clock enable call

Fixes clock enable request that does not check the return value.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne

ta: pkcs11: default enable key check value support

Default enable support for key check value attribute in pkcs11 TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: p

ta: pkcs11: use TEE_InitRefAttribute() to compute key check value

Use TEE_InitRefAttribute() helper function to set key data attribute
in compute_check_value_with_ecb().

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful st

ta: pkcs11: key check value may not be applicable

Key check value attribute is required only for objects of types
certificate and symmetric keys. Fix set_check_value_attr()
to return a successful status instead of bad argument error code when
there is no key check value attribute to compute.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
in

ta: pkcs11: fix block size to compute AES key check value

Fix AES block size in compute_check_value_with_ecb(). It is 16 bytes,
not the AES key size. By the way allocate cipher block in the stack
instead of in the heap since the block is quite small.

Fixes: bcac2127a7f1 ("ta: pkcs11: pkcs11_attributes.c: support PKCS11_CKA_CHECK_VALUE")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:

core: arm: allow cache_op_outer() to operate on non-secure buffers

According the ARM PL310 documentation, if the operation is specific
to the PA, the behavior is presented in the following manner:
- Secure access: The data in the cache is only affected by the
the operation if it is secure.
- Non-secure access: The data in the cache is only affected by the
operation if it is non-secure.

Depending on the buffer location, use the secure or non-secure PL310
base address to do physical address based cache operation on the
buffer.

Link: https://developer.arm.com/documentation/ddi0246/a/programmer-s-model/register-descriptions/register-7--cache-maintenance-operations
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com

core: plat: imx: implement pl310_nsbase()

Map PL310 registers as non-secure.
Implement pl310_nsbase() that returns non-secure PL310 base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to ma

core: add pl310_nsbase() function

Add pl310_nsbase() function to return non-secure PL310 base address.

The default implementation is a weak function that returns the secure
PL310 base address to match the previous behavior where only the secure
base address was returned.

It is up to the platform to implement that function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in r

plat-k3: sa2ul_rng: check if rng is enabled before to do a read

Check if rng is enabled in sa2ul_rng_read128(), if not the
initialization sequence is run.
After a suspend to ram, the rng may be in reset state, and it has to be
re-initialized if in reset state.

Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Reviewed-by: Andrew Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp:

pta: stm32mp: fix remoteproc config name

The CFG_RPROC_PTA config is not valid and has been replaced by the
CFG_REMOTEPROC_PTA config during the review process.

Fixes: f6c57ea446db ("pta: stm32mp: add new remoteproc PTA")
Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Include kernel/interrupt.h for thread_arch.c

Otherwise, the compiler can not find the declaration of
interrupt_main_handler().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-

core: riscv: Include kernel/interrupt.h for thread_arch.c

Otherwise, the compiler can not find the declaration of
interrupt_main_handler().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Add missing initial value for read_tp()

The stack variable "tp" should have its initial value.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wikland

core: riscv: Add missing initial value for read_tp()

The stack variable "tp" should have its initial value.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: plic: Fix parameter type of plic_op_raise_sgi()

The commit ec740b9fe95e ("core: interrupt_raise_sgi() updates") changes
the cpu_mask parameter to a uint32_t. Apply this change onto
plic_op_

drivers: plic: Fix parameter type of plic_op_raise_sgi()

The commit ec740b9fe95e ("core: interrupt_raise_sgi() updates") changes
the cpu_mask parameter to a uint32_t. Apply this change onto
plic_op_raise_sgi().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: Add the mailbox operation lock

refactor function of mailbox operation to ensure atomaticity

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) modul

driver: crypto: hisilicon: Add the mailbox operation lock

refactor function of mailbox operation to ensure atomaticity

Fixes: c7f9abcee87f ("drivers: implement HiSilicon Queue Management (QM) module")
Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: read_64bit_pair()

Implement read_64bit_pair that read two 64 bits data together.

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-sam: force CFG_EXTERNAL_DT to n

Because this feature isn't used on SAM platforms and to disable DT
insecure warning.

Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Jens Wik

plat-sam: force CFG_EXTERNAL_DT to n

Because this feature isn't used on SAM platforms and to disable DT
insecure warning.

Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix links for 3.22.0

The links for 3.22.0 in CHANGELOG.md is incorrect, this commit
fixes it.

Fixes: 3e8d5b1c6a30 ("changelog: remove duplicate section")
Signed-off-by: Aristo Chen <aristo.chen@can

Fix links for 3.22.0

The links for 3.22.0 in CHANGELOG.md is incorrect, this commit
fixes it.

Fixes: 3e8d5b1c6a30 ("changelog: remove duplicate section")
Signed-off-by: Aristo Chen <aristo.chen@canonical.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...