drivers: stm32_i2c: fallback to interrupt access when no bottom half

Change stm32_i2c driver to allow I2C transfers in interrupt context
before bottom half thread is initialized and after it's relea

drivers: stm32_i2c: fallback to interrupt access when no bottom half

Change stm32_i2c driver to allow I2C transfers in interrupt context
before bottom half thread is initialized and after it's released.

This can be needed by PMIC driver to handle PMCI interrupt events
when bottom half thread is not supported by normal wold.
In that case, PMIC driver would need to register its interrupt to
stm32_i2c driver.

Thread accesses to the bus still start by locking the I2C bus mutex.
Before using the bus, the sequence now masks the PMIC interrupt and
polls (with timeout) on I2C bus access atomic lock. This lock
may be held by an I2C transfer currently executing in an interrupt
context. A 100ms timeout is short enough to also allow
debug console traces in the interrupt sequence. Masking the interrupt
before polling the lock ensures no new pending interrupt will interrupt
us (and execute a I2C transfer) while the thread context accesses the
I2C bus.

Interrupt accesses to the bus atomically set/clear the I2C bus access
lock while executing the interrupt sequence.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: stm32_i2c: add support of stm32mp2 family

Add compatible st,stm32mp25-i2c to support stm32mp2x SoCs.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carri

drivers: stm32_i2c: add support of stm32mp2 family

Add compatible st,stm32mp25-i2c to support stm32mp2x SoCs.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

ci: notify_maintainers: fix source code comparison (really)

Fix yet another permission issue with the notify workflow [1]. The
GitHub Copilot gives the following diagnostic:

"pull_request_target do

ci: notify_maintainers: fix source code comparison (really)

Fix yet another permission issue with the notify workflow [1]. The
GitHub Copilot gives the following diagnostic:

"pull_request_target does grant a write-capable GITHUB_TOKEN, but you
must run the trusted code (from the target/base branch) when using that
token. Your workflow checks that the notify script wasn't modified, but
then checks out the PR head and runs the script from the untrusted PR;
that makes the token unavailable/limited for writes."

Let's check out the PR head in the run: step of the job instead of
giving it to actions/checkout.

Link: https://github.com/OP-TEE/optee_os/actions/runs/19567616329/job/56033348650?pr=7584 [1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: notify_maintainers: fix source code comparison (really)

The PR branch head is not available in the default pull_request_target
checkout since it operates on the target branch (optee_os official

ci: notify_maintainers: fix source code comparison (really)

The PR branch head is not available in the default pull_request_target
checkout since it operates on the target branch (optee_os official
repository). A 'git fetch' is needed in order to make the PR code usable
in the subsequent tj-actions/changed-files.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: fix incorrect data type in create_and_sync

Fixes an incorrect data type used in the create_and_sync function.
When this function calls tee_fs_htree_sync_to_storage, it may invoke
tee

core: fs_htree: fix incorrect data type in create_and_sync

Fixes an incorrect data type used in the create_and_sync function.
When this function calls tee_fs_htree_sync_to_storage, it may invoke
tee_fs_htree_close to free the input hash tree in error cases.
Therefore, the input type should be struct tee_fs_htree **ht_arg
to handle these scenarios correctly.

Link: https://github.com/OP-TEE/optee_os/issues/7512
Fixes: 5a9d570a8d7f ("core: fs_htree: re-init hash tree when both tag and counter are zero")

Signed-off-by: Ox Yeh <ox.yeh@mediatek.com>
Reviewed-by: Menson Chen <menson.chen@mediatek.com>
Reviewed-by: Rayan Hu <rayan.hu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: notify_maintainers: fix source code comparison

On a pull_request_target event, the code checked out by actions/checkout
is the base branch. Therefore, to compare the PR branch against the base
b

ci: notify_maintainers: fix source code comparison

On a pull_request_target event, the code checked out by actions/checkout
is the base branch. Therefore, to compare the PR branch against the base
branch tj-actions/changed-files needs to be given a reference to the PR
head. In other words, base_sha: should actually be the PR head, not the
base. Change it accordingly. Fixes the following error:

Similar commit hashes detected: previous sha: <xxx> is equivalent to
the current sha: <xxx>

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: update tj-actions/changed-files to version v46

Address the GitHub Dependabot security notification about compromised
tj-actions/changed-files.

Link: https://github.com/OP-TEE/optee_os/security/

ci: update tj-actions/changed-files to version v46

Address the GitHub Dependabot security notification about compromised
tj-actions/changed-files.

Link: https://github.com/OP-TEE/optee_os/security/dependabot/1 [1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Co-developed-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: move notify_maintainers to a separate workflow

The default ${{ secrets.GITHUB_TOKEN }} does not allow write access to
pull requests created from a fork, even when the permissions: block is
suppo

ci: move notify_maintainers to a separate workflow

The default ${{ secrets.GITHUB_TOKEN }} does not allow write access to
pull requests created from a fork, even when the permissions: block is
supposed to allow it (it does for PRs created from the same repository
but not from forks). As a result, the create_issue_comment() returns a
"403: Forbidden" error. See [1] for example.

Fix the issue by moving the notify_maintainers job to a separate
workflow which is triggered on the pull_request_target event. The
mechanism is explained in .github/workflows/notify.yml.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Link: https://github.com/OP-TEE/optee_os/actions/runs/19434849286/job/55602878593?pr=7426 [1]
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: scripts/notify_maintainers.py: use non-deprecated API

Supplying a token to the GitHub class constructor is deprecated. Use an
Auth object instead.

Signed-off-by: Jerome Forissier <jerome.foriss

ci: scripts/notify_maintainers.py: use non-deprecated API

Supplying a token to the GitHub class constructor is deprecated. Use an
Auth object instead.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: scripts/notify_maintainers.py: improve debug traces

Print the message before sending it via the GitHub API so that it
appears in the logs in case pr.create_issue_comment() raises an
exception.

ci: scripts/notify_maintainers.py: improve debug traces

Print the message before sending it via the GitHub API so that it
appears in the logs in case pr.create_issue_comment() raises an
exception.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: scripts/notify_maintainers.py: fix GitHub handle regexp

When looking for GitHub handles in the PR comments (i.e., people
already mentioned), include the hyphen character so that handles of the
f

ci: scripts/notify_maintainers.py: fix GitHub handle regexp

When looking for GitHub handles in the PR comments (i.e., people
already mentioned), include the hyphen character so that handles of the
form '@foo-bar' are properly matched.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

macros.mk: fix version string generation for clang

When the clang supports HIP and detects its installed it will print
its version as part of the `-v` command, which makes the grep return
two matche

macros.mk: fix version string generation for clang

When the clang supports HIP and detects its installed it will print
its version as part of the `-v` command, which makes the grep return
two matched lines, one of which is unrelated to the clang version.
Fix by only taking the first match, which for clang its always the
version, this should not affect GCC builds as they return a single
match anyways.

Signed-off-by: Itay Almog <itay2828@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: scripts/notify_maintainers.py: fix undefined variable error

Fix error:

File "scripts/notify_maintainers.py", line 132, in main
" ".join(f"@{h}" for h in new_handles))

ci: scripts/notify_maintainers.py: fix undefined variable error

Fix error:

File "scripts/notify_maintainers.py", line 132, in main
" ".join(f"@{h}" for h in new_handles))
^^^^^^^^^^^
UnboundLocalError: cannot access local variable 'new_handles' where it
is not associated with a value

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: Fix initialisation order

Since commit 358cdcd2b079 ("core: arm32: initialize secure monitor
late") TI platforms have been broken due to only initialising the
HUK in `init_sec_mon` after the

plat-ti: Fix initialisation order

Since commit 358cdcd2b079 ("core: arm32: initialize secure monitor
late") TI platforms have been broken due to only initialising the
HUK in `init_sec_mon` after the SSK has been derived/generated from
it in the `tee_fs_init_key_manager` service init.

Move initialisation of HUK into an `early_init` registration to
restore the correct order of operations.

Secure monitor initialisation cannot be moved into the
`early_init()` as the secure monitor stack is not yet initialised.

Link: https://github.com/OP-TEE/optee_os/issues/7587

Signed-off-by: Alistair Higgins <Alistair_Higgins@trimble.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make boot_arg_nsec_entry globally accessible

Required on TI platforms that need access to access the boot
arguments in an `early_init()` call.
Need the boot args to memory-map and initialise t

core: make boot_arg_nsec_entry globally accessible

Required on TI platforms that need access to access the boot
arguments in an `early_init()` call.
Need the boot args to memory-map and initialise the HUK before
it is used in the `tee_fs_init_key_manager` service init.

Signed-off-by: Alistair Higgins <Alistair_Higgins@trimble.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-telechips: fix spelling mistake

Fix a spelling mistake in the tcmktool.py script.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lina

plat-telechips: fix spelling mistake

Fix a spelling mistake in the tcmktool.py script.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add 'issues: write' permission for notify_maintainers.py

Add the write permission to issues to the CI workflow so that the
maintainer notification script is allowed to post comments. This should

ci: add 'issues: write' permission for notify_maintainers.py

Add the write permission to issues to the CI workflow so that the
maintainer notification script is allowed to post comments. This should
fix a 403 error [1]. In principle, 'pull-requests: write' should not
be needed.

Link: https://github.com/OP-TEE/optee_os/actions/runs/19324768252/job/55273243282?pr=7603 [1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/gen_ldelf_hex.py: account for true memsz in last load segment mapping

The pad_size array is used to compute code/data/load mapping sizes for
ldelf by measuring the gaps after each PT_LOAD se

scripts/gen_ldelf_hex.py: account for true memsz in last load segment mapping

The pad_size array is used to compute code/data/load mapping sizes for
ldelf by measuring the gaps after each PT_LOAD segment. The last entry
was hardcoded to 0, effectively ignoring the final segment’s
(p_memsz - p_filesz) - i.e. the BSS portion that exists in memory but
not in the file.

As a result, the RW mapping for ldelf was undersized: the zero-filled
area of the last PT_LOAD was not reserved, which could lead to writes
past the mapped region.

Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: mention reviewers/maintainers from MAINTAINERS

Introduce a new Python script: notify_maintainers.py and run it in CI
as part of a new job. When invoked in the context of a pull request
against t

ci: mention reviewers/maintainers from MAINTAINERS

Introduce a new Python script: notify_maintainers.py and run it in CI
as part of a new job. When invoked in the context of a pull request
against the OP-TEE OS official project, it invokes get_maintainer.py
to find out the GitHub handles of the people to whom the change in the
PR is relevant. It then posts a comment so that these people may be
notified via email. People are mentioned only once per PR (they
normally receive subsequent messages automatically). The PR author,
assignees and requested reviewers (if any) are skipped since they are
already notified, as well as the default maintainers ("THE REST") who
are assumed to receive all PRs. The format of the comment is:

github-actions (bot) commented ...

FYI <handle1> <handle2>...

Note: Subsystem/platform maintainers who have their GitHub handle in
MAINTAINERS and who already "watch" the project will receive two emails
upon creation of a PR that touches their area of expertise: one when
the PR is created, and one shortly after when the script runs and the
GitHub bot tags them in a comment. Hopefully it is only a minor
inconvenience.

Note 2: The script was written with the help of generative AI. It was
reviewed, tested and modified by me.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@oss.qualcomm.com>
Reviewed-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>

show more ...

core: ltc: rsa_verify_hash: fix panic on hash length difference

Fixing coupled conditions in rsa_verify_hash_ex():
inc1 was set to 1 in situations when ftmn_set_check_res_memcmp() was not
executed a

core: ltc: rsa_verify_hash: fix panic on hash length difference

Fixing coupled conditions in rsa_verify_hash_ex():
inc1 was set to 1 in situations when ftmn_set_check_res_memcmp() was not
executed and leading to a panic in FTMN_CALLEE_DONE_CHECK()

Signed-off-by: Vladislavas Putys <vputys@witekio.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: guard sp_session field state with spinlock

Accesses to the state field in struct sp_session is often guarded with a
spinlock, but there are a few places with it's missing. So, add the
mis

core: ffa: guard sp_session field state with spinlock

Accesses to the state field in struct sp_session is often guarded with a
spinlock, but there are a few places with it's missing. So, add the
missing spinlocks.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: verify thread ID before resuming S-EL0 SP

Check that the thread ID for an S-EL0 SP is correct before trying to
resume it. This guards against resuming an unrelated thread.

Signed-off-by:

core: ffa: verify thread ID before resuming S-EL0 SP

Check that the thread ID for an S-EL0 SP is correct before trying to
resume it. This guards against resuming an unrelated thread.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: fix direct request error code for S-EL0 SP

Direct requests to S-EL0 SPs are delivered using a thread. If no thread
is available return FFA_BUSY, to let the caller know that it should try

core: ffa: fix direct request error code for S-EL0 SP

Direct requests to S-EL0 SPs are delivered using a thread. If no thread
is available return FFA_BUSY, to let the caller know that it should try
again. This should normally never happen, but let's do our best for a
corner case.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: add builds for dynamic protected memory

Add two builds for dynamic protected memory, one with and one without
FF-A.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Fo

ci: add builds for dynamic protected memory

Add two builds for dynamic protected memory, one with and one without
FF-A.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory f

core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory for FF-A.

A new internal struct mobj_protmem is add to handle dynamic protected
memory without FF-A.

Lending non-secure memory to OP-TEE to use it as protected memory means
that it should to become inaccessible by the normal world as part of the
process. This part is currently not supported, since it must be done in
a platform specific way for platforms that support that. QEMU don't
support that.

Adding two platform specific functions, plat_get_protmem_config() and
plat_set_protmem_range() for dynamic protected memory. The functions has
__weak implementation to allow easier testing. However,
plat_set_protmem_range() requires CFG_INSECURE=y since it doesn't change
memory protection.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...