core: tpm: don't write to SPMC manifest

If "CFG_CORE_SEL1_SPMC=y" the TPM event log info is read from the SPMC
manifest instead of the external DT. The TPM event log handler code is
setting the even

core: tpm: don't write to SPMC manifest

If "CFG_CORE_SEL1_SPMC=y" the TPM event log info is read from the SPMC
manifest instead of the external DT. The TPM event log handler code is
setting the event log's address to zero in the DT, which fails since the
SPMC manifest is mapped as read-only. Remove this zeroing for the S-EL1
SPMC use case, it has no added security benefits since the SPMC manifest
DT itself is always in secure memory anyways.

Fixes: 722c618f0dfa ("core: map manifest using MEM_AREA_MANIFEST_DT")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

zynqmp: remove redundant platform config code

The hardware description is identical in all the platforms, there is no
need for specific ultra96 code to define base addresses.

Signed-off-by: Ibai Er

zynqmp: remove redundant platform config code

The hardware description is identical in all the platforms, there is no
need for specific ultra96 code to define base addresses.

Signed-off-by: Ibai Erkiaga <ibai.erkiaga-elorza@amd.com>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: unconditionally support manifest DT with FF-A

When configured for FF-A (CFG_CORE_FFA=y) unconditionally support
receiving at manifest device tree. This also makes CFG_DT=y mandatory
with FF-A.

core: unconditionally support manifest DT with FF-A

When configured for FF-A (CFG_CORE_FFA=y) unconditionally support
receiving at manifest device tree. This also makes CFG_DT=y mandatory
with FF-A.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: always save manifest DT with CFG_CORE_SEL2_SPMC=y

With CFG_CORE_SEL2_SPMC=y the manifest device tree is passed via boot
info from the SPMC at S-EL2. This manifest can contain configuration
nee

core: always save manifest DT with CFG_CORE_SEL2_SPMC=y

With CFG_CORE_SEL2_SPMC=y the manifest device tree is passed via boot
info from the SPMC at S-EL2. This manifest can contain configuration
needed later during boot, so save it always regardless of
CFG_CORE_PHYS_RELOCATABLE.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: make core_mmu_set_secure_memory() available

Makes core_mmu_set_secure_memory() unconditionally available, but add a
runtime_assert() to protect against calls without
CFG_CORE_PHYS_RELOCATABLE=

core: make core_mmu_set_secure_memory() available

Makes core_mmu_set_secure_memory() unconditionally available, but add a
runtime_assert() to protect against calls without
CFG_CORE_PHYS_RELOCATABLE=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: add runtime_assert()

Adds runtime_assert() as a version of assert() that can be used instead
of assert() when evaluating constant expressions to avoid the warning:
error: function might be

libutils: add runtime_assert()

Adds runtime_assert() as a version of assert() that can be used instead
of assert() when evaluating constant expressions to avoid the warning:
error: function might be candidate for attribute ‘noreturn’

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: map manifest using MEM_AREA_MANIFEST_DT

Maps the manifest using MEM_AREA_MANIFEST_DT and unmap it at the end of
boot. The manifest DT has a life cycle similar to an external DT, except
that it

core: map manifest using MEM_AREA_MANIFEST_DT

Maps the manifest using MEM_AREA_MANIFEST_DT and unmap it at the end of
boot. The manifest DT has a life cycle similar to an external DT, except
that it's mapped read-only and always secure. It's not available once
exiting after the initial boot

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename tos_fw_config_dt to manifest_dt

Renames tos_fw_config_dt to manifest_dt as a preparation for coming
patches to let it represent all device tree manifests provided in an
FF-A configurati

core: rename tos_fw_config_dt to manifest_dt

Renames tos_fw_config_dt to manifest_dt as a preparation for coming
patches to let it represent all device tree manifests provided in an
FF-A configuration.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add MEM_AREA_MANIFEST_DT

Adds MEM_AREA_MANIFEST_DT for mapping an FF-A manifest FDT.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by:

core: add MEM_AREA_MANIFEST_DT

Adds MEM_AREA_MANIFEST_DT for mapping an FF-A manifest FDT.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

crypto: stm32: fix SAES reset at probe time

Uses SAES internal reset sequence only when external reset controller
is not available. This change fixes a non-systematic SAES error
seen when SAES inter

crypto: stm32: fix SAES reset at probe time

Uses SAES internal reset sequence only when external reset controller
is not available. This change fixes a non-systematic SAES error
seen when SAES internal reset is triggered right after external reset
sequence. Whereas a fix could be to add a delay between external reset
and internal reset sequences, this change simplifies the sequence as
internal reset sequence is not needed when SAES instance is reset using
its external reset controller.

Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

driver: gic: support sgi raise for gicv3

Use write_icc_sgi1r() and write_icc_asgi1r() to raise SGI
for gicv3.
And move the assertion from gic_it_raise_sgi() to
the caller function to improve the rea

driver: gic: support sgi raise for gicv3

Use write_icc_sgi1r() and write_icc_asgi1r() to raise SGI
for gicv3.
And move the assertion from gic_it_raise_sgi() to
the caller function to improve the readability
of gic_it_raise_sgi().

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm.h: Add MPIDR definition for aff3 field

Adds define MPIDR_AFF3_SHIFT and MPIDR_AFF3_MASK.
And extend MPIDR_AFFLVL_MASK to 64 bits to support
the 64-bit MPIDR_EL1 on aarch64.

Signed-off-by:

core: arm.h: Add MPIDR definition for aff3 field

Adds define MPIDR_AFF3_SHIFT and MPIDR_AFF3_MASK.
And extend MPIDR_AFFLVL_MASK to 64 bits to support
the 64-bit MPIDR_EL1 on aarch64.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: Add write_icc_sgi1r() and write_icc_asgi1r()

Adds the wrapper function write_icc_sgi1r() and write_icc_asgi1r()
to write ICC_SGI1R and ICC_ASGI1R to generate group 1 SGIs for
the secure

core: arm64: Add write_icc_sgi1r() and write_icc_asgi1r()

Adds the wrapper function write_icc_sgi1r() and write_icc_asgi1r()
to write ICC_SGI1R and ICC_ASGI1R to generate group 1 SGIs for
the secure and non-secure state CPU.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: imx: add DEK blob

Add DEK blob PTA to generate CAAM DEK blobs.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: caam: add DEK blob support

The CAAM can generate a specific key blob called DEK blob - Data
Encryption Key blob. It encapsulates and encrypts the plain text key used
to encrypt the boot ima

drivers: caam: add DEK blob support

The CAAM can generate a specific key blob called DEK blob - Data
Encryption Key blob. It encapsulates and encrypts the plain text key used
to encrypt the boot image. This blob is decapsulated by the HAB - High
Assurance boot at boot to decrypt the boot image.

The DEK blob is a specific CAAM blob as it requires a header and the key
must be encapsulated from the CAAM secure memory.

Enable the CAAM DEK blob support on imx8m platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add CAAM secure memory driver

Add CAAM secure memory support. The CAAM secure memory is an embedded
memory within the CAAM used for data protection and special operations.

Enable the

drivers: caam: add CAAM secure memory driver

Add CAAM secure memory support. The CAAM secure memory is an embedded
memory within the CAAM used for data protection and special operations.

Enable the allocation of secure memory pages and partitions used by job
rings as input/output for special cryptographic operations.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: add HAL for secure memory driver

Add hardware abstraction layer for CAAM secure memory registers. The
majority of the implementation is common to all i.MX platforms.
Only the secure m

drivers: caam: add HAL for secure memory driver

Add hardware abstraction layer for CAAM secure memory registers. The
majority of the implementation is common to all i.MX platforms.
Only the secure memory physical address retrieve method is platform
specific.
In this commit, this method is implemented for imx8m platforms only.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@lina

core: imx: add secure memory registers for imx8m platforms

Add SECMEM_BASE and SECMEM_SIZE values.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.ja

ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add hidden EC point support

The PKCS#11 standard does not allow one to have CKA_EC_POINT for private
keys but TEE internal API requires one to be present when performing
private key oper

ta: pkcs11: add hidden EC point support

The PKCS#11 standard does not allow one to have CKA_EC_POINT for private
keys but TEE internal API requires one to be present when performing
private key operations. Instead of calculating it each time it is needed
store it as hidden attribute.

This fixes EC private key generation to function as specified in standard.

There is backwards support for existing keys that has been created
inadvertently with CKA_EC_POINT included.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jä

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>

show more ...

ta: pkcs11: specify OP-TEE's vendor specific attribute scheme

Add vendor allocation specification for OP-TEE specific attributes.

Specifies which bits of attribute identifier is for what purpose.

ta: pkcs11: specify OP-TEE's vendor specific attribute scheme

Add vendor allocation specification for OP-TEE specific attributes.

Specifies which bits of attribute identifier is for what purpose.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: introduce PKCS11_CKF_ARRAY_ATTRIBUTE

Add own define for PKCS11_CKF_ARRAY_ATTRIBUTE to keep attribute defines
clear.

Adjust users to new define.

Value is same as CKF_ARRAY_ATTRIBUTE in

ta: pkcs11: introduce PKCS11_CKF_ARRAY_ATTRIBUTE

Add own define for PKCS11_CKF_ARRAY_ATTRIBUTE to keep attribute defines
clear.

Adjust users to new define.

Value is same as CKF_ARRAY_ATTRIBUTE in standard.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR address
space.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: update NXP (Freescale) i.MX family

Update MAINTAINERS and remove myself from NXP (Freescale) i.MX family.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander

MAINTAINERS: update NXP (Freescale) i.MX family

Update MAINTAINERS and remove myself from NXP (Freescale) i.MX family.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...