plat-nuvoton: force CFG_EXTERNAL_DT=n

Disables DT insecure warning

Co-developed-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>

plat-nuvoton: force CFG_EXTERNAL_DT=n

Disables DT insecure warning

Co-developed-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-nuvoton: add HUK reading

Implements HUK reading from DME PCR0 located in the PCI mailbox

Co-developed-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Hila Miranda-Kuzi <hil

plat-nuvoton: add HUK reading

Implements HUK reading from DME PCR0 located in the PCI mailbox

Co-developed-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-nuvoton: change load address, shared memory and SDP memory

Changes load address of OPTEE-OS from 0x36000000 to 0x02100000
Moves shared memory to 0x06000000
Moves SDP memory to 0x05F00000

Co-de

plat-nuvoton: change load address, shared memory and SDP memory

Changes load address of OPTEE-OS from 0x36000000 to 0x02100000
Moves shared memory to 0x06000000
Moves SDP memory to 0x05F00000

Co-developed-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Hila Miranda-Kuzi <hila.miranda.kuzi1@gmail.com>
Signed-off-by: Margarita Glushkin <rutigl@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

changelog: remove duplicate section

When doing the 3.22 release, the changelog by mistake got the 3.22
section duplicated. Fix this by removing one of them.

Signed-off-by: Joakim Bech <joakim.bech@

changelog: remove duplicate section

When doing the 3.22 release, the changelog by mistake got the 3.22
section duplicated. Fix this by removing one of them.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: QEMUv8_check: enable attestation PTA

Enables the attestation PTA for all configurations in the QEMU_v8 job.
This would have caught the issue fixed by the parent commit.

Signed-off-by: Jerome Fo

ci: QEMUv8_check: enable attestation PTA

Enables the attestation PTA for all configurations in the QEMU_v8 job.
This would have caught the issue fixed by the parent commit.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: attestation: fixes for CFG_PAN=y

- Add missing enter_user_access()/exit_user_access() to
cmd_hash_ta_memory() so that the PTA is allowed to access the TA
directly.
- Use to_bounce_par

core: pta: attestation: fixes for CFG_PAN=y

- Add missing enter_user_access()/exit_user_access() to
cmd_hash_ta_memory() so that the PTA is allowed to access the TA
directly.
- Use to_bounce_params() and from_bounce_params() in the invoke entry
point in order to use bounce buffers for memref parameters when the
caller is a user space TA and PAN is enabled.

Fixes xtest 1037 with CFG_ATTESTATION_PTA=y CFG_PAN=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user space TAs when
PAN is enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: attestation: exclude memory regions without VM_FLAG_READONLY

When selecting which memory region of a TA should be hashed, exclude
those without VM_FLAG_READONLY in their flag field instead of r

pta: attestation: exclude memory regions without VM_FLAG_READONLY

When selecting which memory region of a TA should be hashed, exclude
those without VM_FLAG_READONLY in their flag field instead of requiring
the absence of TEE_MATTR_UW in attr. This makes the code more
consistent and fixes an issue triggered by commit 52e7b1a67f8f ("core:
use user-access functions in ldelf interaction"). With that commit, an
additional region is mapped read-only (i.e., no TEE_MATTR_UW) but does
not have a fixed content for the TA. It can be excluded easily since it
does not have the VM_FLAG_READONLY flag.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

optee-fvp: Enable CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS

Enable the SCMI-Perf protocol operations for the optee-fvp target.

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Ca

optee-fvp: Enable CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS

Enable the SCMI-Perf protocol operations for the optee-fvp target.

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: scmi-server: Add support for conditional options for SCMI-Perf

SCMI-Server is built upon the SCP-firmware source tree and
a recent change [1] being proposed is moving functionalities
into side

core: scmi-server: Add support for conditional options for SCMI-Perf

SCMI-Server is built upon the SCP-firmware source tree and
a recent change [1] being proposed is moving functionalities
into side source files.

This patch adds support to fetch those additional files based
on two options:
CFG_SCPFW_SCMI_PERF_FAST_CHANNELS (existing)
CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS (new)

[1] https://github.com/ARM-software/SCP-firmware/pull/812

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci.yml: Temporarily don't build libscmi-server

PR812 in SCP-firmware [1] has added some source files into
mod_scmi_perf directory, but it currently fails when building for the
optee-os case.
This is

ci.yml: Temporarily don't build libscmi-server

PR812 in SCP-firmware [1] has added some source files into
mod_scmi_perf directory, but it currently fails when building for the
optee-os case.
This is due to the fact that the current build system in optee, for
building the scmi-server fetched from SCP-firmware codebase, works well
under the assumption that only one source file is required.

To unlock the circular dependency between build systems and source
codes, temporarily remove the build for the scmi-server.

This will allow the following two patches to be safely merged into the
optee_os repo:
core: scmi-server: Add support for conditional options for SCMI-Perf
optee-fvp: Enable CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS

Subsequently, PR812 in SCP-firmware can be merged, and immediately
a revert patch for this present one will follow to reintroduce the
libscmi-server build.

Link: https://github.com/ARM-software/SCP-firmware/pull/812 [1]
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>

show more ...

core: crypto_api: fixes typo "bytes" to "bits"

Fixes a typo for *gen_keypair() in struct drvcrypt_ecc where the last
parameter was "size_bytes" while the value represents bits, so fix this by
renami

core: crypto_api: fixes typo "bytes" to "bits"

Fixes a typo for *gen_keypair() in struct drvcrypt_ecc where the last
parameter was "size_bytes" while the value represents bits, so fix this by
renaming it to "size_bits".

Fixes: d29cd2efcd46 ("core: driver: generic resources for crypto device driver - ECC")
Signed-off-by: Katsunori Kikuchi <Katsunori.Kikuchi@sony.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: fix to extract DH secret length from modulus

Prior to this patch, the DH secret, due to its mechanism, becomes a value
less than the key length of the Private key. Consequently, whe

drivers: crypto: fix to extract DH secret length from modulus

Prior to this patch, the DH secret, due to its mechanism, becomes a value
less than the key length of the Private key. Consequently, when obtaining
the maximum size of the secret from the current key length of the Public
key, the secret length falls short. So change this to extract DH secret
length from modulus instead of public key length.

Fixes: f6e2b9e2d1a2 ("drivers: crypto: implement crypto driver - DH")
Signed-off-by: Katsunori Kikuchi <Katsunori.Kikuchi@sony.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by:

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-b

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: drivers: ls_dspi: Add flush DSPI module

Add flush DSPI module. This is called in ls_dspi_ops structure.

Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklande

core: drivers: ls_dspi: Add flush DSPI module

Add flush DSPI module. This is called in ls_dspi_ops structure.

Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm: plat-ls: Add CFG_WITH_ARM_TRUSTED_FW flag

If using ARM Trusted Firmware-A, then the GIC initialization is done in
BL31.

Fixes: 2b9f23923175 ("plat-ls: Add support for armv8 platform flav

core: arm: plat-ls: Add CFG_WITH_ARM_TRUSTED_FW flag

If using ARM Trusted Firmware-A, then the GIC initialization is done in
BL31.

Fixes: 2b9f23923175 ("plat-ls: Add support for armv8 platform flavours")
Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm: plat-bcm: Force CFG_CORE_ARM64_PA_BITS=48

Set CFG_CORE_ARM64_PA_BITS in Broadcom platform file. This fixes a crash
when setting up memory addresses on the Broadcom stingray NS3 platform.

core: arm: plat-bcm: Force CFG_CORE_ARM64_PA_BITS=48

Set CFG_CORE_ARM64_PA_BITS in Broadcom platform file. This fixes a crash
when setting up memory addresses on the Broadcom stingray NS3 platform.

Signed-off-by: Stephen Carlson <stcarlso@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: ls_sfp: Add missing argument in dt_map_dev() function call

dt_map_dev() function call is missing an argument which results in
compilation error. Add the missing argument.

Fixes: 011c

core: drivers: ls_sfp: Add missing argument in dt_map_dev() function call

dt_map_dev() function call is missing an argument which results in
compilation error. Add the missing argument.

Fixes: 011c182a606b ("core: drivers: nxp: Add LX series SFP driver")
Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm64: preserve PSTATE.PAN when making SPSR

When setup_unwind_user_mode() prepares to resume execution after
syscall_sys_return() or when a thread is suspended a new SPSR is
fabricated base on

core: arm64: preserve PSTATE.PAN when making SPSR

When setup_unwind_user_mode() prepares to resume execution after
syscall_sys_return() or when a thread is suspended a new SPSR is
fabricated base on the current PSTATE.

Until now when remaining in S-EL1 to fabricate an SPSR only the
PSTATE.DAIF bits had to be taken into account. However, with PSTATE.PAN
there's yet another bit to consider. Since PSTATE has a few more bits
and more may be added as AArch64 evolves this problem is only going to
get worse. So implement this in a single internal C function to replace
current open codes C and assembly versions.

The AArch64 assembly versions of thread_rpc() are renamed to
thread_rpc_spsr() to indicate that SPSR is passed in the second argument
instead of having it open coded internally in the assembly function.

New C wrapper functions are added to preserve the old thread_rpc()
interface as needed.

handle_user_mode_panic() is still basing its created SPSR on the saved
SPSR from S-EL0, but now PAN bit is copied too.

Fixes: 6fa59c9a70dc ("arm64: Introduce permissive PAN implementation")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: add feat_pan_implemented()

Adds the helper function feat_pan_implemented() to extract the
implemented PAN version. No version is 0 so this function can be used
tested as a boolean too.

S

core: arm: add feat_pan_implemented()

Adds the helper function feat_pan_implemented() to extract the
implemented PAN version. No version is 0 so this function can be used
tested as a boolean too.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm64: add read_pan() and SPSR_64_PAN

Adds the wrapper function read_pan() to read PSTATE.PAN, also adds a
SPSR_64_PAN define.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by:

arm64: add read_pan() and SPSR_64_PAN

Adds the wrapper function read_pan() to read PSTATE.PAN, also adds a
SPSR_64_PAN define.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buf

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buffer. Core buffers are normal secure memory while user space
buffers should only be accessed using the user_access.h functions.

The different FS storage implementations are updated accordingly.

Note that the RPMB FS storage implementation resorts to using
enter_user_access() and exit_user_access() due to internal complexities.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: syscall_storage_obj_rename(): fix direct user memory access

Fixes a direct user memory access in syscall_storage_obj_rename() which
can lead to a data abort if PAN is enabled.

Fixes: 84f78978

core: syscall_storage_obj_rename(): fix direct user memory access

Fixes a direct user memory access in syscall_storage_obj_rename() which
can lead to a data abort if PAN is enabled.

Fixes: 84f78978974b ("core: use user-access functions for storage svc")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: socket: fix direct user memory access

Replaces direct user memory accesses in the socket PTA with
copy_to_user() and copy_from_user(). This avoids PAN errors when PAN is
active.

Fixes: 4

core: pta: socket: fix direct user memory access

Replaces direct user memory accesses in the socket PTA with
copy_to_user() and copy_from_user(). This avoids PAN errors when PAN is
active.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...