dts: sama5d2: add assigned-clocks properties for usb

In order for USB to work, the correct clock parents and rates must be
set for USB clock. Assigned UTMI clock for USB clock and set its rate
to 48

dts: sama5d2: add assigned-clocks properties for usb

In order for USB to work, the correct clock parents and rates must be
set for USB clock. Assigned UTMI clock for USB clock and set its rate
to 48000000.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: sam: export audiopll_fracck and usbck

This allows to modify the clocks rate and parents from the device-tree
using assigned-clock-parents/rate properties rather than hardcoding the
clo

drivers: clk: sam: export audiopll_fracck and usbck

This allows to modify the clocks rate and parents from the device-tree
using assigned-clock-parents/rate properties rather than hardcoding the
clocks rate.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: sam: add a macro for count of main clocks

Add a macro instead of using clock index name to define the count of main
clocks. This will ease the changes when exposing new clocks.

Signed

drivers: clk: sam: add a macro for count of main clocks

Add a macro instead of using clock index name to define the count of main
clocks. This will ease the changes when exposing new clocks.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable leng

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable length buffers are supported
for all RSA operations:
- Crypto API checks it for PKCS_V1_5 and OAEP encryptions.
- OAEP decryption already supports it.

This fixes: https://github.com/OP-TEE/optee_os/issues/5841

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>

show more ...

drivers: imx: tzc380: re-configure TZ380 upon PM resume

Call the initialization function of TZC380 upon resume to reconfigure
regions and check region lockdown.

Signed-off-by: Clement Faure <clemen

drivers: imx: tzc380: re-configure TZ380 upon PM resume

Call the initialization function of TZC380 upon resume to reconfigure
regions and check region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: tzc380: do not dump TZASC state before lockdown

Remove the TZASC state dump before the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier

drivers: imx: tzc380: do not dump TZASC state before lockdown

Remove the TZASC state dump before the region lockdown.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx: tzc380: add support for 8mscale platforms

Add the TZASC support for all 8mscale platforms.
The TZASC regions on these platforms have an offset equals to
the DRAM base address.

Signed-

drivers: imx: tzc380: add support for 8mscale platforms

Add the TZASC support for all 8mscale platforms.
The TZASC regions on these platforms have an offset equals to
the DRAM base address.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: add TOS_FW_CONFIG handling

At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
currently only the HW_CONFIG address is saved, the other one is dropped.
This commit add

core: ffa: add TOS_FW_CONFIG handling

At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
currently only the HW_CONFIG address is saved, the other one is dropped.
This commit adds functionality to save the TOS_FW_CONFIG too, so we can
retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
case, because the SPMC manifest is passed in this DT.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: crypto: fix memory leak in Ed25519 support

The software implementation of ED25519 algorithm has a memory leak in the
key and key pair allocation. Upon every public key allocation, a key pair
i

core: crypto: fix memory leak in Ed25519 support

The software implementation of ED25519 algorithm has a memory leak in the
key and key pair allocation. Upon every public key allocation, a key pair
is allocated (public and private components). When freeing the public
key, only the public component is freed. To reproduce the issue:

$ while xtest 4016; do :; done

Until the following error:

* regression_4016 Test TEE Internal API ED25519 sign/verify
E/LD: copy_section_headers:1124 sys_copy_from_ta_bin
E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c /usr/src/debug/optee-test/master.imx-r0/host/xtest/regression_4000.c:6062: xtest_teec_open_session(&session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY, expected 0x0 = TEEC_SUCCESS
regression_4016 FAILED

To fix the memory leak, a separate public key allocation function must
be defined along a ED25519 public key structure.

Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk/lib.mk: use full path to shared library in flags variable

To add link flags for a shared library, a makefile variable is used
that is called lib-ldflags$(libuuid). That's incorrect because the
UU

mk/lib.mk: use full path to shared library in flags variable

To add link flags for a shared library, a makefile variable is used
that is called lib-ldflags$(libuuid). That's incorrect because the
UUID is not enough to uniquely identify a shared library in the build.
For example when both 32-bit and 64-bit user space is generated there
are two versions of the shared library with the same UUID. It is not
a problem at the moment because lib-ldflags$(libuuid) is used only
for one target: ta_arm64, but fix this anyways so that the variable
may be used for more complex cases.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: link.mk: produce tee-raw.bin by default

Adds tee-raw.bin as a dependency of all. This produces a tee-raw.bin for
all platforms when building. tee-raw.bin is more useful than for
instance

core: arm: link.mk: produce tee-raw.bin by default

Adds tee-raw.bin as a dependency of all. This produces a tee-raw.bin for
all platforms when building. tee-raw.bin is more useful than for
instance tee-pager_v2.bin which often is used when a raw binary is
needed. Platforms with a link.mk only to produce tee-raw.bin have their
link.mk removed since the generic version suffices now.

Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add stubs for pthread functions

When building with GCC 11.3.1 [1], the linker reports undefined symbols
in the C++ test TA:

$ make 2>&1 | grep -E "(in function|undefined reference)" | se

libutils: add stubs for pthread functions

When building with GCC 11.3.1 [1], the linker reports undefined symbols
in the C++ test TA:

$ make 2>&1 | grep -E "(in function|undefined reference)" | sed 's@.*/@@'
libstdc++.a(eh_alloc.o): in function `(anonymous namespace)::pool::free(void*) [clone .constprop.0]':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
libstdc++.a(eh_alloc.o): in function `(anonymous namespace)::pool::allocate(unsigned long) [clone .constprop.0]':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
libgcc_eh.a(unwind-dw2-fde-dip.o): in function `__gthread_mutex_lock':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
libgcc_eh.a(unwind-dw2-fde-dip.o): in function `__gthread_mutex_unlock':
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
[more of the same follow]

To fix that issue, introduce no-op stubs as weak symbols in libutils.
Doing so is valid because TAs are single threaded and non-reentrant.

Link: [1] https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel/arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

plat-totalcompute: update TZDRAM_SIZE

For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
0x4000 for boot protocol support.

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com

plat-totalcompute: update TZDRAM_SIZE

For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
0x4000 for boot protocol support.

Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_*: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB or
CFG_DT are disabled. This change aims to simplify source files and

drivers: stm32_*: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB or
CFG_DT are disabled. This change aims to simplify source files and is
related to commit [1] from which stm32mp1 platform requires DTB for the
drivers configuration.

Link: [1] 474ad1856b56 ("plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB is
disabled. This change aims to simplify source files and is related to

plat-stm32mp1: remove code for when DT is not supported

This change removes implementation managing cases when CFG_EMBED_DTB is
disabled. This change aims to simplify source files and is related to
commit [1] from which stm32mp1 platform requires DTB for the drivers
configuration.

Link: [1] 474ad1856b56 ("plat-stm32mp1: conf: mandate the use of device tree on STM32MP1x platforms")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: add CNTVCT to user system registers

Adds CNTVCT to user system registers. Needed when compiling with
CFG_CORE_SEL2_SPMC=y and CFG_MEMTAG=y.

Reviewed-by: Jerome Forissier <jerome.forissier@

libutee: add CNTVCT to user system registers

Adds CNTVCT to user system registers. Needed when compiling with
CFG_CORE_SEL2_SPMC=y and CFG_MEMTAG=y.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tpm: fix syntax in trace message

Fixes build warning (trace message below) when CFG_CORE_TPM_EVENT_LOG=y.

core/kernel/tpm.c:115:8: warning: format ‘%lu’ expects argument of type ‘long unsigne

core: tpm: fix syntax in trace message

Fixes build warning (trace message below) when CFG_CORE_TPM_EVENT_LOG=y.

core/kernel/tpm.c:115:8: warning: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 7 has type ‘size_t’ {aka ‘unsigned int’} [-Wformat=]
115 | EMSG("TPM: Not enough space for the log: %zu, %lu",
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
116 | buf_size, tpm_log_size);
| ~~~~~~~~~~~~
| |
| size_t {aka unsigned int}


Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: add TEE_MAIN_ALGO_SHAKE values

The CAAM driver relies on TEE_ALG_GET_MAIN_ALG() macro to retrieve the
main algorithm ID from the TEE_ALG_* value.

With the addition of TEE_ALG_SHAKE128 and

libutee: add TEE_MAIN_ALGO_SHAKE values

The CAAM driver relies on TEE_ALG_GET_MAIN_ALG() macro to retrieve the
main algorithm ID from the TEE_ALG_* value.

With the addition of TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256,
TEE_ALG_GET_MAIN_ALG() would return 0x01 (TEE_MAIN_ALGO_MD5) and 0x02
(TEE_MAIN_ALGO_SHA1). These returned values are wrong.

Add TEE_MAIN_ALGO_SHAKE128 and TEE_MAIN_ALGO_SHAKE256 values for
respectively TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: enable CFG_PCKS11_TA by default

Enable the PKCS#11 TA in plat-vexpress for easier testing (such as in
CI). With this, the PKCS#11 in-tree TA is built with optee_os and
CFG_PKCS11_TA i

plat-vexpress: enable CFG_PCKS11_TA by default

Enable the PKCS#11 TA in plat-vexpress for easier testing (such as in
CI). With this, the PKCS#11 in-tree TA is built with optee_os and
CFG_PKCS11_TA is exported in the host_include folder of the TA dev kit
(host_include/conf.{mk,h,cmake}) where optee_test will find it and
also enable the PKCS#11 tests.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_armv8a: set default-user-ta-target ?= ta_arm64

Update platform vexpress-qemu_armv8a to build in-tree TAs in 64 bit
mode (ta_arm64) by default instead of 32-bit. This makes more sense
because th

qemu_armv8a: set default-user-ta-target ?= ta_arm64

Update platform vexpress-qemu_armv8a to build in-tree TAs in 64 bit
mode (ta_arm64) by default instead of 32-bit. This makes more sense
because that is the default setting in the OP-TEE development/test
environment [1].

Link: [1] https://github.com/OP-TEE/build/blob/3.20.0/qemu_v8.mk#L8
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: remove duplicate comments

Removing duplicated comments in the existing as well as newly added
functions.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <eti

plat-k3: remove duplicate comments

Removing duplicated comments in the existing as well as newly added
functions.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: add config for building extended OTP PTA

Add the config to build it for K3 platforms. It is still an optional
support and can be disabled if necessary.

Signed-off-by: Manorit Chawdhry <m-c

plat-k3: add config for building extended OTP PTA

Add the config to build it for K3 platforms. It is still an optional
support and can be disabled if necessary.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: Add K3 specific PTA for writing into extended OTP

Writing into the extended OTP has been a vendor specific thing and no
generic drivers exists for it in the OP-TEE framework.

Add a PTA t

core: pta: Add K3 specific PTA for writing into extended OTP

Writing into the extended OTP has been a vendor specific thing and no
generic drivers exists for it in the OP-TEE framework.

Add a PTA to write into the custom extended OTP bits in K3 architecture.

This header should be exported out of optee-os to be used by the host
binary for interacting with the PTA.

Includes OTP keywriting PTA header file in libutee

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: drivers: add TISCI calls for extended OTP

Extended OTP are a set of bits in our efuses that can be programmed for
user specific cases which deal with authentication/encryption.

This patch

plat-k3: drivers: add TISCI calls for extended OTP

Extended OTP are a set of bits in our efuses that can be programmed for
user specific cases which deal with authentication/encryption.

This patch adds support for calling extended OTP APIs using TISCI.

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to CFG_NS_VIRTUALIZATION to indicate more clearly that it is about
supporting virtualization on the non-secure side.

This commit is the result of the following command:

$ for f in $(git grep -l -w CFG_VIRTUALIZATION); do \
sed -i -e 's/CFG_VIRTUALIZATION/CFG_NS_VIRTUALIZATION/g' $f; \
done

...plus the compatibility line in mk/config.mk:

CFG_NS_VIRTUALIZATION ?= $(CFG_VIRTUALIZATION)

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...