plat-rzn1: increase DDR size to 1GB

There are now some RZ/N1 devices with 1GB rather than 256MB. The
first-stage bootloader does not support passing a DT to OP-TEE, so
static values are set at compi

plat-rzn1: increase DDR size to 1GB

There are now some RZ/N1 devices with 1GB rather than 256MB. The
first-stage bootloader does not support passing a DT to OP-TEE, so
static values are set at compile time. Increase the DDR size so as to
avoid OP-TEE calls failing with TEEC_ERROR_OUT_OF_MEMORY.

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: riscv: kernel: Add missing initialization for core local stacks

The thread core local stacks should be initialized when the primary core
performs system initialization.

Fixes: ca8258906949 ("

core: riscv: kernel: Add missing initialization for core local stacks

The thread core local stacks should be initialized when the primary core
performs system initialization.

Fixes: ca8258906949 ("core: split core/arch/arm/kernel/thread.c")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: change TEE_AEDecryptFinal() tag param's attribute

Due to tag parameter was passed in from REE side share memory
same as cipher-text source and nonce buffer/parameters.
Then memory acce

core: crypto: change TEE_AEDecryptFinal() tag param's attribute

Due to tag parameter was passed in from REE side share memory
same as cipher-text source and nonce buffer/parameters.
Then memory access sanity-check marks CCM TAG buffer as
ACCESS_DENIED, which triggers user TA panic.

Change tag parameter's attribute from [in] to [inbuf]. This fix is
expected to be addressed in next GP TEE Internal Core API specification.

Link: https://github.com/OP-TEE/optee_os/issues/5946
Signed-off-by: lei zhou <lei.zhou@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add missing conditional compilation for RISC-V

RV64 also uses kern_sp. The elf.h is also used by RV32 and RV64.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome

Add missing conditional compilation for RISC-V

RV64 also uses kern_sp. The elf.h is also used by RV32 and RV64.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add build with SPMC at S-EL2 and relocatable

Adds a build with CFG_CORE_SEL2_SPMC=y and CFG_CORE_PHYS_RELOCATABLE=y.
Dummy values are needed for CFG_TZDRAM_START and CFG_TZDRAM_SIZE since
vexpre

ci: add build with SPMC at S-EL2 and relocatable

Adds a build with CFG_CORE_SEL2_SPMC=y and CFG_CORE_PHYS_RELOCATABLE=y.
Dummy values are needed for CFG_TZDRAM_START and CFG_TZDRAM_SIZE since
vexpress-qemu_armv8a doesn't have default values for those in this
configuration.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support physically relocatable OP-TEE binary

With CFG_CORE_PHYS_RELOCATABLE=y enable support in OP-TEE to relocate
itself to allow it to run from physical address that differs from the
link ad

core: support physically relocatable OP-TEE binary

With CFG_CORE_PHYS_RELOCATABLE=y enable support in OP-TEE to relocate
itself to allow it to run from physical address that differs from the
link address.

This feature is currently only supported with CFG_CORE_SEL2_SPMC=y since
the TEE core has to know the range of available memory. With SPMC at EL2
this is accomplished via get_sec_mem_from_manifest(). An SPMC at S-EL2
may need to load OP-TEE at a different address depending on
configuration.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: parse boot info

With CFG_CORE_SEL2_SPMC=y OP-TEE is executed as an SP at S-EL1. The
manifest describing the OP-TEE SP is passed as a boot argument.

The manifest contains among other thin

core: ffa: parse boot info

With CFG_CORE_SEL2_SPMC=y OP-TEE is executed as an SP at S-EL1. The
manifest describing the OP-TEE SP is passed as a boot argument.

The manifest contains among other things the two properties
"load-address" and "mem-size". These cover the secure memory allocated
for OP-TEE to cover core and TA memory. The retrieved memory range is
saved with a call to core_mmu_set_secure_memory() to be used when
initializing MMU and other memory configuration.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_set_secure_memory()

Adds core_mmu_set_secure_memory() for use with CFG_CORE_PHYS_RELOCATABLE
where the secure physical memory range is determined at boot.

Reviewed-by: Etienne Ca

core: add core_mmu_set_secure_memory()

Adds core_mmu_set_secure_memory() for use with CFG_CORE_PHYS_RELOCATABLE
where the secure physical memory range is determined at boot.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add dt_getprop_as_number()

Adds dt_getprop_as_number() to read a property and parse it as a number
returned as a uint64_t. The size of the property determines if it's read
as an unsigned 32-bi

core: add dt_getprop_as_number()

Adds dt_getprop_as_number() to read a property and parse it as a number
returned as a uint64_t. The size of the property determines if it's read
as an unsigned 32-bit or 64-bit integer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: add boot info structs and defines

Adds defines to interpret FF-A Boot Info header and descriptor using two
new structs and accompanying defines.

Acked-by: Etienne Carriere <etienne.carri

core: ffa: add boot info structs and defines

Adds defines to interpret FF-A Boot Info header and descriptor using two
new structs and accompanying defines.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu.c: only try to add pager vaspace when enabled

Only call add_pager_vaspace() when compiled with pager enabled to avoid
redundant looping over the memory areas to map.

Reviewed-by: Eti

core: core_mmu.c: only try to add pager vaspace when enabled

Only call add_pager_vaspace() when compiled with pager enabled to avoid
redundant looping over the memory areas to map.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: generic_ram_layout.h: remove TA_RAM_*

Removes the TA_RAM_START and TA_RAM_SIZE defines since core_mmu.c can
calculate the values based registered secure_only memory.

Reviewed-by: Etienne

core: arm: generic_ram_layout.h: remove TA_RAM_*

Removes the TA_RAM_START and TA_RAM_SIZE defines since core_mmu.c can
calculate the values based registered secure_only memory.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: virt: use core_mmu_get_ta_range()

In get_ta_ram_size() use core_mmu_get_ta_range() instead of the define
TA_RAM_SIZE.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by

core: virt: use core_mmu_get_ta_range()

In get_ta_ram_size() use core_mmu_get_ta_range() instead of the define
TA_RAM_SIZE.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu.c: use secure_only[] where possible

Avoid using TEE_RAM_START, TEE_RAM_PH_SIZE, TA_RAM_START, and
TA_RAM_SIZE where secure_only[] can be used instead to calculate the
same numbers.

R

core: core_mmu.c: use secure_only[] where possible

Avoid using TEE_RAM_START, TEE_RAM_PH_SIZE, TA_RAM_START, and
TA_RAM_SIZE where secure_only[] can be used instead to calculate the
same numbers.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_get_ta_range()

Adds core_mmu_get_ta_range() to return the range of physical memory
reserved for TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Je

core: add core_mmu_get_ta_range()

Adds core_mmu_get_ta_range() to return the range of physical memory
reserved for TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_tee_load_pa address

Adds core_mmu_tee_load_pa for a dynamic record of where OP-TEE is loaded
into memory.

With CFG_CORE_PHYS_RELOCATABLE=y core_mmu_tee_base_pa may need to be
upd

core: add core_mmu_tee_load_pa address

Adds core_mmu_tee_load_pa for a dynamic record of where OP-TEE is loaded
into memory.

With CFG_CORE_PHYS_RELOCATABLE=y core_mmu_tee_base_pa may need to be
updated during early boot since the physical address to use isn't
determined until then.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: kernel: Fix stack pointer initialization for each hart

The RISC-V privileged specification defines that at least one hart must
have a hart ID of zero. Since at least one stack_tmp_strid

core: riscv: kernel: Fix stack pointer initialization for each hart

The RISC-V privileged specification defines that at least one hart must
have a hart ID of zero. Since at least one stack_tmp_stride is required
for calculating the initial SP value for each hart, the formula should
be address of stack_tmp plus (hartid+1) multiplied by stack_tmp_stride.

This commit fixes the formula for initializing SP of each hart,
otherwise the stack underflow happens to hart 0.

Fixes: 93e54a63925f ("riscv: kernel: entry.S: provide entry script")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: notif: fix input comment typo

Fixes inline comment typo in OP-TEE standard SMCs description and
CFG_CORE_ASYNC_NOTIF switch description.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org

core: notif: fix input comment typo

Fixes inline comment typo in OP-TEE standard SMCs description and
CFG_CORE_ASYNC_NOTIF switch description.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: add bit_ffs_from()

Adds bitstring function bit_ffs_from() that mimics bit_ffs() but looks
from a start bit position given as argument, and defines bit_ffs()
based on bit_ffs_from().

Revie

libutils: add bit_ffs_from()

Adds bitstring function bit_ffs_from() that mimics bit_ffs() but looks
from a start bit position given as argument, and defines bit_ffs()
based on bit_ffs_from().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: riscv: Refactor macros for inline assembly of CSR operations

Current CSR macros with inline assembly will lead to compilation error,
because they use pre-processor stringizing not value substi

core: riscv: Refactor macros for inline assembly of CSR operations

Current CSR macros with inline assembly will lead to compilation error,
because they use pre-processor stringizing not value substitution. The
definitions such as CSR_XSTATUS are not sustituted to CSR encoding in
CSR macros and compiler generates: Error: unknown CSR `CSR_XSTATUS'.

This patch fixes it by making the given CSR to be an assembly input
operand with constraint "i", which is used to indicate the operand is
an immediate integer operand. Thus, the CSR encoding can be correctly
compiled.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

driver: tpm2: remove TPM2 driver

Remove TPM2 driver from OP-TEE core. OP-TEE will instead rely on a
remote REE TPM2 driver allowing REE OS to embed TPM2 software stack
and leverage TPM2 features.

A

driver: tpm2: remove TPM2 driver

Remove TPM2 driver from OP-TEE core. OP-TEE will instead rely on a
remote REE TPM2 driver allowing REE OS to embed TPM2 software stack
and leverage TPM2 features.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: remove TPM2 MMIO driver

Disable TPM2 MMIO driver and remove its integration from platform
vexpress. OP-TEE will instead rely on a remote REE TPM2 driver
allowing REE OS to embed TPM2

plat-vexpress: remove TPM2 MMIO driver

Disable TPM2 MMIO driver and remove its integration from platform
vexpress. OP-TEE will instead rely on a remote REE TPM2 driver
allowing REE OS to embed TPM2 software stack and leverage TPM2 features.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: qemuv8: enable core ftrace

Update CI to enable function tracing in the TEE core on QEMUv8 to make
sure that no annotion disabling function instrumentation (__noprof) is
missing. Only one test is

ci: qemuv8: enable core ftrace

Update CI to enable function tracing in the TEE core on QEMUv8 to make
sure that no annotion disabling function instrumentation (__noprof) is
missing. Only one test is enabled because the whole test suite takes too
long to execute with instrumentation enabled, and running more test
cases is unlikely to uncover more bugs because this is mostly about low
level functions (thread handling...).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: ftrace: mark thread_get_tsd() and thread_get_id() as __noprof

When CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y, the following call stack
happens (QEMUv8):

_mcount()
ftrace_enter()
get_fbu

core: ftrace: mark thread_get_tsd() and thread_get_id() as __noprof

When CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y, the following call stack
happens (QEMUv8):

_mcount()
ftrace_enter()
get_fbuf()
thread_get_tsd()
thread_get_id()

Therefore thread_get_tsd() and thread_get_id() must be tagged with
__noprof, otherwise a recursive call to _mcount() is triggered leading
to infinite recursion, stack overflow and a lockup of the TEE core.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: mark thread_init_core_local_stacks() as __nostackcheck

As its name implies, thread_init_core_local_stacks() performs stack
initializations therefore it should not invoke the stack-checking hoo

core: mark thread_init_core_local_stacks() as __nostackcheck

As its name implies, thread_init_core_local_stacks() performs stack
initializations therefore it should not invoke the stack-checking hooks
which are enabled when CFG_CORE_DEBUG_CHECK_STACKS=y. This is done by
adding the __nostackcheck qualifier to the function. Without it, the
boot hangs early and nothing is printed on the secure console.

Note that this also fixes similar symptoms with syscall profiling
(CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y) because the _mcount()/
__gnu_mcount_nc() hooks need the stack. Both __nostackcheck and
__noprof expand to __attribute__((no_instrument_function)).

Fixes: ca8258906949 ("core: split core/arch/arm/kernel/thread.c")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...