| 530f76bb | 24-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
drivers: crypto: se050: increase DER signature buffer
In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.
Signed-off-by: Jorge Ramirez-Ortiz
drivers: crypto: se050: increase DER signature buffer
In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| c450df92 | 24-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1
Fixes to ECDSA and access policies to the asymmetric keys.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome
ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1
Fixes to ECDSA and access policies to the asymmetric keys.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 5abb46e2 | 23-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
crypto: drivers: se050: fix generation of oid values
Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.
The failing case observed the
crypto: drivers: se050: fix generation of oid values
Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.
The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being
retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into
a bignum and back to its original binary value.
This will cause cryptographic operations to fail as the secured keys
and objects become not addressable.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 9e7f74ce | 19-Oct-2021 |
Clement Faure <clement.faure@nxp.com> |
pta: imx: add OCOTP PTA
Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.
Signed-off-by: Clement Faure <clem
pta: imx: add OCOTP PTA
Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| e91fa6a0 | 19-Oct-2021 |
Clement Faure <clement.faure@nxp.com> |
pta: imx: add DIGPROG PTA
Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.
Signed-off-by: Clement Faure <clement.fau
pta: imx: add DIGPROG PTA
Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| fc82e622 | 19-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: finalize scall layer
Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.
New architectures are
core: finalize scall layer
Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.
New architectures are expected to provide a
core/arch/arm/include/kernel/arch_scall.h with functions needed to deal
with the architecture specific struct thread_scall_regs usage in
core/kernel/scall.c.
New architectures are also expected to provide an implementation of
scall_save_panic_stack() called from scall_sys_return_helper().
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| a0ea786e | 19-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: provide scall_save_panic_stack()
Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core
core: provide scall_save_panic_stack()
Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core/arch/arm/tee/arch_svc.c.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 99d119b0 | 19-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: provide arch_scall.h
Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal
core: provide arch_scall.h
Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal static functions in
core/arch/arm/tee/arch_svc.c.
This patch doesn't change any behaviour.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| ab5363c6 | 19-Dec-2022 |
Jens Wiklander <jens.wiklander@linaro.org> |
core: introduce scall layer from svc parts
Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu
core: introduce scall layer from svc parts
Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.
The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.
No files are renamed and removed at this stage. This patch doesn't
change any behaviour.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 93e54a63 | 20-Dec-2022 |
Marouene Boubakri <marouene.boubakri@nxp.com> |
riscv: kernel: entry.S: provide entry script
Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread poi
riscv: kernel: entry.S: provide entry script
Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread pointer (to thread_core_local), supervisor address
translation and protection register, clearing BSS...etc and calls to
appropriate functions to initialize the MMU and continue to boot flow
from boot.c.
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| 3c47d087 | 20-Dec-2022 |
Marouene Boubakri <marouene.boubakri@nxp.com> |
riscv: kernel: implement boot flow in boot.c
Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and
riscv: kernel: implement boot flow in boot.c
Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and helper functions. For now init_sec_mon() is kept to be replaced later
by a routine to initialize SBI implementation (to for example, probe for
available SBI extensions).
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 3de5947c | 09-Jan-2023 |
Marouene Boubakri <marouene.boubakri@nxp.com> |
libutils: riscv: provide atomic_rv.S
Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add add
libutils: riscv: provide atomic_rv.S
Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add additional memory
order constraints.
Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 2c20168b | 29-Mar-2022 |
Balsam CHIHI <bchihi@baylibre.com> |
config: add CFG_BUILD_IN_TREE_TA flag
This flag allows us to enable or disable building "User TAs".
By disabling "User TAs" we could build "TA_DEV_KIT" without
building TAs present in optee-os proje
config: add CFG_BUILD_IN_TREE_TA flag
This flag allows us to enable or disable building "User TAs".
By disabling "User TAs" we could build "TA_DEV_KIT" without
building TAs present in optee-os project under ta/*/user_ta.mk.
Signed-off-by: Julien Masson <jmasson@baylibre.com>
Signed-off-by: Balsam CHIHI <bchihi@baylibre.com>
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 8f29a74f | 12-Dec-2022 |
Gatien Chevallier <gatien.chevallier@foss.st.com> |
plat-stm32mp1: enable debug feature on non secure-closed chip
Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This
plat-stm32mp1: enable debug feature on non secure-closed chip
Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This feature is enabled when CFG_STM32_DEBUG_ACCESS is set to 'y'. It
defaults to CFG_TEE_CORE_DEBUG value.
By default, chip is secure open in order to make development and
allow debug purpose.
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 8e74d476 | 09-Jan-2023 |
Jens Wiklander <jens.wiklander@linaro.org> |
Update CHANGELOG for 3.20.0
Update CHANGELOG for 3.20.0 and collect Tested-by tags.
Tested-by: Johann Neuhauser <jneuhauser@dh-electronics.com> (stm32mp1-157A_DHCOR_AVENGER96)
Tested-by: Johann Neu
Update CHANGELOG for 3.20.0
Update CHANGELOG for 3.20.0 and collect Tested-by tags.
Tested-by: Johann Neuhauser <jneuhauser@dh-electronics.com> (stm32mp1-157A_DHCOR_AVENGER96)
Tested-by: Johann Neuhauser <jneuhauser@dh-electronics.com> (stm32mp1-157C_DHCOM_PDK2)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (RockPi4)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-157C_DK2)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-157C_EV1)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sxsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qxpmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx93evk)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (k3-am64x)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
show more ...
|
| fd9d3986 | 02-Jan-2023 |
Manorit Chawdhry <m-chawdhry@ti.com> |
plat-k3: Increase size of high DDR memory region
With the addition of j784s4 in K3 devices, DRAM size is increased to
32GB.
Update the size of higher memory addresses to handle this.
Signed-off-by
plat-k3: Increase size of high DDR memory region
With the addition of j784s4 in K3 devices, DRAM size is increased to
32GB.
Update the size of higher memory addresses to handle this.
Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| d8d2e5e6 | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
ci: versal: program FPGA
Provide CFG_VERSAL_FPGA_DDR_ADDR to exercise this code path
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.o
ci: versal: program FPGA
Provide CFG_VERSAL_FPGA_DDR_ADDR to exercise this code path
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 17d6dc51 | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
plat-versal: program the FPGA during OP-TEE initialization
Users can program the FPGA image by placing it at
CFG_VERSAL_FPGA_DDR_ADDR.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-
plat-versal: program the FPGA during OP-TEE initialization
Users can program the FPGA image by placing it at
CFG_VERSAL_FPGA_DDR_ADDR.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| a51510ce | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
plat-versal: allow RPMB init only on secured boards
Allow writing the RPMB key only on secured boards.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.for
plat-versal: allow RPMB init only on secured boards
Allow writing the RPMB key only on secured boards.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 09fe420b | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
plat-versal: print platform information
Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.
Signed-off-by: Jorge
plat-versal: print platform information
Output platform information banner to the console. This includes SoC
version and the state of the hardware root of trust configuration.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| 2f6d79d9 | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
MAINTAINERS: Versal ACAP: Hardware Unique Key
Maintain the Hardware Unique Key (HUK) driver
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@lina
MAINTAINERS: Versal ACAP: Hardware Unique Key
Maintain the Hardware Unique Key (HUK) driver
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
show more ...
|
| cd0d1dd6 | 03-Jan-2023 |
Jorge Ramirez-Ortiz <jorge@foundries.io> |
drivers: versal: hardware unique key
The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.
The key source used for encryption is selectable at build
drivers: versal: hardware unique key
The hardware unique key is calculated as the AS-GCM encrypted value
of the SoC DNA unique identifier.
The key source used for encryption is selectable at build time using
the CFG_VERSAL_HUK_KEY configuration flag.
The following sources are supported
VERSAL_AES_EFUSE_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 6)
VERSAL_AES_EFUSE_USER_KEY_1 (CFG_VERSAL_HUK_KEY = 7)
VERSAL_AES_PUF_KEY (CFG_VERSAL_HUK_KEY = 11)
VERSAL_AES_USER_KEY_0 (CFG_VERSAL_HUK_KEY = 12 (default))
The default configuration does not generate a secret HUK since the
key is hardcoded in the driver - it however validates the algorithm;
but security-wise it is not different than not enabling CFG_VERSAL_HUK
and therefore using the OP-TEE provided HUK stub.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| df9b559a | 04-Jan-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
pta: stm32mp: mention access denied error code in BSEC PTA API
Fixes BSEC PTA API header file that did not mention possible error code
TEE_ERROR_ACCESS_DENIED for command PTA_BSEC_CMD_READ_OTP.
Fix
pta: stm32mp: mention access denied error code in BSEC PTA API
Fixes BSEC PTA API header file that did not mention possible error code
TEE_ERROR_ACCESS_DENIED for command PTA_BSEC_CMD_READ_OTP.
Fixes: 4583de067b5d ("pta: stm32mp: add BSEC PTA")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| 2f99ad28 | 18-Jan-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
core: clk: fix dt helper function description when clock is optional
Fixes clk_dt_get_by_index() and clk_dt_get_by_name() inline description
comments to state these functions return TEE_ERROR_ITEM_N
core: clk: fix dt helper function description when clock is optional
Fixes clk_dt_get_by_index() and clk_dt_get_by_name() inline description
comments to state these functions return TEE_ERROR_ITEM_NOT_FOUND when
the consumer DT node does not define a clock resource as for devices
where some clocks are optional. These functions return such error code
since commit [1].
Link: [1] 0adca93a5c68 ("core: dt_driver: differentiate error codes if property is not found")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|
| b6095989 | 10-Jan-2023 |
Etienne Carriere <etienne.carriere@linaro.org> |
core: dt_driver: fix inline comment regarding clock references
Fixes inline description comments for get_of_device_func typedef and
functions dt_driver_device_from_node_idx_prop() and
fdt_get_dt_dri
core: dt_driver: fix inline comment regarding clock references
Fixes inline description comments for get_of_device_func typedef and
functions dt_driver_device_from_node_idx_prop() and
fdt_get_dt_driver_cells() as they do not only relate to clock drivers.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
show more ...
|