drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount

drivers: stm32_rng: keep rng enable from initialization

Changes stm32_rng driver implementation to keep RNG running and
only gate the access bus clock when accessing RNG interface.

Removes refcount field from stm32_rng_instance structure as it is now
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function st

drivers: stm32_rng: register to dt_driver

Changes stm32_rng driver to be probed from DT_DRIVER framework.
This change modifies slightly how the driver is initialized.
Early late initcall function stm32_rng_init() is replaced with
a FDT helper function stm32_rng_parse_fdt() and a DT_DRIVER probe
function stm32_rng_probe().

Changes stm32_rng driver initialization sequence to reset, if configured,
the RNG hardware subsystem at driver initialization.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable hardware rng for STM32MP13

Adds RNG node in stm32mp131.dtsi and enables it in stm32mp135f-dk.dts.

Default disables CFG_WITH_SOFTWARE_PRNG for STM32MP13: OP-TEE uses
the HW RNG

plat-stm32mp1: enable hardware rng for STM32MP13

Adds RNG node in stm32mp131.dtsi and enables it in stm32mp135f-dk.dts.

Default disables CFG_WITH_SOFTWARE_PRNG for STM32MP13: OP-TEE uses
the HW RNG support.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

mk/compile.mk: add -Ulinux -Uunix to dtb-cppflags

Add -Ulinux and -Uunix to dtb-cppflags to fix two corner cases,
where DTS file might contain properties like following:

dma_coherent: coherent {
c

mk/compile.mk: add -Ulinux -Uunix to dtb-cppflags

Add -Ulinux and -Uunix to dtb-cppflags to fix two corner cases,
where DTS file might contain properties like following:

dma_coherent: coherent {
compatible = "shared-dma-pool";
linux,dma-default;
}

Without these flags, C preprocessor will modify "linux,dma-default"
to "1,dma-default"

Signed-off-by: lei zhou <lei.zhou@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acke

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove unused includes

Remove unused includes from main.c

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wik

core: imx: remove unused includes

Remove unused includes from main.c

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error since EM.data value is checked along
EM_gen.data value later.
Check EM.data and EM_gen.data values separately to make Coverity happy.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add StMM to reported services

Adds StMM to the list of services reported by the device pseudo TA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias

core: add StMM to reported services

Adds StMM to the list of services reported by the device pseudo TA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clem

plat-sam: add support for sama5d27-wlsom1-ek board

Add support for PLATFORM_FLAVOR=sama5d27_wlsom1_ek and use the correct
debug console (UART0) for that platform.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wi

dts: at91: add sama5d27-wlsom1-ek device-trees

Import device-tree from Linux for sama5d27-wlsom1-ek board.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1

Fixes to ECDSA and access policies to the asymmetric keys.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome

ci: SE05X crypto driver: update Plug-and-Trust release to v0.4.1

Fixes to ECDSA and access policies to the asymmetric keys.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being
retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into
a bignum and back to its original binary value.

This will cause cryptographic operations to fail as the secured keys
and objects become not addressable.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: imx: add OCOTP PTA

Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.

Signed-off-by: Clement Faure <clem

pta: imx: add OCOTP PTA

Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.fau

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are

core: finalize scall layer

Finalizes the new scall layer by renaming remaining files so the generic
scall layer resides in core/include/kernel/scall.h and
core/kernel/scall.c.

New architectures are expected to provide a
core/arch/arm/include/kernel/arch_scall.h with functions needed to deal
with the architecture specific struct thread_scall_regs usage in
core/kernel/scall.c.

New architectures are also expected to provide an implementation of
scall_save_panic_stack() called from scall_sys_return_helper().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide scall_save_panic_stack()

Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core

core: provide scall_save_panic_stack()

Provides an architecture specific function scall_save_panic_stack() in
core/arch/arm/kernel/arch_scall.c. This function and its helpers are
extracted from core/arch/arm/tee/arch_svc.c.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide arch_scall.h

Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal

core: provide arch_scall.h

Provide scall functions to deal with the layout of the architecture
specific struct thread_scall_regs. The new static inline scall_
functions are based on the old internal static functions in
core/arch/arm/tee/arch_svc.c.

This patch doesn't change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neu

core: introduce scall layer from svc parts

Introduces a scall layer by renaming various thread_svc* names and
_*handle_svc() functions and function pointers as a first step in doing
architecture neutral syscall processing.

The name scall is used instead of syscall since the syscall_ prefix is
reserved for the functions implementing the actual syscall. While scall
is the infrastructure used to reach the syscall functions.

No files are renamed and removed at this stage. This patch doesn't
change any behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: entry.S: provide entry script

Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread poi

riscv: kernel: entry.S: provide entry script

Provide core's single entry point for RV32/RV64 in S/M Modes.
For now it performs: booting primary and secondary harts. Setting stack
pointer, thread pointer (to thread_core_local), supervisor address
translation and protection register, clearing BSS...etc and calls to
appropriate functions to initialize the MMU and continue to boot flow
from boot.c.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: implement boot flow in boot.c

Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and

riscv: kernel: implement boot flow in boot.c

Provide an implementation of init_tee_runtime(), plat_primary_init_early()
boot_init_primary_early(), boot_init_primary_late(), boot_init_secondary()
and helper functions. For now init_sec_mon() is kept to be replaced later
by a routine to initialize SBI implementation (to for example, probe for
available SBI extensions).

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: riscv: provide atomic_rv.S

Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add add

libutils: riscv: provide atomic_rv.S

Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add additional memory
order constraints.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

config: add CFG_BUILD_IN_TREE_TA flag

This flag allows us to enable or disable building "User TAs".
By disabling "User TAs" we could build "TA_DEV_KIT" without
building TAs present in optee-os proje

config: add CFG_BUILD_IN_TREE_TA flag

This flag allows us to enable or disable building "User TAs".
By disabling "User TAs" we could build "TA_DEV_KIT" without
building TAs present in optee-os project under ta/*/user_ta.mk.

Signed-off-by: Julien Masson <jmasson@baylibre.com>
Signed-off-by: Balsam CHIHI <bchihi@baylibre.com>
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: enable debug feature on non secure-closed chip

Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This

plat-stm32mp1: enable debug feature on non secure-closed chip

Adds a new service that enables all debug features (HPD, invasive,
non invasive debug) when the chip is not in secure-closed state.
This feature is enabled when CFG_STM32_DEBUG_ACCESS is set to 'y'. It
defaults to CFG_TEE_CORE_DEBUG value.

By default, chip is secure open in order to make development and
allow debug purpose.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...