MAINTAINERS: support HiSilicon D06

Add maintainer for HiSilicon D06.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

core: Add support for Hisilicon D06 (PLATFORM=d06)

D06 is a server-class development board equipped with a Hisilicon
Phosphor processor.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by:

core: Add support for Hisilicon D06 (PLATFORM=d06)

D06 is a server-class development board equipped with a Hisilicon
Phosphor processor.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support loading TAs signed with a subkey

Adds support to load TAs signed with subkey or a chain of subkeys. This
allows delegation of TA signing without distributing the root key. TAs
signed w

core: support loading TAs signed with a subkey

Adds support to load TAs signed with subkey or a chain of subkeys. This
allows delegation of TA signing without distributing the root key. TAs
signed with a subkey are confined to the UUID-V5 namespace of the subkey
to avoid TA UUID clashes with different subkeys.

SHDR_SUBKEY is a type of header which enables chains of public keys.
The public root key is used to verify the first public subkey, which
then is used to verify the next public subkey and so on.

The TA is finally verified using the last subkey. All these headers are
added in front of the TA binary so everything needed to verify the TA is
available when it's loaded into memory.

For example:
Subkey
struct shdr
magic: 0x4f545348
img_type: 3 (SHDR_SUBKEY)
img_size: 320 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: f573f329fe77be686ce71647909c4ea35b5e1cd7de86369bd7d9fca31f6a4d65
struct shdr_subkey
uuid: f04fa996-148a-453c-b037-1dcfbad120a6
name_size: 64
subkey_version: 1
max_depth: 4
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
attr_count: 2
next name: "mid_level_subkey"
Next header at offset: 692 (0x2b4)
Subkey
struct shdr
magic: 0x4f545348
img_type: 3 (SHDR_SUBKEY)
img_size: 320 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: 233a6dcf1a2cf69e50cde8e20c4129157da707c76fa86ce12ee31037edef02d7
struct shdr_subkey
uuid: 1a5948c5-1aa0-518c-86f4-be6f6a057b16
name_size: 64
subkey_version: 1
max_depth: 3
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
attr_count: 2
next name: "subkey1_ta"
Next header at offset: 1384 (0x568)
Bootstrap TA
struct shdr
magic: 0x4f545348
img_type: 1 (SHDR_BOOTSTRAP_TA)
img_size: 84576 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: ea31ac7dc2cc06a9dc2853cd791dd00f784b5edc062ecfa274deeb66589b4ca5
struct shdr_bootstrap_ta
uuid: 5c206987-16a3-59cc-ab0f-64b9cfc9e758
ta_version: 0
TA offset: 1712 (0x6b0) bytes
TA size: 84576 (0x14a60) bytes

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: refactor check_update_version()

Refactors check_update_version() to support more than one version
database.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etien

core: ree_fs: refactor check_update_version()

Refactors check_update_version() to support more than one version
database.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add offset argument to shdr_alloc_and_copy()

Adds an offset argument to shdr_alloc_and_copy() to make it easier to
copy a signed header located further into a non-secure buffer.

Reviewed-by:

core: add offset argument to shdr_alloc_and_copy()

Adds an offset argument to shdr_alloc_and_copy() to make it easier to
copy a signed header located further into a non-secure buffer.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: rename to hash_size and sig_size

Renames digest_len to hash_size and sig_len to sig_size in order to
match the names used in the corresponding C code.

Reviewed-by: Jerome Forissier

sign_encrypt.py: rename to hash_size and sig_size

Renames digest_len to hash_size and sig_len to sig_size in order to
match the names used in the corresponding C code.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: add subkey support

Adds support to sign TAs using a subkey. Two new commands are added to
help with this:
- sign-subkey: signs a new subkey using either the root key or the keys
fro

sign_encrypt.py: add subkey support

Adds support to sign TAs using a subkey. Two new commands are added to
help with this:
- sign-subkey: signs a new subkey using either the root key or the keys
from another subkey
- subkey-uuid: calculate the UUID of next TA or subkey

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: add display command

Adds a display command to sign_encrypt.py doing what dump_ta_header.py
used to do. Removes the now redundant script dump_ta_header.py.

Reviewed-by: Jerome Foris

sign_encrypt.py: add display command

Adds a display command to sign_encrypt.py doing what dump_ta_header.py
used to do. Removes the now redundant script dump_ta_header.py.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: add command func in argument parsing

While parsing the argument assign the function to handle the command for
easier dispatching of the command.

Reviewed-by: Jerome Forissier <jero

sign_encrypt.py: add command func in argument parsing

While parsing the argument assign the function to handle the command for
easier dispatching of the command.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: refactor with BinaryImage class

Moves manipulations of the TA binary into a BinaryImage class for some
abstraction and better structure of the code for the different
sub-commands.

sign_encrypt.py: refactor with BinaryImage class

Moves manipulations of the TA binary into a BinaryImage class for some
abstraction and better structure of the code for the different
sub-commands.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: refactor argument parsing

Uses the add_subparsers() method from argparse.ArgumentParser to add
the command instead of adding command and options at the same level.
With this we have

sign_encrypt.py: refactor argument parsing

Uses the add_subparsers() method from argparse.ArgumentParser to add
the command instead of adding command and options at the same level.
With this we have one parser for each command to allow the argparse
module to handle checks for optional and mandatory options. This makes
the argument parsing a bit more modular and easier to extend.

Behavior of the script is supposed to be unchanged with the exception of
printed help and errors since that now relies more on the argparse
module.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

sign_encrypt.py: make logger global

Makes the logger variable global to avoid passing it to all functions
that needs to log something.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Ac

sign_encrypt.py: make logger global

Makes the logger variable global to avoid passing it to all functions
that needs to log something.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk_dt: Switch to use get_secure_dt()

This adds support for both embedded and external secure device trees so
that clock driver and system configuration information can be fetched from
ther

drivers: clk_dt: Switch to use get_secure_dt()

This adds support for both embedded and external secure device trees so
that clock driver and system configuration information can be fetched from
there.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: Add driver probing to use secure device tree

When secure external device tree is configured for use OP-TEE's drivers
should be loaded based on its definitions. Add support to probe

core: dt_driver: Add driver probing to use secure device tree

When secure external device tree is configured for use OP-TEE's drivers
should be loaded based on its definitions. Add support to probe drivers
also with secure external device tree.

This allows common system device tree to be used to define devices for
bootloaders and OP-TEE.

In any case if embedded device tree is defined this will take precedense.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add new helper get_secure_dt()

Add new helper to query device tree considered secure for device driver
usage.

First priority is given to embedded device tree if present.

If system is configu

core: Add new helper get_secure_dt()

Add new helper to query device tree considered secure for device driver
usage.

First priority is given to embedded device tree if present.

If system is configured with secure external device tree location then
external device tree is returned.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

MAINTAINERS: support Versal ACAP eFuse/BBRAM driver

Add myself as maintainer of the versal_nvm driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wikland

MAINTAINERS: support Versal ACAP eFuse/BBRAM driver

Add myself as maintainer of the versal_nvm driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Rami

drivers: versal: non volatile memory (eFuse and BBRAM)

Provide an interface to access the xilnvm service executing in the PLM
firmware running on the Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
inste

plat-imx, plat-ls: replace crypto_conf.mk by common drivers/crypto/caam/crypto.mk

move platform specific conf file to crypto drivers one.
CFG_CRYPTO_DRIVER should be define in driver conf file
instead of platform configuration file.

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: pta: bcm: add option to disable SOTP PTA after first session

- If the config flag CFG_BCM_SOTP_SINGLE_SESSION is enabled, the BCM
SOTP driver should prevent any further connections after the

core: pta: bcm: add option to disable SOTP PTA after first session

- If the config flag CFG_BCM_SOTP_SINGLE_SESSION is enabled, the BCM
SOTP driver should prevent any further connections after the first PTA
SOTP session disconnects.
- When enabling this flag, it will be possible to restrict any SOTP
access after firmware bootup is complete.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: add Versal ACAP TRNG maintainer

Add Versal ACAP TRNG maintainer

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] ht

drivers: versal: true random number generator

Configure the TRNG driver to operate in Hybrid mode with derivative
function.

This driver was ported from its original FSBL implementation [1].

[1] https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device

core: dt: Make it possible to alter device mapping

In case where IP core device is TrustZone aware and is used by both REE
and TEE dt_map_dev() would normally cause non-secure mapping for the
device.

When selected registers in IP core are only accessible by TrustZone device
needs to be mapped with MEM_AREA_IO_SEC to cause actual AXI memory access
be made with AWPROT[1] and ARPROT[1] bits configured properly.

This adds new argument for dt_map_dev() to enable forcing mapping to be
secure or non-secure.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-zynq7k: Configure platform needing NMFI workaround

Unfortunately Xilinx Zynq-7000's ARM Cortext-A9 core has been configured
with NMFI support. This causes problems for OP-TEE's atomic context
p

plat-zynq7k: Configure platform needing NMFI workaround

Unfortunately Xilinx Zynq-7000's ARM Cortext-A9 core has been configured
with NMFI support. This causes problems for OP-TEE's atomic context
protections rendering FIQ interrupt un-usable in the system designs.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: sm: Apply FIQ workaround if configured

On systems with Non-maskable FIQ (NMFI) support in OP-TEE's atomic
contexts when trying to mask FIQ it cannot be set leaving it non-masked.

This state

arm32: sm: Apply FIQ workaround if configured

On systems with Non-maskable FIQ (NMFI) support in OP-TEE's atomic
contexts when trying to mask FIQ it cannot be set leaving it non-masked.

This state is then carried back into sm_ctx structure thus causing next
call to SMC entry having incorrect FIQ masking configured.

This can represent itself as:

E/TC:0 assertion 'thread_get_exceptions() == THREAD_EXCP_ALL' failed at core/arch/arm/kernel/thread_optee_smc.c:50 <thread_handle_fast_smc>

As a workaround force FIQ to be masked before entering SMC entry handler.

Note: on systems having the issue -- FIQ is considered un-usable and
causes panic in OP-TEE if received.

Note2: If you have system without SCTLR.NMFI enabled and you do get that
assertion do not enable the workaround! Eg. fix the real problem.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: kernel: Add check whether core needs NMFI workaround

During the boot additional check is performed to verify if the core is
affected and if the CFG_CORE_WORKAROUND_ARM_NMFI has been configure

arm32: kernel: Add check whether core needs NMFI workaround

During the boot additional check is performed to verify if the core is
affected and if the CFG_CORE_WORKAROUND_ARM_NMFI has been configured
properly.

Affected system is greeted with:

I/TC: WARNING: This ARM core has NMFI enabled, please apply workaround!

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...