core: add CFG_REE_FS_INTEGRITY_RPMB for roll-back protection of REE

If we enable CFG_RPMB_FS and CFG_REE_FS at the same time in optee-os,
with tee-supplicant only supports REE, calls from xtest to

core: add CFG_REE_FS_INTEGRITY_RPMB for roll-back protection of REE

If we enable CFG_RPMB_FS and CFG_REE_FS at the same time in optee-os,
with tee-supplicant only supports REE, calls from xtest to
ree_fs_open() will attempt to access RPMB for roll-back protection,
which will fail because tee-supplicant can't access RPMB.

In some platforms, we only want optee-os to support
RPMB key provision checking by invoking any RPMB read/writes, but
don't care about whether contents could be read/written.
The tee-supplicant in these platform is limited to REE only, because
there's an existing issue in Linux OS causing kernel drivers failed to
support RPMB. So we need an option to prevent applications like xtest
to access RPMB when calling ree_fs_open(), but keep the ability to
call RPMB fs related apis. When we check the key thru RPMB read.
If key is provisioned, tee-supplicant will return
TEEC_ERROR_ITEM_NOT_FOUND. If not, optee-os will return
TEE_ERROR_STORAGE_NOT_AVAILABLE.

How-tested: execute `xtest -t regression` with optee-os CFG_REE_FS=y
and CFG_RPMB_FS=y. optee-client RPMB_EMU=n
Many testcases will fail. (ex: case 1004)

Signed-off-by: Judy Wang <wangjudy@microsoft.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: imx: enable the CAAM driver on mx7ulpevk

Enable the CAAM for mx7ulpevk.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

core: imx: crypto_conf: set CAAM configuration for mx7ulpevk

Set CAAM configuration for the mx7ulp platform.
On mx7ulp, JRs share the same interrupt line. To avoid conflict with the
non-secure world

core: imx: crypto_conf: set CAAM configuration for mx7ulpevk

Set CAAM configuration for the mx7ulp platform.
On mx7ulp, JRs share the same interrupt line. To avoid conflict with the
non-secure world, disable the use of JR interrupt in OPTEE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: add imx93evk build

Add PLATFORM=imx-mx93evk build.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jen

ci: add imx93evk build

Add PLATFORM=imx-mx93evk build.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add support imx93evk platform

Add the support for imx93evk platform.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-b

core: imx: add support imx93evk platform

Add the support for imx93evk platform.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add imx93 SoC ID

Add the imx93 SoC ID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklan

core: imx: add imx93 SoC ID

Add the imx93 SoC ID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add imx93 registers

Add the imx93 registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.

core: imx: add imx93 registers

Add the imx93 registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: simplify the error macro message

Simplify the error macro message for less maintenance when it comes to
introduce new platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Revi

core: imx: simplify the error macro message

Simplify the error macro message for less maintenance when it comes to
introduce new platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: se050: optional I2C access via trampoline

Platforms with secure I2C buses (i.e: STM32MP1) or those with only
a secure element on the bus might prefer not to delegate the I2C
traffic to the

drivers: se050: optional I2C access via trampoline

Platforms with secure I2C buses (i.e: STM32MP1) or those with only
a secure element on the bus might prefer not to delegate the I2C
traffic to the REE.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mbedtls: Add ECC signature size check

The ECC signature implementation must check that the output buffer
has sufficient space to store the signature. This check was missing
in the mbedtls vers

core: mbedtls: Add ECC signature size check

The ECC signature implementation must check that the output buffer
has sufficient space to store the signature. This check was missing
in the mbedtls version of ecc_sign.

Fixes: ad6cfae7c0 ("libmbedtls: support mbedtls ECC function")
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Lars Persson <lars.persson@axis.com>

show more ...

core: mbedtls: Use a DRBG to speed up RSA key generation

The output rate of a TRNG is quite slow and this has a big impact
on the time needed to generate an RSA key since that process does
require a

core: mbedtls: Use a DRBG to speed up RSA key generation

The output rate of a TRNG is quite slow and this has a big impact
on the time needed to generate an RSA key since that process does
require a lot of random bits to find prime numbers.

We instantiate a CTR DRBG that is seeded from the TRNG to provide a
higher-speed source of random bits.

Performance comparison for rsa 2048 key generation on our device
with a TRNG that outputs on the order of 1e5 bits per second.

Before patch (14 samples)
mean time 14.02 sec stddev. 7.91

With patch (14 samples):
mean time 1.67 sec stddev. 1.24

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lars Persson <larper@axis.com>

show more ...

plat-corstone1000: add corstone1000 platform

These changes are to add corstone1000 platform to optee
core.
arch/arm/plat-vexpress is taken as a reference to make
these changes.

Signed-off-by: Vishn

plat-corstone1000: add corstone1000 platform

These changes are to add corstone1000 platform to optee
core.
arch/arm/plat-vexpress is taken as a reference to make
these changes.

Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link: add --no-warn-rwx-segments

binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warn

core: link: add --no-warn-rwx-segments

binutils ld.bfd generates one RWX LOAD segment by merging several sections
with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
also warns by default when that happens [1], which breaks the build due to
--fatal-warnings. The RWX segment is not a problem for the TEE core, since
that information is not used to set memory permissions. Therefore, silence
the warning.

Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: update the daisy chain setting for I2C1

Looking at IMX6ULLRM Rev. 1, 11/2017 paragraph 32.6.329
says the daisy chain for SDA on I2C1 on imx6ull-evk is 2 not 1.

Signed-off-by: Tim

drivers: imx_i2c: update the daisy chain setting for I2C1

Looking at IMX6ULLRM Rev. 1, 11/2017 paragraph 32.6.329
says the daisy chain for SDA on I2C1 on imx6ull-evk is 2 not 1.

Signed-off-by: Tim Anderson <tim.anderson@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jorge Ramirez-Ortiz <jorge@foundries.io>

show more ...

Squashed commit upgrading to mbedtls-2.28.1

Squash merging branch import/mbedtls-2.28.1

ebf1f6a58089 ("libmbedtls: compile new files added with 2.28.1")
3ffb51b58a54 ("libmbedtls: add SM2 curve")

Squashed commit upgrading to mbedtls-2.28.1

Squash merging branch import/mbedtls-2.28.1

ebf1f6a58089 ("libmbedtls: compile new files added with 2.28.1")
3ffb51b58a54 ("libmbedtls: add SM2 curve")
c425755720b4 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
23493c822a82 ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
dcdca2348dff ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
dc2994976958 ("libmbedtls: fix no CRT issue")
c6628873b281 ("libmbedtls: add interfaces in mbedtls for context memory operation")
8acd202d3e55 ("libmedtls: mpi_miller_rabin: increase count limit")
37284e28d5d9 ("libmbedtls: add mbedtls_mpi_init_mempool()")
b499a75f29f3 ("libmbedtls: make mbedtls_mpi_mont*() available")
2080a8c96a5d ("mbedtls: configure mbedtls to reach for config")
e0858334327a ("mbedtls: remove default include/mbedtls/config.h")
dd9688e6b8ce ("Import mbedtls-2.28.1")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_svc.c: add missing comma

Add missing comma to fix the following error:

$ make -s PLATFORM=vexpress-qemu_armv8a CFG_TA_PAUTH=y CFG_MEMTAG=y
core/tee/tee_svc.c:371:9: error: expected ‘}’

core: tee_svc.c: add missing comma

Add missing comma to fix the following error:

$ make -s PLATFORM=vexpress-qemu_armv8a CFG_TA_PAUTH=y CFG_MEMTAG=y
core/tee/tee_svc.c:371:9: error: expected ‘}’ before ‘{’ token
371 | {
| ^
core/tee/tee_svc.c:280:44: note: to match this ‘{’
280 | const struct tee_props tee_propset_tee[] = {
| ^

Fixes: a0e8ffe9ba8f ("core: add support for MTE")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: update the I2C initialization

NXP drivers in both u-boot and linux waits 50us after enabling
the bus controller to stabilize the bus.

Signed-off-by: Tim Anderson <tim.anderson@fou

drivers: imx_i2c: update the I2C initialization

NXP drivers in both u-boot and linux waits 50us after enabling
the bus controller to stabilize the bus.

Signed-off-by: Tim Anderson <tim.anderson@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: Avoid tee_ram_va equals 0 when CFG_CORE_ASLR is set

Optee OS use 0 as invalid va and tee_ram_va might equals 0 when
CFG_CORE_ASLR=y.
If tee_ram_va = 0, return directly to avoid it.

Signed-off

core: Avoid tee_ram_va equals 0 when CFG_CORE_ASLR is set

Optee OS use 0 as invalid va and tee_ram_va might equals 0 when
CFG_CORE_ASLR=y.
If tee_ram_va = 0, return directly to avoid it.

Signed-off-by: Ming-Jen Chang <ming-jen.chang@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: return true for mattr_is_cached() and TEE_MATTR_MEM_TYPE_TAGGED

Memory areas tagged with TEE_MATTR_MEM_TYPE_TAGGED attributes are
cached. Modify mattr_is_cached() accordingly.

Fixes: 7c3a

core: mm: return true for mattr_is_cached() and TEE_MATTR_MEM_TYPE_TAGGED

Memory areas tagged with TEE_MATTR_MEM_TYPE_TAGGED attributes are
cached. Modify mattr_is_cached() accordingly.

Fixes: 7c3ab7744d ("core: mm: add TEE_MATTR_MEM_TYPE_TAGGED")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: cancel obsolete workflows

When the CI workflow is triggered, we usually don't want previous jobs
related to the same branch or pull request to keep running; it is
just wasteful of resources. The

ci: cancel obsolete workflows

When the CI workflow is triggered, we usually don't want previous jobs
related to the same branch or pull request to keep running; it is
just wasteful of resources. Therefore add a special workflow to deal
with the situation [1].

An exception is made for CI workflows started by updates to the master
branch so that several PR merged in a row do not cancel previous CI runs
started on master.

Link: [1] https://github.com/marketplace/actions/cancel-workflow-action#advanced-pull-requests-from-forks
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat-bcm: remove virtual address lookup from main_init_gic()

- Commit 60801696667d ("plat: arm: refactor GIC initialization")
refactored GIC initialization to have gic_init_base_addr() take

core: plat-bcm: remove virtual address lookup from main_init_gic()

- Commit 60801696667d ("plat: arm: refactor GIC initialization")
refactored GIC initialization to have gic_init_base_addr() take in a
physical address instead of a virtual one, meaning that a virtual
address lookup is no longer necessary within a platform's gic_init().
- BCM's main_init_gic() would still perform a virtual memory lookup and
hand over its virtual address instead of the expected physical one.
This caused the lookup in gic_init_base_addr() to fail and panic.
- This new commit removes the virtual memory lookup from BCM's
main_gic_init() and instead hands gic_init_base_addr() a physical
address.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: code_style: clone repository with full history

The code_style job runs checkpatch, which checks if commit references
found in commit descriptions are valid or not. In order for this to
work, the

ci: code_style: clone repository with full history

The code_style job runs checkpatch, which checks if commit references
found in commit descriptions are valid or not. In order for this to
work, the Git repo must contain the full history otherwise some IDs
might be reported as unknown. For example [1]:

WARNING: Unknown commit id '60801696667d', maybe rebased or not pulled?
#7:
- Commit 60801696667d ("plat: arm: refactor GIC initialization")

Link: [1] https://github.com/OP-TEE/optee_os/runs/7529955940?check_suite_focus=true#step:5:35
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bcm_sotp: add sotp write support

- Added write support for bcm secure one time programmable fuses.
- bcm_iproc_sotp_mem_read() now takes in a bool value for sotp_add_ecc
instead of an int

drivers: bcm_sotp: add sotp write support

- Added write support for bcm secure one time programmable fuses.
- bcm_iproc_sotp_mem_read() now takes in a bool value for sotp_add_ecc
instead of an int to denote if error checking memory is supported.
- Updated debug and error messages to return TEE_result codes.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: migrate from Azure pipelines to GitHub actions

The Azure CI recently stopped working with frequent "no space left on
device" errors when fetching the Docker image used by the QEMUv8_check
and QE

ci: migrate from Azure pipelines to GitHub actions

The Azure CI recently stopped working with frequent "no space left on
device" errors when fetching the Docker image used by the QEMUv8_check
and QEMUv8_build_Rust jobs [1]. Take this opportunity to migrate to
GitHub Actions which has similar or better capabilities (better
integration with GitHub UI, no need for an Azure account or project,
built-in caching capability for build artifacts, more concurrent jobs
and longer timeouts [2]).

No functional change except for cosmetic things (job names) and the
handling of the build cache. Previously in the multi-platform build job
files could be uploaded to the cache server before the end of the
script. As a result, if a build would time out it would usually be
enough to just restart it, then the new run would obtain files from the
previous run and be fast enough to complete. With the GitHub cache
action used here, this doesn't happen. Data are only uploaded to the
cache when the build completes with no error. It means some manual work
may be needed if the maximum build time is reached: push a truncated
build job to a temporary branch, wait for it to complete, then restart
the timed out job. However, the full build currently takes about 1 hour
with an empty cache and the maximum build time is 6 hours so it should
not be a problem anytime soon. Caching is also enabled for the
QEMUv8_check job.

Link: [1] https://dev.azure.com/OPTEE/optee_os/_build/results?buildId=3395&view=logs&j=4b042fc3-edf6-5596-582e-7ecd0cce7842&t=9368a7c9-f53c-4bb5-bbbf-b04d402537af&l=53
Link: [2] https://docs.github.com/en/actions/learn-github-actions/usage-limits-billing-and-administration#usage-limits
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI

dts: stm32mp15: bump to Linux v5.19-rc6 dts files
Synchronize with stm32mp15 dts(i) files from Linux v5.19-rc6.

Changes made to imported dts(i) files:
- stm32mp151.dtsi: add ETZPC node, declare PSCI v1.0.
- stm32mp151.dtsi: add iwdg1 node as before
- stm32mp151.dtsi: add iwdg2 interrupt definition
- stm32mp151.dtsi: add tamp node clocks definition
- stm32mp151.dtsi: keep pin-controller{,-z} node names
- stm32mp157a-dk1.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: disable RCC secure-status.
- stm32mp157c-dk2.dts: drop cryp1 okay status
- stm32mp157c-ed1.dts (included by ev1): disable RCC secure-status.
- stm32mp157c-ed1.dts: (included by ev1): drop cryp1 okay status
- Remove resources related to input DT bindings using explicit inline
comments as those are under Linux kernel GPLv2 licensing model.

This update is required to add a new board based on Linux 5.19-rc6
dts file.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...