plat-sam: split SFR code out of main.c file

Move SFR specific code to sam_sfr.c file.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
S

plat-sam: split SFR code out of main.c file

Move SFR specific code to sam_sfr.c file.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-stm32mp1: support rng pta with secure RNG source

Changes platform stm32mp1 configuration to default enable RNG PTA
support when CFG_WITH_SOFTWARE_PRNG is disable. This configuration
mandates st

plat-stm32mp1: support rng pta with secure RNG source

Changes platform stm32mp1 configuration to default enable RNG PTA
support when CFG_WITH_SOFTWARE_PRNG is disable. This configuration
mandates stm32mp1 RNG device and its resources to be assigned to the
secure world to be accessible at runtime.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: implement plat_rng_init()

Moves plat_rng_init() definition from platform source file rng_seed.c
to core driver source stm32_rng.c. There is no platform magic needed
in this funct

drivers: stm32_rng: implement plat_rng_init()

Moves plat_rng_init() definition from platform source file rng_seed.c
to core driver source stm32_rng.c. There is no platform magic needed
in this function. As a result, seed_rng.c source file is removed.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: register as hwrng source

Implements RNG as hardware entropy source when CFG_STM32_RNG
is enable and CFG_WITH_SOFTWARE_PRNG is disable.

This is realised by implementing crypto_rn

drivers: stm32_rng: register as hwrng source

Implements RNG as hardware entropy source when CFG_STM32_RNG
is enable and CFG_WITH_SOFTWARE_PRNG is disable.

This is realised by implementing crypto_rng_read() and
hw_get_random_byte() in driver.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: helper trace in rng path

Adds helper flow level trace messages in random sample generation
sequence.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne

drivers: stm32_rng: helper trace in rng path

Adds helper flow level trace messages in random sample generation
sequence.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: remove millisecond timeout with interrupts masked

Removes the 10ms timeout monitored waiting loop in stm32_rng_read_raw()
that was called with interrupts masked. stm32_rng_read_r

drivers: stm32_rng: remove millisecond timeout with interrupts masked

Removes the 10ms timeout monitored waiting loop in stm32_rng_read_raw()
that was called with interrupts masked. stm32_rng_read_raw() is
renamed read_available() and does not pool a hardware status: it
either returns or reads samples according to RNG state.

Changes stm32_rng_read() to monitor RNG burst generation with a 100ms
timeout. This timeout threshold targets that at least few REE ticks
(dozen of ms) allow RNG to conceal and synchronize upon bad conditions.

As change rewrites function stm32_rng_read(), it also removes a zeroing
of the buffer on sample generation error. The wiping is removed since
pointless.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: don't export stm32_rng_read_raw()

No need to export stm32_rng function stm32_rng_read_raw(). It is only
called from stm32_rng_read(). Also removes re-enabling of RNG in
stm32_rng

drivers: stm32_rng: don't export stm32_rng_read_raw()

No need to export stm32_rng function stm32_rng_read_raw(). It is only
called from stm32_rng_read(). Also removes re-enabling of RNG in
stm32_rng_read_raw() since already handled by caller function.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: seed PRNG with initialized rng device

Simplifies platform rng_seed.c implementation. Since a previous change
initializes stm32_rng driver before plat_rng_init() is called, it is now
p

plat-stm32mp1: seed PRNG with initialized rng device

Simplifies platform rng_seed.c implementation. Since a previous change
initializes stm32_rng driver before plat_rng_init() is called, it is now
possible to use stm32_rng_read() to get PRNG seed. The sequence is
simplified as stm32_rng_read() takes care of device resource dependencies.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: init rng before service initcall level

Initializes stm32_rng driver before service initcall level so that
device driver is ready when plat_rng_init() is called.

At this stage, r

drivers: stm32_rng: init rng before service initcall level

Initializes stm32_rng driver before service initcall level so that
device driver is ready when plat_rng_init() is called.

At this stage, resource firewall may not be initialized therefore
choose to always map RNG IOMEM with secure attribute which conforms
to firewall configuration. When RNG is assigned to non-secure, RNG
resources are released once boot completes.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_rng: remove thread exceptions masking under spinlock

Fixes stm32_rng.c to not mask thread exceptions in function
stm32_rng_read_raw() that is called with a spinlock held and
interrupt

drivers: stm32_rng: remove thread exceptions masking under spinlock

Fixes stm32_rng.c to not mask thread exceptions in function
stm32_rng_read_raw() that is called with a spinlock held and
interrupts already masked.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

imx_ocotp: correct ocotp fuse address computation

Not all the imx platforms have the same bank spacing. In particular
the imx6 and imx7ulp both have bank sizes that are twice as large
as the imx8m.

imx_ocotp: correct ocotp fuse address computation

Not all the imx platforms have the same bank spacing. In particular
the imx6 and imx7ulp both have bank sizes that are twice as large
as the imx8m.

The ocotp_get_die_id_mx7ulp() function was written with the
old computation, so bank 2, work 6 would be 0x4e0 offset.
Using the new calc, bank 1, word 6 would be 0x4e0 offset.

So all the bank values should move to bank 1.

This will set the correct computation.

Signed-off-by: Tim Anderson <tim.anderson@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat-zynqmp: Added __nex_bss symbol for virtualization support

Without the __nex_bss symbol added to gic_data and console_data
the zynqmp platform results in a deadlock when attempting
to write to t

plat-zynqmp: Added __nex_bss symbol for virtualization support

Without the __nex_bss symbol added to gic_data and console_data
the zynqmp platform results in a deadlock when attempting
to write to the serial device on the platform. This fix resolves
the deadlock issue. More details can be found in the referred link.

Link: https://github.com/OP-TEE/optee_os/issues/5384
Signed-off-by: Michael Doran <michael.doran@dornerworks.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: mte: strip tag before calling vm_check_access_rights()

op_attr_bignum_to_user() lacks a call to memtag_strip_tag() before it
calls vm_check_access_rights(). This results in the memory

core: crypto: mte: strip tag before calling vm_check_access_rights()

op_attr_bignum_to_user() lacks a call to memtag_strip_tag() before it
calls vm_check_access_rights(). This results in the memory buffer not
being found and the function returning TEE_ERROR_ACCESS_DENIED.

Test case: xtest pkcs11_1019 on QEMUv8, build command:

make CFG_PKCS11_TA=y CFG_USER_TA_TARGET_pkcs11=ta_arm64 MEMTAG=y run

Fixes: ef142203a36b ("core: syscalls: strip tags from user space pointers")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Enable handling 64-bit direct messages

Enable using the 64-bit version of the FF-A direct request and response
calls.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Et

core: ffa: Enable handling 64-bit direct messages

Enable using the 64-bit version of the FF-A direct request and response
calls.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...

plat-synquacer: rename rng_pta.h to synquacer_rng_pta.h

Renames plat-synquacer rng_pta.h to synquacer_rng_pta.h to prevent
confusion with generic RNG PTA header file pta_rng.h.

Acked-by: Jerome For

plat-synquacer: rename rng_pta.h to synquacer_rng_pta.h

Renames plat-synquacer rng_pta.h to synquacer_rng_pta.h to prevent
confusion with generic RNG PTA header file pta_rng.h.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: rng: rename rng_pta_client.h to pta_rng.h

Renames RNG PTA exported header file from rng_pta_client.h to pta_rng.h
as the later follows PTAs header file name convention in optee_os
that is pta_x

pta: rng: rename rng_pta_client.h to pta_rng.h

Renames RNG PTA exported header file from rng_pta_client.h to pta_rng.h
as the later follows PTAs header file name convention in optee_os
that is pta_xxx.h.

Preserve rng_pta_client.h for backward compatibility. That header file
only includes pta_rng.h.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: use CFLAGS_ta_armXX etc. when building in-tree TAs

In-tree TAs currently ignore CFLAGS_ta_arm32/CFLAGS_ta_arm64 and
CPPFLAGS_ta_arm32/CPPFLAGS_ta_arm64, contrary to out-of tree TAs which
are

build: use CFLAGS_ta_armXX etc. when building in-tree TAs

In-tree TAs currently ignore CFLAGS_ta_arm32/CFLAGS_ta_arm64 and
CPPFLAGS_ta_arm32/CPPFLAGS_ta_arm64, contrary to out-of tree TAs which
are built with ta/mk/ta_dev_kit.mk. Add these flags for convenience and
consistency.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix use-after-free in close_ck_session() when CFG_TEE_TA_LOG_LEVEL >= 3

The debug trace in close_ck_session() needs to be moved before the
session is freed. Problem found with CFG_MEMTAG

ta: pkcs11: fix use-after-free in close_ck_session() when CFG_TEE_TA_LOG_LEVEL >= 3

The debug trace in close_ck_session() needs to be moved before the
session is freed. Problem found with CFG_MEMTAG=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation

Disable the use of DCP unique key (0xfe in the DCP key selection) after
the HUK generation.
The DCP unique key is used to genera

drivers: imx: dcp: disable the use of UNIQUE KEY after HUK generation

Disable the use of DCP unique key (0xfe in the DCP key selection) after
the HUK generation.
The DCP unique key is used to generate the HUK at boot time. Disabling
the use of the unique key prevents the non-secure world from
re-generating the HUK.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

drivers: imx: dcp: clear OTP_KEY bit for unique key selection

The use of the unique key for the HUK generation requires the OTP_KEY
bit to be cleared in the DCP control0 bit field.

Signed-off-by: C

drivers: imx: dcp: clear OTP_KEY bit for unique key selection

The use of the unique key for the HUK generation requires the OTP_KEY
bit to be cleared in the DCP control0 bit field.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

drivers: imx: dcp: workaround DCP errata 051292

The internal boot ROM should reset the DCP controller prior jumping to
bootloader execution. The current boot ROM implementation does not
assert a DCP

drivers: imx: dcp: workaround DCP errata 051292

The internal boot ROM should reset the DCP controller prior jumping to
bootloader execution. The current boot ROM implementation does not
assert a DCP reset.

To mitigate the issue, users can implement a DCP reset by setting
SFTRST[31] and CTRL_CLKGATE[30] bits in the DCP_CTRL_SET registers.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx-mx6ullevk)

show more ...

plat-stm32mp1: restore reserved shared memory

Restores OP-TEE reserved shared memory (the last MBytes of DRAM located
on top of the secure DDR) in STM32MP15 default configuration. This
default confi

plat-stm32mp1: restore reserved shared memory

Restores OP-TEE reserved shared memory (the last MBytes of DRAM located
on top of the secure DDR) in STM32MP15 default configuration. This
default configuration is needed to support mainline TF-A in conjunction
with mainline Linux kernel.

Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit show

drivers: imx_snvs: re-work security state for imx8m platforms

The current implementation of snvs_get_security_cfg() for
imx8m platforms includes the read of SYS_SECURE_BOOT bit.
This fourth bit shows if the board boots from internal
ROM. This bit will reset to 1 for a board in the field
and 0 for a test chip.

The read of this bit is out of scope of the snvs_get_security_cfg()
purpose which is to return the system security configuration.
The SYS_SECURE_BOOT bit (msb) can be discarded.

Fixes: 5cd93c5a75 (drivers: imx_snvs: fix SNVS security configuration values)
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-hikey: Add embedded DTB to define SDP

For Hikey, the Secure Data Path memory region definition is
done in an embedded dtb as defined in
Documentation/devicetree/bindings/reserved-memory/linaro,

plat-hikey: Add embedded DTB to define SDP

For Hikey, the Secure Data Path memory region definition is
done in an embedded dtb as defined in
Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: Define SDP in embedded DTB

Allow definition of the Secure Data Path memory region in an embedded DTB
There is no memory intersection checking for such SDP area as embedded DTB
is not available

core: Define SDP in embedded DTB

Allow definition of the Secure Data Path memory region in an embedded DTB
There is no memory intersection checking for such SDP area as embedded DTB
is not available during init of tee core memory mapping

Comply with reserved memory bindings
Linux documentation file:
Documentation/devicetree/bindings/reserved-memory/reserved-memory.yaml

Documented in:
Documentation/devicetree/bindings/reserved-memory/linaro,secure-heap.yaml

Signed-off-by: Olivier Masse <olivier.masse@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...