core: fix TA crash if RPMB key is not provisioned

If optee-os is set with CFG_RPMB_WRITE_KEY=n, returning
TEE_ERROR_BAD_STATE will result in TA panic because of exit checks
in /lib/libutee/tee_api_o

core: fix TA crash if RPMB key is not provisioned

If optee-os is set with CFG_RPMB_WRITE_KEY=n, returning
TEE_ERROR_BAD_STATE will result in TA panic because of exit checks
in /lib/libutee/tee_api_objects.c APIs. Returning
TEE_ERROR_STORAGE_NOT_AVAILABLE to avoid TA panic and signal TA
RPMB is not ready for use, therefore TA could perform error handling.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Judy Wang <wangjudy@microsoft.com>

show more ...

plat-stm32mp1: introduce CFG_STM32MP1_SHARED_RESOURCES

It is now mandatory to enable CFG_STM32MP1_SHARED_RESOURCES to embed
shared_resources.c.

It is forced enabled for STM32MP15x boards and forced

plat-stm32mp1: introduce CFG_STM32MP1_SHARED_RESOURCES

It is now mandatory to enable CFG_STM32MP1_SHARED_RESOURCES to embed
shared_resources.c.

It is forced enabled for STM32MP15x boards and forced disabled for
STM32MP13x boards.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Defaul

drivers: stm32_shared_io: introduce shared io driver

This commit implements shared registers support, previously handled in
core/arch/arm/plat-stm32mp1/shared_resources.c, at platform level.

Default enable CFG_STM32_SHARED_IO.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: handle large holes in S-EL0 map

Prior to this patch it was assumed that the memory map of a user mode
context had no holes or very small holes. This leads to a higher pressure
on the translati

core: handle large holes in S-EL0 map

Prior to this patch it was assumed that the memory map of a user mode
context had no holes or very small holes. This leads to a higher pressure
on the translation tables than necessary.

So fix this by skipping to allocate translation tables for holes in the
memory map of a user mode context where possible.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previo

core: fix error handling in vm_remap()

When remap tries to change the virtual address of a mapping and it fails
in the middle of the process it has to undo the changes in order to
restore the previous state before returning an error.

This fix addresses a corner case where the number of needed translation
tables for the new map has been increased and hits a limit, so the remap
request must be denied.

Fixes: 7d2b71d6d30f ("core: vm_set_prot() and friends works across VM regions")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: map the CAAM registers with the CAAM_SIZE value

Add the CAAM register MMU mapping with the appropriate size CAAM_SIZE.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: add CAAM_SIZE values for LS platforms

Add CAAM_SIZE values for all LS platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.

core: imx: add CAAM_SIZE values for i.MX platforms

Add CAAM_SIZE values for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: add DT_GNU_HASH support

It is possible for an ELF to be compiled with --hash-style=gnu;
some distros even have that as their default. This produces an ELF
with no .hash section, but with a .g

ldelf: add DT_GNU_HASH support

It is possible for an ELF to be compiled with --hash-style=gnu;
some distros even have that as their default. This produces an ELF
with no .hash section, but with a .gnu.hash section in its stead.

GNU-style hash sections have better performance than old SYSV-style ones.
It can be expected that, as time goes on, it becomes the new default.

Use the DT_GNU_HASH table for symbol lookup when present, then fall
back onto DT_HASH.

Co-developed-by: Elvira Khabirova <e.khabirova@omp.ru>
Signed-off-by: Elvira Khabirova <e.khabirova@omp.ru>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ldelf: get DT_HASH info from section headers

Obtain the address of the DT_HASH section from the section headers
rather than from the dynamic section. In addition to being simpler,
this method can ea

ldelf: get DT_HASH info from section headers

Obtain the address of the DT_HASH section from the section headers
rather than from the dynamic section. In addition to being simpler,
this method can easily provide the size of the section. It is not
needed in this case but will be useful when introducing support for
DT_GNU_HASH.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Lég

dts: sama5d2: Set tcb1 as secure

Add missing status-okay line to enable tcb1 for OP-TEE usage. Indeed,
the TCB block is used to provide a secure time source to OP-TEE TA.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make s

core: pta: return error code when failing to deserialize saved key

When deserializing the key, TEE_SUCCESS code is returned even the bignum
deserialization of one of the key component fails.

Make sure to free the allocated key in case of an error in the
deserialization of one of the key component.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestati

core: pta: attestation: fix buffer size for generated key

There is assertion error in the attestation PTA when it comes to
deserialize the key. Here are the logs:

* regression_1037 Remote attestation
o regression_1037.1 Get public key
E/TC:? 0 assertion '!buf_sz' failed at core/pta/attestation.c:199 <deserialize_key>
E/TC:3 0 Panic at core/kernel/assert.c:28 <_assert_break>
E/TC:3 0 TEE load address @ 0xbe000000
E/TC:3 0 Call stack:
E/TC:3 0 0xbe0091b4
E/TC:3 0 0xbe024b5c
E/TC:3 0 0xbe02292c
E/TC:3 0 0xbe02fde4
E/TC:3 0 0xbe0300c4
E/TC:3 0 0xbe029a3c
E/TC:3 0 0xbe025e70
E/TC:3 0 0xbe0336e0
E/TC:3 0 0xbe007070
E/TC:3 0 0xbe0071ec

To reproduce the issue, you need a persistent storage and follow these
steps:
$ xtest 1037
*reboot the platform*
$ xtest 1037

When allocating the key buffer, the maximum buffer size is allocated
(1033 bytes) whatever the size specified by CFG_ATTESTATION_PTA_KEY_SIZE.

With default attestation key size (CFG_ATTESTATION_PTA_KEY_SIZE) of
3072 bits, only 777 bytes is needed to store the key but the allocated
buffer size is still 1033 bytes.

When the key has already been generated, the key stored is deserialized
and the deserialize_key() function expects the size of the previously
generated key to be equal to the maximum buffer size.

The assertion can be removed as the buffer size and the key size could
mismatch. The deserialize_bignum() function, however, still checks the
buffer size is big enough to hold the given key size.

Fixes: 7e05ec25b ("core: pta: add remote attestation PTA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As

core: make sure build date is always in English

Setting LANG=C before invoking the date command doesn't always result in
the "C" (English) locale being selected. The correct way is to set
LC_ALL. As explained in the locale(7) man page:

If the second argument to setlocale(3) is an empty string, "", for the
default locale, it is determined using the following steps:

1. If there is a non-null environment variable LC_ALL, the value of
LC_ALL is used.

2. If an environment variable with the same name as one of the
categories above exists and is non-null, its value is used for that
category.

3. If there is a non-null environment variable LANG, the value of LANG
is used.

Fixes: 3e2b963515c1 ("core: use C locale when generating the build date")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2]

plat-stm32mp1: remove SCMI0 channel index

Removes index 0 from SCMI DT binding ID macros and driver labels to
synchronize with Linux kernel 5.18 that considers a single SCMI
channel, see [1] and [2].

Link: [1] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-4-alexandre.torgue@foss.st.com
Link: [2] https://lore.kernel.org/linux-arm-kernel/20220422150952.20587-5-alexandre.torgue@foss.st.com
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.c

plat-stm32mp1: scmi_server: removed unused channel SCMI1

Remove this SCMI channel from DT bindings and platform driver as it is
unused.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 t

plat-stm32mp1: use helper header file stm32mp_dt_bindings.h

Changes plat-stm32mp1 and its drivers to rely on stm32mp_dt_bindings.h
which simplifies support of both variants STM32MP15 and STM32MP13 that
will use each specific DT bindings.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <

core: drivers: update stm32mp_dt_bindings.h

Adds st,stm32mp15-regulator.h to the header files included for
stm32mp15 as these bindings are used for SCMI services.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

core: drivers: fix stm32mp_dt_bindings.h

Removes stm32mp1-clksrc.h header file include as this file doesn't
exist.

Fixes: 19a4632e0f17 ("dt-bindings: stm32: add stm32mp13 clock and
reset bindings")

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the pro

core: dt_driver: rework dt_driver_register_provider()

Registering a provider shouldn't fail when a provider node has no
phandle. It only means that no node refer to the provider device hence
the provider reference does not need to be registered.

This change protects from issues when, for example, device-tree compiler
removes unused phandle to optimize DTB image size.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default disable ASLR

Default disable CFG_CORE_ASLR on stm32mp1. The platform memory
firewall does not allow secure world to access external DTB in
non-secure memory when MMU is

plat-stm32mp1: conf: default disable ASLR

Default disable CFG_CORE_ASLR on stm32mp1. The platform memory
firewall does not allow secure world to access external DTB in
non-secure memory when MMU is OFF, which is what the software attempts
to do when CFG_CORE_ASLR=y.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: update RAM configuration

Align platform RAM configuration with TF-A.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.car

plat-stm32mp1: conf: update RAM configuration

Align platform RAM configuration with TF-A.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: default heap size to 48kB when pager is on

Changes default heap size from 64kB to 48kB when pager is enabled.
The saved physical pages are assigned to pager pool.

Signed-off-by

plat-stm32mp1: conf: default heap size to 48kB when pager is on

Changes default heap size from 64kB to 48kB when pager is enabled.
The saved physical pages are assigned to pager pool.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: allow BSEC writing in debug mode

Default embed support for burning fuses when in debug build configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Rev

plat-stm32mp1: conf: allow BSEC writing in debug mode

Default embed support for burning fuses when in debug build configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: conf: disable TA compression when pager is on

Disable CFG_EARLY_TA_COMPRESS when CFG_WITH_PAGER is enabled. With this
change, the TAs will not be compressed into the TEE binary. Now,

plat-stm32mp1: conf: disable TA compression when pager is on

Disable CFG_EARLY_TA_COMPRESS when CFG_WITH_PAGER is enabled. With this
change, the TAs will not be compressed into the TEE binary. Now, core
heap can be smaller than 64kB and platform can leverage that to assign
more physical pages in the pager pool.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...