core: FF-A: Map TPM event log for FF-A SPs

Enable passing the TPM event log to FF-A SPs if their manifest has an
"arm,tpm_event_log" compatible node. The event log is mapped to the
SP's address spac

core: FF-A: Map TPM event log for FF-A SPs

Enable passing the TPM event log to FF-A SPs if their manifest has an
"arm,tpm_event_log" compatible node. The event log is mapped to the
SP's address space and the address and size fields are updated in the
SP manifest.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Imre Kis <imre.kis@arm.com>

show more ...

core: Enable mapping DT from secure memory

Add CFG_MAP_EXT_DT_SECURE option to enable mapping the device tree from
the secure memory. As the device tree in the secure memory would only
have the even

core: Enable mapping DT from secure memory

Add CFG_MAP_EXT_DT_SECURE option to enable mapping the device tree from
the secure memory. As the device tree in the secure memory would only
have the event log address in the secure memory the property name is
changed from tpm_event_log_sm_addr to the standard tpm_event_log_addr
when CFG_MAP_EXT_DT_SECURE is enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Imre Kis <imre.kis@arm.com>

show more ...

core: arm: spectre-bhb software workaround

Expands the config option CFG_CORE_WORKAROUND_SPECTRE_BP_SEC to cover
CVE-2022-23960 (aka Spectre-BHB) too since both have much in common.

Spectre-BHB is

core: arm: spectre-bhb software workaround

Expands the config option CFG_CORE_WORKAROUND_SPECTRE_BP_SEC to cover
CVE-2022-23960 (aka Spectre-BHB) too since both have much in common.

Spectre-BHB is another speculation attack on branch prediction. Further
details can be found at [1].

The software workaround added for CPUs vulnerable to Spectre-V2 covers
Spectre-BHB too. New software workaround is only needed for CPUs immune to
Spectre-V2, but not so to Spectre-BHB.

The Spectre-V2 workaround is to invalidate the entire branch predictor
table. Most new CPU immune to Spectre-V2 but vulnerable to Spectre-BHB
can avoid invalidating the entire branch predictor table, instead is
this invalidation replaced by a loop designed to exhaust the branch
predictor in a way that the exploit isn't possible any longer.

Link: [1] https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb

Fixes: CVE-2022-23960
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor spectre-v2 workarounds

Refactors the Spectre-V2 workarounds to make room for further workarounds.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wikl

core: refactor spectre-v2 workarounds

Refactors the Spectre-V2 workarounds to make room for further workarounds.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add arm cortex and neoverse CPU part numbers

Adds part numbers for a few Arm Cortex and Neoverse CPUs. Also adds
defines helping to extract Variant and Revision from MIDR or MIDR_EL1.

Acked-b

core: add arm cortex and neoverse CPU part numbers

Adds part numbers for a few Arm Cortex and Neoverse CPUs. Also adds
defines helping to extract Variant and Revision from MIDR or MIDR_EL1.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix unused set_core_local_kcode_offset() warning

When compiling with CFG_CORE_UNMAP_CORE_AT_EL0=n there's a warning:
core/arch/arm/kernel/thread.c:529:13: error: ‘set_core_local_kcode_offset’

core: fix unused set_core_local_kcode_offset() warning

When compiling with CFG_CORE_UNMAP_CORE_AT_EL0=n there's a warning:
core/arch/arm/kernel/thread.c:529:13: error: ‘set_core_local_kcode_offset’ defined but not used [-Werror=unused-function]

Fix this with by adding a __maybe_unused to the function.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: qemu: initialize TPM driver

QEMU implements a TPM emulation with TPM TIS/PTP interface. The PTP
interface is exposed via a memory mapped region to the TEE (MMIO
interface).

QEMU TPM

plat-vexpress: qemu: initialize TPM driver

QEMU implements a TPM emulation with TPM TIS/PTP interface. The PTP
interface is exposed via a memory mapped region to the TEE (MMIO
interface).

QEMU TPM emulation can be used with a virtualized TPM2.0 device
(sw-tpm).

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers/tpm2: Startup TPM when chip is registered

When tpm2 chip is registered, call the initialization
sequence of tpm to do self test and startup the tpm chip.

Signed-off-by: Ruchika Gupta <ruchi

drivers/tpm2: Startup TPM when chip is registered

When tpm2 chip is registered, call the initialization
sequence of tpm to do self test and startup the tpm chip.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers/tpm2: Add basic structure for commands

Add infrastructure for TPM2 commands based on [1].

Few basic commands like TPM2 Startup and Selftest. These
will be used by device driver during initi

drivers/tpm2: Add basic structure for commands

Add infrastructure for TPM2 commands based on [1].

Few basic commands like TPM2 Startup and Selftest. These
will be used by device driver during initialization.

[1] Trusted Platform Module Library Part 3: Commands
Family “2.0” Level 00 Revision 01.59

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers/tpm2: Add TPM2 MMIO driver

Add support for platforms that interface with TPM2 via
MMIO using FIFO protocol.

Co-developed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Victor Cho

drivers/tpm2: Add TPM2 MMIO driver

Add support for platforms that interface with TPM2 via
MMIO using FIFO protocol.

Co-developed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers/tpm2: Add basic TPM2 support in OP-TEE

TPM2 driver introduced in this commit is based on TPM TCG
specification [1] & [2].

The APIs exposed allows to send commands and receive response
from

drivers/tpm2: Add basic TPM2 support in OP-TEE

TPM2 driver introduced in this commit is based on TPM TCG
specification [1] & [2].

The APIs exposed allows to send commands and receive response
from a TPM2 chip.

[1] TCG PC Client Platform TPM Profile Specification for TPM 2.0
Vesrion 1.0.5 Revision 14
[2] TCG PC Client Device Driver Design Principles for TPM 2.0
Version 1.1 Revision 0.04

Co-developed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: io: add {get/put}_unaligned_be{16/32/64}()

Add 16, 32 and 64 bits put/get functions for big endian
unaligned access

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jens W

core: io: add {get/put}_unaligned_be{16/32/64}()

Add 16, 32 and 64 bits put/get functions for big endian
unaligned access

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix core virtual address range constraint in lpae

Changes strategy to set core virtual memory addresses in case pager
is enabled (CFG_WITH_PAGER=y) with LPAE (CFG_WITH_LPAE=y). In this
con

core: mm: fix core virtual address range constraint in lpae

Changes strategy to set core virtual memory addresses in case pager
is enabled (CFG_WITH_PAGER=y) with LPAE (CFG_WITH_LPAE=y). In this
configuration the virtual memory addresses are expected to fit in a
single base translation table in order to save 4kB translation pages.
This change makes core to fallback to the generic layout, possibly
spreading virtual addresses over several base translation tables if
the virtual memory addresses do not fit in the optimized address
range preferred for that configuration.

Fixes: https://github.com/OP-TEE/optee_os/issues/5201
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

mk: config.mk: describe CFG_DRIVERS_DT_RECURSIVE_PROBE

Adds a description for CFG_DRIVERS_DT_RECURSIVE_PROBE.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <e

mk: config.mk: describe CFG_DRIVERS_DT_RECURSIVE_PROBE

Adds a description for CFG_DRIVERS_DT_RECURSIVE_PROBE.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: embed dt_driver test in qemu_virt and qemu_armv8a

Default embeds DT_DRIVER probing test with companion DTS file in
vexpress qemu_virt and qemu_armv8a. These platforms do not embed
any

plat-vexpress: embed dt_driver test in qemu_virt and qemu_armv8a

Default embeds DT_DRIVER probing test with companion DTS file in
vexpress qemu_virt and qemu_armv8a. These platforms do not embed
any DTB so we can set straight CFG_EMBED_DTB_SOURCE_FILE.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: drivers to test probe deferral

Implements driver providers for some emulated resource (clocks and reset
controllers), consumer drivers and a embedded test DTSI file to
test the DT_D

core: dt_driver: drivers to test probe deferral

Implements driver providers for some emulated resource (clocks and reset
controllers), consumer drivers and a embedded test DTSI file to
test the DT_DRIVER probe sequence.

The driver consumer run few tests and logs results locally. The
result participates in core self test result reported by the
PTA test interface.

One can test with vexpress platform flavor qemu_virt and qemu_v8 using,
for example, the build instruction below:
make PLATFORM=vexpress-qemu_virt \
CFG_DT_DRIVER_EMBEDDED_TEST=y \
CFG_EMBED_DTB_SOURCE_FILE=embedded_dtb_test.dts

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: add CFG_DRIVERS_CLK_EARLY_PROBE

Adds configuration switch to allow clocks to be probed as any driver,
possibly deferring initialization. This is needed when a clock driver
has dependen

drivers: clk: add CFG_DRIVERS_CLK_EARLY_PROBE

Adds configuration switch to allow clocks to be probed as any driver,
possibly deferring initialization. This is needed when a clock driver
has dependencies on another resource.

The configuration is default enabled (CFG_DRIVERS_CLK_EARLY_PROBE=y)
that is probing clock drivers before other drivers using the early_init
initcall level as done prior this change.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

arm: aspeed: fix kernel panic while getting gicd & gicc va

commit 60801696667d ("plat: arm: refactor GIC initialization") unifies
GIC initialization flow into common gic code and get GIC distributor

arm: aspeed: fix kernel panic while getting gicd & gicc va

commit 60801696667d ("plat: arm: refactor GIC initialization") unifies
GIC initialization flow into common gic code and get GIC distributor/CPU
interface virtual addresses with 64KB granularity.

However, Aspeed SoC hardware design only used 4KB granularity for
each of them. Revise register GICD/GICC physical memory size to meet
gic init requirement. (from 4KB to 64KB)
This commit would result in memory map overlaps warning.

Signed-off-by: Neal Liu <neal_liu@aspeedtech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cscope: exclude generated .ld.S files

The generated .ld.S files contains nothing worth indexing with cscope. The
generated *_unpaged.ld.S and *_init.ld.S are especially unfriendly as
they adds lots

cscope: exclude generated .ld.S files

The generated .ld.S files contains nothing worth indexing with cscope. The
generated *_unpaged.ld.S and *_init.ld.S are especially unfriendly as
they adds lots of false positive matches for cscope. Fix this by
excluding all the generated .ld.S files.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32mp1: add IWDG1/2 watchdogs support

Add the IWDG1 and IWDG2 watchdog support in stm32mp15 SoCs and define
the watchdog timeout configuration.

On ED1/EV1/DK1/DK2 boards, IWDG1 is default di

dts: stm32mp1: add IWDG1/2 watchdogs support

Add the IWDG1 and IWDG2 watchdog support in stm32mp15 SoCs and define
the watchdog timeout configuration.

On ED1/EV1/DK1/DK2 boards, IWDG1 is default disabled while IWDG2 is
enabled and assigned to non-secure world. Despite IWDG2 is assigned
to non-secure world, TEE may need to kick the watchdog during
transitions when non-secure is not able to do so as some power
management transitions.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: conf: enable watchdog support

Add the watchdog enable by default on STM32MP1 platform.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debi

plat-stm32mp1: conf: enable watchdog support

Add the watchdog enable by default on STM32MP1 platform.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: add watchdog platform functions

Add the platform function to retrieve the watchdog OTP
configuration. Register the debug function to dump
register in case of watchdog detected event.

plat-stm32mp1: add watchdog platform functions

Add the platform function to retrieve the watchdog OTP
configuration. Register the debug function to dump
register in case of watchdog detected event.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

drivers: stm32_iwdg: implementation of independent watchdog

Implements independent watchdog (IWDG) driver to help detecting
malfunctions due to software or hardware failures. IWDG instances
are cloc

drivers: stm32_iwdg: implementation of independent watchdog

Implements independent watchdog (IWDG) driver to help detecting
malfunctions due to software or hardware failures. IWDG instances
are clocked by an independent clock and stays active if the main
clock fails.

The driver mandates IWDG instances configuration from an embedded DTB.

For the list of features, refer to the reference manuals at:
https://wiki.st.com/stm32mpu/wiki/STM32MP15_resources

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

core: sp: map device regions from SP manifest

Map the device regions defined in the SP manifest file into the SP's
context. In the manifest fdt the device's PA is overwritten with the VA
after mappi

core: sp: map device regions from SP manifest

Map the device regions defined in the SP manifest file into the SP's
context. In the manifest fdt the device's PA is overwritten with the VA
after mapping. This fdt is passed to the SP on boot and can be used by
the SP to determine the VA of the device.

The content of the SP manifest is defined in the FF-A specification.
The devicetree binding for the SP manifest is defined at the link below.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...

core: sp_mem: add security attribute

Currently sp_mem only supports non-secure memory. This patch enables
using it for secure memory too.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed

core: sp_mem: add security attribute

Currently sp_mem only supports non-secure memory. This patch enables
using it for secure memory too.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>

show more ...