mk/config.mk: fix layout

Moves tests on CFG_DRIVERS_CLK_* config switches next to where
these are assigned a default configuration value.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed

mk/config.mk: fix layout

Moves tests on CFG_DRIVERS_CLK_* config switches next to where
these are assigned a default configuration value.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

io.h: add WRITE_ONCE macro

Implements WRITE_ONCE() macro that ensures compiler will write memory
only once. It is simple wrapper over __compiler_atomic_store() but
its name emphasizes its purpose.

io.h: add WRITE_ONCE macro

Implements WRITE_ONCE() macro that ensures compiler will write memory
only once. It is simple wrapper over __compiler_atomic_store() but
its name emphasizes its purpose.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove __rodata_dtdrv_start and __rodata_dtdrv_end

Commit 61bdedea9452 ("core: define DT drivers using scattered arrays")
omitted to remove the declarations and "dummy" definitions for symbols

core: remove __rodata_dtdrv_start and __rodata_dtdrv_end

Commit 61bdedea9452 ("core: define DT drivers using scattered arrays")
omitted to remove the declarations and "dummy" definitions for symbols
__rodata_dtdrv_start and __rodata_dtdrv_end, which are not used anymore.
Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: Support verification of a signed TA

Adds a new option 'verify' to sign_encrypt.py to verify whether a
Trusted Application is signed correctly.

Required arguments: --uuid, -

scripts/sign_encrypt.py: Support verification of a signed TA

Adds a new option 'verify' to sign_encrypt.py to verify whether a
Trusted Application is signed correctly.

Required arguments: --uuid, --in, --key

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Donald Chan <hoiho@amazon.com>

show more ...

core: define DT drivers using scattered arrays

Replace the specific mechanism used to define and enumerate DT drivers
with scattered arrays. Doing so simplifies the TEE linker file a bit.

Signed-of

core: define DT drivers using scattered arrays

Replace the specific mechanism used to define and enumerate DT drivers
with scattered arrays. Doing so simplifies the TEE linker file a bit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: mmu: fix find_map_by_pa() on areas end addresses

Fix find_map_by_pa() to test the inclusive end address of an area
to prevent issues when end address overlaps size field byte size.

Revie

core: arm: mmu: fix find_map_by_pa() on areas end addresses

Fix find_map_by_pa() to test the inclusive end address of an area
to prevent issues when end address overlaps size field byte size.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: the FF-A ABI is now a stable ABI

The OP-TEE FF-A driver in the Linux kernel has been merged, so the
changes in the ABI towards the Linux kernel from now on have to be
backwards compatible.

Ac

core: the FF-A ABI is now a stable ABI

The OP-TEE FF-A driver in the Linux kernel has been merged, so the
changes in the ABI towards the Linux kernel from now on have to be
backwards compatible.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

By default, the secure element does not store all the possible EC
curves in its internal memory; however attempting to inject a keypair
when the curve is not in the secure element would cause the injection
to fail.

This commit addresses that situation by generating those curves in the
SE whenever they are not available.

Tested with TEE_ALG_ECDH_P192, TEE_ALG_ECDH_P224, TEE_ALG_ECDH_P256
and TEE_ALG_ECDH_P384 and TEE_ALG_ECDH_P521 (xtest 4009 passing)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix race in ffa_inc_map()

Fixes a race in ffa_inc_map() when mapcount is 0. The problem goes like:

Thread 1 and 2 calls ffa_inc_map() at the same time and mapcount is 0.
Thread 1 takes the lo

core: fix race in ffa_inc_map()

Fixes a race in ffa_inc_map() when mapcount is 0. The problem goes like:

Thread 1 and 2 calls ffa_inc_map() at the same time and mapcount is 0.
Thread 1 takes the lock first and initializes mapcount to 1 and map the
mobj etc.

When thread 2 has the lock it discovers that mapcount has been
initialize while it was waiting for the lock.

Prior to this patch we where exiting the function doing nothing more
since the mobj was mapped, but by doing so we'll miss to increase
mapcount.

Fix this by restarting the call to refcount_inc() using a loop.

Fixes: 73e1d3f398b0 ("core: add mobj_ffa")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix race in mobj_reg_shm_inc_map()

Fixes a race in mobj_reg_shm_inc_map() when mapcount is 0. The problem
goes like:

Thread 1 and 2 calls mobj_reg_shm_inc_map() at the same time and
mapcount

core: fix race in mobj_reg_shm_inc_map()

Fixes a race in mobj_reg_shm_inc_map() when mapcount is 0. The problem
goes like:

Thread 1 and 2 calls mobj_reg_shm_inc_map() at the same time and
mapcount is 0. Thread 1 takes the lock first and initializes mapcount to
1 and map the mobj etc.

When thread 2 has the lock it discovers that mapcount has been
initialize while it was waiting for the lock.

Prior to this patch we where exiting the function doing nothing more
since the mobj was mapped, but by doing so we'll miss to increase
mapcount.

Fix this by restarting the call to refcount_inc() using a loop.

Fixes: 37a6b717787b ("core: introduce CFG_CORE_DYN_SHM")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: fix result argument description get_of_device_func

Fixes inline description of type get_of_device_func that falsely mentions
TEE_ERROR_BUSY instead of TEE_ERROR_DEFER_DRIVER_INIT wh

core: dt_driver: fix result argument description get_of_device_func

Fixes inline description of type get_of_device_func that falsely mentions
TEE_ERROR_BUSY instead of TEE_ERROR_DEFER_DRIVER_INIT when expected
resource requests deferral of the driver probing.

Fixes: d8b14b46af9d ("core: dt_driver: get return code when querying a device")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jor

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix argument checks in yielding_call_with_arg()

Fixes two invalid checks of the argument mobj in yielding_call_with_arg().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed

core: fix argument checks in yielding_call_with_arg()

Fixes two invalid checks of the argument mobj in yielding_call_with_arg().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix link error with CFG_CC_OPT_LEVEL=0

Prior to this patch there's a link error when compiled with
CFG_CC_OPT_LEVEL=0 CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=n:
LD out/arm/core/all_ob

core: fix link error with CFG_CC_OPT_LEVEL=0

Prior to this patch there's a link error when compiled with
CFG_CC_OPT_LEVEL=0 CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=n:
LD out/arm/core/all_objs.o
aarch64-linux-gnu-ld.bfd: out/arm/core/arch/arm/kernel/thread_spmc.o: in function `handle_mem_share_rxbuf':
core/arch/arm/kernel/thread_spmc.c:781: undefined reference to `spmc_sp_add_share'

Fix this by adding a dummy static inline spmc_sp_add_share().

Fixes: 6a1b230ce97c ("core: FFA_SHARE: Process Normal World share")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: Panic when IV is provided for ECB modes

Ideally, the ECB mode doesn't need an IV at all.
The GlobalPlatform spec says "IV required: No" for
the algorithms that use this mode (Table 6-6b).

libutee: Panic when IV is provided for ECB modes

Ideally, the ECB mode doesn't need an IV at all.
The GlobalPlatform spec says "IV required: No" for
the algorithms that use this mode (Table 6-6b).

So, in order to be inclined to the requirement of the
spec, the implementation can panic when IV is provided
for ECB modes.

Signed-off-by: Sadiq Hussain <sadiq.muchumarri@intel.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Fix FID for FFA_SECONDARY_EP_REGISTER_64

Commit ef30482b4ad6 ("plat-vexpress: FF-A: update secondary core init")
updated secondary core init for the vexpress platform. In the process,
it used FFA_SE

Fix FID for FFA_SECONDARY_EP_REGISTER_64

Commit ef30482b4ad6 ("plat-vexpress: FF-A: update secondary core init")
updated secondary core init for the vexpress platform. In the process,
it used FFA_SECONDARY_EP_REGISTER with FID 0xC4000084 based on the ALP0
ABI of the spec and the TF-A upstream implementation at the time with a
note that the function ID needs to updated to the one finalied in the
spec and the TF-A implementation.

Assuming it is all finalised now, let us update the same with correct/
updated FID 0xC4000087.

Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Olivier Deprez <olivier.deprez@arm.com>
Cc: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: readability improvements

A few constant values would have been better if replaced with constant
definitions

Signed-off-by: Donald Chan <hoiho@amazon.com>
Reviewed-by: Jerom

scripts/sign_encrypt.py: readability improvements

A few constant values would have been better if replaced with constant
definitions

Signed-off-by: Donald Chan <hoiho@amazon.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are always inserted
into a list after being created and therefore need to be removed for its
owner list before the memory is released.

This changes fixes an issue when handle_get() failed in create_object()
and does not remove the reference from temporary_object_list.

Signed-off-by: Mengchi Cheng <mengcc@amazon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: enable PSCI shutdown support

Enable PSCI shutdown support using atmel shutdown controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.

plat-sam: enable PSCI shutdown support

Enable PSCI shutdown support using atmel shutdown controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: enable PSCI reset support

Enable PSCI reset support using atmel reset controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@

plat-sam: enable PSCI reset support

Enable PSCI reset support using atmel reset controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: enable PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC

Enable config PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC to implement
basic PSCI support. Force enable PSCI_ARM32 but allow other options
to be mo

plat-sam: enable PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC

Enable config PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC to implement
basic PSCI support. Force enable PSCI_ARM32 but allow other options
to be modified if shutdown and reset is not needed.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: FF-A: Add FFA_MEM_RECLAIM support

FFA_MEM_RECLAIM is used by a SP to retract given access to a memory
region. Afterwards the SP has full exclusive ownership of the memory
region again.
After c

core: FF-A: Add FFA_MEM_RECLAIM support

FFA_MEM_RECLAIM is used by a SP to retract given access to a memory
region. Afterwards the SP has full exclusive ownership of the memory
region again.
After calling FFA_MEM_RECLAIM all bookkeepings of the share are removed
from the SPMC.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FF-A: Add FFA_MEM_RELINQUISH

FFA_MEM_RELINQUISH is used by a SP to release a memory share that was
claimed by calling FFA_MEM_RETRIEVE_REQ_64 before.
The memory region will be unmapped from th

core: FF-A: Add FFA_MEM_RELINQUISH

FFA_MEM_RELINQUISH is used by a SP to release a memory share that was
claimed by calling FFA_MEM_RETRIEVE_REQ_64 before.
The memory region will be unmapped from the SPs memory once
FFA_MEM_RELINQUISH has been called the same amount of times as
FFA_MEM_RETRIEVE_REQ_64.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FF-A: ADD FFA_MEM_RETRIEVE for SPs

FFA_MEM_RETRIEVE is used by a SP to retrieve a FF-A memory share with a
handle. Once the FFA_MEM_RETRIEVE message is handled correctly the
corresponding memo

core: FF-A: ADD FFA_MEM_RETRIEVE for SPs

FFA_MEM_RETRIEVE is used by a SP to retrieve a FF-A memory share with a
handle. Once the FFA_MEM_RETRIEVE message is handled correctly the
corresponding memory region is mapped into the SPs memory

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...