MAINTAINERS: remove Victor (Linaro)

Victor is not with Linaro anymore, so remove him from MAINTAINERS.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.w

MAINTAINERS: remove Victor (Linaro)

Victor is not with Linaro anymore, so remove him from MAINTAINERS.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: update my email address

Replace my personal email address with my professional one. My address
@forissier.org is still valid but less preferred for Linaro-related
development.

Signed-o

MAINTAINERS: update my email address

Replace my personal email address with my professional one. My address
@forissier.org is still valid but less preferred for Linaro-related
development.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: stm32_cryp: fix coding style issues

Removes spurious space characters in stm32_cryp driver implementation
to conform with optee_os coding style.

Reviewed-by: Jerome Forissier <jero

drivers: crypto: stm32_cryp: fix coding style issues

Removes spurious space characters in stm32_cryp driver implementation
to conform with optee_os coding style.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: stm32_cryp: probe as a dt_driver

Changes stm32_cryp driver to register as a DT driver and support
probe deferral on clock and reset controller resources.

Acked-by: Jerome Forissier

drivers: crypto: stm32_cryp: probe as a dt_driver

Changes stm32_cryp driver to register as a DT driver and support
probe deferral on clock and reset controller resources.

Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: add UART4 base address for iMX8QM/QP

Some iMX8QM boards use the UART4.

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Clément Péron <peron.clem@gmail.com>

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gab

plat-stm32mp1: add STM32MP13 platform support

Add specific platform code for STM32MP13 initialization.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

clk: stm32mp13: add all clocks for STM32MP13

Registers all STM32PM13 clock with the clock framework.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabri

clk: stm32mp13: add all clocks for STM32MP13

Registers all STM32PM13 clock with the clock framework.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

clk: stm32mp13: Introduce STM32MP13 clocks platform

This driver uses a clk-stm32-core API to manage STM32 gates, dividers
and muxes.
The goal of this first patch is to parse the device tree and init

clk: stm32mp13: Introduce STM32MP13 clocks platform

This driver uses a clk-stm32-core API to manage STM32 gates, dividers
and muxes.
The goal of this first patch is to parse the device tree and initialize
a platform data to configure the clock tree.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

dt-bindings: stm32: add stm32mp13 clock and reset bindings

Add new clocks and reset binding files to manage STM32MP13 RCC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ga

dt-bindings: stm32: add stm32mp13 clock and reset bindings

Add new clocks and reset binding files to manage STM32MP13 RCC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-

plat-stm32mp1: add stub for clock parents registering for stm32mp13

No need to register secure clock parents for STM32MP13 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

core: dt: add kernel DT API to retrieved device information from DT

Add _fdt_read_uint32_array(), _fdt_read_uint32(),
_fdt_read_uint32_default(), _fdt_check_node() functions.

Acked-by: Etienne Carr

core: dt: add kernel DT API to retrieved device information from DT

Add _fdt_read_uint32_array(), _fdt_read_uint32(),
_fdt_read_uint32_default(), _fdt_check_node() functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this u

core: imx: generate uImage for imx6 and imx7 platforms

In the standard NXP BSP boot-flow, for imx6 and imx7 platforms (ARMv7),
optee-os is booted by U-Boot as a uImage file.
The generation of this uImage requires:
- optee-os load address. This address is fetched in the tee.elf file
with readelf.
- mkimage u-boot-tools. This tool takes the load address and the
tee-raw.bin as an input to generate the uImage uTee.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this pag

core: sp: Pass manifest fdt to SP

Pass the SP manifest fdt to the SP inside the info struct. To be able to
pass the manifest we allocate and map a new page to the SP and copy the
fdt inside this page. This is done to make sure that no other data in
the same page as the original fdt is leaked to the SP.
After the SP is done initializing we free the page from the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by:

core: sp: Add magic value into info parameter

The info parameter passed to a SP at initialization should have the
magic value set to "FF-A".

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <je

core: sp: check manifest fdt

Check the SPs manifest fdt file to make sure that the correct manifest
is loaded for the SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC mani

core: sp: Append fdt manifest to SP image

Sp use a manifest file that define information about the SP. A device
tree (fdt) will be used as a manifest file. This is in line with the
Hafnium SPMC manifest format.

The fdt will be appended to the SP image by adding a --manifest flag to
the scripts/ts_bin_to_c.py script.

Link: https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: fix key generation for SM2 DSA and SM2 PKE

TEE_GenerateKey() returns TEE_ERROR_BAD_FORMAT when the object type is
TEE_TYPE_SM2_DSA_KEYPAIR or TEE_TYPE_SM2_KEP_KEYPAIR. Only
TEE_TYPE_SM

core: crypto: fix key generation for SM2 DSA and SM2 PKE

TEE_GenerateKey() returns TEE_ERROR_BAD_FORMAT when the object type is
TEE_TYPE_SM2_DSA_KEYPAIR or TEE_TYPE_SM2_KEP_KEYPAIR. Only
TEE_TYPE_SM2_PKE_KEYPAIR is accepted, which is clearly wrong as per the
GlobalPlatform specification. Fix that by adding the missing entries to
syscall_obj_generate_key().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: sm2: remove TEE_ATTR_ECC_CURVE attribute from SM2 keys

SM2 key objects should not have a TEE_ATTR_ECC_CURVE attribute. For
example, the GP specification states that TEE_GenerateKey() c

core: crypto: sm2: remove TEE_ATTR_ECC_CURVE attribute from SM2 keys

SM2 key objects should not have a TEE_ATTR_ECC_CURVE attribute. For
example, the GP specification states that TEE_GenerateKey() can be
called with no attribute for the various SM2 algorithms. The current
implementation uses the same attribute templates than generic ECC
algorithms, which is wrong. Define specific variants for SM2 so that
TEE_ATTR_ECC_CURVE is not required when generating or populating SM2
keys and is not output either by TEE_GetObjectBufferAttribute().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: sm2: fix SM2 key generation

ecc_get_keysize() lacks a case for TEE_ECC_CURVE_SM2, which prevents the
generation of a SM2 key pair. Fix this.

Signed-off-by: Jerome Forissier <jerome@f

core: mbedtls: sm2: fix SM2 key generation

ecc_get_keysize() lacks a case for TEE_ECC_CURVE_SM2, which prevents the
generation of a SM2 key pair. Fix this.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: add curve type to domain parameter group ID conversion

MBedTLS functions mbedtls_ecp_group_load() and mbedtls_ecdsa_genkey()
take a group ID parameter of type mbedtls_ecp_group_id whi

core: mbedtls: add curve type to domain parameter group ID conversion

MBedTLS functions mbedtls_ecp_group_load() and mbedtls_ecdsa_genkey()
take a group ID parameter of type mbedtls_ecp_group_id which is an enum
(MBEDTLS_ECP_DP_SECP192R1, etc.). The code in lib/libmbedtls/core/ecc.c
incorrectly passes a uint32_t TEE curve ID instead
(TEE_ECC_CURVE_NIST_P192, etc.). By chance the values happen to be the
same for all the NIST curves, but not for SM2. Fix that by introducing a
conversion function.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CU

core: mbedtls: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CURVE_SM2
when the key type is one of TEE_TYPE_SM2_{DSA,KEP,PKE}_KEYPAIR because
the user is not supposed to provide any TEE_ATTR_ECC_CURVE attribute,
contrary to other ECC algorithms.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: sm2: use proper curve during key generation

TEE_GenerateKey() generates an invalid key pair for SM2: the point is not
on the curve, it is on the NIST P256 curve instead. Fix this by looki

core: ltc: sm2: use proper curve during key generation

TEE_GenerateKey() generates an invalid key pair for SM2: the point is not
on the curve, it is on the NIST P256 curve instead. Fix this by looking
up the proper curve name before key generation.

Link: https://github.com/OP-TEE/optee_os/issues/5211
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CURVE_

core: ltc: sm2: set curve by default when key type is SM2

crypto_asym_alloc_ecc_keypair() and crypto_asym_alloc_ecc_public_key()
should set the curve field of the ecc_key structure to TEE_ECC_CURVE_SM2
when the key type is one of TEE_TYPE_SM2_{DSA,KEP,PKE}_KEYPAIR because
the user is not supposed to provide any TEE_ATTR_ECC_CURVE attribute,
contrary to other ECC algorithms.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix mobj_shm_ops support .get_cattr()

ftrace use static shared memory returns an object of type mobj_shm_ops.
But the get_cattr function is not implemented in mobj_shm_ops.This will
cause

core: mm: fix mobj_shm_ops support .get_cattr()

ftrace use static shared memory returns an object of type mobj_shm_ops.
But the get_cattr function is not implemented in mobj_shm_ops.This will
cause ftrace to not work properly.

Signed-off-by: Lejia Zhang <zhanlej@gmail.com>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add remote attestation PTA

Add a PTA to perform remote attestation of user space TAs and TEE core
memory. Enabled with CFG_ATTESTATION_PTA=y. Four commands are defined:

- PTA_ATTESTATION

core: pta: add remote attestation PTA

Add a PTA to perform remote attestation of user space TAs and TEE core
memory. Enabled with CFG_ATTESTATION_PTA=y. Four commands are defined:

- PTA_ATTESTATION_GET_PUBKEY

Returns the public RSA key used to sign the measurements generated by
the other commands. The key pair is generated on first call (any
command) and saved to secure storage. It is therefore device-specific.

- PTA_ATTESTATION_GET_TA_SHDR_DIGEST

Returns the digest found in the secure header (struct shdr) of a TA
or trusted shared library given its UUID.

- PTA_ATTESTATION_HASH_TA_MEMORY

This command must be called by a user space TA (not a CA). It computes
a hash of the memory pages that belong to the caller and contain code
or read-only data. This hash is therefore a runtime measurement of the
TA execution environment, including shared libraries (if any). It can be
used to remotely attest that the device is running untampered TA code.

- PTA_ATTESTATION_HASH_TEE_MEMORY

Returns a hash of the TEE OS core (.text and .rodata sections, less the
small part of .text that may be modified at boot). Similar to
PTA_ATTESTATION_HASH_TA_MEMORY, the hash is computed each time the
command is called, so that the result reflects the actual memory
content.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...