core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address ra

core: kernel: add reg_size in the dt_node_info structure

Add the register size read from device tree in the dt_node_info
structure. It may be used to map the IO registers with the
correct address range.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error cod

core: kernel: use size_t instead of ssize_t for _fdt_reg_size()

Size is read from the reg device tree property as an unsigned value
coming from fdt32_to_cpu().
Use a size_t with associated error code DT_INFO_INVALID_REG_SIZE as
return in prototype. Update the current users according to this change.

Signed-off-by: Lionel Debieve <lionel.debieve@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: azure: add job to build and run the Rust tests

Add a job to the Azure CI to build and run the Rust test suite in the
Teaclave Trustzone SDK [1].

Link: [1] https://github.com/apache/incubator-te

ci: azure: add job to build and run the Rust tests

Add a job to the Azure CI to build and run the Rust test suite in the
Teaclave Trustzone SDK [1].

Link: [1] https://github.com/apache/incubator-teaclave-trustzone-sdk/
Link: https://github.com/OP-TEE/build/commit/e84f2506f327
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Yuan Zhuang <zhuangyuan04@baidu.com>

show more ...

ci: azure: fix build error in Buildroot's OpenSSL

After the addition of Buildroot package host-python3-cryptography as a
dependency of optee_client_ext and optee_examples_ext [1], we now have
a buil

ci: azure: fix build error in Buildroot's OpenSSL

After the addition of Buildroot package host-python3-cryptography as a
dependency of optee_client_ext and optee_examples_ext [1], we now have
a build error in the Azure CI "QEMUv8 check" job:

>>> host-libopenssl 1.1.1l Configuring
(cd /root/optee_repo_qemu_v8/out-br/build/host-libopenssl-1.1.1l; ...
./config ...)
Operating system: x86_64-whatever-build
This system (build) is not supported. See file INSTALL for details.

The same command runs OK manually in the Docker image, but not in the
Azure environment. It is due to the fact that Azure sets a number of
environment variables, one of which (${SYSTEM}) conflicts with the
OpenSSL configuration script. Since we don't use this variable in our
script, just unset it.

Link: [1] https://github.com/OP-TEE/build/commit/a3b368f89a1c
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

MAINTAINERS: maintain zynqmp drivers

Tag core/drivers/zynqmp_* as maintained.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Sa

zynqmp: platform: use HUK derived from PUF KEK for RPMB

Enable the RPMB key when the HUK is generated from the PUF KEK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the

zynqmp: drivers: generate HUK from PUF KEK

If authenticated boot was disabled we allow generating the HUK using
the SHA-256 of the DNA unique identifier.

If authenticated boot was enabled, use the PUK KEK to generate the
HUK instead. The PUF KEK must be registered while securing the board
using the Xilinx tools. In this case, the HUK is generated by reading
the DNA eFuses. This 96 bits value is used to generate a 16 byte
digest which is then AES-GCM encrypted using the PUF KEK. The
resulting 16 byte value is the HUK. To prevent the HUK from being
leaked, the AES-GCM module must be reserved.

The HUK generation was validated on Zynqmp zu3cg using the Xilinx
Lightweight Provisioning Tool to enable authenticated boot and to
provision the PUF (burning a number of eFuses in the process).

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Tested-by: Ricardo Salveti <ricardo@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be bu

zynqmp: drivers: PM firmware

These routines call TF-A exported SiP services that implement IPI
protocol for communication with PMUFW (Platform Management Unit).

To access eFuses, PMUFW should be built with -DENABLE_EFUSE_ACCESS=1.

Notice however that certain eFuses will not be available unless the
Xilskey library linked to the PMUFW is compiled removing some of those
security restrictions.

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system

zynqmp: drivers: AES-GCM with PUF KEK

Provide a mechanism to encrypt a red key using the KEK; the KEK is
only available on secured boards after the RSA_EN and PPK eFUSES have
been burnt (the system will only boot ROM authenticated bootloaders
from here on).

The main use case for OP-TEE would be to encode the zynqmp per device
unique identifier (DNA0, DNA1, DNA2 eFUSEs - ie, a red key) using the
KEK. The encryption key generated this way is cryptographically strong
and will be used as the device HUK (ie, black key).

Test code:

csu_aes_encrypt_data(src, dst, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
csu_aes_decrypt_data(dst, src, BLOB_DATA_SIZE, tag, GCM_TAG_SIZE,
iv, GCM_IV_SIZE, CSU_AES_KEY_SRC_DEV);
if (memcmp(src, buffer, BLOB_DATA_SIZE)) {
EMSG(" - encrypt/decrypt test failed");

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-of

zynqmp: drivers: CSUDMA module

This module provides a mechanism to transfer data between memory and
peripherals. The data path is selected in the Secure Stream Switch
register in the CSU.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The

zynqmp: drivers: Physically Unclonable Function (PUF)

This block is used to generate black keys via the AES-GCM module.
The PUF KEK - feeding the AES-GCM block - is also unique for each
device.

The KEK is only available once the board has been secured via
programmable eFUSES (RSA_EN authentication via the PPK fuses).

Registering the PUF should be done using the Xilinx tools so the
adequate eFUSES are written.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisa

zynqmp: drivers: CSU module base definitions

CSU registers and offsets for submodules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
R

zynqmp: register the CSU memory with the platform

The CSU memory block that will be mapped from different drivers (ie,
PUF, AES-GCM, SHA..)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carrier

zynqmp: define the STACK_ALIGNMENT in terms of CACHELINE

Explicitily define the cache line length

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa

zynqmp: add base address definitions

Add the base address definitions for the CSU and the CSUDMA modules

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <

drivers: imx: add MU driver

Add Message Unit driver. This driver is needed to communicate with the
security controller.

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.c

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: socket: enable TA to query recv out buffer

Propagate out size for socket recv event when it's larger than the
supplied in size. Also enable passing a NULL buffer while querying the
size o

core: pta: socket: enable TA to query recv out buffer

Propagate out size for socket recv event when it's larger than the
supplied in size. Also enable passing a NULL buffer while querying the
size of the buffer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix ASLR problem with short-descriptor table mappings

With short-descriptor table mappings, that is without LPAE, the user va
range is defined at the lowest addresses. Depending on the seed su

core: fix ASLR problem with short-descriptor table mappings

With short-descriptor table mappings, that is without LPAE, the user va
range is defined at the lowest addresses. Depending on the seed supplied
this could conflict with chosen base address for core mappings. Add a
check early in assign_mem_va() to avoid such conflicts.

Without this patch there's a risk of occasional panics like:
E/TC:0 0 Panic 'issue in linear address space' at core/arch/arm/mm/core_mmu.c:2147 <check_pa_matches_va>
E/TC:0 0 TEE load address @ 0xa34000
E/TC:0 0 Call stack:
E/TC:0 0 0x00a3a901

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: zynqmp: register ddr for dyn shm support

Register DDR based on the DRAM base and size definitions from
platform_config.h for supporting dynamic shared memory usage.

Acked-by: Jens Wiklander <

plat: zynqmp: register ddr for dyn shm support

Register DDR based on the DRAM base and size definitions from
platform_config.h for supporting dynamic shared memory usage.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

drivers: crypto: rsa/ecc/dsa: input parameter validation

To comply with the PKCS#11 convention for functions returning output
in a variable-length buffer, prefer to check the required size of the
ou

drivers: crypto: rsa/ecc/dsa: input parameter validation

To comply with the PKCS#11 convention for functions returning output
in a variable-length buffer, prefer to check the required size of the
output buffer before the existence of the output buffer itself.

This will save callers from having to allocate a buffer that might not
be used.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

drivers: clk: rename setup callback to probe

Rename clock core and fixed_clk setup functions to probe functions and
update in-line description as per handler description in the framework.

Acked-by:

drivers: clk: rename setup callback to probe

Rename clock core and fixed_clk setup functions to probe functions and
update in-line description as per handler description in the framework.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: rename clk_dt_get_fn to clk_dt_get_func

Rename type clk_dt_get_fn to clk_dt_get_func for consistency in OP-TEE
OS implementation where all other function prototype type definitions
use

drivers: clk: rename clk_dt_get_fn to clk_dt_get_func

Rename type clk_dt_get_fn to clk_dt_get_func for consistency in OP-TEE
OS implementation where all other function prototype type definitions
use _func as suffix.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta/bcm/elog: add missing buffer size check

Adds a missing buffer size check in pta_elog_load_nitro_fw(). This
prevents writing beyond the memory range reserved for the nitro
firmware.

Fixes:

core: pta/bcm/elog: add missing buffer size check

Adds a missing buffer size check in pta_elog_load_nitro_fw(). This
prevents writing beyond the memory range reserved for the nitro
firmware.

Fixes: e605fbdfd7a0 ("pta: bcm: Add PTA to handle Broadcom error logs")
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: implement clk_is_enabled()

Add clock API function clk_is_enabled(). It is not very useful at
runtime since clock state can change at any time. The API function
is useful during specifi

drivers: clk: implement clk_is_enabled()

Add clock API function clk_is_enabled(). It is not very useful at
runtime since clock state can change at any time. The API function
is useful during specific system sequences where OP-TEE core knows
is executes atomically (primary core boot, low power sequences).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...