core: Add vm_get_mobj

Return the mobj of a va.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@li

core: Add vm_get_mobj

Return the mobj of a va.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: set QSPI memories as non secure

When left unconfigured, the QSPI memories are assigned to the secure
world. However, the controller is assigned to normal world and Linux
expects to use QPS

plat-sam: set QSPI memories as non secure

When left unconfigured, the QSPI memories are assigned to the secure
world. However, the controller is assigned to normal world and Linux
expects to use QPSI memories with it which will fail because they are
not accessible. Configure them to be accessible by the normal world in
order to let Linux handle the QSPI controller properly.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

drivers: caam: add CAAM registers for imx8q platforms

Add CAAM register definitions for the following platforms:
* imx8qm
* imx8qxp

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following re

drivers: caam: hal: add the support for imx8q

Add the CAAM HAL for the following platforms:
- imx8qm
- imx8qxp

These platforms feature a separate security controller that handles
the following resources/peripherals:
- RNG
- Peripheral owernership
- Clocks

To allocate and initialize the CAAM, the driver relies on the
MU driver and a secure controller API to communicate with the
security controller.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT

drivers: caam: hal: make common initialization functions overideable

Define the following functions as weak:
* caam_hal_rng_instantiated()
* caam_hal_cfg_setup_nsjobring()

Add CAAM CAAM_NOT_INIT code for CAAM RNG initialization status.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

scripts/sign_encrypt.py: add flags for the encryption key type

Allow encryption key type to be overridden from command-line. Defaults
to SHDR_ENC_KEY_DEV_SPECIFIC.

Reviewed-by: Jerome Forissier <je

scripts/sign_encrypt.py: add flags for the encryption key type

Allow encryption key type to be overridden from command-line. Defaults
to SHDR_ENC_KEY_DEV_SPECIFIC.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Donald Chan <hoiho@amazon.com>

show more ...

plat-imx: add Advantech RSB-3720 board support

Support for Advantech RSB-3720 board (imx8mp).
(PLATFORM=imx-mx8mp_rsb3720_6g)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: J

plat-imx: add Advantech RSB-3720 board support

Support for Advantech RSB-3720 board (imx8mp).
(PLATFORM=imx-mx8mp_rsb3720_6g)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

libutils: mempool based raw malloc functions

Instead of the old stack like internal memory allocator, use the raw
malloc functions instead for more efficient memory usage.

CFG_WITH_STATS is enabled

libutils: mempool based raw malloc functions

Instead of the old stack like internal memory allocator, use the raw
malloc functions instead for more efficient memory usage.

CFG_WITH_STATS is enabled automatically if
CFG_MEMPOOL_REPORT_LAST_OFFSET is enabled to secure a new dependency in
the code.

Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: export raw malloc functions

Exports raw_{memalign,malloc,free,calloc,realloc}() and also adds
raw_malloc_get_ctx_size(), raw_malloc_init_ctx(),
raw_malloc_add_pool() and raw_malloc_get_sta

libutils: export raw malloc functions

Exports raw_{memalign,malloc,free,calloc,realloc}() and also adds
raw_malloc_get_ctx_size(), raw_malloc_init_ctx(),
raw_malloc_add_pool() and raw_malloc_get_stats().

This allows using the malloc functions to allocate with a independent
memory pool.

Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu: enable testing of notifications using the console

When asynchronous notifications are enabled the console driver in qemu
is configured as a top half and bottom half driver allowing basic
testi

qemu: enable testing of notifications using the console

When asynchronous notifications are enabled the console driver in qemu
is configured as a top half and bottom half driver allowing basic
testing of the notification framework.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top

core: add asynchronous notifications

Adds support for asynchronous notifications from secure world to normal
world. This allows a design with a top half and bottom half type of
driver where the top half runs in secure interrupt context and a
notifications tells normal world to schedule a yielding call to do the
bottom half processing.

The protocol is defined in optee_msg.h optee_rpc_cmd.h and optee_smc.h.

A notification consists of a 32-bit value which normal world can
retrieve using a fastcall into secure world. OP-TEE is currently only
supporting the value 0-63 where 0 has a special meaning. When 0 is sent
it means that normal world is supposed to make a yielding call
OPTEE_MSG_CMD_DO_BOTTOM_HALF.

The notification framework in OP-TEE defines an interface where drivers
can register a callback which is called on each yielding bottom half
call.

Notification capability is negotiated with the normal world while it
initializes its driver. If both sides supports these notifications then
they are enabled.

CFG_CORE_ASYNC_NOTIF_GIC_INTID is added to define the hardware interrupt
used to notify normal world. This is added to the DTB in case OP-TEE can
is configured with CFG_DT=y. Other cases requires the normal world DTB
to be kept in sync with this.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICA

core: add new interface for synchronous notifications

Adds a new interface for synchronous notifications. The old RPC
interface based on OPTEE_RPC_CMD_WAIT_QUEUE is renamed to
OPTEE_RPC_CMD_NOTIFICATION in order to match the new interface.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerom

core: drivers: gic.h: define PPI and SPI bases

Adds the two defines GIC_PPI_BASE and GIC_SPI_BASE to tell the base of
the ranges for PPIs and SPIs respectively.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_smc.h: clarify calls with struct optee_msg_arg

Clarifies the responsibilities of the caller when calling with struct
optee_msg_arg as argument.

Reviewed-by: Jerome Forissier <jerome@for

core: optee_smc.h: clarify calls with struct optee_msg_arg

Clarifies the responsibilities of the caller when calling with struct
optee_msg_arg as argument.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GitHub actions: fix incorrect version

v4.0.1 was incorrectly added to the commit below, instead it should have
been v4.1.0.

Fixes: 1195d0dd14ba ("GitHub actions: General updates")

Signed-off-by: J

GitHub actions: fix incorrect version

v4.0.1 was incorrectly added to the commit below, instead it should have
been v4.1.0.

Fixes: 1195d0dd14ba ("GitHub actions: General updates")

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: provide __sprintf_chk implementation

While building optee_test CXX test-cases natively on aarch64, OP-TEE
build relies on toolchain provided by buildroot. The buildroot toolchain
is built

libutils: provide __sprintf_chk implementation

While building optee_test CXX test-cases natively on aarch64, OP-TEE
build relies on toolchain provided by buildroot. The buildroot toolchain
is built with flag: -fstack-protector-strong which requires
__sprintf_chk symbol provided by standard glibc. For OP-TEE we use a
customized libc which leads to below error:

...
CC out/init.o
CC out/os_test.o
CC out/ta_entry.o
CXX out/cxx_tests.o
CC out/user_ta_header.o
CPP out/ta.lds
LD out/5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.elf
/home/sumit/optee_br/build/../toolchains/aarch64/bin/aarch64-linux-ld.bfd: /home/sumit/optee_br/toolchains/aarch64/bin/../lib/gcc/aarch64-buildroot-linux-gnu/10.3.0/../../../../aarch64-buildroot-linux-gnu/lib/../lib64/libstdc++.a(cp-demangle.o): in function d_append_num': cp-demangle.c:(.text+0x830): undefined reference to __sprintf_chk'
...

Fix this issue by providing __sprintf_chk implementation.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

config: Add config options to enable BTI for TEE core and TA's

Branch Target Identification (part of the ARMv8.5 Extensions)
provides a mechanism to limit the set of locations to which
computed bran

config: Add config options to enable BTI for TEE core and TA's

Branch Target Identification (part of the ARMv8.5 Extensions)
provides a mechanism to limit the set of locations to which
computed branch instructions such as BR or BLR can jump.
To make use of BTI in TEE cores and ldelf on CPU's that
support it, enable the option CFG_CORE_BTI. The option is only
supported for ARM64 cores.

To enable BTI support for TA's and user mode libraries,
enable the option CFG_TA_BTI.

The BTI support is currently not compatible with options
CFG_VIRTUALIZATION and CFG_WITH_PAGER.

To use the option CFG_CORE_BTI, GCC toolchain built with
--enable-standard-branch-protection is needed.

To test with QEMU, use option -cpu max,sve=off.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (vexpress-qemu_armv8a)

show more ...

arm64: bti: fail link phase if some objects do not support BTI

Adds the proper linker options (-z force-bti --fatal-warnings) to fail
the link if some object files lack the BTI feature bit when BTI

arm64: bti: fail link phase if some objects do not support BTI

Adds the proper linker options (-z force-bti --fatal-warnings) to fail
the link if some object files lack the BTI feature bit when BTI is
requested (CFG_CORE_BTI=Y, CFG_TA_BTI=y). The options are added for
tee.elf, ldelf.elf, in-tree TAs, in-tree user space shared libraries
(CFG_ULIBS_SHARED=y) as well as for external TAs and shared libraries
built with the dev kit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

lib: libutils: Use ret for longjmp with Clang and BTI

longjmp uses br instead of ret to jump to the target. Thus the target
location should have the right BTI launchpad to handle this.
clang has a b

lib: libutils: Use ret for longjmp with Clang and BTI

longjmp uses br instead of ret to jump to the target. Thus the target
location should have the right BTI launchpad to handle this.
clang has a bug [1] and doesn't add the BTI after setjmp causing
exception when BTI is enabled. This works well with gcc [2]
and can be tested when compiling xtests with WITH_CXX_TESTS=n.
To avoid the exception, use ret instead of br with clang and BTI.

[1] - https://bugs.llvm.org/show_bug.cgi?id=49544
[2] - https://gcc.gnu.org/legacy-ml/gcc-patches/2018-11/msg02472.html

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: Export CFG_TA_BTI

Export CFG_TA_BTI for availability when compiling xtest

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by:

ta: Export CFG_TA_BTI

Export CFG_TA_BTI for availability when compiling xtest

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is

core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is set true only if CFG_TA_BTI is configured and
the underlying CPU supports FEAT_BTI.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructio

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructions
that are not the intended target of a branch. The executable pages need
to be marked as guarded to ensure that BTI doesn't execute as NOP.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Add ELF program property parsing support to check for BTI

ELF program properties will be needed for detecting whether to
enable optional architecture or ABI features for a new ELF process.

T

ldelf: Add ELF program property parsing support to check for BTI

ELF program properties will be needed for detecting whether to
enable optional architecture or ABI features for a new ELF process.

The PT_GNU_PROPERTY is generated by a linker to describe the
.note.gnu.property section. The definition of PT_GNU_PROPERTY can
be found in [1].

For AArch64, GNU_PROPERTY_AARCH64_FEATURE_1_AND program property type
describes a set of processor features with which an ELF object or
executable image is compatible, but does not require in order to
execute correctly. These processor features are BTI and PAC.

[1] https://github.com/hjl-tools/linux-abi/wiki/linux-abi-draft.pdf

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

elf_common: add GNU note types and properties

Add NT_GNU_PROPERTY_TYPE_0 bits and
GNU_PROPERTY_AARCH64_FEATURE_1_AND used to tell which
CPU features the binary is compatible with.

Signed-off-by: Ru

elf_common: add GNU note types and properties

Add NT_GNU_PROPERTY_TYPE_0 bits and
GNU_PROPERTY_AARCH64_FEATURE_1_AND used to tell which
CPU features the binary is compatible with.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...