ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linar

ta: pkcs11: Add support for AES CMAC mechanisms

Add support for CKM_AES_CMAC* mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

drivers: imx: add OCOTP driver

Add OCOTP driver for imx6, imx7, imx7ulp and imx8m platforms.
The implementation only supports the read of OCOTP shadow registers.
It also implements the tee_otp_get_d

drivers: imx: add OCOTP driver

Add OCOTP driver for imx6, imx7, imx7ulp and imx8m platforms.
The implementation only supports the read of OCOTP shadow registers.
It also implements the tee_otp_get_die_id() function.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

poplar: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is based on

poplar: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is based on the ION allocator, which was removed from the kernel.

Therefore, disable SDP support by default.

Link: [1] https://github.com/linaro-swg/linux/tree/optee-v5.12-20210628
Link: [2] https://github.com/OP-TEE/optee_test/blob/3.13.0/host/xtest/regression_1000.c#L1220-L1263

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

show more ...

libutils: ta: provide malloc(), calloc() and realloc() when debug is on

When enabling malloc debug for TAs (CFG_TEE_TA_MALLOC_DEBUG=y), the
standard malloc entry points malloc(), calloc() and reallo

libutils: ta: provide malloc(), calloc() and realloc() when debug is on

When enabling malloc debug for TAs (CFG_TEE_TA_MALLOC_DEBUG=y), the
standard malloc entry points malloc(), calloc() and realloc() are
redirected by C macros to instrumented variants: mdbg_malloc(),
mdbg_calloc() and mdbg_realloc(). In addition, the 'normal' symbols are
not exported by libutils. That is a problem because a TA might still
reference them. For example the C++ code in optee_test requires libstdc++
which relies on malloc() etc.:

build (master)$ make -j10 CFG_TEE_TA_MALLOC_DEBUG=y CFG_TEE_TA_LOG_LEVEL=2
...
/home/jerome/work/optee_repo_qemu/build/../toolchains/aarch32/bin/arm-linux-gnueabihf-ld.bfd: /home/jerome/work/toolchains-gcc10.2/aarch32/bin/../lib/gcc/arm-none-linux-gnueabihf/10.2.1/../../../../arm-none-linux-gnueabihf/lib/libstdc++.a(eh_alloc.o): in function `__cxa_allocate_exception':
/tmp/dgboter/bbs/build03--cen7x86_64/buildbot/cen7x86_64--arm-none-linux-gnueabihf/build/src/gcc/libstdc++-v3/libsupc++/eh_alloc.cc:284: undefined reference to `malloc'
...

Fix the issue by defining the standard malloc() functions in libutils,
calling the debug variants.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta_dev_kit.mk: set CFLAGS32 and CFLAGS64 to $(CFLAGS) by default

Prior to commit 19fdfcf617e3 ("build: ldelf and TAs can rely on
CFLAGS32/CFLAGS64") was $(arch-bits-$(sm)) not set for TAs (note: $(s

ta_dev_kit.mk: set CFLAGS32 and CFLAGS64 to $(CFLAGS) by default

Prior to commit 19fdfcf617e3 ("build: ldelf and TAs can rely on
CFLAGS32/CFLAGS64") was $(arch-bits-$(sm)) not set for TAs (note: $(sm)
is the submodule name, i.e., ta_arm32 or ta_arm64 for TAs). As a result,
$$(CFLAGS$$(arch-bits-$$(comp-sm-$2))) expanded to the value of CFLAGS
in mk/compile.mk.
With the introduction of the above commit, $(arch-bits-$(sm)) is always
set to 32 or 64 depending on the TA architecture, so mk/compile.mk now
evaluates $(CFLAGS32) or $(CFLAGS64). In order to keep the previous
behavior while still allowing specific overrides for 32 or 64-bit, set
CFLAGS32 and CFLAGS64 to $(CFLAGS) by default. This is consistent with
what was done for other submodules in commit b09cddcab1ee ("Introduce
CFLAGS32 and CFLAGS64").

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: disable SNVS for imx8qx

Disable SNVS as it is not supported by i.MX8QX platforms.

Fixes: d3bf580a67 ("core: imx: add support for i.MX 8QxP")
Signed-off-by: Clement Faure <clement.faure@n

core: imx: disable SNVS for imx8qx

Disable SNVS as it is not supported by i.MX8QX platforms.

Fixes: d3bf580a67 ("core: imx: add support for i.MX 8QxP")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: workaround PL310 errata 752271

Under very rare circumstances and under the following conditions, the
double linefill can cause data corruption.

Conditions:
* The double linefill feature

core: imx: workaround PL310 errata 752271

Under very rare circumstances and under the following conditions, the
double linefill can cause data corruption.

Conditions:
* The double linefill feature is enabled.
* The L2 cache contains dirty data.

This fault is present in PL310 revisions r3p0, r3p1, r3p1-50rel0.
This fault is fixed in r3p2.

The only workaround to this errata is to disable the double linefill
feature. [1]

Link: [1] https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: tune PL310 configuration for mx6sll

Tune PL310 L2 cache controller for better performances:
* Enable double linefill
* Disable prefetch drop
* Set prefetch offset to 0xF

Fixes: 4dac83

core: imx: tune PL310 configuration for mx6sll

Tune PL310 L2 cache controller for better performances:
* Enable double linefill
* Disable prefetch drop
* Set prefetch offset to 0xF

Fixes: 4dac83288 ("core: imx: add imx6sll evk board support")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: enable CFG_NO_SMP for imx6sll

i.MX 6SLL does not have SMP extension.

Fixes: 4dac83288b ("core: imx: add imx6sll evk board support")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
A

core: imx: enable CFG_NO_SMP for imx6sll

i.MX 6SLL does not have SMP extension.

Fixes: 4dac83288b ("core: imx: add imx6sll evk board support")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: remove useless header include

Remove #include <arm32.h> since arm.h is already included.

Fixes: f51f270a70 ("core: arm: imx: get mmdc type")
Signed-off-by: Clement Faure <clement.faure@n

core: imx: remove useless header include

Remove #include <arm32.h> since arm.h is already included.

Fixes: f51f270a70 ("core: arm: imx: get mmdc type")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix ECC key size bytes to bits conversion

Convert the ECC key size from bytes to bits.
By adding the new key_size variable, it also fixes the crypto driver
traces bellow printing th

drivers: crypto: fix ECC key size bytes to bits conversion

Convert the ECC key size from bytes to bits.
By adding the new key_size variable, it also fixes the crypto driver
traces bellow printing the ECC key size from the variable that was
missing.

Fixes: d29cd2e ("core: driver: generic resources for crypto device driver - ECC")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: acipher: fix traces compilation

Cast key pointers to uintptr_t to avoid compilation warnings when crypto
driver traces are enabled (CFG_CRYPTO_DRIVER_DEBUG=0x1)

Fixes: 62590f0 ("dr

drivers: crypto: acipher: fix traces compilation

Cast key pointers to uintptr_t to avoid compilation warnings when crypto
driver traces are enabled (CFG_CRYPTO_DRIVER_DEBUG=0x1)

Fixes: 62590f0 ("drivers: crypto: implement crypto device driver - DSA")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: dma: fix copy data size

After each crypto operation that involves a DMA output, the content of
the SGT buffer is copied to the actual output buffer. Fix the DMA copy
function where th

drivers: caam: dma: fix copy data size

After each crypto operation that involves a DMA output, the content of
the SGT buffer is copied to the actual output buffer. Fix the DMA copy
function where the size of the data to be copied is either the full size
of the data processed by the CAAM (obj->sgtbuf.length) or the size of
the output buffer.

In some cases, the output buffer is smaller than the CAAM output. The
size of data to be copied is the smallest size between the CAAM output
data size and the output buffer size.

Fixes: 38923d4 ("drivers: caam: implement CAAM DMA Object")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: crypto_conf: i.mx 7ulp does not support CAAM PKHA

There is no support for CAAM PKHA in i.MX 7ULP SOC.

Fixes: c3d61ba ("core: imx: Add imx7ulp evk board support")
Signed-off-by: Silvano d

core: imx: crypto_conf: i.mx 7ulp does not support CAAM PKHA

There is no support for CAAM PKHA in i.MX 7ULP SOC.

Fixes: c3d61ba ("core: imx: Add imx7ulp evk board support")
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add RNG data check error code

Check if the CAAM RNG driver returns DATA_FAILURE error code.
If the data check returns DATA_FAILURE, the function returns
CAAM_FAILURE.

Fixes: 2d7a896

drivers: caam: add RNG data check error code

Check if the CAAM RNG driver returns DATA_FAILURE error code.
If the data check returns DATA_FAILURE, the function returns
CAAM_FAILURE.

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: fix CAAM Job Ring halt/flush/cancel

Fix CAAM halt/flush jobs by calling dequeue operation to complete all jobs.
Add spinlock management in the cancel function because of the shared JR

drivers: caam: fix CAAM Job Ring halt/flush/cancel

Fix CAAM halt/flush jobs by calling dequeue operation to complete all jobs.
Add spinlock management in the cancel function because of the shared JR
structure.

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: Fix hal clock registers read/write

Fix CAAM Clock registers access to use io_read/write() functions and
not io_caam_read/write().

Fixes: 2d7a896 ("driver: implement CAAM driver")
Sig

drivers: caam: Fix hal clock registers read/write

Fix CAAM Clock registers access to use io_read/write() functions and
not io_caam_read/write().

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: fix hal control split key detection

Fix the CAAM Version ID MS register address (CAAM Control + JR Offset).
Change HAL caam_hal_ctrl_splitkey() to read the parameters register LS
bit

drivers: caam: fix hal control split key detection

Fix the CAAM Version ID MS register address (CAAM Control + JR Offset).
Change HAL caam_hal_ctrl_splitkey() to read the parameters register LS
bit 14 (SPLIT_KEY) that indicates the support for the split key.

Fixes: 81ab436 ("drivers: caam: implement NXP CAAM Driver - HMAC")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: hwrng fix perf drop after suspend/resume

RNG performance drops after a suspend/resume cycle on parts where caam
loses power, since the initial U-boot settings are not restored by OP-T

drivers: caam: hwrng fix perf drop after suspend/resume

RNG performance drops after a suspend/resume cycle on parts where caam
loses power, since the initial U-boot settings are not restored by OP-TEE
when resuming.
Modifying the TRNG "sample size" (the total number of entropy samples that
will be taken during entropy generation) from it's default conservative
value of 2500 to be more in line with the "sample size" that the caam
driver in U-boot/Linux kernel select(512) will solve the performance hit.

Changed the default minimum entropy delay value for I.MX 6SX from 4800
to 3200 to be in line with U-boot and Kernel setting for this value.
The higher default entropy delay value for OP-TEE would have caused a
perceived performance hit after/suspend resume.

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Dragos Rosioru <dragos.rosioru@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: fix missing output additional length

CAAM HW Module requires additional bytes in output buffer
to perform the requested operation.
This is the case for ECDSA operation, signature must

drivers: caam: fix missing output additional length

CAAM HW Module requires additional bytes in output buffer
to perform the requested operation.
This is the case for ECDSA operation, signature must be 16 bytes
aligned.
The CAAM DMA object is adding the required bytes if the signature
output buffer is too short. The issue is that this additional
bytes were not added in the DMA buffer to be allocated.

Fixes: 38923d4 ("drivers: caam: implement CAAM DMA Object")
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: ack the interrupt when completing a job

The ITR will only be acked if the job finishes between the
do_jr_dequeue() and caam_hal_jr_check_ack_itr().
With this fix, we ensure the ITR is

drivers: caam: ack the interrupt when completing a job

The ITR will only be acked if the job finishes between the
do_jr_dequeue() and caam_hal_jr_check_ack_itr().
With this fix, we ensure the ITR is acked when leaving
caam_jr_dequeue() function.

Fixes: 2d7a896 ("driver: implement CAAM driver")
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: rework digprog driver

Rework digprog read value for all i.MX platforms.
Add the distinction between i.MX8MQ B0 and B1 platforms.
Add soc_is_*() functions for all i.MX8mscale platforms.

F

core: imx: rework digprog driver

Rework digprog read value for all i.MX platforms.
Add the distinction between i.MX8MQ B0 and B1 platforms.
Add soc_is_*() functions for all i.MX8mscale platforms.

Fixes: 247f081a95 ("core: imx: re-work SoC version detection")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: introduce CFG_MX8M compilation flag

Introduce the CFG_MX8M compilation flag that designates the following
platforms:
* mx8mmevk
* mx8mnevk
* mx8mpevk
* mx8mqevk
It is used to define c

core: imx: introduce CFG_MX8M compilation flag

Introduce the CFG_MX8M compilation flag that designates the following
platforms:
* mx8mmevk
* mx8mnevk
* mx8mpevk
* mx8mqevk
It is used to define code and features common to i.MX8mscale
platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: dt: fix missing const attribute on fdt reference

The standard FDT reference in libfdt and friends is a const void *. Fix
few function prototypes that miss the const attribute.

Signed-off-by:

core: dt: fix missing const attribute on fdt reference

The standard FDT reference in libfdt and friends is a const void *. Fix
few function prototypes that miss the const attribute.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-ls: conf.mk: correct Embedded DTB flag

Emebedded DTB flag is CFG_EMBED_DTB which was wrongly
set as CFG_EMBED_DT.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Etienne Carri

plat-ls: conf.mk: correct Embedded DTB flag

Emebedded DTB flag is CFG_EMBED_DTB which was wrongly
set as CFG_EMBED_DT.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...