core: arm: mmu: fix compile time assertion to allow 48-bit VA space

The compile time assertion on CFG_LPAE_ADDR_SPACE_BITS is inconsistent
with the one in <mm/core_mmu.h>. It should allow a 48-bit s

core: arm: mmu: fix compile time assertion to allow 48-bit VA space

The compile time assertion on CFG_LPAE_ADDR_SPACE_BITS is inconsistent
with the one in <mm/core_mmu.h>. It should allow a 48-bit size.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: remove always true conditional

The runtime conditional: 'if (CORE_MMU_BASE_TABLE_LEVEL == 0)' in
core_init_mmu_prtn_ta_core() is redundant with the preprocessor
conditional: '#if (CORE_M

core: lpae: remove always true conditional

The runtime conditional: 'if (CORE_MMU_BASE_TABLE_LEVEL == 0)' in
core_init_mmu_prtn_ta_core() is redundant with the preprocessor
conditional: '#if (CORE_MMU_BASE_TABLE_LEVEL == 0)'. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: delete unused variable

Variable 'ret' in is not used so remove it. Fixes the following warning:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_LPAE_ADDR_SPACE_BITS=40
core/arch/arm/

core: lpae: delete unused variable

Variable 'ret' in is not used so remove it. Fixes the following warning:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_LPAE_ADDR_SPACE_BITS=40
core/arch/arm/mm/core_mmu_lpae.c: In function ‘core_init_mmu_prtn_ta_core’:
core/arch/arm/mm/core_mmu_lpae.c:708:22: warning: unused variable ‘ret’ [-Wunused-variable]
708 | bool ret = false;
| ^~~

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: enable Atmel TRNG driver

Default embed Atmel TRNG in sama5d2 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed

plat-sam: enable Atmel TRNG driver

Default embed Atmel TRNG in sama5d2 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: include sama5d2.h file necessary for some values

Defines that are in platform_config.h uses values from sama5d2.h file.
Include it to avoid dependency problems.

Acked-by: Etienne Carriere

plat-sam: include sama5d2.h file necessary for some values

Defines that are in platform_config.h uses values from sama5d2.h file.
Include it to avoid dependency problems.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

crypto: drivers: se050: object identifier range

With the introduction of the se050 APDU driver, external clients can
create persistent objects on the secure element non-volatile memory.

The unique

crypto: drivers: se050: object identifier range

With the introduction of the se050 APDU driver, external clients can
create persistent objects on the secure element non-volatile memory.

The unique identifiers for these objects do not necessarily need to
fall within the range defined for objects created using the
cyptographic operation interfaces (keypair_gen).

This commit fixes the use case where a key stored in the SE05x device
(for example via a cloud service communicating to the optee-client's
libseteec) is imported into the pkcs#11 database and then used for
authentication (ie, EC sign)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: remove unnecessary code

Remove unnecessary assignment.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: dt_driver: allow drivers to fail initialization

Change the probing logic to not panic core if a drivers fails to
initialize. Driver that fail to probe are moved in a specific list
that may be

core: dt_driver: allow drivers to fail initialization

Change the probing logic to not panic core if a drivers fails to
initialize. Driver that fail to probe are moved in a specific list
that may be later print for debug purpose.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize resource releasing

Moves dt_driver_release_provider() into release_probe_lists() to get all
DT driver probing resources released upon core initialization completion.

Also

core: dt_driver: factorize resource releasing

Moves dt_driver_release_provider() into release_probe_lists() to get all
DT driver probing resources released upon core initialization completion.

Also removes the debug verbosity that is not useful at that place.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: add verbosity on provider probe error case

Prints the names of the parent node and node for which core failed to
probe a clock instance. Also prints the returned error code. These
adde

drivers: clk: add verbosity on provider probe error case

Prints the names of the parent node and node for which core failed to
probe a clock instance. Also prints the returned error code. These
added debug information help understanding where and FDT parsing failed.

Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: caam: disable jobring in DT only in case of external DTB

On LX2160 board, Embedded DTB is enabled.
While booting with CAAM enabled, a crash comes in OP-TEE because it
tries to disable

core: drivers: caam: disable jobring in DT only in case of external DTB

On LX2160 board, Embedded DTB is enabled.
While booting with CAAM enabled, a crash comes in OP-TEE because it
tries to disable the Job Ring in Embedded DTB, which is read only.
So disable Job ring only when using External DTB.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: introduce function is_embedded_dt()

This function will return true if passed DTB is same as Embedded DTB,
otherwise false

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-

core: kernel: introduce function is_embedded_dt()

This function will return true if passed DTB is same as Embedded DTB,
otherwise false

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: skip drivers not providing a probe operator

If drivers is not providing a probe operator, that can result in
crash, so skip drivers not providing a probe operator.

Signed-off-by: S

core: dt_driver: skip drivers not providing a probe operator

If drivers is not providing a probe operator, that can result in
crash, so skip drivers not providing a probe operator.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5017

show more ...

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driv

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driver provider
references when a single DT node relates to several driver providers
that are of different type by DT binding definition. For example, a DT
node may describe a device that acts both as a clock provider and a reset
controller, for which two driver references are needed in the driver
provider list.

Updates dt_driver_device_from_node_idx_prop() accordingly.

Fixes: f498c4042931 ("core: dt_driver: factorize clk_get_provider_by_*()")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: stm32_cryp: register secure peripheral

Adds registering of CRYP1 device as a secure peripheral when it is
registered as a crypto driver.

Fixes: 95134dac4b22 ("plat-stm32mp1: enable

drivers: crypto: stm32_cryp: register secure peripheral

Adds registering of CRYP1 device as a secure peripheral when it is
registered as a crypto driver.

Fixes: 95134dac4b22 ("plat-stm32mp1: enable CRYPTO HW if available")
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel that enables CRYP1 in non-secure world.

Link: [1] https://github.com/torvalds/linux/commit/b6aa35c7393680ee0a1286ca3b3237fd106ef896
Fixes: 5e64ae6796b7 ("crypto: stm32: use CRYP IP for CIPHER algorithms")
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: return TEE_ERROR_DEFER_DRIVER_INIT if no provider

Changes dt_driver_device_from_node_idx_prop() to report caller driver
probe deferral when the expected provider is not yet found in

core: dt_driver: return TEE_ERROR_DEFER_DRIVER_INIT if no provider

Changes dt_driver_device_from_node_idx_prop() to report caller driver
probe deferral when the expected provider is not yet found in the provider
list as the function description expects.

Fixes: d8b14b46af9d ("core: dt_driver: get return code when querying a device")
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libtomcrypt/sha256_accel: fix stringop-overflow error

Attempting to build optee-os with gcc11 fails with the following error
----
In function ‘sha256_compress_nblocks’,
inlined from ‘sha256_comp

libtomcrypt/sha256_accel: fix stringop-overflow error

Attempting to build optee-os with gcc11 fails with the following error
----
In function ‘sha256_compress_nblocks’,
inlined from ‘sha256_compress’ at core/lib/libtomcrypt/sha256_accel.c:81:11,
inlined from ‘sha256_done’ at core/lib/libtomcrypt/sha256_accel.c:158:5:
core/lib/libtomcrypt/sha256_accel.c:75:5: error: ‘crypto_accel_sha256_compress’ accessing 32 bytes in a region of size 20 [-Werror=stringop-overflow=]
75 | crypto_accel_sha256_compress(state, buf, blocks);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
core/lib/libtomcrypt/sha256_accel.c: In function ‘sha256_done’:
core/lib/libtomcrypt/sha256_accel.c:75:5: note: referencing argument 1 of type ‘uint32_t *’ {aka ‘unsigned int *’}
In file included from core/lib/libtomcrypt/sha256_accel.c:41:
core/include/crypto/crypto_accel.h:45:6: note: in a call to function ‘crypto_accel_sha256_compress’
45 | void crypto_accel_sha256_compress(uint32_t state[8], const void *src,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
----

Indeed, the 'state' argument here is taken from sha1.state which is a
uint32_t state[5], so 20 bytes long instead of the uint32_t state[8]
crypto_accel_sha256_compress expects.

OTOH we're in a sha256 function, and sha256.state conveniently is of the
correct size, so use sha256.state as appropriate instead.

Note that hash_state is a union and sha{1,256}.state are at the same
offset, so this is actually a no-op change.

Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

build: use CFLAGS32/CFLAGS64 when building in-tree TAs

Commit 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
only partially implements what is mentioned in the commit descriptio

build: use CFLAGS32/CFLAGS64 when building in-tree TAs

Commit 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
only partially implements what is mentioned in the commit description.
The ldelf part is OK, but in-tree TAs still don't use CFLAGS32 or
CFLAGS64. The reason is that the submodule name $(sm) is not ta_arm32 or
ta_arm64 like for TAs build with the "dev kit". Instead, $(sm) is the
name of the directory (such as "avb" for core/ta/avb, "pkcs11" for
core/ta/pkcs11, etc.). Therefore, it is not arch-bits-ta_arm32 or
arch-bits-ta_arm64 that needs to be set but arch-bits-$(sm).

Fixes: 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etien

core: dt: fix inline description of _fdt_get_status()

Corrects inline comment describing _fdt_get_status() helper function.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: drivers: se050: object identifier persistence property

The persistence of the object identifiers can be obtained by
interrogating the device. Since objects can now be created by external
act

crypto: drivers: se050: object identifier persistence property

The persistence of the object identifiers can be obtained by
interrogating the device. Since objects can now be created by external
actors using the APDU PTA, we will drop the current implementation
which flags the object transient property using a bit on the object
identifier itself.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: se050: APDU driver

This driver allows trusted applications to send raw APDU frames to the
SE050 device. The Plug-and-Trust subsystem will route the frames back
to OP-TEE for SCP03 encryption

crypto: se050: APDU driver

This driver allows trusted applications to send raw APDU frames to the
SE050 device. The Plug-and-Trust subsystem will route the frames back
to OP-TEE for SCP03 encryption and I2C transmission to the bus.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,

core: pta: APDU pseudo trusted application

Allow trusted applications and REE clients to send APDU frames to a
secure element.

Even though secure elements are usually accessible from serial buses,
when they have been initialized in OP-TEE is possible that the SCP03
secret keys are only available in the Trusted World and therefore APDU
requests must be handled in OP-TEE.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03

core: crypto: Secure Element cryptographic interface

Extract cryptographic operations specific to Secure Elements from the
more generic cryptographic interface.

Also, the Secure Channel Protocol03 is a global protocol supported by
most SEs and not NXP SE05X specific. Use this commit to reflect this
fact.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...