core: enable system PTA upon user TA support

Ensure CFG_SYSTEM_PTA is disabled when CFG_WITH_USER_TA is disabled since
system PTA is designed to provide user TA extended system features.
Without thi

core: enable system PTA upon user TA support

Ensure CFG_SYSTEM_PTA is disabled when CFG_WITH_USER_TA is disabled since
system PTA is designed to provide user TA extended system features.
Without this change, building with CFG_SYSTEM_PTA=y and CFG_WITH_USER_TA=n
may fails for error trace like:

core/pta/system.c:227: undefined reference to `ldelf_dlopen'
core/pta/system.c:260: undefined reference to `ldelf_dlsym'

Also fix reference to the GPD TEE Internal Core API in CFG_SYSTEM_PTA
description.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: remove useless function in sam_pl310.c

l2_sram_config() is currently only used to set L2 SRAM for L2 cache.
Remove it and use io_write32() directly.

Signed-off-by: Clément Léger <clement.

plat-sam: remove useless function in sam_pl310.c

l2_sram_config() is currently only used to set L2 SRAM for L2 cache.
Remove it and use io_write32() directly.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: move pl310 related code to its own file

Cleanup main.c by moving pl310 code to sam_pl310.c file.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerom

plat-sam: move pl310 related code to its own file

Cleanup main.c by moving pl310 code to sam_pl310.c file.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: move secure zone to 0x20000000

Since DRAM size can vary depending on the platforms, 0x30000000 won't
work for some of them (sama5d27_som1_ek for instance with only 128Mb of
DRAM).
Move OP-

plat-sam: move secure zone to 0x20000000

Since DRAM size can vary depending on the platforms, 0x30000000 won't
work for some of them (sama5d27_som1_ek for instance with only 128Mb of
DRAM).
Move OP-TEE secure zone to 0x20000000 which will work for all devices.
During these changes, remove the possibility to override TZDRAM address
and size because since matrix configuration can't be changed easily, it
makes no sense to allow modifying them.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: switch to generic_ram_layout.h

Remove existing defines from platform_config.h to use generic ram layout
instead.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome

plat-sam: switch to generic_ram_layout.h

Remove existing defines from platform_config.h to use generic ram layout
instead.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: rename peripheral security function

Use more relevant names for peripheral security configuration function.
Indeed these functions set the peripherals as non-secure. Since
checkpatch warne

plat-sam: rename peripheral security function

Use more relevant names for peripheral security configuration function.
Indeed these functions set the peripherals as non-secure. Since
checkpatch warned that extern is unnecessary in header, remove it.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: set correct name for ID 1 which is PMC

AT91_ID_1 is in fact referring to the power management controller (PMC).
Replace it with AT91_ID_PMC.

Signed-off-by: Clément Léger <clement.leger@bo

plat-sam: set correct name for ID 1 which is PMC

AT91_ID_1 is in fact referring to the power management controller (PMC).
Replace it with AT91_ID_PMC.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: matrix: remove wrong quirk for matrix id

Previous comment stated that the ID breaks at id 73 which is not the
case according to the datasheet. Remove this quirk which allow the last
periph

plat-sam: matrix: remove wrong quirk for matrix id

Previous comment stated that the ID breaks at id 73 which is not the
case according to the datasheet. Remove this quirk which allow the last
peripherals to be configured correctly. CHIPID peripheral can now be
correctly accessed by normal world when delegated.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: Don't call get_embedded_dt() without CFG_EMBED_DT

Several pieces of stm32mp1 code call get_embedded_dt(), then use the
resulting pointer without checks, or initiate a panic if it is N

plat-stm32mp1: Don't call get_embedded_dt() without CFG_EMBED_DT

Several pieces of stm32mp1 code call get_embedded_dt(), then use the
resulting pointer without checks, or initiate a panic if it is NULL.
Thus hitting this code results in a non-working binary. For example:

"PLATFORM=stm32mp1 CFG_DT=y"

The get_embedded_dt() uses were #ifdef'd out based on CFG_DT. However,
as shown, this is problematic, as the calls assumed a valid fdt must
be returned. A non-NULL fdt can be guaranteed with CFG_EMBED_DT, so
use this as the basis for the #ifdefs.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <et

ta: pkcs11: Add support for more HMAC mechanisms

Add support for *_GENERAL MD5 and SHA based HMAC mechanisms.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix sign size comparison

The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input si

ta: pkcs11: Fix sign size comparison

The current check does not take into account input signature sizes that
are larger than the hash size, which are invalid and should return an
error. The input signature size can be less than the hash size, but not
for the mechanisms the function is currently used for. Change the check
to match exactly the hash size.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix typo

Fix typo in comment.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta

ta: pkcs11: Fix typo

Fix typo in comment.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

lib: libutee: init array to 0

Add missing initialization in array declaration.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Revi

lib: libutee: init array to 0

Add missing initialization in array declaration.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

libutils: bget_malloc: fix test in pool min size

Requires at least 1 kB for the initial malloc memory pool. The rational
is that the initial pool min size is not straightforward to compute as
it dep

libutils: bget_malloc: fix test in pool min size

Requires at least 1 kB for the initial malloc memory pool. The rational
is that the initial pool min size is not straightforward to compute as
it depends on the internals of the BGET implementation. However, with
a requirement of at least 1 kB in initial memory pool we'll have good
margin while still being reasonable.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: register main heap first

Swap heap1 and heap2 malloc pools registration in init_runtime()
(case CFG_WITH_PAGER=y) since heap2 is the main heap part, heap1
being always < 4kB. This change ensur

core: register main heap first

Swap heap1 and heap2 malloc pools registration in init_runtime()
(case CFG_WITH_PAGER=y) since heap2 is the main heap part, heap1
being always < 4kB. This change ensures the first heap pool registered
into bget is large enough regarding bget initial pool constraint while
heap2 might to too small for that purpose.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: Handle zero sized buffer allocations

The GlobalPlatform TEE internal API specification mentions the following
about zero sized buffer allocations:
"The value returned is undefined but guara

libutee: Handle zero sized buffer allocations

The GlobalPlatform TEE internal API specification mentions the following
about zero sized buffer allocations:
"The value returned is undefined but guaranteed to be different from NULL.
The Trusted Application SHALL NOT access the returned pointer.
The Trusted Application SHOULD panic if the memory pointed to by such a
pointer is accessed for either read or write"

But, we would never observe a TA panic because a zero size is internally
translated to 1 and finally to (2 * sizeof(long)) in the bget() function.

This patch handles this aspect so to return a known non-NULL invalid
pointer when the requested size is zero.

Signed-off-by: Sadiq Hussain <sadiq.muchumarri@intel.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove interrupt test PTA

The interrupt test PTA does not support CFG_TEE_CORE_NB_CORE > 7 and
there is a compilation warning when it is > 31:

$ make -s CFG_TEE_CORE_NB_CORE=32 CFG_TEE_CORE_

core: remove interrupt test PTA

The interrupt test PTA does not support CFG_TEE_CORE_NB_CORE > 7 and
there is a compilation warning when it is > 31:

$ make -s CFG_TEE_CORE_NB_CORE=32 CFG_TEE_CORE_EMBED_INTERNAL_TESTS=y \
CFG_WERROR=y
In file included from core/include/kernel/interrupt.h:10,
from core/pta/tests/interrupt.c:7:
core/pta/tests/interrupt.c: In function ‘test_sgi’:
lib/libutils/ext/include/util.h:117:44: error: left shift count >= width of type [-Werror=shift-count-overflow]
117 | #define SHIFT_U32(v, shift) ((uint32_t)(v) << (shift))
| ^~
core/pta/tests/interrupt.c:97:18: note: in expansion of macro ‘SHIFT_U32’
97 | (uint8_t)(SHIFT_U32(1, CFG_TEE_CORE_NB_CORE) - 1));
| ^~~~~~~~~
cc1: all warnings being treated as errors

Since this PTA is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: remove deprecated CFG_TA_DYNLINK

Fully remove configuration switch CFG_TA_DYNLINK that is deprecated
since 3.6.0, see commit d1911a85142d ("core: load TAs using ldelf").

Signed-off-by: Etienne

ta: remove deprecated CFG_TA_DYNLINK

Fully remove configuration switch CFG_TA_DYNLINK that is deprecated
since 3.6.0, see commit d1911a85142d ("core: load TAs using ldelf").

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: ltc: fix missing mutex unlock

Fixes a missing mutex unlock on an out of memory error
in ltc_ecc_fp_save_state().

Signed-off-by: Ryan Cai <ycaibb@gmail.com>
Reviewed-by: Jens Wiklander <jens.w

core: ltc: fix missing mutex unlock

Fixes a missing mutex unlock on an out of memory error
in ltc_ecc_fp_save_state().

Signed-off-by: Ryan Cai <ycaibb@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: add option to generate DTB overlay at boot

When using a memory persistent across reboots for external dtb overlay
(DRAM for instance) OP-TEE will reuse the existing dtb overlay if
CFG_EXTE

core: dt: add option to generate DTB overlay at boot

When using a memory persistent across reboots for external dtb overlay
(DRAM for instance) OP-TEE will reuse the existing dtb overlay if
CFG_EXTERNAL_DTB_OVERLAY is used. This will result in a big overlay
with duplicated nodes. In order to allow having a fresh DTB overlay
at boot, add CFG_GENERATE_DTB_OVERLAY to generate the DTB overlay at
OP-TEE boot time.
Both CFG_GENERATE_DTB_OVERLAY and CFG_EXTERNAL_DTB_OVERLAY will now
consider using the dtb address provided in r2 as well as CFG_DT_ADDR
to create the overlay if not existing.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: remove 0x in reserved memory node unit name

According to the device tree specification, 0x should not be provided
in the node unit name.

Signed-off-by: Clément Léger <clement.leger@bootli

core: dt: remove 0x in reserved memory node unit name

According to the device tree specification, 0x should not be provided
in the node unit name.

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: scmi-msg: fix typo

Fix a trivial typo (§ -> /)

Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: lpae: support level 0 as base level

All background work is done for this enablement.
Once CFG_LPAE_ADDR_SPACE_BITS >= 40 level 0 is auto enabled.
According to ARM spec using 4KB granularity wi

core: lpae: support level 0 as base level

All background work is done for this enablement.
Once CFG_LPAE_ADDR_SPACE_BITS >= 40 level 0 is auto enabled.
According to ARM spec using 4KB granularity with
address space >= 40 bit auto enables level 0 page table.

Signed-off-by: Izik Dubnov <izik@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1, qemuv8)
Tested-by: Jerome Forissier <jerome@forissier.org> (vexpress-qemu_armv8a)

show more ...

core: lpae: support user mapping when base level is 0

User mapping (i.e. TAs) is expected to be at level 2,
so an level 1 entry points to this mapping.
If base level is 1, as it was supported, nothi

core: lpae: support user mapping when base level is 0

User mapping (i.e. TAs) is expected to be at level 2,
so an level 1 entry points to this mapping.
If base level is 1, as it was supported, nothing changes.
If base level is 0 then an extra page is created at level 1,
so user mapping can be pointed from level 1 entry, as it's
supported by user mappings.

Signed-off-by: Izik Dubnov <izik@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: lpae: add internal core_mmu_entry_copy()

core_mmu_entry_copy() takes a table entry that point to other
table, allocate a new table, copy the content of the original table,
and eventually make

core: lpae: add internal core_mmu_entry_copy()

core_mmu_entry_copy() takes a table entry that point to other
table, allocate a new table, copy the content of the original table,
and eventually make the higher level table point to the new table.
This function is useful to copy mapping tables from core to core.

Signed-off-by: Izik Dubnov <izik@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...