plat-imx: registers: imx6: fix i2c3 base address

Fix the base address of the I2C3 controller

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadig

plat-imx: registers: imx6: fix i2c3 base address

Fix the base address of the I2C3 controller

Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Devendra Devadiga <devendradevadiga01@gmail.com>

show more ...

core: plat-ls: generate tee-raw.bin

LS Platforms use RAW OP-TEE binary, but it is not getting
generated by default for platforms.
So added code for generating it by default for LS platforms.

Signed

core: plat-ls: generate tee-raw.bin

LS Platforms use RAW OP-TEE binary, but it is not getting
generated by default for platforms.
So added code for generating it by default for LS platforms.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

core: clear temporary stack flag before entering boot_init_primary_late()

boot_init_primary_late() uses the stack of thread 0, so the flag that
indicates usage of the temporary stack must be cleared

core: clear temporary stack flag before entering boot_init_primary_late()

boot_init_primary_late() uses the stack of thread 0, so the flag that
indicates usage of the temporary stack must be cleared in the current
core's thread_core_local structure.

Fixes the following crash when CFG_CORE_DEBUG_CHECK_STACKS=y:

D/TC:0 0 select_vector:1126 SMCCC_ARCH_WORKAROUND_1 (0x80008000) available
D/TC:0 0 select_vector:1128 SMC Workaround for CVE-2017-5715 used
D/TC:0 0 check_stack_limits:370 Stack pointer out of range (0xb7f54fd0)
D/TC:0 0 print_stack_limits:346 tmp [0] 0xb7f57c90..0xb7f584b0
D/TC:0 0 print_stack_limits:346 tmp [1] 0xb7f58ad0..0xb7f592f0
D/TC:0 0 print_stack_limits:346 tmp [2] 0xb7f59910..0xb7f5a130
D/TC:0 0 print_stack_limits:346 tmp [3] 0xb7f5a750..0xb7f5af70
D/TC:0 0 print_stack_limits:351 abt [0] 0xb7f4e710..0xb7f4f330
D/TC:0 0 print_stack_limits:351 abt [1] 0xb7f4f950..0xb7f50570
D/TC:0 0 print_stack_limits:351 abt [2] 0xb7f50b90..0xb7f517b0
D/TC:0 0 print_stack_limits:351 abt [3] 0xb7f51dd0..0xb7f529f0
D/TC:0 0 print_stack_limits:356 thr [0] 0xb7f53030..0xb7f55030
D/TC:0 0 print_stack_limits:356 thr [1] 0xb7f55670..0xb7f57670
E/TC:0 0 Panic at core/arch/arm/kernel/thread.c:372 <check_stack_limits>

Fixes: 59ac3801b756 ("core: split boot_init_primary()")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: use adr_l to reference stack_tmp_stride

When CFG_NUM_THREADS and/or CFG_TEE_CORE_NB_CORE become large enough,
link errors are reported:

$ make -s CFG_TEE_CORE_NB_CORE=48 CFG_NUM_THREA

core: arm64: use adr_l to reference stack_tmp_stride

When CFG_NUM_THREADS and/or CFG_TEE_CORE_NB_CORE become large enough,
link errors are reported:

$ make -s CFG_TEE_CORE_NB_CORE=48 CFG_NUM_THREADS=48 \
PLATFORM=vexpress-qemu_armv8a
out/arm-plat-vexpress/core/arch/arm/kernel/entry_a64.o: in function `clear_bss':
core/arch/arm/kernel/entry_a64.S:160:(.text._start+0x98): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `stack_tmp_stride' defined in .identity_map.stack_tmp_stride section in out/arm-plat-vexpress/core/arch/arm/kernel/thread.o
out/arm-plat-vexpress/core/arch/arm/kernel/entry_a64.o: in function `cpu_on_handler':
core/arch/arm/kernel/entry_a64.S:443:(.text.cpu_on_handler+0x50): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `stack_tmp_stride' defined in .identity_map.stack_tmp_stride section in out/arm-plat-vexpress/core/arch/arm/kernel/thread.o

Fix the issue by replacing the addr instruction with the adr_l macro.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: entry_a64.S: use adr_l macro instead of open coding

Replace the open-coded adrp + add :lo12: in set_sp with the macro that
does the very same thing (adr_l).

Signed-off-by: Jerome Forissier <j

core: entry_a64.S: use adr_l macro instead of open coding

Replace the open-coded adrp + add :lo12: in set_sp with the macro that
does the very same thing (adr_l).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mm: split mobj_tee_ram onto rw/rx parts

Now mobj_tee_ram memory abstraction contains both TEE_RAM_RX and TEE_RAM_RW
regions joined together. This patch splits it to mobj_tee_ram_rx and
mobj_tee_ram_

mm: split mobj_tee_ram onto rw/rx parts

Now mobj_tee_ram memory abstraction contains both TEE_RAM_RX and TEE_RAM_RW
regions joined together. This patch splits it to mobj_tee_ram_rx and
mobj_tee_ram_rw to manage RX/RW memory objects separately.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Rybakov <a.rybakov@omp.ru>

show more ...

ci: azure: run regression tests (make check) in QEMUv8

Adds a separate job to execute "make check" in the QEMUv8 environment.
The default configuration is tested as well as Normal World
virtualizati

ci: azure: run regression tests (make check) in QEMUv8

Adds a separate job to execute "make check" in the QEMUv8 environment.
The default configuration is tested as well as Normal World
virtualization (XEN_BOOT=y).

The Docker image used for this is jforissier/optee_os_ci:qemuv8_check
on Docker Hub [1]. The Dockerfile is available on Github [2].

Link: [1] https://hub.docker.com/repository/docker/jforissier/optee_os_ci/
Link: [2] https://github.com/jforissier/docker_optee_os_ci/blob/qemuv8_check/Dockerfile
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey, hikey960: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is

hikey, hikey960: disable CFG_SECURE_DATA_PATH by default

Since linaro-swg/linux.git branch optee [1] was rebased onto kernel
v5.12, Secure Data Path is broken in xtest [2] because the client side
is based on the ION allocator, which was removed from the kernel.

Therefore, disable SDP support by default.

Link: [1] https://github.com/linaro-swg/linux/tree/optee-v5.12-20210628
Link: [2] https://github.com/OP-TEE/optee_test/blob/3.13.0/host/xtest/regression_1000.c#L1220-L1263
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: csu: RNGB TZ reservation on imx6ull/sl/sll

Reserve the RNGB to the TrustZone.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutron

drivers: csu: RNGB TZ reservation on imx6ull/sl/sll

Reserve the RNGB to the TrustZone.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: REE FS: report earlier unexpected REE FS reset

When REE FS dirf.db file is not found but RPMB stores a hash for
that file it means the REE FS was tampered. This change makes OP-TEE
core to rep

core: REE FS: report earlier unexpected REE FS reset

When REE FS dirf.db file is not found but RPMB stores a hash for
that file it means the REE FS was tampered. This change makes OP-TEE
core to report this status instead of creating the file and let a later
access fails due to empty content hash mismatch.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: REE FS: introduce CFG_REE_FS_ALLOW_RESET

New boolean configuration switch CFG_REE_FS_ALLOW_RESET that, when
enabled, will make OP-TEE OS to allow REE FS content to be reset in
the Linux filesy

core: REE FS: introduce CFG_REE_FS_ALLOW_RESET

New boolean configuration switch CFG_REE_FS_ALLOW_RESET that, when
enabled, will make OP-TEE OS to allow REE FS content to be reset in
the Linux filesystem even when RPMB FS is enabled and already stores a
REE FS rollback protection hash. This switch is intended to test purpose
where REE FS can be wiped because the device flash memory was programmed
with brand new build artifacts.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix DMA object when only output reallocated

Use case:
- cipher block to encrypt/decrypt is more than 1 Kbytes (e.g. 1232
bytes)
- input data are accessible from CAAM (no reallocatio

drivers: caam: fix DMA object when only output reallocated

Use case:
- cipher block to encrypt/decrypt is more than 1 Kbytes (e.g. 1232
bytes)
- input data are accessible from CAAM (no reallocation)
- output data is not accessible from CAAM (reallocation of DMA buffer).

In case of cipher operation, the input and output CAAM SGT/Buffer
are built in same time through function caam_dmaobj_sgtbuf_inout_build()
to ensure that both SGT/Buffer do the same cipher block size.
Function caam_dmaobj_sgtbuf_inout_build() calls the function
caam_dmaobj_sgtbuf_build():
- first to build the input data SGT/Buffer. Length returned is
whole cipher buffer size (i.e. 1232 bytes).
- secondly to build the output data SGT/Buffer. Length return is
whole cipher buffer size (i.e. 1232 bytes) whereas it must be 1024 bytes
because output data must use the reallocation DMA buffer (max 1KBytes).

Fix consist in returning the SGT/Buffer length effectively mapped and
not the maximum length that is the input data SGT/Buffer length.

Consequence of this fix, AES CMAC update loop has to be fixed.

Fixes: 38923d487567 ("drivers: caam: implement CAAM DMA Object")

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: azure: use Docker image jforissier/optee_os_ci

Since commit 6538ef550502 ("Add Clang 12.0.0 toolchain") [1], the Clang
toolchain is integrated into the docker image jforissier/optee_os_ci so
the

ci: azure: use Docker image jforissier/optee_os_ci

Since commit 6538ef550502 ("Add Clang 12.0.0 toolchain") [1], the Clang
toolchain is integrated into the docker image jforissier/optee_os_ci so
there is no need to use jforissier/optee_os_ci_clangbuilt which is now
obsolete.

Link: [1] https://github.com/jforissier/docker_optee_os_ci/commit/6538ef55050235065f53e141d76a3f8d260c6726
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: azure: remove references to Shippable

Reflect the fact that we have switched from Shippable CI to Microsoft
Azure by removing references to Shippable:
- the DNS name of the cache server is chang

ci: azure: remove references to Shippable

Reflect the fact that we have switched from Shippable CI to Microsoft
Azure by removing references to Shippable:
- the DNS name of the cache server is changed from 'shippable-cache' to
'cache'.
- a new user account 'optee_os_ci' is used instead of 'shippable'.

No functional change expected.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add more overflow checks in ree_fs_ta_open()

Adds more overflow checks in ree_fs_ta_open() and also checks that the
encrypted header (struct shdr_encrypted_ta) also fits in the size of the
TA

core: add more overflow checks in ree_fs_ta_open()

Adds more overflow checks in ree_fs_ta_open() and also checks that the
encrypted header (struct shdr_encrypted_ta) also fits in the size of the
TA binary.

The latter check is needed to guard against fabricated values in struct
shdr_encrypted_ta for iv_size and/or tag_size which could trick OP-TEE
to read beyond the end of the buffer where the TA was loaded.

Reading beyond the end of the TA buffer would normally result in a crash
or if there's a valid mappings just after just a failure to load the TA.
No unchecked code will be executed, but it may result in a secure world
crash.

So this commit will check that the iv_size and tag_size values can point
to a valid buffer before attempting to read and thus prevent a crash.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Patrik Lantz <Patrik.Lantz@axis.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow check in SHDR_ENC_GET_SIZE()

Prior to this patch could the additions in the macro SHDR_ENC_GET_SIZE()
cause an integer overflow. So fix this by using the ADD_OVERFLOW() macro
and

core: add overflow check in SHDR_ENC_GET_SIZE()

Prior to this patch could the additions in the macro SHDR_ENC_GET_SIZE()
cause an integer overflow. So fix this by using the ADD_OVERFLOW() macro
and a helper function. In case of overflow return 0 which never can be a
correct size.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Patrik Lantz <Patrik.Lantz@axis.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: separate sp_ops using a __weak attribute instead

Breaks the dependency chain for sp_ops using the standard method with a
__weak symbol and an overriding symbol in link_dummies_paged.c.

Review

core: separate sp_ops using a __weak attribute instead

Breaks the dependency chain for sp_ops using the standard method with a
__weak symbol and an overriding symbol in link_dummies_paged.c.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, pager, Clang 12)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: separate stmm_sp_ops using a __weak attribute instead

Breaks the dependency chain for stmm_sp_ops using the standard method
with a __weak symbol and an overriding symbol in link_dummies_paged.

core: separate stmm_sp_ops using a __weak attribute instead

Breaks the dependency chain for stmm_sp_ops using the standard method
with a __weak symbol and an overriding symbol in link_dummies_paged.c.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: separate user_ta_ops using a __weak attribute instead

Breaks the dependency chain for user_ta_ops using the standard method
with a __weak symbol and an overriding symbol in link_dummies_paged.

core: separate user_ta_ops using a __weak attribute instead

Breaks the dependency chain for user_ta_ops using the standard method
with a __weak symbol and an overriding symbol in link_dummies_paged.c.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make __wq_rpc() static again

With dependency chains properly broken for various ops structs we can
make __wq_rpc() static again and remove it from link_dummies_paged.c.

Acked-by: Jerome Foris

core: make __wq_rpc() static again

With dependency chains properly broken for various ops structs we can
make __wq_rpc() static again and remove it from link_dummies_paged.c.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make __rodata_unpaged() symbols __weak

Makes the __rodata_unpaged tagged symbols __weak and non-static in order
to be overridden in core/arch/arm/kernel/link_dummies_paged.c. This
makes sure t

core: make __rodata_unpaged() symbols __weak

Makes the __rodata_unpaged tagged symbols __weak and non-static in order
to be overridden in core/arch/arm/kernel/link_dummies_paged.c. This
makes sure that these symbols doesn't bring in further symbols in the
unpaged section.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

compiler.h: add __rodata_dummy macro

Adds the macro __rodata_dummy which places a symbol in the section
".rodata.dummy". This macro is intended to be used in the
core/arch/arm/kernel/link_dummies_*.

compiler.h: add __rodata_dummy macro

Adds the macro __rodata_dummy which places a symbol in the section
".rodata.dummy". This macro is intended to be used in the
core/arch/arm/kernel/link_dummies_*.c files.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use separate sections for each __rodata_unpaged variable

Adds a mandatory argument to the macro __rodata_unpaged() to take the
name of the variable to put in the unpaged rodata section. This w

core: use separate sections for each __rodata_unpaged variable

Adds a mandatory argument to the macro __rodata_unpaged() to take the
name of the variable to put in the unpaged rodata section. This will
result in separate sections for each such variable and make it easier to
debug the pruning of the dependency tree for unpaged sections.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: don't call free_region() from paged function

Call free_region() directly from tee_pager_rem_um_region() instead
of the unpaged helper function rem_region(). This reduces the unpaged
par

core: pager: don't call free_region() from paged function

Call free_region() directly from tee_pager_rem_um_region() instead
of the unpaged helper function rem_region(). This reduces the unpaged
part with a few bytes.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_i2c: add support for MX8MQ

Add support for iMX8MQ.

Signed-off-by: David Griego <david.griego@foundries.io>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklande

drivers: imx_i2c: add support for MX8MQ

Add support for iMX8MQ.

Signed-off-by: David Griego <david.griego@foundries.io>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...