core: mm: move mobj.c to core/mm

mobj is abstract and it is used by many sources which are not
architecture-specific such as core/kernel, core/pta and
core/tee. Therefore, move mobj.c to core/mm and

core: mm: move mobj.c to core/mm

mobj is abstract and it is used by many sources which are not
architecture-specific such as core/kernel, core/pta and
core/tee. Therefore, move mobj.c to core/mm and its
corresponding header file mobj.h to core/include/mm.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: move embedded_ts.c to core/kernel

The embedded_ts.c code is not architecture-specific, therefore, move
it to core/kernel and move embedded_ts.h to core/include/kernel.

Signed-off-by:

core: kernel: move embedded_ts.c to core/kernel

The embedded_ts.c code is not architecture-specific, therefore, move
it to core/kernel and move embedded_ts.h to core/include/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: early_ta.c: remove unused zlib.h

The early_ta.c source includes zlib.h without using any code from it.
Moreover it may causes compilation errors due to the dependency to
CFG_EMBEDDED_T

core: kernel: early_ta.c: remove unused zlib.h

The early_ta.c source includes zlib.h without using any code from it.
Moreover it may causes compilation errors due to the dependency to
CFG_EMBEDDED_TS flag.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: core: ta: make early TA compress optional

Define CFG_EARLY_TA_COMPRESS configuration switch to
allow platform to disable early TAs compression at build time.
Disabling the compression drasticall

mk: core: ta: make early TA compress optional

Define CFG_EARLY_TA_COMPRESS configuration switch to
allow platform to disable early TAs compression at build time.
Disabling the compression drastically reduces the amount of the
core heap required in the embedded part.

Enable the configuration by default for backward compatibility.

Suggested-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ci: azure: test release build for QEMUv8

Add a line to the CI script to do a release build for QEMUv8.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.

ci: azure: test release build for QEMUv8

Add a line to the CI script to do a release build for QEMUv8.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: azure: remove mostly redundant QEMU build with CFG_TEE_CORE_LOG_LEVEL=0

Building with CFG_TEE_CORE_LOG_LEVEL=0 for QEMU (v7) is already tested
by the line with 'CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_

ci: azure: remove mostly redundant QEMU build with CFG_TEE_CORE_LOG_LEVEL=0

Building with CFG_TEE_CORE_LOG_LEVEL=0 for QEMU (v7) is already tested
by the line with 'CFG_TEE_CORE_LOG_LEVEL=0 CFG_TEE_CORE_DEBUG=n
CFG_TEE_TA_LOG_LEVEL=0 CFG_DEBUG_INFO=n', which is meant to be
representative of a "release" build. The line with only
CFG_TEE_CORE_LOG_LEVEL=0 is therefore mostly redundant and can be
removed in an effort to limit the number of build configurations.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix compilation problem with trace level 0

- if CFG_TEE_CORE_LOG_LEVEL in build/common.mk set to zero,
optee_os doesn't compile
- error is:
core/arch/arm/kernel/unwind_arm64.c:77:6: Error: r

core: fix compilation problem with trace level 0

- if CFG_TEE_CORE_LOG_LEVEL in build/common.mk set to zero,
optee_os doesn't compile
- error is:
core/arch/arm/kernel/unwind_arm64.c:77:6: Error: redefinition of 'print_kernel_stack'
77 | void print_kernel_stack(void)
| ^~~~~~~~~~~~~~~~~~
in file, included from core/arch/arm/kernel/unwind_arm64.c:35:
core/include/kernel/unwind.h:15:20: Warning: previous definition of 'print_kernel_stack' was here
15 | static inline void print_kernel_stack(void)
| ^~~~~~~~~~~~~~~~~~

To avoid this error we assure the function is not redefined.

Signed-off-by: Moritz Lummerzheim <moritz.lummerzheim@campus.tu-berlin.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: arm: thread: use THREAD_ID_INVALID

Use macro THREAD_ID_INVALID instead of -1 in thread.c.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@f

core: arm: thread: use THREAD_ID_INVALID

Use macro THREAD_ID_INVALID instead of -1 in thread.c.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_sin

core: fix wrong conditional expression in tee_ta_clear_busy()

When a ctx of a single instance user TA is first created,
lock_single_instance() is called in tee_ta_try_set_busy().
However, unlock_single_instance() is not called in
tee_ta_clear_busy() since ctx->initializing is still false.
It results that tee_ta_single_instance_thread is not reset
when CFG_CONCURRENT_SINGLE_INSTANCE_TA is not enabled.
So remove the wrong conditional expression and remove
"initializing" from tee_ta_ctx since it's no longer used.

Signed-off-by: RueiAnHu <Rayan.Hu@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: kernel: move secstor_ta.c to core/tee

secstor_ta.c is not architecture-specific code, therefore
move it to core/tee.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by:

core: kernel: move secstor_ta.c to core/tee

secstor_ta.c is not architecture-specific code, therefore
move it to core/tee.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: move ree_fs_ta.c to core/tee

ree_fs_ta.c is not architecture-specific code, therefore
move it to core/tee.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Je

core: kernel: move ree_fs_ta.c to core/tee

ree_fs_ta.c is not architecture-specific code, therefore
move it to core/tee.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: move early_ta.c to core/tee

early_ta.c is not architecture-specific code,
therefore move it to core/tee.
Moves early_ta.h to core/include/kernel as well.

Signed-off-by: Marouene Bouba

core: kernel: move early_ta.c to core/tee

early_ta.c is not architecture-specific code,
therefore move it to core/tee.
Moves early_ta.h to core/include/kernel as well.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: move pseudo_ta.c to core/tee

pseudo_ta.c is not architecture-specific code,
therefore move it to core/tee.
pseudo_ta.h is already located under core/include/kernel

Signed-off-by: Maro

core: kernel: move pseudo_ta.c to core/tee

pseudo_ta.c is not architecture-specific code,
therefore move it to core/tee.
pseudo_ta.h is already located under core/include/kernel

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: move user_ta.c to core/tee

user_ta.c is not architecture-specific code, therefore
move it to core/tee.
user_ta.h is already located under core/include/kernel.

Signed-off-by: Marouene

core: kernel: move user_ta.c to core/tee

user_ta.c is not architecture-specific code, therefore
move it to core/tee.
user_ta.h is already located under core/include/kernel.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: enable CAAM ECC

Enabled CAAM ECC algorithm for all LS platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: imx: enable CAAM ECC

Enabled CAAM ECC algorithm for all i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

drivers: caam: implement NXP CAAM Driver - ECC

Add ECC CAAM driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklande

drivers: caam: implement NXP CAAM Driver - ECC

Add ECC CAAM driver.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Use nexus memory allocation api's in carve_out_phys_mem()

During discovery of the non-secure memory, the memory attributes like
address and size are stored as part of the core_mmu_phys_mem

core: mm: Use nexus memory allocation api's in carve_out_phys_mem()

During discovery of the non-secure memory, the memory attributes like
address and size are stored as part of the core_mmu_phys_mem
structure. Memory for this structure is allocated on the nexus heap
area. Subsequently, when memory for this structure is reallocated,
this is done using the plain realloc call. Use the nex_realloc api for
the reallocation.

Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

core: mm: fix infinite loop in vm_pa2va()

Commit d6ad67f674e5 ("core: mm: change vm_pa2va() to return a virtual
address") moved the call to mobj_get_pa() up in a 'for' loop and added
a 'continue' st

core: mm: fix infinite loop in vm_pa2va()

Commit d6ad67f674e5 ("core: mm: change vm_pa2va() to return a virtual
address") moved the call to mobj_get_pa() up in a 'for' loop and added
a 'continue' statement. Moving it was wrong because at this point 'size'
is not yet updated which causes an infinite loop when the PA is not
found.

Move the call back to its original location but keep the 'continue'
which looks correct.

Fixes: d6ad67f674e5 ("core: mm: change vm_pa2va() to return a virtual address")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

driver: bcm_sotp: changed driver_init to service_init

bcm_sotp should be available early in optee boot.
which is achieved by making it as service.

Reviewed-by: Etienne Carriere <etienne.carriere@li

driver: bcm_sotp: changed driver_init to service_init

bcm_sotp should be available early in optee boot.
which is achieved by making it as service.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>

show more ...

drivers: csu: allow setting CSU_CSL0

The sentinel detection in the initialization loop for the CSU_CSL<n>
registers is wrong in that is doesn't allow to set the first register,
CSU_CSL0 (when csu_in

drivers: csu: allow setting CSU_CSL0

The sentinel detection in the initialization loop for the CSU_CSL<n>
registers is wrong in that is doesn't allow to set the first register,
CSU_CSL0 (when csu_index == 0). Fix the conditional so that it stops
on the sentinel value (-1) but still allows 0 as a valid index.
CSU_CSL0 is used for the PWM peripherals on i.MX6 platforms.

Reported-by: Robert Delien <r.delien@payter.nl>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by : Clement Faure <clement.faure@nxp.com>

show more ...

core: fix rsa public exponent check

Fixes the check of the RSA Public Exponent in check_pub_rsa_key(). Prior
to this patch was the wrong byte used to check if the bignum was odd.
With this patch is

core: fix rsa public exponent check

Fixes the check of the RSA Public Exponent in check_pub_rsa_key(). Prior
to this patch was the wrong byte used to check if the bignum was odd.
With this patch is the correct byte selected in the big-endian bignum.

Fixes: 338b123ee66c ("core: syscall_obj_generate_key() check public rsa exponent")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libmbedtls: build only necessary files

When building MBed TLS source files for use in the TEE core, some files
are currently compiled which are not used in the final link. This wastes
some res

core: libmbedtls: build only necessary files

When building MBed TLS source files for use in the TEE core, some files
are currently compiled which are not used in the final link. This wastes
some resources (build time and disk space), although not much; but it
also makes it less clear what is actually used by the core.

Introduce a reduced source file list in lib/libmbedtls/sub.mk when the
library is built for the core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ls: add CAAM support for LS platforms

Add CAAM support for the following LS platforms:
- ls1012afrwy
- ls1012ardb
- ls1021atwr
- ls1021aqds
- ls1043ardb
- ls1046ardb

Signed-off-by: Clem

core: ls: add CAAM support for LS platforms

Add CAAM support for the following LS platforms:
- ls1012afrwy
- ls1012ardb
- ls1021atwr
- ls1021aqds
- ls1043ardb
- ls1046ardb

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: add missing SCFGR offset for LS platforms

Add missing CAAM security configuration register offset for LS
platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Sah

drivers: caam: add missing SCFGR offset for LS platforms

Add missing CAAM security configuration register offset for LS
platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...