core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that th

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that the stores are not only used by the
TAs but that they can also be used by SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: rename secure_partition to stmm_sp

The current secure partition code is used for the stmm SP. Rename it so
we can start integrating the FF-A secure partitions.

Backwards compatibility is main

core: rename secure_partition to stmm_sp

The current secure partition code is used for the stmm SP. Rename it so
we can start integrating the FF-A secure partitions.

Backwards compatibility is maintained when CFG_STMM_PATH is used to
enable support for STMM. The internal configuration flag
CFG_WITH_SECURE_PARTITION is renamed to CFG_WITH_STMM_SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

show more ...

checkpatch: add --kconfig-prefix=CFG_

A few days before v5.9-rc1, the checkpatch.pl script was modified in
the Linux kernel tree [1]. This caused spurious warnings in the OP-TEE
CI such as [2]:

WA

checkpatch: add --kconfig-prefix=CFG_

A few days before v5.9-rc1, the checkpatch.pl script was modified in
the Linux kernel tree [1]. This caused spurious warnings in the OP-TEE
CI such as [2]:

WARNING: IS_ENABLED(CFG_VIRTUALIZATION) is normally used as IS_ENABLED(CONFIG_CFG_VIRTUALIZATION)

Fortunately, checkpatch now has an option to control the prefix used for
configuration variables [3]. Add this option to .checkpatch.conf.

Link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50161266973bcc662e969e63d68fc7bff71de21b
Link: [2] https://travis-ci.org/github/OP-TEE/optee_os/builds/717905104
Link: [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e89ad8506f39c4739a6c9ca1e1552f506f000c9
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these fi

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these files are renamed with a vm prefix.

Introduces: vm_map_param(), vm_clean_param(),
vm_buf_is_inside_private(), vm_buf_intersects_private(),
vm_buf_to_mboj_offs(), vm_buf_is_inside_um_private(),
vm_buf_intersects_um_private(), vm_add_rwmem(), vm_rem_rwmem(),
vm_va2pa(), vm_pa2va(), vm_check_access_rights(), vm_set_ctx() replacing
their tee_mmu_*() counterpart.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to core_mmu_init_ta_ram()

Renames teecore_init_ta_ram() to core_mmu_init_ta_ram() and moves it
to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier

core: rename to core_mmu_init_ta_ram()

Renames teecore_init_ta_ram() to core_mmu_init_ta_ram() and moves it
to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove tee_mmu_get_ctx()

tee_mmu_get_ctx() is trivial and also only used inside core_mmu.c. So
open code it in core_mmu.c and remove the implementation from tee_mmu.c.

Acked-by: Joakim Bech <

core: remove tee_mmu_get_ctx()

tee_mmu_get_ctx() is trivial and also only used inside core_mmu.c. So
open code it in core_mmu.c and remove the implementation from tee_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move teecore_init_pub_ram()

Moves teecore_init_pub_ram() from tee_mmu.c to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewe

core: move teecore_init_pub_ram()

Moves teecore_init_pub_ram() from tee_mmu.c to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused tee_mmu_user_get_cache_attr()

Removes the unused function tee_mmu_user_get_cache_attr().

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@foriss

core: remove unused tee_mmu_user_get_cache_attr()

Removes the unused function tee_mmu_user_get_cache_attr().

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused tee_mmu_map_add_segment()

tee_mmu_map_add_segment() doesn't exist anymore, so remove it.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@foriss

core: remove unused tee_mmu_map_add_segment()

tee_mmu_map_add_segment() doesn't exist anymore, so remove it.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct tee_ta_ctx from struct user_mode_ctx

Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode
entity to be independent of the TA concept, that is, making room for

core: remove struct tee_ta_ctx from struct user_mode_ctx

Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode
entity to be independent of the TA concept, that is, making room for SPs
in user mode.

A pointer to a struct user_mode_ctx is passed to many memory management
functions where a pointer to a struct ts_ctx is needed too. Prior to
this patch it was possible to calculate that address of corresponding
struct ts_ctx with help of the container_of() macro, that is no longer
possible. Instead is a struct ts_ctx *ts_ctx field added to struct
user_mode_ctx in order to allow such lookups.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add gprof_set_status() to struct ts_ops

Adds gprof_set_status() to struct ts_ops to allow generic gprof handling
in thread_svc_handler().

Reviewed-by: Etienne Carriere <etienne.carriere@linar

core: add gprof_set_status() to struct ts_ops

Adds gprof_set_status() to struct ts_ops to allow generic gprof handling
in thread_svc_handler().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_o

core: store TA params in session struct

Stores TA params and error origin in struct tee_ta_session instead of
passing them as parameters to enter_open_session() and
enter_invoke_cmd() in struct ts_ops. This makes struct ts_ops less TA
specific.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro

core: add struct ts_ops

Adds struct ts_ops replacing the previous struct tee_ta_ops.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add is_ta_ctx()

Adds is_ta_ctx() and calls it in to_ta_session() and to_ta_ctx() to help
debugging.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: add is_ta_ctx()

Adds is_ta_ctx() and calls it in to_ta_session() and to_ta_ctx() to help
debugging.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_

core: add generic struct ts_ctx

Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx
where generic context operations are performed.

struct tee_ta_ctx adds a field with struct ts_ctx for conversion to
struct ts_ctx where needed.

The struct ts_session is updated to keep a pointer to a struct ts_ctx
instead of the previous struct tee_ta_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct t

core: add generic struct ts_session

As a step in making room for Secure Partitions (SPs) running at S-EL0
add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS.

Adds the generic struct ts_session. All future sessions structs
(currently only struct tee_ta_session exists) should add this struct to
allow generic session operations.

With this struct comes new functions replacing previous struct
tee_ta_session oriented functions. The following functions are replaced
as:
tee_ta_get_current_session() -> ts_get_current_session()
tee_ta_push_current_session() -> ts_push_current_session()
tee_ta_pop_current_session() -> ts_pop_current_session()
tee_ta_get_calling_session() -> ts_get_calling_session()

ts_get_current_session() is changed compared to its predecessor to
panic() in case of failure to return a valid pointer.

A new function ts_get_current_session_may_fail() is added to handle an
eventual case where a return NULL session may be handled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace TA with user mode in abort handling

Renames enums, defines and functions related to abort handling to use
the name user mode instead of TA in order to be more generic.

Reviewed-by: Et

core: replace TA with user mode in abort handling

Renames enums, defines and functions related to abort handling to use
the name user mode instead of TA in order to be more generic.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix CFG_CORE_UNMAP_CORE_AT_EL0=y for non-default CFG_LPAE_ADDR_SPACE_BITS

Prior to this patch CORE_MMU_L1_TBL_OFFSET was calculated without taking
CFG_LPAE_ADDR_SPACE_BITS into account. This l

core: fix CFG_CORE_UNMAP_CORE_AT_EL0=y for non-default CFG_LPAE_ADDR_SPACE_BITS

Prior to this patch CORE_MMU_L1_TBL_OFFSET was calculated without taking
CFG_LPAE_ADDR_SPACE_BITS into account. This leads to a
COMPILE_TIME_ASSERT() in case CFG_LPAE_ADDR_SPACE_BITS is assigned
anything but 32. Fix this by adding CFG_LPAE_ADDR_SPACE_BITS in the
CORE_MMU_L1_TBL_OFFSET expression.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace CFG_LPAE_ADDR_SPACE_SIZE with CFG_LPAE_ADDR_SPACE_BITS

The CFG_LPAE_ADDR_SPACE_SIZE configuration variable is somewhat
inconvenient to use since it's a value larger than what fits in a

core: replace CFG_LPAE_ADDR_SPACE_SIZE with CFG_LPAE_ADDR_SPACE_BITS

The CFG_LPAE_ADDR_SPACE_SIZE configuration variable is somewhat
inconvenient to use since it's a value larger than what fits in a 32-bit
register. Instead replace it with CFG_LPAE_ADDR_SPACE_BITS which instead
tells the size in number of bits.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: do not print canary debug messages on boot

init_canaries() currently prints the following messages on boot:

...
D/TC:0 0 init_canaries:191 #Stack canaries for stack_abt[3] with top at 0xe19

core: do not print canary debug messages on boot

init_canaries() currently prints the following messages on boot:

...
D/TC:0 0 init_canaries:191 #Stack canaries for stack_abt[3] with top at 0xe19f6f8
D/TC:0 0 init_canaries:191 watch *0xe19f6fc
...

The above text is repeated for each CPU core for both stack_tmp and
stack_abt, as well as for each thread for stack_thread. This is quite
verbose, especially with modern SoCs supporting many cores (16 or 24
is not uncommon). The main purpose is to help with debugging stack
overflows when a debugger is available: when a dead canary is found,
the corrupt stack is shown which allows the developer to set a
watchpoint at the suitable address:

E/TC:0 0 Dead canary at end of 'stack_abt[3]'

In this example, one would set a watchpoint at *0xe19f6fc and re-run the
test to identify at which point the stack is corrupted.

This commit removes the initialization messages and prints the address
of the dead canary instead. The same debugging technique remains
possible.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: strtoul.c: adjust license text to upstream

Adjust the license text in strtoul.c according to upstream commit "Use
remove-advertising-clause script to edit BSD licenses" [1].
With this, the

libutils: strtoul.c: adjust license text to upstream

Adjust the license text in strtoul.c according to upstream commit "Use
remove-advertising-clause script to edit BSD licenses" [1].
With this, the file also matches its SPDX License identifier correctly.

Link: [1]: https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=9042d0ce65533a26fc3264206db5828d5692332c
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>
[jf: minor edits to commit message]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

build: ld-option: handle any linker warning as an error

The purpose of the ld-option macro is to detect if the linker supports
a given command line option or not. It does so by invoking the linker
w

build: ld-option: handle any linker warning as an error

The purpose of the ld-option macro is to detect if the linker supports
a given command line option or not. It does so by invoking the linker
with the option and checking the exit status of the process. Some
options however may not cause an error but only generate a warning
message, and the linker exits with a success status. For example,
'-z unrecognized-option' does cause an error with Clang but triggers a
warning with GCC. As a result, $(call ld-option,-z unrecognized-option)
has a different behavior depending on the compiler.

Address this issue by loooking for the word 'warning' in the linker
output in addition to checking the exit status.

Fixes the following warning when building xtest shared libraries with
GCC:

path/to/bin/arm-linux-gnueabihf-ld.bfd: warning: -z separate-loadable-segments ignored

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mediatek: add support for MT8516 SoC

Add OP-TEE support for MT8516 SoC.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>

mediatek: enable CFG_ARM64_core by default

MediaTek platforms are most likely going to be built using ARM64, so
set the default value for CFG_ARM64_core to be 'y'.

Suggested-by: Jerome Forissier <j

mediatek: enable CFG_ARM64_core by default

MediaTek platforms are most likely going to be built using ARM64, so
set the default value for CFG_ARM64_core to be 'y'.

Suggested-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Fabien Parent <fparent@baylibre.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm

core: replace assembly directive .align with .balign

The assembly directive .align is replaced by .balign to harmonize with
the recently added align parameter of FUNC() and LOCAL_FUNC().

On the arm architecture .align is number of low-order bits location
counter must have after advancement. While .balign always is advancement
to the next multiple of this number.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...