ta: pkcs11: implement command PKCS11_CMD_INIT_PIN

PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
b

ta: pkcs11: implement command PKCS11_CMD_INIT_PIN

PKCS11_CMD_INIT_PIN implements C_InitPIN() client API function that is in
charge of initializing the normal user login PIN. Security Officer must
be logged to current session in order to call this function

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN

PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already

ta: pkcs11: implement command PKCS11_CMD_INIT_TOKEN

PKCS11_CMD_INIT_TOKEN implements C_InitToken() client API function that
is in charge of initializing the Security Officer login PIN if not
already done and destroy objects that can be. As objects are not yet
supported in the TA, this later feature is not implemented.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: helper to update token persistent database

update_persistent_db() updates the persistent database or panics on
failure.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-deve

ta: pkcs11: helper to update token persistent database

update_persistent_db() updates the persistent database or panics on
failure.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: update PIN fields in struct token_persistent_main

Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.

Acked-by: Rouven Czerwinski <

ta: pkcs11: update PIN fields in struct token_persistent_main

Replaces the fields use to keep track of encrypted PINs with fields to
keep track of hashed PINs instead.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: helpers for PIN hashing

Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so t

ta: pkcs11: helpers for PIN hashing

Adds helpers to hash PIN and to verify the hash of a PIN. The PIN is
hashed together with user type and a generated salt. A used salt never
takes the value 0 so that can be used to tell if a PIN is set.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion

Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
ca

ta: pkcs11: helper for GPD TEE to PKCS#11 status conversion

Introduce helper function pkcs2tee_error() for the several TEE Core
Internal APIs called for which return value needs to be reported to
caller in PKCS#11 return code format.

The function returns PKCS11_CKR_GENERAL_ERROR for TEE_Result values that
do not strictly match a PKCS#11 return code.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree sp

core: mmu: remove TEE/TA RAM from total RAM

On platforms where the DT is parsed from the device tree, devices can
pass in the complete available memory. This is in accordance with the
device tree specification which mandates that the total physical memory
should be passed in the memory nodes.
Remove the TA and TEE RAM from the passed in memory, reserved-memory
nodes are used to indicate that part of the RAM is not accessible to
Linux. Fixes the following warning on some i.MX platforms:

I/TC: Non-secure external DT found
E/TC:0 0 check_phys_mem_is_outside:330 Non-sec mem (0x10000000:0x40000000) overlaps map (type 2 0x4e000000:0x5d000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:334 <check_phys_mem_is_outside>
E/TC:0 0 TEE load address @ 0x4e000000
E/TC:0 0 Call stack:
E/TC:0 0 0x4e006fd1

Fixes https://github.com/OP-TEE/optee_os/issues/3567
Fixes https://github.com/OP-TEE/optee_os/issues/3710

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: Allow platforms to configure num of JR entries

Currently JR entries is fixed to 10 in common file. Allow
this to be over-ridden by platform's conf.mk

Signed-off-by: Ruchika Gupta <r

drivers: caam: Allow platforms to configure num of JR entries

Currently JR entries is fixed to 10 in common file. Allow
this to be over-ridden by platform's conf.mk

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: Fix bug in caam_hal_jr_flush()

After requesting the CAAM block for flushing the JR,
the function should wait till the halt is complete
(i.e HALT_ONGOING). The code currently erroneous

drivers: caam: Fix bug in caam_hal_jr_flush()

After requesting the CAAM block for flushing the JR,
the function should wait till the halt is complete
(i.e HALT_ONGOING). The code currently erroneously
checks this on HALT_COMPLETE which can result in
infinite loops on platforms where the halt gets
completed before this check exceutes for first time.

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: caam: Modify access of 64 bit registers

The Address of Input/output Job ring and scatter gather table are
handled differently depending on platform

1. All BE CAAM platforms (LS1043, LS1012

drivers: caam: Modify access of 64 bit registers

The Address of Input/output Job ring and scatter gather table are
handled differently depending on platform

1. All BE CAAM platforms (LS1043, LS1012, LS1046)
and i.MX platforms (LE CAAM):
base + 0x0000 : most-significant 32 bits
base + 0x0004 : least-significant 32 bits

The 32-bit version of this core therefore has to write to base + 0x0004
to set the 32-bit wide DMA address.

2. All other LE CAAM platforms (LS2088, LS1088, LX2160 etc.)
base + 0x0000 : least-significant 32 bits
base + 0x0004 : most-significant 32 bits

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

github: update links in issue/pr templates

Auto-generated URLs from readthedoc.io has changed since we started
using it. This fixes broken links in our GitHub template files.

Signed-off-by: Joakim

github: update links in issue/pr templates

Auto-generated URLs from readthedoc.io has changed since we started
using it. This fixes broken links in our GitHub template files.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
t

core: arm: mm: fix VA overflow issue in assign_mem_va()

Fix assign_mem_va() that is missing VA limit check on 64bit machines.
This change catches the overflow at address assignation preventing TEE
to panic in a not obvious way when the out of bound address is accessed.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: use pointers to out/inring_entry for CAAM

Use pointers to outring_entry and inring_entry as input for
caam_desc_pop(), caam_desc_push() and caam_desc_jobstatus() functions.

This quic

drivers: caam: use pointers to out/inring_entry for CAAM

Use pointers to outring_entry and inring_entry as input for
caam_desc_pop(), caam_desc_push() and caam_desc_jobstatus() functions.

This quick re-work originaly comes from the initiative to get rid of a
GGC 9.2 warning -Waddress-of-packed-member

core/drivers/crypto/caam/caam_jr.c: In function ‘do_jr_dequeue’:
core/drivers/crypto/caam/caam_jr.c:262:22: warning: taking address of packed member of ‘struct outring_entry’ may result in an unaligned pointer value [-Waddress-of-packed-member]
262 | if (caam_desc_pop(&jr_out->desc) == caller->pdesc) {
| ^~~~~~~~~~~~~
core/drivers/crypto/caam/caam_jr.c:265:26: warning: taking address of packed member of ‘struct outring_entry’ may result in an unaligned pointer value [-Waddress-of-packed-member]
265 | caam_read_jobstatus(&jr_out->status);
| ^~~~~~~~~~~~~~~

By doing this, we let the function safely extracting the field.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to

plat-stm32mp1: SCMI service for platform shared clocks

Add support for clocks in stm32mp1 SCMI server. This allows the secure
world to expose clock services for clock non-secure world is allowed to
access (state, rate) but that can only be effectively accessed from
secure world due to the TZ secure hardening of the SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
harde

plat-stm32mp1: SCMI service for non-secure reset controllers

Embed a SCMI server in stm32mp1 to handle SCMI reset domain requests
from the non-secure world for resource that, because of secure
hardening of the system, are restricted to secure world accesses only.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: foundation for SCMI service

Embed a SCMI server in stm32mp1 based on SCMI message drivers.
The platform currently supports only the SCMI Base protocol.

Platform provides 2 Arm SMCCC

plat-stm32mp1: foundation for SCMI service

Embed a SCMI server in stm32mp1 based on SCMI message drivers.
The platform currently supports only the SCMI Base protocol.

Platform provides 2 Arm SMCCC fastcall communication channels each
using a small shared memory buffer is SYSRAM manage with a SMT header
for SCMI message exchange.

Default disable CFG_CORE_ASLR, CFG_LOCKDEP, CFG_TEE_CORE_DEBUG and
CFG_UNWIND for TEE RAM memory constraints since SCMI server with a
fastcall message processing path consumes several pages of SoC internal
SYSRAM where TEE pager resides.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: remove useless macros in SMC SiP handler

Remove unused macros in stm32mp1 platform SMC SiP handler source file.

Fixes: d9c569c9c765 ("plat-stm32mp1: prepare for SiP SMC services")
Si

plat-stm32mp1: remove useless macros in SMC SiP handler

Remove unused macros in stm32mp1 platform SMC SiP handler source file.

Fixes: d9c569c9c765 ("plat-stm32mp1: prepare for SiP SMC services")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dt-bindings: stm32mp1: define SCMI reset domains

Define the platform SCMI reset domains for stm32mp1 family.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <je

dt-bindings: stm32mp1: define SCMI reset domains

Define the platform SCMI reset domains for stm32mp1 family.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dt-bindings: stm32mp1: define SCMI clocks

Define the identifiers for stm32mp1 platform SCMI clocks.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@fori

dt-bindings: stm32mp1: define SCMI clocks

Define the identifiers for stm32mp1 platform SCMI clocks.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: invoke_test.pta: add test on null memref parameter

Add command PTA_INVOKE_TESTS_CMD_MEMREF_NULL to test invocation
of a PTA with a memref parameter with a NULL buffer reference.
The PTA should

pta: invoke_test.pta: add test on null memref parameter

Add command PTA_INVOKE_TESTS_CMD_MEMREF_NULL to test invocation
of a PTA with a memref parameter with a NULL buffer reference.
The PTA should successfully be invoked with a valid memref
parameter yet referring to a NULL buffer pointer.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

plat: rcar: Print SREC when generating the SREC file

Print SREC when generating the SREC file instead of GEN, which is
likely copied from neighboring entry in the same Makefile.

Signed-off-by: Mare

plat: rcar: Print SREC when generating the SREC file

Print SREC when generating the SREC file instead of GEN, which is
likely copied from neighboring entry in the same Makefile.

Signed-off-by: Marek Vasut <marek.vasut+renesas@gmail.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

Makefile: use plain bash for SHELL

Some linux distributions do not provide bash at the /bin/bash location,
use bash directly and expect the user to setup a proper $PATH.

Signed-off-by: Rouven Czerw

Makefile: use plain bash for SHELL

Some linux distributions do not provide bash at the /bin/bash location,
use bash directly and expect the user to setup a proper $PATH.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: prepare for SiP SMC services

Implement secure monitor platform handlers foundations for
platform stm32mp1 to handle SiP SMC services.

Signed-off-by: Etienne Carriere <etienne.carrier

plat-stm32mp1: prepare for SiP SMC services

Implement secure monitor platform handlers foundations for
platform stm32mp1 to handle SiP SMC services.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: assign last 4kB of sysram as shared memory

Allow the last 4kByte of stm32mp1 SYSRAM internal RAM to be
assigned to non-secure world when used as SCMI shared memory.
ETZPC memory firew

plat-stm32mp1: assign last 4kB of sysram as shared memory

Allow the last 4kByte of stm32mp1 SYSRAM internal RAM to be
assigned to non-secure world when used as SCMI shared memory.
ETZPC memory firewall is configured accordingly from service
late initialization level as ETPCZ driver is initialized from
service init level when embedded BTD support is enabled.

Platform configuration switches CFG_STM32MP1_SCMI_SHM_BASE and
CFG_STM32MP1_SCMI_SHM_SIZE are used to define the SCMI shared
memory location.

Compilation asserts that if CFG_TZSRAM_START is define inside SYSRAM
then it fully resides inside the secure SYSRAM area as per SoC ETZPC
implementation that mandates the non-secure SYSRAM to be above (higher
address) the secure SYSRAM.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: clock: secure and non-secure gateable clocks

Array stm32mp1_clk_gate[] defines the clock resources. This change
adds an attribute to the clocks in stm32mp1_clk_gate array. Clocks
unde

plat-stm32mp1: clock: secure and non-secure gateable clocks

Array stm32mp1_clk_gate[] defines the clock resources. This change
adds an attribute to the clocks in stm32mp1_clk_gate array. Clocks
under RCC[TZEN] hardening are tagged SEC and clocks always assigned
to non-secure world as per SoC implementation are tagged N_S.

Non-secure clocks that OP-TEE expects to enable are enabled without
increase of their reference counter and, for consistency, are never
disabled by TEE Core. Note that such clocks may be accessed by
OP-TEE Core when the non-secure world is not executing, for example
at boot time or could be when system is suspending/resuming.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...