ta: simple typo fixes in comments in ta/pkcs11 tree

* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c

Signed-off-by: Markus S. Wamser <github-dev@mail2013

ta: simple typo fixes in comments in ta/pkcs11 tree

* changed "a input" to "an input" in pcks11_ta.h
* changed "the the" to "if the" in handle.c

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wa

core: simple typo fixes in comments in core/include tree

* changed "the the" to "the" in crypto.h
* changed "the the" to "if the" in handle.h

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carri

core: simple typo fix in comments in core/drivers tree

* changed "a input" to "an input"

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_

core: simple typo fixes in comments in core/arch tree

* changed "the the" to "the" in thread.h
* changed "the the" to "to the" in wait_queue.c
* changed "Optinally" to "Optionally" in generic_entry_a32.S

Signed-off-by: Markus S. Wamser <github-dev@mail2013.wamser.eu>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure worl

plat-stm32mp1: ack SCMI SiP SMC entry with 0 return code

Load STM32_SIP_SVC_OK in output argument a0 on return from
SCMI message notification from SiP SMC function IDs. It simplifies
non-secure world to consider any non-zero values,
including standard unknown function error code (-1), as
reporting a failure.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning an

core: device pta: add flag to indicate dependency on tee-supplicant

Some TAs require tee-supplicant to be run. For example fTPM requires
storage services provided by tee-supplicant. When scanning and
probe() devices on tee bus we can initialize early drivers which
do not require tee-supplicant and after mount fs and tee-supplicant
run do probe() drivers witch require tee-supplicant.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Suggested-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

checkpatch: add codespell support

Add codespell check. If codespell dictionary is missing
then checkpatch.pl will generate warning but it will not
fail patch check.

Signed-off-by: Maxim Uvarov <max

checkpatch: add codespell support

Add codespell check. If codespell dictionary is missing
then checkpatch.pl will generate warning but it will not
fail patch check.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

checkpatch: move options to config file

move checkpatch command line options to config file setting.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Acked-by: Jerome Forissier <jerome@forissi

checkpatch: move options to config file

move checkpatch command line options to config file setting.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off

plat-imx: generate tee-raw.bin

We have observed that existing ARM-TF for iMX8QM treats OP-TEE binary
as headerless image. So, to create proper boot image we need raw
OP-TEE binary image.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_bab

plat-imx: describe non-secure DDR in i.MX8Q* platforms

Add NSEC_DDR definition for for i.MX8QM and i.MX8QX SoCs.
This was tested on i.MX8QM platform.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymy

plat-imx: describe non-secure DDR memory

To enable dynamic SHM on iMX platform we need to describe
which memory regions belong to non-secure memory areas.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement

plat-imx: move platform-specific data to nexus memory

This is needed to enable virtualization support iMX platforms.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@ep

core: move static IRQC data to nexus memory

itr_chip and handlers list should reside in nexus memory
to ensure that irq controller is working.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk/subdir.mk: avoid trailing slash in $(sub-dir-out)

As a general rule, paths to directories should not end with a slash
[1]. In some cases, $(sub-dir-out) does not meet this requirement. For
exampl

mk/subdir.mk: avoid trailing slash in $(sub-dir-out)

As a general rule, paths to directories should not end with a slash
[1]. In some cases, $(sub-dir-out) does not meet this requirement. For
example when building the 'crypt' TA in the optee_test project:

GEN /tmp/optee/optee_test/out/ta/crypt//ca_crt.c
CC /tmp/optee/optee_test/out/ta/crypt//ca_crt.o
GEN /tmp/optee/optee_test/out/ta/crypt//mid_crt.c
CC /tmp/optee/optee_test/out/ta/crypt//mid_crt.o
GEN /tmp/optee/optee_test/out/ta/crypt//mid_key.c
CC /tmp/optee/optee_test/out/ta/crypt//mid_key.o

In this example, $(sub-dir-out) is /tmp/optee/optee_test/out/ta/crypt/.

This patch removes the trailing slash.

[1] commit 4334e8d79fa3 ("Makefile variables $(*-dir) should not have a
trailing slash")

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO com

plat-stm32mp1: enable IO compensation at boot time

Implement platform functions stm32mp_syscfg_enable_io_compensation()
and stm32mp_syscfg_disable_io_compensation() to enable/disable
STM23MP1 IO compensation. Enable IO compensation when platform boots.

This change defines SYSCFG clock that is needed and moves definition
of the RCC compatible string DT_RCC_CLK_COMPAT to RCC header file so
that it can be shared with stm32mp1_syscfg.c.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to

core: always build libfdt

libfdt is built only when CFG_DT=y. As a result, the libfdt header
files are only available when CFG_DT=y and any source file that makes
optional use of the library has to guard the #include <libfdt.h> with
a #ifdef CFG_DT ... #endif block. This contrasts with other features
which don't require such guards.

This patch builds libfdt unconditionally and removes the include
guards. No change is expected in the binaries.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

rpmb: fix building when TRACE_LEVEL >= TRACE_FLOW

Building with CFG_RPMB_FS=y and CFG_TEE_CORE_LOG_LEVEL=4 yields a
compile-time error due to a typo.

Replacing TEE_RESULT with TEE_Result fixes the

rpmb: fix building when TRACE_LEVEL >= TRACE_FLOW

Building with CFG_RPMB_FS=y and CFG_TEE_CORE_LOG_LEVEL=4 yields a
compile-time error due to a typo.

Replacing TEE_RESULT with TEE_Result fixes the issue.

Signed-off-by: Gianguido Sorà <me@gsora.xyz>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-hisilicon: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported whe

plat-hisilicon: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: add early TA to seal and unseal Linux trusted keys

This patch adds an early TA which acts as Linux TEE bus device to
provide a service of sealing/unsealing of trusted keys in case platform
doesn

ta: add early TA to seal and unseal Linux trusted keys

This patch adds an early TA which acts as Linux TEE bus device to
provide a service of sealing/unsealing of trusted keys in case platform
doesn't posses a TPM device or like.

To do sealing/unsealing we use system pseudo TA service to derive a
hardware unquie key to perform authenticated encryption/decryption
(using TEE_ALG_AES_GCM algo).

Also, this early TA only accepts login with a new private login method
specifically used by REE kernel (TEE_LOGIN_REE_KERNEL).

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: SiP SMC service for BSEC access

Implement a SiP SMC based interface fàr the non-secure world to access
BSEC words. The service is embedded upon CFG_STM32_BSEC_SIP=y. If not
embedded,

plat-stm32mp1: SiP SMC service for BSEC access

Implement a SiP SMC based interface fàr the non-secure world to access
BSEC words. The service is embedded upon CFG_STM32_BSEC_SIP=y. If not
embedded, the service simply reports a failure.

This service is used by U-boot package since its release v2019.07-rc1 [1]
to retrieve information such as the device MAC address [2].

Link: [1] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/include/mach/stm32mp1_smc.h
Link: [2] https://github.com/u-boot/u-boot/blob/v2019.07-rc1/arch/arm/mach-stm32mp/cpu.c#L475

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DT

dts: stm32mp1: non-secure can access MAC address and board ID OTPs

Add property st,non-secure-otp to MAC address NVMEM cells in stm32mp1
SoC DTSI and to board ID NVMEM cells in stm32mp1 ST boards DTS files
since non-secure world is allowed to access these OTPs despite they
are located in the upper BSEC words (secure) area.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32_bsec: grant BSEC words non-secure access from embedded DTB

Change BSEC driver to allow non-secure world to access specific BSEC
upper words that have the ST NVMEM property "st,non-secure-otp".

stm32_bsec: grant BSEC words non-secure access from embedded DTB

Change BSEC driver to allow non-secure world to access specific BSEC
upper words that have the ST NVMEM property "st,non-secure-otp". The
property is presented to the LKML in [1].

During BSEC driver initialization, a bit fields array is allocated to
store whether each 32bit BSEC upper words is allowed to be accessed by
the non-secure world.

Link: [1] https://lkml.org/lkml/2020/5/8/1258
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when

plat-stm32mp1: psci: support Arm SMCCC_VERSION function ID

As per Arm SMCCC v1.1 specification [1], PSCI PSCI_FEATURES function ID
should report Arm Architecture Call SMCCC_VERSION as supported when
the secure firmware supports both PSCI PSCI_FEATURES function ID and
Arm SMCCC_VERSION function ID.

Link: [1] https://developer.arm.com/docs/den0028/latest
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_boot: use "%#lx" to print unsigned long, not "0x%"PRIxPA

In 32-bit builds with CFG_CORE_LARGE_PHYS_ADDR=y, PRIxPA is "llx"
which is not the recommended format to print an unsigned long

core: generic_boot: use "%#lx" to print unsigned long, not "0x%"PRIxPA

In 32-bit builds with CFG_CORE_LARGE_PHYS_ADDR=y, PRIxPA is "llx"
which is not the recommended format to print an unsigned long int.
Use "lx" instead to avoid warnings with some compilers.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: plat-ls: Enable CAAM driver for PLATFORM lx2160ardb

Enable and test CAAM driver on lx2160ardb platform for
hash, ciphers and RSA

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-

core: plat-ls: Enable CAAM driver for PLATFORM lx2160ardb

Enable and test CAAM driver on lx2160ardb platform for
hash, ciphers and RSA

Signed-off-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...