stpmic1: refine resources helper macros

Define bit fields in position xxx_POS rather than in bit mask.
Use BIT() and GENMASK_32() rather than numerical values.

Signed-off-by: Etienne Carriere <etie

stpmic1: refine resources helper macros

Define bit fields in position xxx_POS rather than in bit mask.
Use BIT() and GENMASK_32() rather than numerical values.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stpmic1: save enable bit position in regulator control

Add enable bit position info in STPMIC1 regulators description
instead of assuming it is BIT(0). This allows to define other
regulators with en

stpmic1: save enable bit position in regulator control

Add enable bit position info in STPMIC1 regulators description
instead of assuming it is BIT(0). This allows to define other
regulators with enable bit not at position 0.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stpmic1: stpmic1_is_regulator_enabled() returns a boolean

Change helper function stpmic1_is_regulator_enabled() to return
a boolean value.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.o

stpmic1: stpmic1_is_regulator_enabled() returns a boolean

Change helper function stpmic1_is_regulator_enabled() to return
a boolean value.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stpmic1: Fix LDO3 voltage table

Add VOUT2/2 (sink/source mode) value in LDO3 voltage table.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Nicolas Le Bayon <nicolas.le

stpmic1: Fix LDO3 voltage table

Add VOUT2/2 (sink/source mode) value in LDO3 voltage table.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro

plat-stm32mp1: PSCI_SYSTEM_RESET support

Use GRST control in RCC to reset the system on PCSI_RESET request.
Any core can call this function.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_COR

plat-stm32mp1: fix PSCI_CPU_OFF support

Fix platform psci_features() to report PSCI_CPU_OFF support not
only PSCI_CPU_ON when CFG_TEE_CORE_NB_CORE > 1.

This change also modifies CFG_TEE_CORE_NB_CORE handling for
checkpatch issue so that both CPU_ON/CPU_OFF support are
bound to number of core.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

checkpatch: ignore USLEEP_RANGE

OP-TEE has no usleep_range() function so ignore related checks.
Prevents reports like:

CHECK: usleep_range is preferred over udelay; see Documentation/timers/timers-

checkpatch: ignore USLEEP_RANGE

OP-TEE has no usleep_range() function so ignore related checks.
Prevents reports like:

CHECK: usleep_range is preferred over udelay; see Documentation/timers/timers-howto.rst
#30: FILE: core/arch/arm/plat-stm32mp1/pm/psci.c:215:
+ udelay(100);

Suggested-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32_rng: increase timeout to 10 ms

Use a longer timeout in RNG access sequence. When enabling STM32 RNG
from reset state, it may take few milliseconds for the RNG to be ready.

Fixes panic at plat

stm32_rng: increase timeout to 10 ms

Use a longer timeout in RNG access sequence. When enabling STM32 RNG
from reset state, it may take few milliseconds for the RNG to be ready.

Fixes panic at platform boot with trace:
E/TC:0 0 Panic at core/arch/arm/plat-stm32mp1/rng_seed.c:48 <plat_rng_init>

Fixes: 4e0397eed2e5 ("stm32mp1: seed PRNG with STM32 RNG")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

rpmb: remove unnecessary check

Remove unnecessary check to fix compile warning reported
by clang as following:

core/tee/tee_rpmb_fs.c:2051:11: warning: address of array 'fh->filename'
will always e

rpmb: remove unnecessary check

Remove unnecessary check to fix compile warning reported
by clang as following:

core/tee/tee_rpmb_fs.c:2051:11: warning: address of array 'fh->filename'
will always evaluate to 'true' [-Wpointer-bool-conversion]
if (fh->filename && (!strcmp(fh->filename,
fe->filename)) &&
~~~~^~~~~~~~ ~~
core/tee/tee_rpmb_fs.c:2134:10: warning: address of array 'fh->filename'
will always evaluate to 'true' [-Wpointer-bool-conversion]
if (fh->filename && !fh->rpmb_fat_address)
~~~~^~~~~~~~ ~~

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Signed-off-by: Peikan Tsai <peikantsai@gmail.com>
Reviewed-by: YJ Chiang <yj.chiang@mediatek.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutils: confine_array_index: fix clang build trace for Thumb2

Avoid trace 'deprecated instruction in IT block [-Werror,-Winline-asm]'
when building with CLang. The message states performance issue

libutils: confine_array_index: fix clang build trace for Thumb2

Avoid trace 'deprecated instruction in IT block [-Werror,-Winline-asm]'
when building with CLang. The message states performance issue which
is true but prefer the performance cost over the security flaw hence
warning trace is removed without embedded code changed.

Fixes: 2b6dd0df52b4 ("confine_array_index.h: add A32 and T32 versions of confine_array_index()")
Suggested-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: confine_array_index: fix 32bit modes implementation

Fix implementation of confine_array_index() for 32bit Arm and Thumb2
modes as previous implementation did not set the return value
expli

libutils: confine_array_index: fix 32bit modes implementation

Fix implementation of confine_array_index() for 32bit Arm and Thumb2
modes as previous implementation did not set the return value
explicitly and relied on luck with the layout of the machine code
to return the correct value.

Fixes: https://github.com/OP-TEE/optee_os/issues/3799
Fixes: 2b6dd0df52b4 ("confine_array_index.h: add A32 and T32 versions of confine_array_index()")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu,qemu_v8)
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obvi

stm32mp1: seed PRNG with STM32 RNG

Initialize the core PRNG with samples from the SoC RNG during early
initialization. PRNG is used to generate random samples used early
before all services and obviously device and peripheral drivers
are initialized. Therefore the platform sequence to seed the PRNG
locally handles RNG clock and reset without relying on clock and
reset device OP-TEE drivers as these are not yet initialized.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: use serialargs_get_session_from_handle()

Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle seri

ta: pkcs11: use serialargs_get_session_from_handle()

Change command processing entry functions to use helper function
serialargs_get_session_from_handle() to get session from the
session handle serialized input argument instead of the 2 step
serialargs_get()/pkcs11_handle2session().

No functional change as current functions always first checked
session validity prior other arguments validity, assuming client
arguments were well serialized.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: helper function to get session from serial arguments

Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client seri

ta: pkcs11: helper function to get session from serial arguments

Add helper function serialargs_get_session_from_handle() to get
session instance from a 32bit session handle value in the
client serialized arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clang: pager: use the normal linker (ld.lld)

Since LLVM commit [1] ("[ELF] Keep orphan section names (.rodata.foo
.text.foo) unchanged if !hasSectionsCommand"), ld.lld behaves like GNU
ld rega

core: clang: pager: use the normal linker (ld.lld)

Since LLVM commit [1] ("[ELF] Keep orphan section names (.rodata.foo
.text.foo) unchanged if !hasSectionsCommand"), ld.lld behaves like GNU
ld regarding output section names. So, we can remove our temporary hack.

This also fixes a build issue when a newer Clang (v11 master) is used
together with an older GNU ld (8.3 for instance) due to the latter not
supporting some GNU_PROPERTY_* values generated by the Clang compiler:

LD out/arm/core/tee.elf
bin/aarch64-linux-gnu-ld: warning: out/arm/core/ta_pub_key.o: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0000000
...

Link: [1] https://github.com/llvm/llvm-project/commit/9e33c096476a
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch

core: arm64: fix .section directive

Clang built from the llvm-project master branch (git describe:
llvmorg-11-init-12683-g54b3f91d205) causes the following build error:

AS out/arm/core/arch/arm/kernel/generic_entry_a64.o
core/arch/arm/kernel/generic_entry_a64.S:426:2: error: changed section flags for .identity_map, expected: 0x6
.section .identity_map
^

Some information about this error can be found in the description for
LLVM commit [1] ("[MC][ELF] Error for sh_type, sh_flags or sh_entsize
change").

The ".section .identity_map" directive does not mention any flags so
since the section name is not a well-known one (.text etc.), the flags
default to none [2]. However, at this point in the source file we
already have emitted code into .text* which has flags "ax" (and type
%progbits), so the line does indeed change the flags, hence the compile
error.

This commit adds the missing flags and type.

Link: [2] https://sourceware.org/binutils/docs/as/Section.html "ELF Version"
Link: [1] https://github.com/llvm/llvm-project/commit/75af9da75572
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and

core: clang: add --apply-dynamic-relocs linker flag

Core ASLR relies on the executable being ready to run from its
preferred load address, because some symbols are used before the MMU is
enabled and relocations are applied. Clang (ld.lld) on Aarch64 needs a
special flag for this: --apply-dynamic-relocs. Without the flag the
R_AARCH64_RELATIVE places are initially filled with zeros.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: fix return code in convert_ltc_verify_status()

Calling TEE_AsymmetricVerifyDigest() with invalid RSA signature
length cause TA to panic. By GP TEE Internal Core specs,
TEE_Asymmet

core: libtomcrypt: fix return code in convert_ltc_verify_status()

Calling TEE_AsymmetricVerifyDigest() with invalid RSA signature
length cause TA to panic. By GP TEE Internal Core specs,
TEE_AsymmetricVerifyDigest() shouldn't cause panic when call
with invalid signature length.

Fixes: a3f5668a0cae ("core: ltc: RSA signature verification: fix return code")
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: set default token serial number based on token ID

With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value

ta: pkcs11: set default token serial number based on token ID

With this change, token serial number is string "0...0000000<N>" over
16 characters, led with '0' and ending with token ID decimal value.

It is common for the client application to decide the slot to use
based on the token serial number. Therefore change the default value
to be based on the token ID to avoid having the same serial numbers
on every token.

Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
[jf: cast sizeof() to int in snprintf() with field with specifier '*']
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: set slot information to gpd.tee.deviceID if available

Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).

Co-develo

ta: pkcs11: set slot information to gpd.tee.deviceID if available

Use gpd.tee.deviceID to provide a device specific UUID as part of the
slot information (field with enough size for UUID).

Co-developed-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: remove unused variable token in entry_ck_slot_info()

Remove unused variable token in entry_ck_slot_info().
No functional change.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro

ta: pkcs11: remove unused variable token in entry_ck_slot_info()

Remove unused variable token in entry_ck_slot_info().
No functional change.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carrie

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. Th

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. This
change removes this support as it simplifies BSEC initialization
structure.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etien

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not B

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not BSEC internal disturbance
error as only shadowing or writing OTPs can report BSEC disturbance
issues.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...