drivers: caam: change CAAM debug trace method

Change the method to enable the CAAM debug.
Split the debug compilation 32 bits word to 3x32 bits words, one for the
trace, one for the descriptor dump

drivers: caam: change CAAM debug trace method

Change the method to enable the CAAM debug.
Split the debug compilation 32 bits word to 3x32 bits words, one for the
trace, one for the descriptor dump and one for the buffer dump.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use adr_l to allow bigger data sections

Compiling for NXP lx2160ardb with debug enabled fails with:

$ make -j32 CFG_ARM64_core=y PLATFORM=ls-lx2160ardb DEBUG=1
...
LD out/arm-plat-l

core: use adr_l to allow bigger data sections

Compiling for NXP lx2160ardb with debug enabled fails with:

$ make -j32 CFG_ARM64_core=y PLATFORM=ls-lx2160ardb DEBUG=1
...
LD out/arm-plat-ls/core/all_objs.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_sync_a64':
core/arch/arm/kernel/thread_a64.S:271:(.text.thread_excp_vect+0x424): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:271:(.text.thread_excp_vect+0x43c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_irq_a64':
core/arch/arm/kernel/thread_a64.S:283:(.text.thread_excp_vect+0x4a4): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:283:(.text.thread_excp_vect+0x4bc): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_fiq_a64':
core/arch/arm/kernel/thread_a64.S:290:(.text.thread_excp_vect+0x524): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:290:(.text.thread_excp_vect+0x53c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_sync_a32':
core/arch/arm/kernel/thread_a64.S:306:(.text.thread_excp_vect+0x624): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:306:(.text.thread_excp_vect+0x63c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_irq_a32':
core/arch/arm/kernel/thread_a64.S:318:(.text.thread_excp_vect+0x6a4): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:318:(.text.thread_excp_vect+0x6bc): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_fiq_a32':
core/arch/arm/kernel/thread_a64.S:325:(.text.thread_excp_vect+0x724): additional relocation overflows omitted from the output

So let's replace adr with adr_l and apply a similar fix as
commit 82d398c0e05c ("core: generic_entry_a64.S: use adr_l to allow
bigger data sections") suggests.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
[jf: reformat commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: save_panic_stack(): make sure tsd is initialized

If a TA fails to load due to an assertion failure in ldelf, the user
stack might be inaccessible. save_panic_stack() detects this situation
but

core: save_panic_stack(): make sure tsd is initialized

If a TA fails to load due to an assertion failure in ldelf, the user
stack might be inaccessible. save_panic_stack() detects this situation
but fails to set abort information in the thread specific data (tsd).
As a result, the stack unwinding code can erroneously execute kernel
unwinding code and trigger an assertion:

E/TC:? 0 assertion 'thread_get_exceptions() & THREAD_EXCP_FOREIGN_INTR' failed at core/arch/arm/include/kernel/misc.h:22 <get_core_pos>

The fix consists in moving the tsd initialization above the user stack
accessibility check.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: exclude generic_boot_init_primary() from unpaged part

Excludes generic_boot_init_primary() from unpaged part and makes sure
it's still in the init part.

Reviewed-by: Jerome Forissier <jerome@

core: exclude generic_boot_init_primary() from unpaged part

Excludes generic_boot_init_primary() from unpaged part and makes sure
it's still in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: exclude core_init_mmu_map() from unpaged part

Excludes core_init_mmu_map() from unpaged part and makes sure it's still
in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
S

core: exclude core_init_mmu_map() from unpaged part

Excludes core_init_mmu_map() from unpaged part and makes sure it's still
in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: exclude get_aslr_seed() from unpaged part

Excludes get_aslr_seed() from unpaged part and makes sure it's still in
the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-of

core: exclude get_aslr_seed() from unpaged part

Excludes get_aslr_seed() from unpaged part and makes sure it's still in
the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: se

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: seeding RNG with zeroes

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers
to construct and destruct global objects. They can also be used in C
thanks to __attribute__((constructor)) and __attribute__((destructor)).

A global structure is added to libutee. ldelf is responsible for
filling it with the addresses of the functions pointer arrays present
in the ELF files whenever such a file is loaded. Since the number of
arrays is unknown at compile time (it depends on how many ELF files are
loaded, and whether they have constructors or destructors), memory is
allocated on the TA heap.

Two helper functions are introduced: __utee_call_elf_init_fn() and
__utee_call_elf_fini_fn(). They are used when the TA instance is
created and torn down, as well as by dlopen().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8, HiKey960 32/64)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs_ta: fix bootstrap header size check

This change fix bootstrap header size check. Before it use
sizeof(bs_hdr) but bs_hdr is a struct pointer. Correct it
to sizeof(*bs_hdr)

Fixes: 18339

core: ree_fs_ta: fix bootstrap header size check

This change fix bootstrap header size check. Before it use
sizeof(bs_hdr) but bs_hdr is a struct pointer. Correct it
to sizeof(*bs_hdr)

Fixes: 183398139c9c ("core: enable rollback protection for REE-FS TAs")
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: fix check of memory physical end address

Correct test on memory physical end address that was not consistent
in use of core_mmu_check_end_pa().

This change fixes core_mmu_set_discovered_

core: mmu: fix check of memory physical end address

Correct test on memory physical end address that was not consistent
in use of core_mmu_check_end_pa().

This change fixes core_mmu_set_discovered_nsec_ddr() where
core_mmu_check_end_pa() was called with a byte length argument
decreased by one whereas it should provide the effective byte size
of the memory area.

This change fixes core_mmu_check_end_pa() so that it computes
the end address as start address plus byte size minus one to
obtain the inclusive end address core_mmu_check_max_pa() expects
as input argument.

Fixes: 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add plat_rpmb_ready for i.MX6/7

For i.MX6/7 RPMB key writes should only be allowed if the device is in
the closed configuration and in the trusted or secure state.

Signed-off-by: Rouven

core: imx: add plat_rpmb_ready for i.MX6/7

For i.MX6/7 RPMB key writes should only be allowed if the device is in
the closed configuration and in the trusted or secure state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

rpmb: function to block rpmb write per platform

Often the RPMB should only be written if the platform is in the correct
state where the Hardware Unique Key (HUK) for the platform works
correctly. As

rpmb: function to block rpmb write per platform

Often the RPMB should only be written if the platform is in the correct
state where the Hardware Unique Key (HUK) for the platform works
correctly. As an example on imx platforms with HUK derivation from the
OTPMK, the OTPMK is only accessible from the secure or trusted state.
Add a function and weak implementation for platforms to indicate that
the device is in the correct state to allow RPMB key writes.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signe

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

ta: pkcs11: report PKCS11 return code to client

For the PKCS11 TA to provide client a meaningful return code as per
PKCS#11 specification, the GPD TEE command invocation return code
is forced to TEE

ta: pkcs11: report PKCS11 return code to client

For the PKCS11 TA to provide client a meaningful return code as per
PKCS#11 specification, the GPD TEE command invocation return code
is forced to TEE_SUCCESS and client is expected to read effective
PKCS11 return code (which can report a success or a failure) from
invocation parameter #0 that must be a input/output memory
reference. The status is return as a 32bit value in the output
buffer.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store a PKCS#11 compliant status to the client.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the call

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the caller client providing a cryptoki
compliant return value for the client API functions.

There are PCSK11 TA specific return values that are defined and
used only internally in the TA: PKCS11_RVçNOT_FOUND and
PKCS11_RV_NOT_IMPLEMENTED.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with sha

symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with shared libraries typically), the command may fail to return
the expected output and print "symbolic link to <some path>" instead.

This behavior of the "file" command depends on the environment variable
POSIXLY_CORRECT. In order to not depend on this, this commit adds the
-L option (follow symlinks).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: remove utee_misc.h and utee_misc.c

utee_misc.{h,c} contain an unused function: utee_get_ta_exec_id(), and
nothing else. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>

libutee: remove utee_misc.h and utee_misc.c

utee_misc.{h,c} contain an unused function: utee_get_ta_exec_id(), and
nothing else. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

clang: use llvm-objdump

Clang version 9.0.0 has a llvm-objdump tool that provides equivalent
output to the binutils version. Let's use it and remove the hack in
mk/clang.mk.

With this, it is possib

clang: use llvm-objdump

Clang version 9.0.0 has a llvm-objdump tool that provides equivalent
output to the binutils version. Let's use it and remove the hack in
mk/clang.mk.

With this, it is possible to build OP-TEE with Clang and without a GCC
toolchain.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) en

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) entries are shown.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Revert "ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk"

This reverts commit 59e8ef0dcb3773964fd133d0a9360989cb86108f.

The default value for CFG_FTRACE_BUF_SIZE needs to be in the TA link
script

Revert "ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk"

This reverts commit 59e8ef0dcb3773964fd133d0a9360989cb86108f.

The default value for CFG_FTRACE_BUF_SIZE needs to be in the TA link
script ta.ld.S, because this file is *not* pre-processed before being
added to the TA dev kit. Replacement of CFG_* values only happens when
the TA is built, at which point mk/config.mk is irrelevant. It makes
sense of course, since it allows to change TA settings and re-build
only the TA.

Fixes the following TA link error:

$ make CFLAGS_ta_arm32=-pg
[...]
bin/arm-linux-gnueabihf-ld.bfd:out/ta.lds:57: undefined symbol `CFG_FTRACE_BUF_SIZE' referenced in expression

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

MAINTAINERS: fix my email address

An extra dot is present in my email address in the "Hisilicon
Hi3519AV100 family" subsystem. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Revi

MAINTAINERS: fix my email address

An extra dot is present in my email address in the "Hisilicon
Hi3519AV100 family" subsystem. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to e

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to extend the measurements.

CFG_CORE_TPM_EVENT_LOG enables this feature.
CFG_TPM_LOG_BASE_ADDR hardcodes the phys address of the event log
in case CFG_DT is not set.
CFG_TPM_MAX_LOG_SIZE harcodes the size of the event log in case
CFG_DT is not set.

When this feature is enabled, the PTA_SYSTEM_GET_TPM_EVENT_LOG
command is available to any TA.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

imx: enable CFG_TZC380 for supported SoCs

Enable the region autoconfiguration for supported SoCs by default.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faur

imx: enable CFG_TZC380 for supported SoCs

Enable the region autoconfiguration for supported SoCs by default.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

imx: tzc380: move to driver_init() initcall

Instead of configuring the tzc380 in plat_primary_init_early, handle the
configuration similar to all other drivers by using a driver_init()
initcall.

Si

imx: tzc380: move to driver_init() initcall

Instead of configuring the tzc380 in plat_primary_init_early, handle the
configuration similar to all other drivers by using a driver_init()
initcall.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...