core: mm: add core_mmu_for_each_nsec_ddr support

Currently all TZC drivers implement the nsec_ddr configuration via
compile time configuration switches. This fact is not ideal for
platforms which ha

core: mm: add core_mmu_for_each_nsec_ddr support

Currently all TZC drivers implement the nsec_ddr configuration via
compile time configuration switches. This fact is not ideal for
platforms which have various DRAM settings.

OP-TEE already supports discovering the nsec_ddr chunks during the early
boot process but doesn't expose this information. Therefore this foreach
helper is added which can be used by the TZC drivers to address the
above use-case.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: refactor region number handling

Move the region number handling into imx_tzc_auto_configure(), to make
it possible to call the helper without ext. required context.

This is re

drivers: imx: tzc380: refactor region number handling

Move the region number handling into imx_tzc_auto_configure(), to make
it possible to call the helper without ext. required context.

This is required for the upcoming dynamic ddr size configuration.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add support to check TZASC enable state

If OP-TEE is used the TZASC should be enabled to validate the memory
access. This adds the initial support for the i.MX6 and i.MX8M to c

drivers: imx: tzc380: add support to check TZASC enable state

If OP-TEE is used the TZASC should be enabled to validate the memory
access. This adds the initial support for the i.MX6 and i.MX8M to check
if the TZASC is enabled and throw a panic if not.

Once all platforms are covered this CFG_TZASC_CHECK_ENABLED should be
removed and the check should be done by default to enforce that the
TZASC is running.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add support to verify region0

There are platforms where memory aliasing can't be prevented, e.g. the
i.MX8M. If the previous running firmware configured region0, which
covers t

drivers: imx: tzc380: add support to verify region0

There are platforms where memory aliasing can't be prevented, e.g. the
i.MX8M. If the previous running firmware configured region0, which
covers the whole AXI address space, to be accessible from secure and
non-secure world the OP-TEE core memory would be accessible via memory
aliasing.

To prevent such attacks we need to ensure that region0 is accessible
from the secure world only.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: tzc380: add tzc_verify_region0_secure helper

Add a helper which verifies that region0 is only accessible by the
secure world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Review

drivers: tzc380: add tzc_verify_region0_secure helper

Add a helper which verifies that region0 is only accessible by the
secure world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: tzc380: add support to dump region0

Dumping region0 is interesting too since it may have a insecure sp
configuration applied by the previous running firmware.

Reviewed-by: Sahil Malhotra <

drivers: tzc380: add support to dump region0

Dumping region0 is interesting too since it may have a insecure sp
configuration applied by the previous running firmware.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

drivers: imx: tzc380: add CFG_MX6QP TZASC2 configuration

The i.MX6DP/QP SoCs have a 2nd memory controller as well which must be
configured.

This commit covers only the i.MX6QP because there is no i

drivers: imx: tzc380: add CFG_MX6QP TZASC2 configuration

The i.MX6DP/QP SoCs have a 2nd memory controller as well which must be
configured.

This commit covers only the i.MX6QP because there is no i.MX6DP OP-TEE
platform yet.

Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>

show more ...

core: riscv: core_mmu_arch: zero-initialize new page tables

New page table pages must always start cleared. On some
platforms (e.g., QEMU) RAM happens to be zeroed at reset,
but on real hardware (FP

core: riscv: core_mmu_arch: zero-initialize new page tables

New page table pages must always start cleared. On some
platforms (e.g., QEMU) RAM happens to be zeroed at reset,
but on real hardware (FPGA/SoC DDR) may not be the case.
Without this memset, stale contents can make
core_mmu_map_region() see non-zero old_attr and panic with
"Page is already mapped" when CFG_DYN_CONFIG is enabled.

Signed-off-by: Yu-Chien Peter Lin <peter.lin@sifive.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Aksha

crypto: asu: Add crypto hash driver

Add support for following Hash algorithms
SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services

drivers: amd: Add ASU support

Add support for the AMD Application Security Unit (ASU), the on-chip
Hardware Security Module (HSM) for Versal Gen 2.
The ASU manages all device-level security services for user
applications, extending beyond accelerator-centric tasks.
Its firmware also exposes several software-based cryptographic
primitives, including:
- Key transfer
- RSA authentication (multiple padding schemes)
- HMAC
- Key Derivation Function (KDF)
- Key wrap / unwrap

Co-developed-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Harsh Jain <h.jain@amd.com>
Signed-off-by: Akshay Belsare <akshay.belsare@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix cache invalidation of RSA buffer

When using CAAM to generate an RSA key the CPU caching of the DMA
buffers need to be controlled to ensure the correct visibility for both
devices.

drivers: caam: fix cache invalidation of RSA buffer

When using CAAM to generate an RSA key the CPU caching of the DMA
buffers need to be controlled to ensure the correct visibility for both
devices. For the n parameter the wrong address was used when
invalidating the CPU cache after the DMA operation, resulting in <key
length> bytes of the stack being invalidated (without flushing to
memory) instead of the buffer.

The first potential consequence of this is that any parts of the n
buffer that were cached during the key generation won't get read from
RAM, resulting in a corrupt key. This is unlikely since the n buffer
was correctly flushed immediately before starting the CAAM operation.
To reliably reproduce this, a read that should normally be harmless can
be inserted immediately before caam_jr_enqueue:
((volatile uint8_t *)genkey.n.data)[0];

The second effect of this bug is that parts of the do_gen_keypair stack
frame will have its cache lines invalidated (again without write back to
memory). With 4096 bit keys and a compiler that produces the right stack
layout this affects callee saved registers, the return pointer and
potentially a stack canary. I have not been able to see the effects of
this on my iMX8MQ test device.

Fixes: ccbcceeb73c1 ("drivers: caam: add CAAM key support for RSA")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: caam: handle serialization of short params

Adjusts the caam key serialization code to account for keys where
sec_size < buf.length. When that is the case the serialization can only
touch th

drivers: caam: handle serialization of short params

Adjusts the caam key serialization code to account for keys where
sec_size < buf.length. When that is the case the serialization can only
touch the first sec_size bytes since the rest are invalid, and the
serialized length is thus sec_size.

If the default key type has been changed to plain this can happen during
RSA keygen if the d parameter ends up shorter than the key size in
bytes. In that case the valid bytes are at the front of the buffer and
do_gen_keypair accounts for this by setting sec_size correctly, and
caam_key_serialize_to_bn is called with an inkey in the sec_size <
buf.length state. This ended up creating corrupt keys for roughly 1% of
keygens, and was caught by various RSA tests in optee_test.

Fixes: 1495f6c4a82a ("drivers: caam: add CAAM key driver")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

drivers: caam: fix bits/bytes confusion

Fixes two mixups of bits and bytes in caam_key_init that roughly cancel
each other out. Both sec_size and the result from
caam_key_serialized_size are values

drivers: caam: fix bits/bytes confusion

Fixes two mixups of bits and bytes in caam_key_init that roughly cancel
each other out. Both sec_size and the result from
caam_key_serialized_size are values in bytes, so the key sizes in bits
need to be converted. For plain text keys this makes no difference to
the result since they cancel each other out exactly.

For the default key type of BLACK_CCM the blob overhead is now correctly
counted as bytes instead of bits which decreases the headroom, but since
the default config of 4576 was calculated correctly, the assert still
shouldn't fail.

Fixes: 1495f6c4a82a ("drivers: caam: add CAAM key driver")
Signed-off-by: Martin Nyhus <martin@nyhus.dev>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

MAINTAINERS: update Gatien's e-mail address

I am changing employer. Change my email address to a dedicated personal
one to keep an eye on the stm32 changes for now.

Signed-off-by: Gatien Chevallier

MAINTAINERS: update Gatien's e-mail address

I am changing employer. Change my email address to a dedicated personal
one to keep an eye on the stm32 changes for now.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: drivers: Increase mailbox timeout to 1000ms

Mailbox driver waits for 10ms to get a response from TIFS, before
flagging the transaction a failure. 10ms seems to be right at the edge,
since u

plat-k3: drivers: Increase mailbox timeout to 1000ms

Mailbox driver waits for 10ms to get a response from TIFS, before
flagging the transaction a failure. 10ms seems to be right at the edge,
since unrelated updates to other components in the boot chain are
causing the actual wait time to increase. Therefore increase the timeout
to 1000ms.

1000ms is chosen to keep uniformity with the mailbox driver in TF-A.

Signed-off-by: Suhaas Joshi <s-joshi@ti.com>
Reviewed-by: Andrew Davis <afd@ti.com>

show more ...

MAINTAINERS: add MediaTek maintainer entry

Edit MAINTAINERS to add myself as maintainer for MediaTek support.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>

plat-rockchip: px30: set CFG_CRYPTO_WITH_CE ?= y

Similarly to what's been done to RK3399 in commit 3ab148c8f4a0
("plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y"), we can enable
the Arm Cryptogr

plat-rockchip: px30: set CFG_CRYPTO_WITH_CE ?= y

Similarly to what's been done to RK3399 in commit 3ab148c8f4a0
("plat-rockchip: rk3399: set CFG_CRYPTO_WITH_CE ?= y"), we can enable
the Arm Cryptography Extensions by default for PX30 as Rockchip claims
they are supported in the datasheet[1].

Tested with:

xtest --aes-perf -m XTS -s 1000000 -n 1000

Before:
min=88574.2us max=91273us mean=88942.8us stddev=234.498us (cv 0.26365%) (10.7223MiB/s)

After:
min=3297.58us max=3655.75us mean=3464.66us stddev=59.7159us (cv 1.72357%) (275.258MiB/s)

Link: https://opensource.rock-chips.com/images/8/87/Rockchip_PX30_Datasheet_V1.4-20191227.pdf [1]
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...

core: arm: link.mk: Fix typo for python command line

Fix typo for python command line
$(q)scripts/gen_tee_bin.py => $(q)$(PYTHON3) scripts/gen_tee_bin.py

Signed-off-by: guan-gm.lin <guan-gm.lin@med

core: arm: link.mk: Fix typo for python command line

Fix typo for python command line
$(q)scripts/gen_tee_bin.py => $(q)$(PYTHON3) scripts/gen_tee_bin.py

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something al

plat-rockchip: disable early console by default

The early console is very useful for debugging. Alas, a misconfigured
early console seems to be halting/panicking OP-TEE OS.

Better have something always work possibly without console output (e.g.
if no FDT is passed to OP-TEE OS) than crashing without information.

The user can still enable the console if they want to for debugging
sessions.

This fixes OP-TEE OS crashing on RK3399 Puma which uses UART0 instead of
default UART2.

I've tested on PX30 and RK3588 by specifying a UART controller different
from the one that can be used by the device.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

show more ...

plat-mediatek: add support for MT7987 SoC

Add OP-TEE support for the MT7987 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-mediatek: add support for MT7981 SoC

Add OP-TEE support for the MT7981 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-mediatek: add support for MT7986 SoC

Add OP-TEE support for the MT7986 SoC.

Signed-off-by: guan-gm.lin <guan-gm.lin@mediatek.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

ta: pkcs11: fix eddsa key reusage

EdDsa key weren't enabled to be re-used in the same session in the
load_tee_key function, forcing the client to close the session and
open it again whenever the sam

ta: pkcs11: fix eddsa key reusage

EdDsa key weren't enabled to be re-used in the same session in the
load_tee_key function, forcing the client to close the session and
open it again whenever the same operation should have been done
multiple times.

Closes: https://github.com/OP-TEE/optee_os/issues/7686
Fixes: 03e07432b68f ("ta: pkcs11: Add Ed25519 support")
Signed-off-by: Christian Zoia <czoia@amazon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

core: ffa: support fragmented memory transaction via S-EL2 SPMC

Add support to retrieve a fragmented memory transaction via an SPMC at
S-EL2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.or

core: ffa: support fragmented memory transaction via S-EL2 SPMC

Add support to retrieve a fragmented memory transaction via an SPMC at
S-EL2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@arm.com>

show more ...

core: ffa: harden memory transaction checks

Harden the checks for FF-A memory transaction operations. Check that
internal parts are well aligned and that we can handle fragmented
transactions.

Sign

core: ffa: harden memory transaction checks

Harden the checks for FF-A memory transaction operations. Check that
internal parts are well aligned and that we can handle fragmented
transactions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@arm.com>

show more ...