ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signe

ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a stri

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a strings are stored in a constant array. Macros
PKCS11_ID() ease definition of ID/string conversion arrays content.
Function id2str() finds the string for a IDs possibly skip a given
prefix, i.e. printing "ENCRYPT" instead of "PKCS11_CKFM_ENCRYPT".

TA command IDs are the first introduced ID/string conversion util.
Function id2str_ta_cmd() return string "PKCS11_CMD_..." for a known
command ID.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@f

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey960: fix support for 4G & 6G boards

Since commit 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
platforms are required to define CFG_CORE_ARM64_PA_BITS if their physical
address

hikey960: fix support for 4G & 6G boards

Since commit 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
platforms are required to define CFG_CORE_ARM64_PA_BITS if their physical
address space extends beyond 4G. This was missing for HiKey960 4G & 6G
versions, which indeed have addresses beyond 4G.

Signed-off-by: Henrik Uhrenfeldt <henrik.uhrenfeldt@huawei.com>

show more ...

core: driver: Fix CAAM Hash - User Buffers

Fix the CAAM Hash driver when input/output buffers are User buffers
allocated on multiple Small Pages.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com

core: driver: Fix CAAM Hash - User Buffers

Fix the CAAM Hash driver when input/output buffers are User buffers
allocated on multiple Small Pages.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: CAAM driver User Buffer SGT create

CAAM Driver can operate directly with the User Buffer and in this
case, the buffer can be on non-contiguous physical page.

CAAM is using a DMA to load/st

drivers: CAAM driver User Buffer SGT create

CAAM Driver can operate directly with the User Buffer and in this
case, the buffer can be on non-contiguous physical page.

CAAM is using a DMA to load/store data from memory. The DMA is working
with physical address. In case of the User Buffer, if the buffer is
crossing multiple Small Page, a CAAM Scatter Gather Table needs to
be created to rebuild the physical memory chunks used by the User virtual
buffer.

Add a function to check if a buffer is a User buffer crossing mutliple
small page.
Add a function to create a SGT Table of the User buffer.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l 15):
| 44074 subtests of which 0 failed
| 96 test cases of which 0 failed
| 0 test cases were skipped
| TEE test application done!

* Compiled with:
| make PLATFORM=amlogic

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Carlo Caione <ccaione@baylibre.com>

show more ...

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provid

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provides an output buffer.

Add helpers to trace command and parameters configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable IDs.

Define PKCS11_TRUE/PKCS11_FALSE for boolean attributes.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step f

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step for the PKCS#11 TA that introduces the TA skeleton
source file tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: fix warnings when CFG_CORE_DYN_SHM=n && CFG_SECURE_DATA_PATH=n

Static function pbuf_is_special_mem() is used only when dynamic shared
memory or secure data path are enabled. Add the proper

core_mmu: fix warnings when CFG_CORE_DYN_SHM=n && CFG_SECURE_DATA_PATH=n

Static function pbuf_is_special_mem() is used only when dynamic shared
memory or secure data path are enabled. Add the proper #ifdefs to fix
the following warning:

$ make -s CFG_CORE_DYN_SHM=n CFG_SECURE_DATA_PATH=n
core/arch/arm/mm/core_mmu.c:260:13: warning: ‘pbuf_is_special_mem’ defined but not used [-Wunused-function]
260 | static bool pbuf_is_special_mem(paddr_t pbuf, size_t len,
| ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: entry_fast.c: fix warning when CFG_CORE_DYN_SHM=n

When CFG_CORE_DYN_SHM=n and CFG_TEE_CORE_LOG_LEVEL<3 we have:

$ make -s CFG_CORE_DYN_SHM=n CFG_TEE_CORE_LOG_LEVEL=2
core/arch/arm/tee/entry

core: entry_fast.c: fix warning when CFG_CORE_DYN_SHM=n

When CFG_CORE_DYN_SHM=n and CFG_TEE_CORE_LOG_LEVEL<3 we have:

$ make -s CFG_CORE_DYN_SHM=n CFG_TEE_CORE_LOG_LEVEL=2
core/arch/arm/tee/entry_fast.c: In function ‘tee_entry_exchange_capabilities’:
core/arch/arm/tee/entry_fast.c:65:7: warning: unused variable ‘dyn_shm_en’ [-Wunused-variable]
65 | bool dyn_shm_en = false;
| ^~~~~~~~~~

Add __maybe_unused to get rid of the warning.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public
key generated and returned.

Fixes: 34789f62982f ("libmbedtls: support mbedtls DH function")

Signed-off-by: Cao, Vincent T <vincent.t.cao@intel.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

libfdt: move to version v1.5.1

Imports upstream libfdt version v1.5.1 [1]. Things worthy of note:

- SPDX license identifiers were added upstream in commit 94f87cd5b7c5
("libfdt: Add dual GPL/BSD

libfdt: move to version v1.5.1

Imports upstream libfdt version v1.5.1 [1]. Things worthy of note:

- SPDX license identifiers were added upstream in commit 94f87cd5b7c5
("libfdt: Add dual GPL/BSD SPDX tags to files missing license text").
They conflict with those we have added locally in commit 1bb929836182
("Add SPDX license identifiers"). We added "BSD-2-Clause" while
upstream added "GPL-2.0-or-later OR BSD-2-Clause". This commit keeps
the upstream tags.

- At this stage we carry no local modification except for two minor
things enabling C99 compliance:
1. Zero sized arrays at the end of structs fdt_node_header and
fdt_property are changed from "[0]" to "[]",
2. An extra semicolon is removed after the static function
overlay_fixup_one_phandle().
These changes were in the initial import already, commit b908c67504cd
("Import libfdt v1.4.1").

Link: [1] https://github.com/dgibson/dtc/tree/v1.5.1/libfdt
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text parameter, as a more
understandable alias of universal_newlines.

In order to avoid a runtime error with versions of Python prior to 3.7,
replace the 'text' parameter with 'universal_newlines'.

Link: [1] https://docs.python.org/3/library/subprocess.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-imx: Add SA settings for i.MX6UL

The Secure Access register configures the access mode for non-TrustZone
aware DMA masters. To ensure that no DMA master can read the secure
memory for OP-TEE, w

plat-imx: Add SA settings for i.MX6UL

The Secure Access register configures the access mode for non-TrustZone
aware DMA masters. To ensure that no DMA master can read the secure
memory for OP-TEE, we set access for all masters except the
processor (Cortex-A7) to non-secure only and lock the settings
afterwards.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Review

plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissie

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add read_mpidr() macro

Adds the macro read_mpidr() to arm64.h to avoid ifdefs in code.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklan

core: arm64.h: add read_mpidr() macro

Adds the macro read_mpidr() to arm64.h to avoid ifdefs in code.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: read thread_vector_table from assembly

Reads and returns thread_vector_table directly from assembly instead of
saving the return value from generic_boot_init_primary(). With this
generic_boot_

core: read thread_vector_table from assembly

Reads and returns thread_vector_table directly from assembly instead of
saving the return value from generic_boot_init_primary(). With this
generic_boot_init_primary() is declared in the same way when configured
with or without TF-A.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pseudo_ta: check size of mapped mobj

Add a check in copy_in_param() to see that the mobj is large enough
to hold the mapped parameter.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Sig

core: pseudo_ta: check size of mapped mobj

Add a check in copy_in_param() to see that the mobj is large enough
to hold the mapped parameter.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj_phys_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wi

core: mobj_phys_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj_reg_shm_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens

core: mobj_reg_shm_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...