core: user_ta: refactor struct load_seg

Removes unneeded offs and oend fields from struct load_seg and add a
mobj field. With the mobj stored in struct load_seg mobj_code in struct
user_ta_elf isn't

core: user_ta: refactor struct load_seg

Removes unneeded offs and oend fields from struct load_seg and add a
mobj field. With the mobj stored in struct load_seg mobj_code in struct
user_ta_elf isn't needed any longer and is removed.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace ta_head.entry with elf entry

Prior to this patch the entry function of the TA was stored in ta_head
which is located in a read-only section of the TA. This results in the
linker emitting a r

Replace ta_head.entry with elf entry

Prior to this patch the entry function of the TA was stored in ta_head
which is located in a read-only section of the TA. This results in the
linker emitting a relocation modifying a read-only section. This is a
problem if the read-only section is mapped read-only while relocations
are performed. To avoid this problematic relocation the ta_head.entry
is removed and the ELF entry point is used instead.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: arm: ta.ld.S: move relocation segments

Move relocation segments into the read/write section to avoid
modifications of the read only compared to what is in the ELF.
This is needed for sharing of

ta: arm: ta.ld.S: move relocation segments

Move relocation segments into the read/write section to avoid
modifications of the read only compared to what is in the ELF.
This is needed for sharing of read only sections of TAs.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add a file object interface

Adds a file object interface which is an abstraction of the storage part
in a struct tee_pager_area. This adds no new features, just moves some code
from tee_pager.

core: add a file object interface

Adds a file object interface which is an abstraction of the storage part
in a struct tee_pager_area. This adds no new features, just moves some code
from tee_pager.c into fobj.c.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: keep alive TA context can be created after TA has panicked

When a keep alive TA instance panics, it continues to exist and
blocks all further use of the TA until the next reboot of the system.

core: keep alive TA context can be created after TA has panicked

When a keep alive TA instance panics, it continues to exist and
blocks all further use of the TA until the next reboot of the system.
Moreover, when a new session is trying to be created for
the panicked TA (while another session to that TA is still opened),
the system hangs.

This change releases panicked TA context and clears all references to
the released context when the TA panics regardless the TA properties.
This allows keep alive TA instances to be created back after they have
panicked without needing to reboot OP-TEE core.

Sessions on panicked TAs have to be closed by the client by calling
the proper API when session client is scheduled back.

Signed-off-by: Ovidiu Mihalachi <ovidiu_mihalachi@mentor.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: handle user TA context released from session

Change is_user_ta_ctx() to support NULL context reference. For such
references the function now returns boolean value false. This allows
caller to

core: handle user TA context released from session

Change is_user_ta_ctx() to support NULL context reference. For such
references the function now returns boolean value false. This allows
caller to nicely abort their sequence when the context reference
is already released from the session instance. Note that caller shall
not assume a context refer to a PTA when is_user_ta_ctx() return
false, it shall call is_pseudo_ta_ctx().

A side effect is that few test on reference and function return value
can be simplified.

This change also ensures TA dump_state() function does not crash when
called provides a null context reference.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: clean shared resource to use vaddr_t

Replace type uintptr_t with type vaddr_t when applicable for consistency
with other resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linar

stm32mp1: clean shared resource to use vaddr_t

Replace type uintptr_t with type vaddr_t when applicable for consistency
with other resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_uart: pin control with stm32_gpio

stm32_uart instance get related pins configuration
from device tree content.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Foris

stm32_uart: pin control with stm32_gpio

stm32_uart instance get related pins configuration
from device tree content.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32_uart: register secure/non-secure device

stm32_uart instance registers as secure/non-secure
resources according to device tree content.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com

stm32_uart: register secure/non-secure device

stm32_uart instance registers as secure/non-secure
resources according to device tree content.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: default embed I2C driver

Default enable CFG_STM32_I2C. CFG_STM32_I2C=y mandates embedded device
tree support.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jo

stm32mp1: default embed I2C driver

Default enable CFG_STM32_I2C. CFG_STM32_I2C=y mandates embedded device
tree support.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32mp1: fix missing I2C2/I2C6 non-secure mapping

I2C4 and I2C6 may be assigned to either secure or non-secure worlds
during core initialization. Even when assigned to the non-secure
world core may

stm32mp1: fix missing I2C2/I2C6 non-secure mapping

I2C4 and I2C6 may be assigned to either secure or non-secure worlds
during core initialization. Even when assigned to the non-secure
world core may access the bus during sequences where non-secure world
cannot execute as during atomic low power transition sequences.

This change corrects the missing mapping of I2C4 and I2C6 IO memory
with non-secure access attributes.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_i2c: expose standard speed in driver API

Move definition of I2C standard speeds configuration means from driver
source file to its header file. This change allows bus owners to use
appropriate

stm32_i2c: expose standard speed in driver API

Move definition of I2C standard speeds configuration means from driver
source file to its header file. This change allows bus owners to use
appropriate value for bus configuration.

Exposes struct i2c_speed_e and enum i2c_speed_e

This change fixes the driver API as enum i2c_speed_e is expected by
the API.

Fixes: b844655c9519 ("stm32_i2c: driver for STM32 I2C bus")

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_gpio: fix pinctrl sanity test against platform

When parsing device tree nodes, skip non matching GPIO banks rather
than panicking straight. Function ckeck_gpio_bank() already panics
if not fin

stm32_gpio: fix pinctrl sanity test against platform

When parsing device tree nodes, skip non matching GPIO banks rather
than panicking straight. Function ckeck_gpio_bank() already panics
if not finding a matching GPIO bank node.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_i2c: correct timeout detection on transfer stop event

Fix timeout detection in i2c_wait_stop().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.

stm32_i2c: correct timeout detection on transfer stop event

Fix timeout detection in i2c_wait_stop().

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_i2c: fix bug in device tree support

Correct missing local variable in stm32_i2c_get_setup_from_fdt().

Fixes: c75303f777b7 ("stm32_i2c: handle pinctrl")

Signed-off-by: Etienne Carriere <etien

stm32_i2c: fix bug in device tree support

Correct missing local variable in stm32_i2c_get_setup_from_fdt().

Fixes: c75303f777b7 ("stm32_i2c: handle pinctrl")

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@lin

stm32_i2c: minor clean in driver makefile

Sort stm32_* drivers list in alphabetical ordering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Error out if CFG_TA_GPROF_SUPPORT and CFG_ULIBS_SHARED are both enabled

The gprof sample buffer is currently allocated at link time by the TA
linker script: ta/arch/arm/ta.ld.S. The size of the buff

Error out if CFG_TA_GPROF_SUPPORT and CFG_ULIBS_SHARED are both enabled

The gprof sample buffer is currently allocated at link time by the TA
linker script: ta/arch/arm/ta.ld.S. The size of the buffer is a
function of the total TA code size (.text segment). While this works
fine for statically linked TAs, it is problematic when shared libraries
are used, because in this case the total .text size is not known at
link time. As a result, the pre-allocated buffer may be too small,
resulting in the following error when the TA is initialized:

E/TA: __utee_gprof_init:159 gprof: could not allocate profiling buffer

One way to fix this problem is to allocate the buffer at run time, once
all the shared libraries have been loaded. Since the TA loader is about
to be reworked and moved to user space, let's wait for this to occur
before implementing a long term solution. This commit just prohibits the
problematic configuration in mk/config.mk.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove CFG_DYN_SHM_CAP

Removes the now obsolete CFG_DYN_SHM_CAP. CFG_CORE_DYN_SHM should be
used instead to enable/disable support for dynamic shared memory.

Reviewed-by: Etienne Carriere <et

core: remove CFG_DYN_SHM_CAP

Removes the now obsolete CFG_DYN_SHM_CAP. CFG_CORE_DYN_SHM should be
used instead to enable/disable support for dynamic shared memory.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_RESERVED_SHM

Introduces CFG_CORE_RESERVED_SHM which if set to y enables reserved shared
memory, else disables support for reserved shared memory.

Reviewed-by: Etienne Carri

core: introduce CFG_CORE_RESERVED_SHM

Introduces CFG_CORE_RESERVED_SHM which if set to y enables reserved shared
memory, else disables support for reserved shared memory.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_DYN_SHM

Introduces CFG_CORE_DYN_SHM which if set to y enables dynamic shared
memory, else disables support for dynamic shared memory. In contrast
with CFG_DYN_SHM_CAP it act

core: introduce CFG_CORE_DYN_SHM

Introduces CFG_CORE_DYN_SHM which if set to y enables dynamic shared
memory, else disables support for dynamic shared memory. In contrast
with CFG_DYN_SHM_CAP it actually removes the support instead of just
omit reporting it.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use
huk_subkey_derive() to derive a unique die ID based on the hardware
unique key.

N

core: default tee_otp_get_die_id() based on HUK

Changes the default weak tee_otp_get_die_id() implementation to use
huk_subkey_derive() to derive a unique die ID based on the hardware
unique key.

Note that the SSK derivation retains backwards compatibility if
CFG_CORE_HUK_SUBKEY_COMPAT is set to 'y' and tee_otp_get_die_id() wasn't
replaced with a platform specific implementation.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: derive RPMB key using huk_subkey_derive()

tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead
of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CO

core: derive RPMB key using huk_subkey_derive()

tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead
of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_C

core: derive SSK using huk_subkey_derive()

tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK
instead of MAC:ing etc directly.

Note that this is only backwards compatible if
CFG_CORE_HUK_SUBKEY_COMPAT=y.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim

core: introduce CFG_CORE_HUK_SUBKEY_COMPAT

Adds CFG_CORE_HUK_SUBKEY_COMPAT which if set to 'y' makes
huk_subkey_derive() produce RPMB and SSK keys identical to the legacy
code.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from

core: introduce huk_subkey_derive()

The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from the hardware unique key.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...