core: change io_{clr|set|clrset}bits32() address argument type

Change API for io_clrbits32(), io_setbits32() and io_clrsetbits32() to
have a vaddr_t type address argument, rather than uintptr_t as
p

core: change io_{clr|set|clrset}bits32() address argument type

Change API for io_clrbits32(), io_setbits32() and io_clrsetbits32() to
have a vaddr_t type address argument, rather than uintptr_t as
previously.

This change updates accordingly the callers of these functions
that cover only stm32mp1 related resources.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: embed GPIO/pin control driver

Platform provides resources expected by the GPIO driver: those deal
with the relationship between platform GPIO banks identifiers and
the bank resources (base

stm32mp1: embed GPIO/pin control driver

Platform provides resources expected by the GPIO driver: those deal
with the relationship between platform GPIO banks identifiers and
the bank resources (base address, clock).

Platform maps all non-secure GPIOs as secure world may use non-secure
interfaces, i.e a non-secure UART console.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_gpio: driver for GPIO and pin control

Driver is embedded upon CFG_STM32_GPIO=y.

STM32 GPIO driver API main functions:
- stm32_gpio_set_output_level() sets target output GPIO level,
- stm32_gp

stm32_gpio: driver for GPIO and pin control

Driver is embedded upon CFG_STM32_GPIO=y.

STM32 GPIO driver API main functions:
- stm32_gpio_set_output_level() sets target output GPIO level,
- stm32_gpio_get_input_level() returns target input GPIO level,
- stm32_pinctrl_load_active_cfg() loads interface pin mux active state,
- stm32_pinctrl_load_standby_cfg() loads interface pin mux standby state,
- stm32_pinctrl_fdt_get_pinctrl() save pin configuration from DT content,
- stm32_gpio_set_secure_cfg() sets secure state for target GPIO/pin mux.

GPIO driver does not register to PM framework. It is the GPIO/pin owner
responsibility to call stm32_pinctrl_load_{active|standby}_cfg() on
peripherals power state transitions.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

documentation: apply dual license to the OP-TEE header definitions

The licensing terms for the OP-TEE OS documentation is BSD-2-Clause, as
mentioned in the LICENSE file. This commit applies a dual l

documentation: apply dual license to the OP-TEE header definitions

The licensing terms for the OP-TEE OS documentation is BSD-2-Clause, as
mentioned in the LICENSE file. This commit applies a dual license
(BSD-2-Clause OR GPL-2.0) to the OP-TEE header definitions (struct
optee_header, struct optee_header_v2, struct optee_image) mentioned in
optee_design.md. The intention is to make it easier for GPL-licensed
projects (bootloaders, typically) to interface with OP-TEE. One example
of GPL-2.0 bootloader is Barebox [1].

Link: [1] https://www.barebox.org/
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

LICENSE: all files are licensed under BSD 2-Clause by default

The information contained in the documentation are covered by the BSD
2-Clause license unless stated otherwise. Make this clear by not
m

LICENSE: all files are licensed under BSD 2-Clause by default

The information contained in the documentation are covered by the BSD
2-Clause license unless stated otherwise. Make this clear by not
mentioning "source files" but simply "files" in LICENSE.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: link.mk: set linker max-page-size to 4K

TA binaries contain a lot of zero padding (almost 64 KiB) between sections
.ta_head and .text. This value can be reduced to 4 KiB by reducing the
linker's

ta: link.mk: set linker max-page-size to 4K

TA binaries contain a lot of zero padding (almost 64 KiB) between sections
.ta_head and .text. This value can be reduced to 4 KiB by reducing the
linker's max-page-size parameter. Since the OP-TEE ELF loader always
aligns on small page boundaries, it does not make sense to request a
larger alignment.

This patch adds "-z max-page-size=4096" to the linker flags so that the
alignment constraints are relaxed from 64 KiB (the default for our 32 and
64 targets as it seems) to what OP-TEE is actually expecting (4 KiB).
The TA file size is reduced by 60 KiB. It changes nothing to the layout
of the TA in memory.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: platform enables STM32 ETZPC driver

Platform defines the macro used for DECPROT IDs in the STM32 ETZPC
driver interface.

When platform embeds a secure DTB, it is used to initialize the ET

stm32mp1: platform enables STM32 ETZPC driver

Platform defines the macro used for DECPROT IDs in the STM32 ETZPC
driver interface.

When platform embeds a secure DTB, it is used to initialize the ETZPC
driver. When not using DT, platform shall call ETZPC initialization
API function.

Platform initialization loads a static configuration for the platform
resources statically assigned to either secure or non-secure worlds.

This change updates the stm32mp157c SoC description DT source file
to explicitly enable ETZPC support in the secure world.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32_etzpc: STM32 Extended TrustZone Protection Controller

ETZPC is a hardware instance that control access permissions to
some stm32mp SoC peripheral interfaces and internal memories.

This change

stm32_etzpc: STM32 Extended TrustZone Protection Controller

ETZPC is a hardware instance that control access permissions to
some stm32mp SoC peripheral interfaces and internal memories.

This change introduce the stm32_etzpc driver. It is embedded upon
build directive CFG_STM32_ETZPC=y.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu BELOU <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: get root clocks frequency from DTB

Get the frequency of the root oscillator clocks from
a secure device tree, that is the embedded DTB.

Secure status state in the DTB defines whether RCC

stm32mp1: get root clocks frequency from DTB

Get the frequency of the root oscillator clocks from
a secure device tree, that is the embedded DTB.

Secure status state in the DTB defines whether RCC
subsystem shall be secure or not. If not, non-secure
world can access all clock interfaces hence secure world
cannot guaranty its configuration. Yet, the DT allows
such a debug/test configuration.

Most clock tree configuration is under the responsibility
of an earlier boot stage. Configuration of parenthood
and related divisors as well as configuration of
intermediate PLLs found in the DT are ignored.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: platform clocks driver

Introduce the stm32mp1 clock driver. This change defines the
structures used to describe the clock tree and the driver main API
functions:
- stm32_clock_enable()
- s

stm32mp1: platform clocks driver

Introduce the stm32mp1 clock driver. This change defines the
structures used to describe the clock tree and the driver main API
functions:
- stm32_clock_enable()
- stm32_clock_disable()
- stm32_clock_is_enabled()
- stm32_clock_get_rate()

The API is exported from stm32_util.h. Drivers are expected to include
stm32_util.h to access the platform clock support.

Note stm32_clock_get_rate() needs the root oscillator frequency values
Oscillators frequency depend on the board a.k.a the platform.
This information is currently missing in the driver. Introducing
CFG_xxx build directives it not the preferred way which is the DTB.
This change does not read root oscillators frequency value from the DTB.

Map RCC interface registers from RCC_BASE. RCC is the interface for
SoC clock configuration and control.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

stm32mp1: update RCC driver

Add and refine some RCC register descriptions.
Remove declaration of stm32_rcc_secure(), not used.
Implement stm32_rcc_is_secure() and stm32_rcc_is_mckprot(). These
refle

stm32mp1: update RCC driver

Add and refine some RCC register descriptions.
Remove declaration of stm32_rcc_secure(), not used.
Implement stm32_rcc_is_secure() and stm32_rcc_is_mckprot(). These
reflect 2 security hardening states of the RCC in the SoC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

bget: fix nex_ pool building with disabled stats

gen_malloc_reset_stats() and gen_malloc_get_stats()
are only available when BufStats is defined.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmai

bget: fix nex_ pool building with disabled stats

gen_malloc_reset_stats() and gen_malloc_get_stats()
are only available when BufStats is defined.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: .shippable.yml: add build for QEMUv8 with virtualization

There is currently no CI build with CFG_VIRTUALIZATION=y. Add one.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewe

ci: .shippable.yml: add build for QEMUv8 with virtualization

There is currently no CI build with CFG_VIRTUALIZATION=y. Add one.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove memalign()

Removes the unused memalign() function. Usage of this function will
cause severe fragmentation of the heap.

Another problem is with the implementation which is added on top of bge

Remove memalign()

Removes the unused memalign() function. Usage of this function will
cause severe fragmentation of the heap.

Another problem is with the implementation which is added on top of bget
while still depending heavily on internals of bget. The implementation was
somewhat buggy since it can sometimes can cause:
E/TC:0 0 assertion 'bn->prevfree == 0' failed at lib/libutils/isoc/bget_malloc.c
:423 <create_free_block>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: PWR support

PWR is a memory mapped SoC interface for power control. This change
maps and defines the interface for the stm32mp1 platform.

Signed-off-by: Etienne Carriere <etienne.carriere

stm32mp1: PWR support

PWR is a memory mapped SoC interface for power control. This change
maps and defines the interface for the stm32mp1 platform.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Fix alignment of data for mempool_alloc_pool()

Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_allo

Fix alignment of data for mempool_alloc_pool()

Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_alloc_pool() requires the alignment of long.
This will work in 32-bit mode, but could lead to alignment problem in
64-bit mode. The same problem can happen with
lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.

Incorrect alignment can result in errors like:
E/TA: assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()

This fix introduces MEMPOOL_ALIGN which specifies required alignment of
data supplied to mempool_alloc_pool().

Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pseudo_ta: fix query buffer size for SDP

Accepts query buffer size when invoking pseudo TAs with
CFG_SECURE_DATA_PATH=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by

core: pseudo_ta: fix query buffer size for SDP

Accepts query buffer size when invoking pseudo TAs with
CFG_SECURE_DATA_PATH=y.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

entry_fast: enable hypervisor calls

There are two fast SMC calls from hypervisor:

OPTEE_SMC_VM_CREATED is called during virtual guest creation. Only
after successful return hypervisor should forwar

entry_fast: enable hypervisor calls

There are two fast SMC calls from hypervisor:

OPTEE_SMC_VM_CREATED is called during virtual guest creation. Only
after successful return hypervisor should forward any SMC calls from
guest to OP-TEE.

OPTEE_SMC_VM_DESTROYED is called during VM destruction. Hypervisor
should ensure that all virtual CPUs are stopped. This will ensure, that
there are no active threads from destroyed VM in OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: add virtualization support

Don't create boot thread and don't initialize TEE runtime
if virtualization is enabled. This will be done by virtualization
framework for each virtual guest

generic_boot: add virtualization support

Don't create boot thread and don't initialize TEE runtime
if virtualization is enabled. This will be done by virtualization
framework for each virtual guest separately.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: move all runtime initialization to init_tee_runtime()

This one function can be called in init_primary_helper() in default
configuration or by virtualization framework for each virtual

generic_boot: move all runtime initialization to init_tee_runtime()

This one function can be called in init_primary_helper() in default
configuration or by virtualization framework for each virtual guest
separately if virtualization is enabled.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: use nexus allocator during memory discovery

If virtualization support is enabled, malloc memory pool is not initialized
at this stage. When virtualization is disabled, nex_malloc and n

generic_boot: use nexus allocator during memory discovery

If virtualization support is enabled, malloc memory pool is not initialized
at this stage. When virtualization is disabled, nex_malloc and nex_calloc
are aliases for malloc/calloc so no problem will be there.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

threads: add support for virtualization

If virtualization is enabled, we need do configure right context
upon entry from SMCs. Also we need to switch back to default context
when leaving OP-TEE.

Si

threads: add support for virtualization

If virtualization is enabled, we need do configure right context
upon entry from SMCs. Also we need to switch back to default context
when leaving OP-TEE.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

tee_mmu: read TA memory ranges from virtualization subsystem

Virtualization subsystem maintains different TA memory ranges
for every virtual guest. So, if virtualization support is enabled,
tee_mmu

tee_mmu: read TA memory ranges from virtualization subsystem

Virtualization subsystem maintains different TA memory ranges
for every virtual guest. So, if virtualization support is enabled,
tee_mmu should get memory configuration there.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu_lpae: increase number of xlat tables for virtualization

Because of different memory layout, we need more page tables when
virtualization support is enabled.

Signed-off-by: Volodymyr Babchu

core_mmu_lpae: increase number of xlat tables for virtualization

Because of different memory layout, we need more page tables when
virtualization support is enabled.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: reshape memory layout for virtualization

If CFG_VIRTUALIZATION is enabled, then initial memory layout does not need
TA_RAM, TEE sections (.bss and .data) but it needs core sections
(.nex_b

core_mmu: reshape memory layout for virtualization

If CFG_VIRTUALIZATION is enabled, then initial memory layout does not need
TA_RAM, TEE sections (.bss and .data) but it needs core sections
(.nex_bss and .nex_data) mapped.
.data section should be mapped as RO, so it can serve as a template for
virtual guests .data sections.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...