arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {po

arm: imx: add iMX7S WaARP7 MBL board definition

This patch adds an OP-TEE port for the i.MX7S WaRP7 for the MBED Linux OS
boot flow.

BootROM -> ATF/BL2
ATF -> FIP {u-boot, OPTEE}
OPTEE -> {populates DTB overlay}
u-boot -> FIT {DTB, Kernel, initramfs}
Merges DTB and OPTEE DTB-overlay
Linux

The current warp7 port looks like
BootROM -> u-boot
u-boot -> Load {Kernel, OPTEE, DTB}
OPTEE
Linux

In order to support the ATF bootflow a new port of OP-TEE with slightly
tweaked parameters is added here.

CFG_NS_ENTRY_ADDR = 0x87800000 is the entry point of u-boot
CFG_DT_OVERLAY = y adds DTB overlay fragments to the passed DTB

make PLATFORM=imx-mx7swarp7_mbl

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

imx: wdog: Introduce CFG_IMX_WDOG_EXT_RESET for non-DTB mode

When resetting a system that has not booted up with a full DTB in memory
the value ext_reset will always be false.

This patch introduces

imx: wdog: Introduce CFG_IMX_WDOG_EXT_RESET for non-DTB mode

When resetting a system that has not booted up with a full DTB in memory
the value ext_reset will always be false.

This patch introduces a platform define to tell the watchdog driver to
drive ext_reset.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

imx: wdog: Skip DTB wdog init on DTB overlay

When OPTEE is providing a DTB overlay to a subsequent boot stage CFG_DT
will be true as will CFG_EXTERNAL_DTB_OVERLAY.

In this case there will be no DTB

imx: wdog: Skip DTB wdog init on DTB overlay

When OPTEE is providing a DTB overlay to a subsequent boot stage CFG_DT
will be true as will CFG_EXTERNAL_DTB_OVERLAY.

In this case there will be no DTB for the imx watchdog driver to consume so
do not try to do so.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't

core: always save non-secure vfp state

Prior to this patch the non-secure VFP state was only saved when it
seemed necessary based on control registers.

To make sure that non-secure VFP state isn't corrupted always save the
entire register file before modifying it. This is now the same behavior
on both ARMv8-A and ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: framework to register PM callbacks

Introduce a framework for power management callback registering.

Drivers and services can register a callback function for the platform
suspend and resume s

core: framework to register PM callbacks

Introduce a framework for power management callback registering.

Drivers and services can register a callback function for the platform
suspend and resume sequences. A private address handle can be registered
with the callback and retrieved from the callback. Callback can be
registered with a specific call order as defined per PM_CB_ORDER_*.

Callback shall return an error if failing to complete target transition.
This information may be used by the platform to resume a platform on
non-fatal failure to suspend.

Callbacks are related to a callback level. It defines the callbacks
call ordering, allowing core low level drivers (as clocks or the GIC)
to be suspended after all drivers and resume before these.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disable

core: introduce is_unpaged() functions

Helper function to test if a virtual address points to an
unpaged memory section that is the linear address space when
pager is enabled.

When pager is disabled, is_unpaged() always returns true.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has b

core: arm64: pager: make sure __thread_enter_user_mode is unpaged

__thread_enter_user_mode() cannot be paged out, because the pager cannot
be invoked to restore any faulting code page after SP has been switched to
use SP_EL1. At this point, a synchronous exception would take the CPU to
the 0x200 offset in the exception vector, which corresponds to
[workaround_]el1_sync_sp1 and is an error-catching infinite loop. This
explains the behavior described in [1].

Add the requisite KEEP_PAGER so that the function is kept in the unpaged
area.

Fixes: [1] https://github.com/OP-TEE/optee_os/issues/2684
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix dependency in embedded DTB build

Correct the name of the script used to embed a DTB in the core
when added to the core dependency list.

Signed-off-by: Etienne Carriere <etienne.carriere@l

core: fix dependency in embedded DTB build

Correct the name of the script used to embed a DTB in the core
when added to the core dependency list.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

stm32mp1: update boot image header script tool

Introduce the binary image type information to the STM32 header
used for OP-TEE boot images.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: switch to to mbedtls for bignum

Adds tee_api_arith_mpi.c wrapper providing the TEE Arithmetical API around
the big (mpi) routines from mbedtls.

CFG_TA_MBEDTLS_MPI=y (default y) enables the usag

ta: switch to to mbedtls for bignum

Adds tee_api_arith_mpi.c wrapper providing the TEE Arithmetical API around
the big (mpi) routines from mbedtls.

CFG_TA_MBEDTLS_MPI=y (default y) enables the usage of the bignum routines
in libutee.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: rename to tee_api_arith_mpa.c

Renames tee_api_arith.c to tee_api_arith_mpa.c to make room for using
other bignum implementations.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
S

libutee: rename to tee_api_arith_mpa.c

Renames tee_api_arith.c to tee_api_arith_mpa.c to make room for using
other bignum implementations.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmedtls: mpi_miller_rabin: increase count limit

213cce52a604 ("libmedtls: mpi_miller_rabin: increase count limit") from
branch import/mbedtls-2.6.1

Increase the count limit when generating the wi

libmedtls: mpi_miller_rabin: increase count limit

213cce52a604 ("libmedtls: mpi_miller_rabin: increase count limit") from
branch import/mbedtls-2.6.1

Increase the count limit when generating the witness in the Rabin-Miller
primality test. The previous number 30 was too low to reliably detect
000000022770A7DC599BC90B2FF981CCB5CF05703344C8F350418AAD as a prime
number.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mbedtls: add mbedtls_mpi_init_static()

f934e2913b7b ("mbedtls: add mbedtls_mpi_init_static()") from
branch import/mbedtls-2.6.1

Adds mbedtls_mpi_init_static() which initializes a mbedtls_mpi struct

mbedtls: add mbedtls_mpi_init_static()

f934e2913b7b ("mbedtls: add mbedtls_mpi_init_static()") from
branch import/mbedtls-2.6.1

Adds mbedtls_mpi_init_static() which initializes a mbedtls_mpi struct
with a fixed sized bignum array.

The old behavior to fall back on malloc allocations when memory pool
isn't configured is retained.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even wo

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even working right now. Therefore, remove it.

- The reserved syscalls are still present, but return
TEE_ERROR_NOT_SUPPORTED
- The TEE_SE* functions (GlobalPlatform TEE Secure Element API,
GPD_SPE_024) are removed from libutee.a and the header file
tee_internal_se_api.h is removed as well

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-ls: NXP LX2160ARDB platform support is added

Added support for armv8 platform flavour.
- PLATFORM = ls-lx2160ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Foris

plat-ls: NXP LX2160ARDB platform support is added

Added support for armv8 platform flavour.
- PLATFORM = ls-lx2160ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Updating MAINTAINERS for NXP LS-RDB Platforms

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

plat-imx: add i.MX8MQ/MM EVK support

Add i.MX8MQ/MM EVK support.

i.MX8M family use Cortex-A53 as the CPU core, the i.MX8MQ EVK has
3GB DRAM memory, and i.MX8MM EVK has 2GB DRAM memory.

Signed-off-

plat-imx: add i.MX8MQ/MM EVK support

Add i.MX8MQ/MM EVK support.

i.MX8M family use Cortex-A53 as the CPU core, the i.MX8MQ EVK has
3GB DRAM memory, and i.MX8MM EVK has 2GB DRAM memory.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

tee: entry_fast: correct tee_entry_generic_get_api_call_count

There are actually 11 API calls in tee_entry_fast.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@

tee: entry_fast: correct tee_entry_generic_get_api_call_count

There are actually 11 API calls in tee_entry_fast.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update typedefs.checkpatch

Adds missing typedefs from lib/libutee/include/tee_api_types.h to
typedefs.checkpatch. This fixes checkpatch errors such as:

ERROR: need consistent spacing around '*' (c

Update typedefs.checkpatch

Adds missing typedefs from lib/libutee/include/tee_api_types.h to
typedefs.checkpatch. This fixes checkpatch errors such as:

ERROR: need consistent spacing around '*' (ctx:WxV)
#807: FILE: lib/libutee/tee_api_arith_mpi.c:773:
+void TEE_BigIntInitFMMContext(TEE_BigIntFMMContext *context __unused,
^
The file is sorted in reverse alphabetical order, otherwise checkpatch
would ignore some entries that have a common radix (such as TEE_BigInt/
TEE_BigIntFMM/TEE_BigIntFMMContext). Not sure if it is expected or if it
will be fixed in upstream checkpatch at some point.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: console: allow fallback to /chosen/stdout-path

Makes chosen console selection more flexible being probed
from either secure-chosen node or chosen node and from
either secure embedded DTB or no

core: console: allow fallback to /chosen/stdout-path

Makes chosen console selection more flexible being probed
from either secure-chosen node or chosen node and from
either secure embedded DTB or non-secure external DTB.

Secure-chosen node has precedence over chosen node. Chosen console
from the secure DTB as precedence over chosen console defined by
the non-secure device tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: concurrent external and embedded DTBs

Introduce get_external_dt() as opposed to get_embedded_dt().

Change get_dt() to return embedded DTB location and falls back
to external DTB location.

Si

core: concurrent external and embedded DTBs

Introduce get_external_dt() as opposed to get_embedded_dt().

Change get_dt() to return embedded DTB location and falls back
to external DTB location.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: introduce get_embedded_dt()

get_embedded_dt() returns the location (virtual address) of the
embedded DTB or NULL if there is no embedded DTB.

Signed-off-by: Etienne Carriere <etienne.carriere

core: introduce get_embedded_dt()

get_embedded_dt() returns the location (virtual address) of the
embedded DTB or NULL if there is no embedded DTB.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt: discover memory before updating external DTB

When core updates the external DTB with OP-TEE node resources
it may load memory address ranges node that depend of information
read from the D

core: dt: discover memory before updating external DTB

When core updates the external DTB with OP-TEE node resources
it may load memory address ranges node that depend of information
read from the DTB. This change ensures non-secure memory is
discovered (possibly from the external DTB) before core modifies
the external DTB for a former boot stage.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: explicit external DTB scope in generic boot

Rename few functions, routines and variables dedicated to the
external DTB with an explicit `external_dt` labeling reference.

reset_dt_references()

core: explicit external DTB scope in generic boot

Rename few functions, routines and variables dedicated to the
external DTB with an explicit `external_dt` labeling reference.

reset_dt_references() is renamed release_external_dt() as more
explicit.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rename get_dt_blob() into get_dt()

Rename get_dt_blob() into get_dt() to get some consistency in `dt`,
`dtb`, `fdt` labelling in generic_boot.c

Signed-off-by: Etienne Carriere <etienne.carrie

core: rename get_dt_blob() into get_dt()

Rename get_dt_blob() into get_dt() to get some consistency in `dt`,
`dtb`, `fdt` labelling in generic_boot.c

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...