core: ffa: __nex-annotate nexus rxtx buffer

Add __nex_bss and __nex_data annotations for the rxtx buffers used in a
configuration with SPMC at S-EL2 or EL3.

Signed-off-by: Jens Wiklander <jens.wikl

core: ffa: __nex-annotate nexus rxtx buffer

Add __nex_bss and __nex_data annotations for the rxtx buffers used in a
configuration with SPMC at S-EL2 or EL3.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: initcall.h: make boot_final() last final call

Make the boot_final() call last among the final call, that is, after the
xen_*_init*() calls. spmc_init() accesses the manifest_fd so it must be
c

core: initcall.h: make boot_final() last final call

Make the boot_final() call last among the final call, that is, after the
xen_*_init*() calls. spmc_init() accesses the manifest_fd so it must be
called before release_manifest_dt() removes it.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: virt-aware spmc_init() for SPMC at S-EL2/EL3

Call virt_add_guest_spec_data() for the struct notif_vm_bitmap to make
it accessible from notif_send_async().

Signed-off-by: Jens Wiklander <

core: ffa: virt-aware spmc_init() for SPMC at S-EL2/EL3

Call virt_add_guest_spec_data() for the struct notif_vm_bitmap to make
it accessible from notif_send_async().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage

core: arm: boot: enable native interrupts before initcalls

Enable native interrupts on Arm architectures when executing
initcalls (early,service,driver,final). This change allows drivers
to leverage interrupts during OP-TEE core initialization, as for example
detecting a firewall access violation when it occurs. Before this change,
OP-TEE needed to complete its initialization and return the secure
monitor for secure interrupts to be handled.

Note that when CFG_NS_VIRTUALIZATION is enabled, initcalls called from
virt_on_stdcall() is not changed here since they are executing from a
standard call entry hence with native and foreign interrupts already
default unmasked.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add arm64 job

Add a CI job that builds and runs QEMUv8 tests (make check) on an arm64
host.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklande

ci: add arm64 job

Add a CI job that builds and runs QEMUv8 tests (make check) on an arm64
host.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: Add initial support for AM62Lx SoC

AM62Lx newest among on the K3 class of SoCs designed to be low footprint
system where DDR can be as small as 128M. Hence, move the DDR location
to the beg

plat-k3: Add initial support for AM62Lx SoC

AM62Lx newest among on the K3 class of SoCs designed to be low footprint
system where DDR can be as small as 128M. Hence, move the DDR location
to the beginning of DDR right after TF-A.

Disable TI SCI, secure boot info and HW unique ID support for now, they
will be incrementally at later point in time as the underlying
communication layer is different than AM62x.

Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Dhruva Gole <d-gole@ti.com>

show more ...

core: fail build when CFG_INSECURE=n used with unsafe RNG seed

A production build needs a proper RNG seed. Fail the build when
CFG_INSECURE=n is used in conjunction with the default weak stub
implem

core: fail build when CFG_INSECURE=n used with unsafe RNG seed

A production build needs a proper RNG seed. Fail the build when
CFG_INSECURE=n is used in conjunction with the default weak stub
implementation of plat_rng_init().

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fail build when CFG_INSECURE=n used with zero HUK

CFG_INSECURE=n indicates the build may be used for production. In this
environment using the zero HUK in inappropriate, so fail the build
in t

core: fail build when CFG_INSECURE=n used with zero HUK

CFG_INSECURE=n indicates the build may be used for production. In this
environment using the zero HUK in inappropriate, so fail the build
in this case.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: gic: minor coding style fixes

Fix minor issues coding style issue for uninitialized local variable
and trace message formatting. No functional change.

Signed-off-by: Etienne Carriere <etie

drivers: gic: minor coding style fixes

Fix minor issues coding style issue for uninitialized local variable
and trace message formatting. No functional change.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: explicit dt_get_irq handler expects big endian data

Explicit that struct itr_chip::dt_get_irq handler expects a reference
to an array of big-endian properties. This was implicitly t

core: interrupt: explicit dt_get_irq handler expects big endian data

Explicit that struct itr_chip::dt_get_irq handler expects a reference
to an array of big-endian properties. This was implicitly told before
since DTB format is big-endian.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: fix interrupt_create_handler() description

Correct inline description comment of interrupt_create_handler()
that referred deprecated API function labels dt_get_interrupt_by_*()
and

core: interrupt: fix interrupt_create_handler() description

Correct inline description comment of interrupt_create_handler()
that referred deprecated API function labels dt_get_interrupt_by_*()
and mention argument itr_desc that was reaplce with the 2 arguments
itr_chip and itr_num.

By the way, indent functions argument description for consistency
with the other function inline description comments in this header file.

Fixes: e9376d025eb5 ("core: interrupt: add interrupt_create_handler()")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: enhance registered controller chips validity

Enhance assertion of interrupt chip validity using itr_chip_is_valid()
helper function instead of only testing the chip handle is not nu

core: interrupt: enhance registered controller chips validity

Enhance assertion of interrupt chip validity using itr_chip_is_valid()
helper function instead of only testing the chip handle is not null.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: gic: allow detection type configuration

Allow consumers to configure SPI interrupts when the provided type
is not IRQ_TYPE_NONE. The allowed value are then IRQ_TYPE_EDGE_RISING
and IRQ_TYPE

drivers: gic: allow detection type configuration

Allow consumers to configure SPI interrupts when the provided type
is not IRQ_TYPE_NONE. The allowed value are then IRQ_TYPE_EDGE_RISING
and IRQ_TYPE_LEVEL_HIGH, as per Arm GIC specification.

This change fixes an issue when using interrupt_dt_get_by_index()
or interrupt_dt_get_by_name() since these API functions tell the
interrupt is configured from DT phandle arguments whereas GIC driver
did not consider the interrupt detection type even if set in the
consumer DT node property.

Fixes: 14885eb1688b ("drivers: gic: register to dt_driver")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: interrupt: fix property count in dt_get_irq_type_prio()

Fix the number of properties passed by dt_get_irq_type_prio()
to dt_get_irq handler of the interrupt main chip. The fixed issue
was not

core: interrupt: fix property count in dt_get_irq_type_prio()

Fix the number of properties passed by dt_get_irq_type_prio()
to dt_get_irq handler of the interrupt main chip. The fixed issue
was not seen since existing registered dt_get_irq handlers (atmel_wdt.c,
gic.c and plic.c) do not really care when this count value is too high.

Fixes: 702fe5a74327 ("core: kernel: interrupt: add type and prio for interrupts")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAL configuration on the stm32mp257f-ev1 board

Configure the RISALs on the stm32mp257f-ev1 board so that the LPSRAM1/2/3
are accessible by both the ARM Cortex A-35 and ARM Cortex M

dts: stm32: add RISAL configuration on the stm32mp257f-ev1 board

Configure the RISALs on the stm32mp257f-ev1 board so that the LPSRAM1/2/3
are accessible by both the ARM Cortex A-35 and ARM Cortex M0+.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rifsc: add RISAL support for stm32mp25x platforms

Add RISAL driver support.

RISAL is a sub-feature of the RISFC which is responsible for the
isolation of hardware resources like memo

drivers: stm32_rifsc: add RISAL support for stm32mp25x platforms

Add RISAL driver support.

RISAL is a sub-feature of the RISFC which is responsible for the
isolation of hardware resources like memory or peripherals. RISALs are
simplified version of the RISAFs firewall controllers and cover the
LPSRAM1/2/3 embedded memories.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Signed-off-by: Gwenael Treuveur <gwenael.treuveur@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add RISAL bindings in the RIFSC file

Add the RISAL bindings in the RIFSC file as the RISAL is a sub-feature
of the RIFSC.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.co

dt-bindings: add RISAL bindings in the RIFSC file

Add the RISAL bindings in the RIFSC file as the RISAL is a sub-feature
of the RIFSC.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_risaf: upgrade RISAF as a firewall controller

Register RISAF instances as firewall controllers with ops:
-acquire_memory_access() that checks if OP-TEE can access a region
specified i

drivers: stm32_risaf: upgrade RISAF as a firewall controller

Register RISAF instances as firewall controllers with ops:
-acquire_memory_access() that checks if OP-TEE can access a region
specified in a firewall query.
-set_conf() that allows the reconfiguration of a region.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: declare RISAF instances as access controllers

Declare RISAFs as access controllers so that it's possible to check
firewall access rights on address ranges, and reconfigure dynamically
RI

dts: stm32: declare RISAF instances as access controllers

Declare RISAFs as access controllers so that it's possible to check
firewall access rights on address ranges, and reconfigure dynamically
RISAF regions.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: dra7_rng: Change dra7_rng_init to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to

drivers: dra7_rng: Change dra7_rng_init to service_init_crypto

Since commit 11d8578d93f0 ("core: arm: call call_driver_initcalls()
late"), driver_init is deferred and thread_update_canaries tries to get
random_stack_canaries which requires the TRNG driver to be setup. Since
it was being setup as part of driver_init, it lead to crash on DRA7
platforms.

Change driver_init to service_init_crypto which is meant to be used for
initialization of crypto operations.

While here, add an assert that checks for DRA7 TRNG being used before
initialization is complete.

Signed-off-by: Andrew Davis <afd@ti.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: QEMUv8: check SPMC at S-EL1 and SPs

Add a check entry for SPMC at S-EL1 and secure partitions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.foris

ci: QEMUv8: check SPMC at S-EL1 and SPs

Add a check entry for SPMC at S-EL1 and secure partitions.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: dt: cached data for fdt_get_reg_props_by_index()

Factorize fdt_get_reg_props_by_index() and fdt_reg_info() to
add DT cache info support to the former.

Signed-off-by: Etienne Carriere <etienne

core: dt: cached data for fdt_get_reg_props_by_index()

Factorize fdt_get_reg_props_by_index() and fdt_reg_info() to
add DT cache info support to the former.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add more self tests for virt_to_phys()

Add positive and negative virt_to_phys() and phys_to_virt() tests
in the self test PTA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
R

core: pta: add more self tests for virt_to_phys()

Add positive and negative virt_to_phys() and phys_to_virt() tests
in the self test PTA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: add self tests for virt_to_phys()

Add virt_to_phys() and phys_to_virt() tests in the self test PTA. The
tests are performed on the recently added VCORE_FREE memory range.

Signed-off-by:

core: pta: add self tests for virt_to_phys()

Add virt_to_phys() and phys_to_virt() tests in the self test PTA. The
tests are performed on the recently added VCORE_FREE memory range.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix partially unmapped MEM_AREA_TEE_RAM_RW

The commit 06a258064a92 ("core: mm: allow unmapping VCORE_FREE") allows
unmapping pages from the VCORE_FREE virtual memory range, but no
bookkeeping

core: fix partially unmapped MEM_AREA_TEE_RAM_RW

The commit 06a258064a92 ("core: mm: allow unmapping VCORE_FREE") allows
unmapping pages from the VCORE_FREE virtual memory range, but no
bookkeeping is added apart from what's recorded in the translation
tables. Later, the commit 7c9b85432343 ("core: allow partially unmapped
MEM_AREA_TEE_RAM_RW") does lookups the translation tables using
arch_va2pa_helper() to find out if pages in the VCORE_FREE virtual
memory range are mapped. This works well on arm, but not on riscv which
must traverse the translation tables in software and then is caught in
an infinite recursive loop.

Fix this problem by updating the memory regions in the struct memory_map
(splitting, shrinking, and removing) as needed.

Reported-by: Huang Borong <huangborong@bosc.ac.cn>
Closes: https://github.com/OP-TEE/optee_os/issues/7237
Fixes: 06a258064a92 ("core: mm: allow unmapping VCORE_FREE")
Fixes: 7c9b85432343 ("core: allow partially unmapped MEM_AREA_TEE_RAM_RW")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...