plat-ti: Remove start address offset from base of TEE_RAM start

We offset our start address from the start of TEE_RAM_START, this
was to allow in-place loading while keeping the OPTEE header inside

plat-ti: Remove start address offset from base of TEE_RAM start

We offset our start address from the start of TEE_RAM_START, this
was to allow in-place loading while keeping the OPTEE header inside
secure memory. This is not needed anymore as we relocate the image.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: separate instructions from read-only data

CFG_CORE_RODATA_NOEXEC=y/n allows to map non-executable memory with
a not-executable attribute.

Added alignments that may waste secure memory:
- unpa

core: separate instructions from read-only data

CFG_CORE_RODATA_NOEXEC=y/n allows to map non-executable memory with
a not-executable attribute.

Added alignments that may waste secure memory:
- unpaged text/rodata bound
- init text/rodata bound

To prevent wasting at least one page, the sections text_paged and
rodata_paged are swapped in the memory layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_virt)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_armv8)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)

show more ...

core: exclusive writable/executable attribute in core mapping

Make executable memory non-writable and writable memory no-executable.
Effective upon CFG_CORE_RWDATA_NOEXEC=y. Default configuration en

core: exclusive writable/executable attribute in core mapping

Make executable memory non-writable and writable memory no-executable.
Effective upon CFG_CORE_RWDATA_NOEXEC=y. Default configuration enables
this directive.

If CFG_CORE_RWDATA_NOEXEC is enabled, the read-only sections are
mapped read-only/executable while the read/write memories are mapped
read/write/not-executable. Potential 4KB of secure RAM wasted since the
page alignment between unpaged text/rodata and unpaged read/write data.

If CFG_CORE_RWDATA_NOEXEC not disabled, all text/rodata/data/... sections
of the core are mapped read/write/executable.

Both code and rodata and mapped together without alignment constraint.
Hence define all "ro" are inside the "rx" relate area:
__vcore_init_ro_size = 0 or init "ro" effective size.

As init sections are mapped read-only, core won't be able to fill
trailing content of the init last page. Hence __init_end and __init_size
are page aligned.

Core must premap all physical memory as readable to allow move of
has tables to the allocated buffer during core inits.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_virt)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_armv8)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)

show more ...

core: label the bounds of core flat mapped memory

Define labels to identify the core memory layout. These labels will
be later use to define the mapping bounds between executable and
writable memori

core: label the bounds of core flat mapped memory

Define labels to identify the core memory layout. These labels will
be later use to define the mapping bounds between executable and
writable memories.

Update plat-sunxi/kernel.ld.S to match support of generic_boot.c.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clean linker script file

Use __init_start and __init_end to refer to "init" bounds.
Removed unused __text_init_start/_end, __rodata_init_start/_end, ...

Define SMALL_PAGE_SIZE locally to link

core: clean linker script file

Use __init_start and __init_end to refer to "init" bounds.
Removed unused __text_init_start/_end, __rodata_init_start/_end, ...

Define SMALL_PAGE_SIZE locally to linker file kernel.ld.S.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: MEM_AREA_TEE_RAM_RW_DATA identifies core read/write data memory

This change prepares split of executable and writable from rw memory.
Upon configuration the core private memory "TEE RAM" (heap

core: MEM_AREA_TEE_RAM_RW_DATA identifies core read/write data memory

This change prepares split of executable and writable from rw memory.
Upon configuration the core private memory "TEE RAM" (heap, stack, ...)
will either be in TEE_RAM or TEE_RAM_RW. This MEM_AREA_TEE_RAM_RW_DATA
abstracts the memory used for core data.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce TEE_RAM_RX/_RO/_RW memory areas

Define new memory type IDs for the core private memory:
- MEM_AREA_TEE_RAM_RX defines read-only/executable memory.
- MEM_AREA_TEE_RAM_RO defines read-

core: introduce TEE_RAM_RX/_RO/_RW memory areas

Define new memory type IDs for the core private memory:
- MEM_AREA_TEE_RAM_RX defines read-only/executable memory.
- MEM_AREA_TEE_RAM_RO defines read-only/non-executable memory.
- MEM_AREA_TEE_RAM_RW defines read/write/non-executable memory.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: non-LPAE reuse xlat table when possible at static map init

When a level2 translation table is already used for a virtual mapping
range, allow core to reuse it to extend mapping in the same vir

core: non-LPAE reuse xlat table when possible at static map init

When a level2 translation table is already used for a virtual mapping
range, allow core to reuse it to extend mapping in the same virtual
region. map_memarea() now maps a single given "memory map area" based
on MMU root table knowledge. Each non-LPAE level2 table is reset to zero
when allocated since the code now map_page_memarea() only the fills the
mapped virtual range in the target MMU table.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix non-LPAE static mapping against secure/non-secure bounds

Before this patch, core static mapping did not insure level2 tables
do not mix secure and non-secure virtual memory mappings.

Sign

core: fix non-LPAE static mapping against secure/non-secure bounds

Before this patch, core static mapping did not insure level2 tables
do not mix secure and non-secure virtual memory mappings.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core static mapping should not mandate a default mapped SHM

Default SHM is a physically contiguous memory area that is default
mapped inside the core.

Before this change, current core mapping

core: core static mapping should not mandate a default mapped SHM

Default SHM is a physically contiguous memory area that is default
mapped inside the core.

Before this change, current core mapping mandated the registration of
a NSEC_SHM area. Other core layers maybe mandate such a memory but
there should not be any constraint in the static mapping initialisation
of the core. Other layer already check that this area is defined
when they require it.

As a side effect, the change updates core_mmu_is_shm_cached() so that
it reflects the cache attribute defined for MEM_AREA_NSEC_SHM.

Mapped memory reference map_nsec_shm is now useless and can be removed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove useless memory map references

map_tee_ram and map_ta_ram references are not really useful. Remove
them and use the static values defining the memory physical locations.

Test on mandato

core: remove useless memory map references

map_tee_ram and map_ta_ram references are not really useful. Remove
them and use the static values defining the memory physical locations.

Test on mandatory registration of a the related in the mapping can
be removed as it is quite useless. If core is not mapped, it won't
boot. If TA RAM is not mapped, core will complain from the core
sequence related to TA RAM management.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE_FS: refcount dirfile handle

Introduces a reference counter to keep a dirfile handle open as long as
a file or directory is open. This avoids the frequent open and close of
the dirfile for

core: REE_FS: refcount dirfile handle

Introduces a reference counter to keep a dirfile handle open as long as
a file or directory is open. This avoids the frequent open and close of
the dirfile for operations on an already open file.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: don't store uuid in dirfile interface

Skips storing pointer to uuid in struct tee_fs_dirfile_dirh.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: FS: don't store uuid in dirfile interface

Skips storing pointer to uuid in struct tee_fs_dirfile_dirh.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

doc: add TI AM57xx to supported platforms

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

Notice.md: improve description of the sign-off tag

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <e

Notice.md: improve description of the sign-off tag

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: workaround KEEP_*() macro problem

Workaround the KEEP_*() macro problem that sometimes causes the Aarch64
linker to assert. Since the pager is not enabled for Aarch64 yet we can
stub these mac

core: workaround KEEP_*() macro problem

Workaround the KEEP_*() macro problem that sometimes causes the Aarch64
linker to assert. Since the pager is not enabled for Aarch64 yet we can
stub these macros in the definition.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix non-LPAE mapping

Fixes: c6c69797168c ("mm: add new VA region for dynamic shared buffers")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.w

core: fix non-LPAE mapping

Fixes: c6c69797168c ("mm: add new VA region for dynamic shared buffers")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Andrew F. Davis <afd@ti.com> (am43xx)

show more ...

plat-hikey: configure and enable Secure Data Path by default

Reserve 4 MiB (0x3E800000 - 0x3EC00000) from the lower part of the DRAM
area that is already reserved for OP-TEE by UEFI (0x3E000000 -
0x

plat-hikey: configure and enable Secure Data Path by default

Reserve 4 MiB (0x3E800000 - 0x3EC00000) from the lower part of the DRAM
area that is already reserved for OP-TEE by UEFI (0x3E000000 -
0x40000000) to serve as the Secure Data Path pool.

A 2 MiB space is left between the top of this area and the NW/SW shared
memory, because we need the SDP area to be 4 MiB-aligned in order to
be protected by the memory firewall (protection is handled by ARM
Trusted Firmware [4] and is not strictly required for SDP to work).

To use SDP with Linux on HiKey, you need a modified ION driver [1]
which is available in the Linaro repository [2], and the following
configuration [3]:

CONFIG_STAGING=y
CONFIG_ION=y
CONFIG_ION_DUMMY=y
CONFIG_ION_DUMMY_UNMAPPED_HEAP=y
CONFIG_ION_DUMMY_UNMAPPED_BASE=0x3e800000
CONFIG_ION_DUMMY_UNMAPPED_SIZE=0x00400000
CONFIG_ANDROID=y
CONFIG_ANDROID_TIMED_OUTPUT=n
CONFIG_ANDROID_LOW_MEMORY_KILLER=n

[1] https://github.com/linaro-swg/linux/compare/e31dd54997^...961993fde6
[2] https://github.com/linaro-swg/linux/tree/optee
[3] https://github.com/OP-TEE/build/pull/145
[4] https://github.com/96boards-hikey/arm-trusted-firmware/pull/13

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-hikey: update the memory layout description

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens

plat-hikey: update the memory layout description

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: update optee_msg.h from Linux v4.12-rc1

The current Linux kernel (v4.12-rc1) has introduced a few changes in
optee_msg.h. The most important one is replacing the macro
OPTEE_MSG_GET_PARAMS() w

core: update optee_msg.h from Linux v4.12-rc1

The current Linux kernel (v4.12-rc1) has introduced a few changes in
optee_msg.h. The most important one is replacing the macro
OPTEE_MSG_GET_PARAMS() with a c99 style struct optee_msg_param params[]
member in struct optee_msg_arg.

The changes in core/arch/arm/kernel/thread.c and
core/arch/arm/tee/entry_std.c deals with that change.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

checkpatch: support tools not supporting argument --typedefsfile

If one relies on a checkpatch tool that does not support argument
--typedefsfile, the script will fail whereas it could simply run
wi

checkpatch: support tools not supporting argument --typedefsfile

If one relies on a checkpatch tool that does not support argument
--typedefsfile, the script will fail whereas it could simply run
without this extra feature.

Fixes: 1472c996cca6 ("Take some GP types into account when running patch check tool")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: unexport deprecated core_va2pa_helper()

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: remove unused CORE_MEM_EXTRAM

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@lin

core: remove unused CORE_MEM_EXTRAM

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: mm: LPAE: init_xlation_table(): skip dynamic entries properly

When enumerating static_memory_map to setup the translation table, the
"dynamic" entries are skipped incorrectly. As a result

core: arm: mm: LPAE: init_xlation_table(): skip dynamic entries properly

When enumerating static_memory_map to setup the translation table, the
"dynamic" entries are skipped incorrectly. As a result, if the first
entry is MEM_AREA_RES_VASPACE, the function does nothing (because
core_mmu_is_dynamic_vaspace(mm) is true and base_va is NULL) and the
translation tables are left uninitialized.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: c6c69797168c ("mm: add new VA region for dynamic shared buffers")
Fixes: https://github.com/OP-TEE/optee_os/issues/1511
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix map pa to va and vice versa

map_pa2va() and core_va2pa_helper() has an over complex way of
calculating the translated address which gives a faulty result if the
upper 32-bits are used in a

core: fix map pa to va and vice versa

map_pa2va() and core_va2pa_helper() has an over complex way of
calculating the translated address which gives a faulty result if the
upper 32-bits are used in a 64-bit address. This patch fixes the error
by simplifying the calculation.

Reported-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Tested-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP AArch64)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7 & v8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...