core: SQL FS: use the new hash tree interface

Uses the new hash tree interface to implement secure storage.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander

core: SQL FS: use the new hash tree interface

Uses the new hash tree interface to implement secure storage.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE FS: use the new hash tree interface

Uses the new hash tree interface to implement secure storage.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander

core: REE FS: use the new hash tree interface

Uses the new hash tree interface to implement secure storage.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide a hash tree for secure storage

Provides a hash tree to be used by REE and SQL FS for the secure storage
implementation.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Sig

core: provide a hash tree for secure storage

Provides a hash tree to be used by REE and SQL FS for the secure storage
implementation.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide tee_fs_fek_crypt()

FS key manager provides tee_fs_fek_crypt().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: remove obsolete <tee/tee_fs_defs.h>

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: fix pseudo TA debug trace

"Static TA" was recently banned from OP-TEE since 42fb5b2e937d.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander

core: fix pseudo TA debug trace

"Static TA" was recently banned from OP-TEE since 42fb5b2e937d.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove unused CFG_REE_FS_BLOCK_CACHE

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wikla

Remove unused CFG_REE_FS_BLOCK_CACHE

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: change IDs ordering in 'enum buf_is_attr'

This change modifies the ordering of IDs in enumerated types
'enum teecore_memtypes' and 'enum buf_is_attr'. Prior this change,
some IDs reflecting eq

core: change IDs ordering in 'enum buf_is_attr'

This change modifies the ordering of IDs in enumerated types
'enum teecore_memtypes' and 'enum buf_is_attr'. Prior this change,
some IDs reflecting equivalent memory attributes/types used the
very same ID numerical values. Hence bad use of the IDs failed to be
detected during non-regression tests.

A better approach would be to rely on the source code compiler to
assert the use of the right enumerated types. But tests showed that
even recent gcc versions do not (yet) fully verify such usage.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix inconsistency in mobj and memory attributes handling

Memory attribute field 'battr' in struct mobj refer to memory
access right IDs defined by 'enum buf_is_attr'. However
mobj_phys_alloc()

core: fix inconsistency in mobj and memory attributes handling

Memory attribute field 'battr' in struct mobj refer to memory
access right IDs defined by 'enum buf_is_attr'. However
mobj_phys_alloc() used to call phys_to_virt() using this attribute
whereas phys_to_virt() expect a memory area identification ID from
enum teecore_memtypes.

This change fixes this issue and restricts mobj_phys_alloc() to
allocation of memory object in either core memory (CORE_MEM_TEE_RAM),
external secure memory (CORE_MEM_TA_RAM) and non secure shared memory
(CORE_MEM_NSEC_SHM).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Rename the secure and non-secure interrupts

Currently, the secure interrupts are named as FIQ and the non-secure
interrupts are named as IRQ.

In GICv3 mode, the FIQ and IRQ have different definitio

Rename the secure and non-secure interrupts

Currently, the secure interrupts are named as FIQ and the non-secure
interrupts are named as IRQ.

In GICv3 mode, the FIQ and IRQ have different definitions.
* Secure Group 0 interrupts:
Handled by EL3 and triggered by FIQ when running at Secure EL0/1.
* Secure Group 1 interrupts:
Handled by optee_os and triggered by IRQ when running at Secure EL0/1.
* Non-secure Group1 interrupts:
Handled by the rich os and triggered by FIQ when running at Secure
EL0/1.

The "Secure Group 1" interrupts are the "native" interrupts handled by
optee_os. They are same as the "secure" interrupts used in optee_os
for now. But they are triggered by FIQ in GICv2 mode while by IRQ in
GICv3 mode.

The "Secure Group 0" and "Non-secure Group1" interrupts are the
"foreign" interrupts that will cause the exiting of optee_os. (e.g.
switch back to normal world) The "Non-secure Group1" interrupts are
same as the "non-secure"interrupts used in optee_os for now. But they
are triggered by IRQ in GICv2 mode while by FIQ in GICv3 mode.

This patch renames these interrupts to the generic names - "Foreign
interrupts" and "Native interrupts".
For the support of GICv3 mode in the future, we can redefine the macros
of "native interrupt" and "foreign interrupt" to IRQ and FIQ.

Signed-off-by: David Wang <david.wang@arm.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)

show more ...

checkpatch: accept several commits

If several commit IDs are passed to the script, process them in order.
This helps check several commits in a development branch, for instance:
./scripts/checkpat

checkpatch: accept several commits

If several commit IDs are passed to the script, process them in order.
This helps check several commits in a development branch, for instance:
./scripts/checkpatch.sh `git rev-list master..HEAD`

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

plat-ti: Add AM57xx platform flavor

The AM57xx flavor is based on DRA7xx except that it uses a
different UART port. Add this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jerome Fo

plat-ti: Add AM57xx platform flavor

The AM57xx flavor is based on DRA7xx except that it uses a
different UART port. Add this here.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform

monitor: Add support for platform services

Add the capability for a platform to plugin its own services, often
legacy services for compatibility purposes.

Add these services for the dra7xx platform.

The file 'api_monitor_index.h' is synced to a an out-of-tree file and
so we should ignore formatting. Add this exeption to checkpatch.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Daniel Allred <d-allred@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: pl022: Prevent possible rx fifo overflow

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <eti

drivers: pl022: Prevent possible rx fifo overflow

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: pl022: Allow platforms to register CS control function

If a CS callback function is registered, the system provided one
will not be used.

Signed-off-by: Victor Chong <victor.chong@linaro.o

drivers: pl022: Allow platforms to register CS control function

If a CS callback function is registered, the system provided one
will not be used.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: spi: Make configure, start and end functions generic

Move configure, start and end functions from IP specific files into
spi_ops in spi.h to allow platforms to call and control them via
the

drivers: spi: Make configure, start and end functions generic

Move configure, start and end functions from IP specific files into
spi_ops in spi.h to allow platforms to call and control them via
the generic framework.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: pl022: Add more checks and configuration

- Add checks for proper data size before packet transfer
- Check also busy status before exiting rx loop to avoid possible
endless looping
- Clear

drivers: pl022: Add more checks and configuration

- Add checks for proper data size before packet transfer
- Check also busy status before exiting rx loop to avoid possible
endless looping
- Clear interrupts during configure

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: spi: simplify code

1. SPI mandates that sizes of transmitted and received packet are of same
size [1]. As discussed in [2], this means that *num_rxpkts != num_txpkts
is not a valid use case

drivers: spi: simplify code

1. SPI mandates that sizes of transmitted and received packet are of same
size [1]. As discussed in [2], this means that *num_rxpkts != num_txpkts
is not a valid use case so there's no need for both and we can just merge
them and use num_pkts.

2. Remove tx{8,16} and rx{8,16} only functions as these are not
commonly used. If necessary, users can call just txrx{8,16} with
rdat or wdat as NULL for tx{8,16} and rx{8,16} respectively as
replacements. E.g.:

tx8:
txrx8(chip, wdat, NULL, num_pkts);

rx16:
txrx16(chip, NULL, rdat, num_pkts);

3. Remove unnecessary or repetitive enums and headers and line feeds

[1] http://www.quanser.com/products/quarc/documentation/spi_protocol.html
[2] https://github.com/OP-TEE/optee_os/pull/1215

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

hikey: spi: configure chip select pin as spi instead of gpio

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Ca

hikey: spi: configure chip select pin as spi instead of gpio

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

hikey: spi_test: Reduce speed to 10KHz and add missing initializer

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etie

hikey: spi_test: Reduce speed to 10KHz and add missing initializer

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: Add tee_time_busy_wait()

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linar

core: Add tee_time_busy_wait()

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

CFG_CORE_TZSRAM_EMUL_SIZE increase to 360KiB

Without increasing CFG_CORE_TZSRAM_EMUL_SIZE, build fails on vexpress with
many options like this:

readelf: Warning: Corrupt ARM compact model table ent

CFG_CORE_TZSRAM_EMUL_SIZE increase to 360KiB

Without increasing CFG_CORE_TZSRAM_EMUL_SIZE, build fails on vexpress with
many options like this:

readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
readelf: Warning: Corrupt ARM compact model table entry: e12fff1e
readelf: Warning: Unknown ARM compact model index encountered
arm-linux-gnueabihf-ld: OP-TEE can't fit init part into available
physical memory
make: *** [out/arm-plat-vexpress/core/tee.elf] Error 1

The command "$make CFG_WITH_PAGER=y CFG_WITH_LPAE=y CFG_RPMB_FS=y
CFG_SQL_FS=y CFG_DT=y CFG_PS2MOUSE=y CFG_PL050=y CFG_PL111=y
CFG_TEE_CORE_LOG_LEVEL=1 CFG_TEE_CORE_DEBUG=y DEBUG=1" exited with 2.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC

This patch adds the new platform jitter collection API to be called first
at PRNG init, and subsequently on every RPC.

Signe

prng: call plat_prng_add_jitter_entropy() at PRNG init and before NW RPC

This patch adds the new platform jitter collection API to be called first
at PRNG init, and subsequently on every RPC.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bit

prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bits of entropy from the current time
expressed in 64 bits in ms each time. Most of this was in fact zeros or
unchanging for >256s. If you call it twice with 1ms, it actually
provides 0 bits of entropy.

The replacement scheme aims to get 2 bits of entropy from the counter,
which typically operates faster than 1MHz, greater than a thousand times
more precision than the old way, each time.

For backwards compatibility, the old scheme is retained as the default
or arches or platforms that did not provide an override to collect
jitter in a better way.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601
0xeaff3fdd7edb5dcc

things like eMMC async init from power up, interrupt jitter, branch
prediction misses, peripheral async clock drift, cache fill delays,
and so on accumulate in the counter at better than us resolution,
and make the exact count we reach the dump point differ, even in a
supposedly deterministic boot flow.

There appear to be ~12 bits of real entropy in the initial jitter, by
the time of the sample point which was at OP-TEE entry from a-t-f.

A new general jitter harvesting API is introduced
plat_prng_add_jitter_entropy(). The first time it is called on
PRNG init, 16 bits of CNTPCT are used as seed entropy. Thereafter
only the two LSB of CNTPCT are harvested each time, being provided
as entropy to the PRNG every time it reaches 8 bits.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...