drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.ma

drivers: imx: mu: rename imx_mu_8ulp.c to imx_mu_8ulp_9x.c

Since same file is used for both i.MX8ULP and i.MX9X platforms,
renaming it to more accurate name.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: build temporary Docker images

Instead of running the base CI image (jforissier/optee_os_ci:qemu_check)
and pulling the whole OP-TEE source tree (manifest.git) and toolchains
in each check job, d

ci: build temporary Docker images

Instead of running the base CI image (jforissier/optee_os_ci:qemu_check)
and pulling the whole OP-TEE source tree (manifest.git) and toolchains
in each check job, do it once per target platform (QEMUv7, QEMuv8, and
QEMUv8 on arm64) and save the image as a "job artifact". Each check
job then loads the image it needs and proceeds with the check command.
In addition to saving bandwidth on the external network, this has the
advantage of making the jobs easier to reproduce and investigate in case
of failure since it is easy to download the artifact from the CI page,
load it into Docker, and run the same make check command. There is a
small penalty on execution time for saving and restoring the image, but
it's only a few minutes at most.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: QEMUv8: run one command per job

Split the QEMUv8 jobs so that each jobs runs a single "make check"
command. This allows to make the job names more descriptive, and
potentially benefit more from

ci: QEMUv8: run one command per job

Split the QEMUv8 jobs so that each jobs runs a single "make check"
command. This allows to make the job names more descriptive, and
potentially benefit more from multiple parallel jobs.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: add entry for Qualcomm platforms

Add myself as maintainer for Qualcomm platforms

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linar

MAINTAINERS: add entry for Qualcomm platforms

Add myself as maintainer for Qualcomm platforms

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by:

plat: Add support for Qualcomm Kodiak platform

Introduce initial Qualcomm platform support for the Kodiak which is the
SoC codename also known by product names SC7280/QCM6490 in upstream.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens W

core: drivers: introduce Qualcomm GENI UART driver

Introduce a driver for the GENI UART found on modern Qualcomm platforms.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Casey Connolly <casey.connolly@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven.czerwinski@linaro.org>
[SG: cleaned up the driver]
Signed-off-by: Sumit Garg <sumit.garg@oss.qualcomm.com>

show more ...

ci: rework (host cleanup, matrix builds, Rust enabled, cancel on push)

This is a big cleanup of the CI file:

- Enable Rust again, effectively reverting commit 6c9dd3eb9fec ("ci:
disable Rust glob

ci: rework (host cleanup, matrix builds, Rust enabled, cancel on push)

This is a big cleanup of the CI file:

- Enable Rust again, effectively reverting commit 6c9dd3eb9fec ("ci:
disable Rust globally"). In order to do so, a "host cleanup" script
is introduced (scripts/ci-host-cleanup.sh). It is run by the QEMU
jobs before launching the CI Docker image. The script removes a bunch
of files that are not needed (~ 24 GB), thus leaving more space for
the Docker image to grow as the build proceeds. The script is mostly
copied from the teaclave-trustzone-sdk CI [1].
- Make the platform builds faster and easier to monitor by using the
matrix keyword to launch parallel jobs. Each platform build job now
has the target architecture and platforms clearly specified so it's
easy to see if a platform is broken from the GitHub actions page
without looking at the logs. This also reduces code duplication.
- The ci-cancel.yml workflow is replaced with the cancel-in-progress
setting in the concurrency block of the CI the workflow. This is
simpler and avoids the "Cancel obsolete CI" entries in the project's
actions log.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Link: https://github.com/apache/teaclave-trustzone-sdk/blob/f67a5ddcde3e/.github/workflows/reuse_test_in_optee_repo.yml#L40-L67 [1]
Acked-by: Yuan Zhuang <yuanz@apache.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update CHANGELOG for 4.8.0

Update CHANGELOG for 4.8.0 and collect Tested-by tags.

Link: https://github.com/OP-TEE/optee_os/pull/7567
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested

Update CHANGELOG for 4.8.0

Update CHANGELOG for 4.8.0 and collect Tested-by tags.

Link: https://github.com/OP-TEE/optee_os/pull/7567
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)
Tested-by: Amey Raghatate <ameyavinash.raghatate@amd.com> (AMD Versal Gen 2)
Tested-by: Guiyong Hwang <gy.hwang@telechips.com> (telechips-tcc805x)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rpi3 model 3B)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-135F_DK)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_EV1_SCMI)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2)
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com> (stm32mp1-157C_DK2_SCMI)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (rockchip-rk3399 Rockpi4B)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey + RPMB kernel routing)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (rockchip-rk3399 Rockpi4B)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6dlsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6qsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sllevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6sxsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ullevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx6ulzevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7dsabresd)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx7ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8dxlevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mmevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mnevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8mpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qmmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8qxpmek)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx8ulpevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx93evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx91evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (imx-mx95evk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)

show more ...

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens

core: Relax StMM dependency to TEE_STORAGE_PRIVATE

This allows to run StMM without the userspace supplicant if the
in-kernel RPMB service is available.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

show more ...

ci: disable Rust globally

There has been several job failures due to insufficient disk space on
the CI runners recently. Commit a4b310d68bf8 ("ci: xen: disable Rust to
workaround "no space left on d

ci: disable Rust globally

There has been several job failures due to insufficient disk space on
the CI runners recently. Commit a4b310d68bf8 ("ci: xen: disable Rust to
workaround "no space left on device"") and commit 3d0429ac12cd ("ci:
hafnium: disable Rust to workaround "no space left on device"") fixed
individual jobs. Now other QEMUv8 jobs are failing too, probably because
of the upgrade of the optee_rust project [1]. Therefore, disable Rust
globally until a better solution is found.

Link: https://github.com/OP-TEE/manifest/commit/2987d8edf188 [1]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: be flexible on RSA private key optional attributes

Allow RSA private key to partially store the RSA private key optional
attributes without facing complaints from the GP TEE API.

On one

ta: pkcs11: be flexible on RSA private key optional attributes

Allow RSA private key to partially store the RSA private key optional
attributes without facing complaints from the GP TEE API.

On one hand, in the PKCS#11 specification, RSA private key attributes
CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2 and
CKA_COEFFICIENT are optional and the spec does not add much constraints
on their presence.

On the other hand, the GP TEE Internal Core API requests that these
5 optional attributes are all present or none is present at all.

As a trade-off, allow PKCS#11 client to partially provide them but do not
load them into the TEE object unless they are all present.

Fixes: 3dc4089afde2 ("ta: pkcs11: correct RSA keys extended attributes sanitation")
Closes: https://github.com/OP-TEE/optee_os/issues/5418
Closes: https://github.com/OP-TEE/optee_os/issues/7520
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

ta: remoteproc: clarify remoteproc_get_tlv() behavior

Add an inline comment to explicitly state that TA remoteproc local
function remoteproc_get_tlv() loads specific values in its output
arguments w

ta: remoteproc: clarify remoteproc_get_tlv() behavior

Add an inline comment to explicitly state that TA remoteproc local
function remoteproc_get_tlv() loads specific values in its output
arguments when it returns with error code TEE_ERROR_NO_DATA.
This way it is clearer that caller expect such values on such error
cases.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

ta: remoteproc: clarify case empty key info is last TLV cell

Clarify case when remote processor firmware key info
TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed
last in the TLV

ta: remoteproc: clarify case empty key info is last TLV cell

Clarify case when remote processor firmware key info
TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed
last in the TLVs memory area hence its value cell start address matches
the TLV area end address. The previous implementation was fine but
it looked odd the main loop does not address the case.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

ci: hafnium: disable Rust to workaround "no space left on device"

The GitHub Actions CI recently started to fail with a disk space error:

System.IO.IOException: No space left on device : '/home/run

ci: hafnium: disable Rust to workaround "no space left on device"

The GitHub Actions CI recently started to fail with a disk space error:

System.IO.IOException: No space left on device : '/home/runner/actions-runner/cached/_diag/Worker_20251015-153857-utc.log'

Apply the same workaround as in commit a4b310d68bf8 ("ci: xen: disable
Rust to workaround "no space left on device"").

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in

core: fs_htree: re-init hash tree when both tag and counter are zero

Creating and update a hash tree involves several RPC commands.
If a power loss occurs during the creation flow, it may result
in a hash tree with an incomplete header and a counter value of 0.
If attempting to read this file subsequently leads to a
TEE_ERROR_CORRUPT_OBJECT error.

Instead of returning TEE_ERROR_CORRUPT_OBJECT, continue the
initialization flow to support subsequent functionality.

Link: https://github.com/OP-TEE/optee_os/issues/7512
Fixes: 50a814981d8b ("core: provide a hash tree for secure storage")

Signed-off-by: Ox Yeh <ox.yeh@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling tha

drivers: stm32_rtc: prevent registering of RTC interrupt when it's not used by OP-TEE

Do not register the RTC interrupt when it's not used by OP-TEE as it
prevents non-secure world from handling that interrupt.

The RTC interrupt line is only used if the RTC is set as a wakeup source
or RTC is secured by the RIF (only for STM32MP2x) and RTC PTA and
async notif are enabled.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Clément Le Goffic <legoffic.clement@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by

drivers: regulator: DT property regulator-enable-ramp-delay

Implement regulator DT property regulator-enable-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourg

drivers: regulator: DT property regulator-ramp-delay

Implement regulator DT property regulator-ramp-delay.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

S

drivers: regulator: DT properties over-current-protection

Define regulator property flags for the regulator DT binding
properties regulator-over-current-protection and
regulator-active-discharge.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read w

plat-rockchip: rk3588: reject all zero HUK

If the generated HUK consists of all zeros, it cannot be distinguished
from a missing HUK in the OTP. If such a HUK is burned into the OTP, the
next read will return that no HUK was present and generate a new key.
The previous all-zero HUK may already have been used, which violates the
assumption that a HUK doesn't change.

Since a HUK that consists of all zeros is likely an error in the TRNG,
reject the generated HUK, report an error and let upper layers handle
the error.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This i

plat-rockchip: rk3588: cache HUK in memory

I observed timeout errors when OP-TEE reads the HUK from the OTP area
while running the optee-xtests (tests 1006 and 4013) or using the
pkcs#11 TA.

This issue is circumvented by reading the HUK once and caching it in
memory for later use. As a side-effect, this reduces the accesses/reads
from the OTP area.

Unfortunately, I don't know the root cause for the timeout while reading
the fuses. I guess that there is a disabled clock which prevents the
read, but I didn't look further, since caching works fine.

While the documentation recommends to never process the HUK in software,
it is read and processed anyway if it can be read from the fuses. Thus,
I don't think that caching has an effect on the security of the HUK.
The caching is inspired by the HUK handling implemented in the nvmem
driver.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

plat-rockchip: rk3588: refactor reading of HUK

Split the function that reads, generates and persists the HUK into
several helper functions to make the code more readable and simplify
error handling.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

drivers: rockchip: extract OTP driver from rk3588 platform

The OTP handling is useful outside the rk3588 platform implementation.
For example, the fuses for secure boot are accessible via the OTP.

Extract the OTP write and read support to a separate driver to make it
available for other modules.

Signed-off-by: Michael Tretter <m.tretter@pengutronix.de>
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>

show more ...

plat-stm32mp1: add new API to erase SRAM3

Add new API TEE_Result stm32mp_syscfg_erase_sram3(void);
to be able to erase SRAM3 by hardware request.

Signed-off-by: Nicolas Toromanoff <nicolas.toromano

plat-stm32mp1: add new API to erase SRAM3

Add new API TEE_Result stm32mp_syscfg_erase_sram3(void);
to be able to erase SRAM3 by hardware request.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: syscfg: add dsb in syscfg driver

Add dsb in syscfg driver to guarantee that the request operations
are performed in SYSCFG register when the external API are called
and before to retu

plat-stm32mp1: syscfg: add dsb in syscfg driver

Add dsb in syscfg driver to guarantee that the request operations
are performed in SYSCFG register when the external API are called
and before to return to caller:
- stm32mp1_iocomp() in init sequence
- stm32mp_set_vddsd_comp_state() and stm32mp_set_hslv_state()
called by PWR driver

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...