compiler.h: only use __no_stack_protector if supported by the compiler

The __attribute__((no_stack_protector)) was introduced in GCC 11.
Building a TA with a version of GCC older than that would tri

compiler.h: only use __no_stack_protector if supported by the compiler

The __attribute__((no_stack_protector)) was introduced in GCC 11.
Building a TA with a version of GCC older than that would trigger a
-Wattributes warning on the ta/user_ta_header.c file.

Use __has_attribute() to check support of the no_stack_protector
attribute before using it. If not supported, define the
__no_stack_protector alias as a NOP.

Fixes: e3fb2bd005f0 ("compiler.h: add __no_stack_protector")
Signed-off-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: move sanity of RCC secure state against BSEC state

Move implementation that verifies STM32MP1 device Secure Closed state
(read from BSEC OTP fuses) against RCC secure hardening config

plat-stm32mp1: move sanity of RCC secure state against BSEC state

Move implementation that verifies STM32MP1 device Secure Closed state
(read from BSEC OTP fuses) against RCC secure hardening configuration.
It is moved from shared_resource.c platform driver to platform main.c.
This change prepares the removal of shared_resource.c driver that is
no longer needed since integration of the firewall framework.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA regi

drivers: imx_csu: add settings for i.MX6

Add the CSU SA settings for i.MX6(Q/D). This setting ensures that no
non-TrustZone aware master is able to read secure memory. Information on
the CSU SA register values were taken from i.MX6 Security Reference
Manual rev 0.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

plat-stm32mp1: remove unused stm32mp_nsec_can_access_pmic_regu()

Remove unused platform function stm32mp_nsec_can_access_pmic_regu().

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

plat-stm32mp1: remove unused stm32mp_nsec_can_access_pmic_regu()

Remove unused platform function stm32mp_nsec_can_access_pmic_regu().

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

ci: bump scp-firmware to release tag v2.15.0

Sync CI test SCP-firmware source tree with latest release tag v2.15.0
instead of the previously selected commit SHA1 that we synced on before
a release t

ci: bump scp-firmware to release tag v2.15.0

Sync CI test SCP-firmware source tree with latest release tag v2.15.0
instead of the previously selected commit SHA1 that we synced on before
a release tag integrating OP-TEE support latest changes was available
in that repository.

By the way, clone the repo with a depth of 1 since it is enough for CI
tests needs.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: scmi_server: remove useless assertion on rstctrl

Remove useless assertion on reset controller handle value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by

plat-stm32mp1: scmi_server: remove useless assertion on rstctrl

Remove useless assertion on reset controller handle value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

plat-stm32mp1: scmi_server: permit MCU reset upon remoteproc security

Forbid SCMI accesses to MCU reset controllers when remote processor
is to be managed through OP-TEE remoteproc services.

Signed

plat-stm32mp1: scmi_server: permit MCU reset upon remoteproc security

Forbid SCMI accesses to MCU reset controllers when remote processor
is to be managed through OP-TEE remoteproc services.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled throu

drivers: stm32_remote_proc: add stm32_rproc_is_secure()

Add stm32_remoteproc driver API function stm32_rproc_is_secure()
that return whether of not remote processor management shall be
handled through OP-TEE remoteproc secure services.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>

show more ...

core: mm: fix mobj_tee_ram_rw initialization

Until this patch, for CFG_CORE_RWDATA_NOEXEC=n and CFG_CORE_ASLR=y
there's an error in mobj_init() when the length of the combined
TEE_RAM_RWX is calcula

core: mm: fix mobj_tee_ram_rw initialization

Until this patch, for CFG_CORE_RWDATA_NOEXEC=n and CFG_CORE_ASLR=y
there's an error in mobj_init() when the length of the combined
TEE_RAM_RWX is calculated.

The relocatable address VCORE_UNPG_RW_PA is mixed with the absolute
address TEE_RAM_START. Relocated addresses only changes with
CFG_CORE_ASLR=y so before ASLR this expression was correct.

The combined TEE_RAM_RWX is only used with CFG_CORE_RWDATA_NOEXEC=n so
that is also a prerequisite for the error. The calculated length field
is usually not more wrong than code depending on
mobj_tee_ram_rw/mobj_tee_ram_rx still works. So the error wasn't visible
until length checks for phys_to_virt() was introduced with the commit
c2e4eb43b7b7 ("core_mmu: fix phys_to_virt() to check length").

Fix this by using VCORE_START_VA instead of TEE_RAM_START since the
former is a relocated address.

Fixes: c2e4eb43b7b7 ("core_mmu: fix phys_to_virt() to check length")
Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: disable PRNG by default for all K3

All K3 devices already have PRNG disabled, remove the check and
set this unconditionally.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Foris

plat-k3: disable PRNG by default for all K3

All K3 devices already have PRNG disabled, remove the check and
set this unconditionally.

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Et

drivers: clk: don't mix error codes in stm32mp25 driver

Don't mix error codes in stm32mp25 clock driver: some function return
a TEE_Result value, some return a 0/-1 integer value.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by

drivers: clk: fix error cases in STM32MP25 clocks

Fix missing test on some function return code in stm32mp25 clock
driver.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Car

drivers: clk: restore clock on clk_stm32_flexgen_get_round_rate() failure

Disable the enabled clock in clk_stm32_flexgen_get_round_rate()
when the clock failed to enable.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>

show more ...

dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gati

dts: stm32: secure optee_framebuffer memory region on stm32mp135f-dk

Add support for the TZC400 configuration for the optee_framebuffer
memory region on the stm32mp135f-dk board

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier

plat-stm32mp1: update the plat_tzc400 driver to support device tree

Add the usage of device tree memory regions defined to configure the
TZC400 firewall controller.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevall

dts: stm32: add TZC400 node in the stm32mp151 SoC device tree file

Add the TZC400 node in the stm32mp151 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Re

dt-bindings: add stm32 bindings for TZC400 platform configuration

Add stm32 specific peripheral IDs for the TZC400 configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Che

dt-bindings: add support for the TZC400 configuration

For added flexibility, the TZC400 configuration could be set through
the device tree. Add macros to be able to do so.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: Update comments in ECC driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: Update comments in RSA driver

There were some typos in comments in the code, updated them

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil

drivers: caam: hal: add caam_hal_sm_get_base_dt() implementation

Implement caam_hal_sm_get_base_dt() function when CFG_DT=y

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@a

core: riscv: Disable traps by clearing XIE CSR

Ensure we disable traps by clearing XIE CSR instead of clearing
XSTATUS.IE which is global interrupt enable bit.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ET

drivers: stm32_rng: embed ETZPC functions when CFG_STM32_ETZPC is set

On platforms when CFG_STM32_ETZPC is disabled, ETZPC cannot be
interrogated to get decprot attributes. Therefore do not embed ETZPC
related code.

While there, revert commit 326382a059a8 ("drivers: stm32_rng: MP15 RNG is
non-secure when PRNG is enable") and prefer to use ETZPC API.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Fixes: d773ec0baf4c ("drivers: stm32_rng: update clock and power management")
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as

drivers: stm32_etzpc: new driver to use firewall API

Implement stm32_etzpc.c driver in the firewall driver directory.
Use the new firewall API to populate the firewall bus and register
the ETZPC as a firewall provider.

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions for
which no firewall operations will be done when CFG_INSECURE is set.
This allows, for example, to share a console with the non-secure world
for development purposes.

The ETZPC driver register the following ops:
-set_conf
-acquire_access
-acquire_memory_access

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration wil

plat-stm32mp1: add CFG_STM32_ALLOW_UNSAFE_PROBE to probe unsafe peripherals

Add CFG_STM32_ALLOW_UNSAFE_PROBE that allows to unsafely probe
peripherals. This means that the firewall configuration will not be
checked before probing a peripheral. Default enable this switch for
DH platforms that use non-securable peripherals in OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...