plat-rd1ae: introduce RD-1 AE platform support

Add initial support for RD-1 AE platform, this includes:
1- GIC and console initialization functions.
2- Memory layout.
3- Make files.
4- Assembly func

plat-rd1ae: introduce RD-1 AE platform support

Add initial support for RD-1 AE platform, this includes:
1- GIC and console initialization functions.
2- Memory layout.
3- Make files.
4- Assembly function `get_core_pos_mpidr` to compute the
linear core position from MPIDR.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce Arm Cortex-v9 and Neoverse-v2 CPU support

Introduce cortex-armv9.mk file and use it to support the
Armv9 Neoverse v2 CPU.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-

core: introduce Arm Cortex-v9 and Neoverse-v2 CPU support

Introduce cortex-armv9.mk file and use it to support the
Armv9 Neoverse v2 CPU.

Signed-off-by: Ziad Elhanafy <ziad.elhanafy@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
cloc

drivers: clk: stm32: fix stm32mp13 clock gates initialization

Correct STM32MP13 clock gates initialization regarding the enable
reference counting. The fixed commit introduced side effect where
clock gates with a disable init state overflow the gate refcount to -1
and clock gates with a enable init state take a refcount that is never
released.

For this purpose, add stm32_gate_set_init_state() function in
stm32 clock core driver for STM32MP13 gate clocks initialization
expects to set some clock gate hardware state (enabled or disabled)
before any refcount is considered.

Fixes: 2b028a2ba197 ("clk: implement multi-gate management at core level")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

ci: add a QEMUv8 check job built with Clang

The CI image on the Docker Hub has been updated to contain Clang 18.1.7
in /usr/bin [1] [2]. Let's add a job to build OP-TEE with this compiler
and run th

ci: add a QEMUv8 check job built with Clang

The CI image on the Docker Hub has been updated to contain Clang 18.1.7
in /usr/bin [1] [2]. Let's add a job to build OP-TEE with this compiler
and run the test suite for arm64 (QEMUv8).

Link: https://github.com/jforissier/docker_optee_os_ci/commit/fdb34bcf25f1 [1]
Link: https://hub.docker.com/r/jforissier/optee_os_ci/tags?name=qemu_check [2]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default

Use the platform tee_otp_get_die_id() implementation to generate the SSK
key.

Signed-off-by: Clement Faure <clement.faure@nxp.

core: imx: enable CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID by default

Use the platform tee_otp_get_die_id() implementation to generate the SSK
key.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: enable attestation PTA

Enable the attestation PTA by default for i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.co

core: imx: enable attestation PTA

Enable the attestation PTA by default for i.MX platforms.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Improve thread user mode record

Make the asm definitions be more human-readable.

Besides, it's unnecessary to save and restore kernel SP and GP into
thread_user_mode_rec, since they wi

core: riscv: Improve thread user mode record

Make the asm definitions be more human-readable.

Besides, it's unnecessary to save and restore kernel SP and GP into
thread_user_mode_rec, since they will be setup by system call trap
handler before executing thread_unwind_user_mode().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

core: riscv: Ensure XSTATUS is restored before XIE

In previous implementation, we found some accidental interrupts during
entering user mode and resuming of thread. We fixed it by clearing
XSTATUS.X

core: riscv: Ensure XSTATUS is restored before XIE

In previous implementation, we found some accidental interrupts during
entering user mode and resuming of thread. We fixed it by clearing
XSTATUS.XIE first, which is global interrupt enable bit, to ensure there
are no interrupts during those operations.

Now we found the better solution: restore XSTATUS before restoring XIE.
This can ensure the global interrupt bit in XSTATUS is cleared before we
restore the individual interrupt bits in XIE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

mk: config: default enable CFG_NOTIF_TEST_WD based on dependencies

Set CFG_NOTIF_TEST_WD ?= y only when the features it needs are enabled.
Fixes the following warning on platforms that enable
CFG_EN

mk: config: default enable CFG_NOTIF_TEST_WD based on dependencies

Set CFG_NOTIF_TEST_WD ?= y only when the features it needs are enabled.
Fixes the following warning on platforms that enable
CFG_ENABLE_EMBEDDED_TESTS but not CFG_CORE_ASYNC_NOTIF or CFG_CALLOUT:

mk/config.mk:1039: Warning: Disabling CFG_NOTIF_TEST_WD [requires CFG_CALLOUT CFG_CORE_ASYNC_NOTIF]

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: crypto: stm32: fix SAES driver set_field_u32 usage

set_field_u32() is a function that allows you to change a specific bit
in a register by using a mask. The function returns the full value

drivers: crypto: stm32: fix SAES driver set_field_u32 usage

set_field_u32() is a function that allows you to change a specific bit
in a register by using a mask. The function returns the full value of
the register, which means that the use of bitwise OR here is a mistake.
The current code works here only because the modified registers are
initialized. Moreover, I've reverted a commit as there is no
need to shift the value as the function already does it.

Fix the usage of the function in the SAES driver by replacing
bitwise OR assignments with simple assignments.

Fixes: c83a542f3734 ("drivers: crypto: stm32: fix SAES key selection")
Fixes: 4320f5cf30c5 ("crypto: stm32: SAES cipher support")
Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

notif: fix build when NS_VIRTUALIZATION is enabled

Right now OP-TEE build fails if CFG_NS_VIRTUALIZATION=y and
CFG_CORE_ASYNC_NOTIF=n with the following error:

core/kernel/notif.c: In function 'nex

notif: fix build when NS_VIRTUALIZATION is enabled

Right now OP-TEE build fails if CFG_NS_VIRTUALIZATION=y and
CFG_CORE_ASYNC_NOTIF=n with the following error:

core/kernel/notif.c: In function 'nex_init_notif':
core/kernel/notif.c:185:42: error: 'notif_data_id' undeclared (first use in this function); did you mean 'notif_wait'?
185 | return virt_add_guest_spec_data(&notif_data_id,
| ^~~~~~~~~~~~~
| notif_wait
core/kernel/notif.c:185:42: note: each undeclared identifier is reported only once for each function it appears in
core/kernel/notif.c:186:48: error: invalid application of 'sizeof' to incomplete type 'struct notif_data'
186 | sizeof(struct notif_data), NULL);
| ^~~~~~
core/kernel/notif.c:187:1: warning: control reaches end of non-void function [-Wreturn-type]
187 | }
| ^

Move `#ifdef CFG_NS_VIRTUALIZATION` section under
`#ifdef CFG_CORE_ASYNC_NOTIF` to fix this.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: qemuv7: exclude xtest pkcs11_1007

Exclude xtest case pkcs11_1007 from qemuv7 CI tests since we're facing
sporadic failures on this test on PKCS#11 sessions opening and release.
Occurrences of th

ci: qemuv7: exclude xtest pkcs11_1007

Exclude xtest case pkcs11_1007 from qemuv7 CI tests since we're facing
sporadic failures on this test on PKCS#11 sessions opening and release.
Occurrences of this issue have been found only on this Armv7-A platform.
Once the issue is solved, we be able to restore this test.

Link: https://github.com/OP-TEE/optee_os/issues/6952
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

dts: stm32: add RNG node in stm32mp251 SoC device tree file

Add the RNG node in the stm32mp251 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.s

dts: stm32: add RNG node in stm32mp251 SoC device tree file

Add the RNG node in the stm32mp251 SoC device tree file and default
enable it.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rng: update clock and power management

Better handle clock and reset resources by implementing
enable_rng_clock()/disable_rng_clock(). Do not implement a PM callback
if OP-TEE runs wi

drivers: stm32_rng: update clock and power management

Better handle clock and reset resources by implementing
enable_rng_clock()/disable_rng_clock(). Do not implement a PM callback
if OP-TEE runs with a software RNG. Finally, implement shared resource
management only for stm32mp15x platforms as it is not used on other
platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: conf: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

Signed-off-by: Gatien Chevallie

plat-stm32mp2: conf: default enable CFG_DRIVERS_FIREWALL

Default enable the CFG_DRIVERS_FIREWALL switch that is used to enable
the support of the firewall framework.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rifsc: restrain access on non secure peripherals for OP-TEE

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions fo

drivers: stm32_rifsc: restrain access on non secure peripherals for OP-TEE

Implement a driver specific firewall bus probe that will
only probe secure peripherals and implement firewall exceptions for
which no firewall operations will be done when CFG_INSECURE is set.
This allows, for example, to share a console with the non-secure world
for development purposes.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_rifsc: update RIFSC as a firewall controller

Use the new firewall API to populate the firewall bus and register
the RIFSC as a firewall provider.

While there, update device tree RIF

drivers: stm32_rifsc: update RIFSC as a firewall controller

Use the new firewall API to populate the firewall bus and register
the RIFSC as a firewall provider.

While there, update device tree RIF macros and sort them in the correct
files. Register bit-field macros should be present in the driver while
device tree macros should be present in device tree bindings files.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: declare RIFSC as an access-controller on stm32mp2 platforms

RIFSC is a firewall controller. Add the access-controllers property to
all RIFSC sub-nodes. Also add the "simple-bus" compatib

dts: stm32: declare RIFSC as an access-controller on stm32mp2 platforms

RIFSC is a firewall controller. Add the access-controllers property to
all RIFSC sub-nodes. Also add the "simple-bus" compatible for backward
compatibility and "#access-controllers-cells" to the RIFSC node.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: remove firewall_dt_probe_bus()

Remove firewall_dt_probe_bus() from the firewall framework as it seems
unlikely that we can have a consensual implementation of this feature.

Signe

drivers: firewall: remove firewall_dt_probe_bus()

Remove firewall_dt_probe_bus() from the firewall framework as it seems
unlikely that we can have a consensual implementation of this feature.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAF support for the stm32mp257f-ev1 platform

Enable RISAF2/5 instances for this board that embeds PCIE ports and
some storage peripherals. Define a memory mapping and the RIF
confi

dts: stm32: add RISAF support for the stm32mp257f-ev1 platform

Enable RISAF2/5 instances for this board that embeds PCIE ports and
some storage peripherals. Define a memory mapping and the RIF
configuration of each memory region. Reorganize includes at board level
to avoid some build issues.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable RISAF on stm32mp2 platforms

Default enable RISAF on stm32mp2 platforms to apply the device tree
RIF configuration on enabled RISAF instances.

Signed-off-by: Gatien Che

plat-stm32mp2: default enable RISAF on stm32mp2 platforms

Default enable RISAF on stm32mp2 platforms to apply the device tree
RIF configuration on enabled RISAF instances.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32_risaf driver

Add the stm32_risaf driver to handle all RISAFs instances on a SoC.
Through RISAF registers, a trusted domain application, or the application
to whom the co

drivers: firewall: add stm32_risaf driver

Add the stm32_risaf driver to handle all RISAFs instances on a SoC.
Through RISAF registers, a trusted domain application, or the application
to whom the configuration has been delegated, assigns memory regions to
one or more security domains (secure, privilege, compartment).
RISAF4 includes the DDR memory cipher engine (DDRMCE) feature.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add RISAF nodes in the stm32mp251 SoC DT file

Add the RISAF1/2/4/5 nodes in the stm32mp251 SoC DT file. Default enable
RISAF4 that protects the DDR and the RISAF1 that protects the backu

dts: stm32: add RISAF nodes in the stm32mp251 SoC DT file

Add the RISAF1/2/4/5 nodes in the stm32mp251 SoC DT file. Default enable
RISAF4 that protects the DDR and the RISAF1 that protects the backup
RAM (BKPSRAM). Other RISAF instances should be enabled at board level.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: add RISAF4 base address in platform config helper

Add RISAF4 base address in platform configuration helper.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-

plat-stm32mp2: add RISAF4 base address in platform config helper

Add RISAF4 base address in platform configuration helper.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dt-bindings: add stm32mp25 RISAF bindings

Add stm32mp25 specific RISAF device tree bindings. This file contains
device tree contains helpers and RISAFPROT macro that is used to
define the RIF config

dt-bindings: add stm32mp25 RISAF bindings

Add stm32mp25 specific RISAF device tree bindings. This file contains
device tree contains helpers and RISAFPROT macro that is used to
define the RIF configuration for a RISAF region.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...