core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the o

core: fix error handling in tee_svc_storage_read_head()

Prior to this all errors except TEE_ERROR_OUT_OF_MEMORY from
fops->read() was reported as TEE_ERROR_CORRUPT_OBJECT leading
to removal of the object.
We should not treat all errors as corrupt, so remove the error
code translation.

Signed-off-by: Pengguang Zhu <pengguang.zhu@amlogic.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: write db_main and db_objs in one operation

Problem:
There is a potential issue in persistent_token.c::init_persistent_db().
There are two steps to initialize a token DB if it doesn’t exi

ta: pkcs11: write db_main and db_objs in one operation

Problem:
There is a potential issue in persistent_token.c::init_persistent_db().
There are two steps to initialize a token DB if it doesn’t exist:
1. Call TEE_CreatePersistentObject() with db_main as the initial data.
2. Truncate the object data and then insert db_obj data.
If a power loss occurs between above two steps, only the db_main data is
present in the database. When the device restarts, it detects the existing
database and successfully reads db_main, but fails to read db_obj, leading
to a TA panic each time.
https://github.com/OP-TEE/optee_os/issues/6977

Solution:
Write both db_main and the initial 4 bytes of db_objs (with a count of 0)
in a single operation during TEE_CreatePersistentObject().

Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

Move base64.{c,h} from libutee to libutils

Make the base64 routines publicly available by moving them from libutee
to libutils. The _ prefix is removed from the public functions since
they aren't in

Move base64.{c,h} from libutee to libutils

Make the base64 routines publicly available by moving them from libutee
to libutils. The _ prefix is removed from the public functions since
they aren't internal to libutee any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin

core: riscv: Fix initial value of a0 in "detect_csr" ASM macro

To set initial value of the register a0 to 1, the assembly code should
be "li a0, 1" instead of "addi a0, a0, 1".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu-Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on su

drivers: stm32_rif: add stm32_rif_access_violation_action()

This function should be used by peripherals capable on raising
access violation interrupts (SERC, IAC). The behavior of the platform
on such event is platform-specific. Therefore, its definition must be
done at platform level.

Also add CFG_STM32_PANIC_ON_IAC_EVENT and CFG_STM32_PANIC_ON_SERC_EVENT
to choose if the platform should panic upon receiving an IAC or a
SERC event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatie

dts: stm32: add SERC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien

dts: stm32: add IAC node in stm32mp251 SoC device tree file

Add the IAC node in the stm32mp251 SoC device tree file and default
enable it for all platforms.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-

plat-stm32mp2: default enable SERC peripheral

Default enable SERC peripheral on stm32mp2x platforms so that accesses
that would normally freeze the bus will be collected by the SERC
driver.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon

drivers: firewall: add stm32 SERC support

Add stm32 SERC driver support. The SERC driver collects accesses to
target peripherals that are either shutdown (computing clock off),
or under reset. Upon such event, the platform panics as it is an
undesired event.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.ch

plat-stm32mp2: default enable IAC on stm32mp2x platforms

Default enable IAC support on stm32mp2x platforms so that illegal
accesses are caught by OP-TEE.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallie

drivers: firewall: add stm32 IAC support

Add stm32 IAC driver support. The IAC (illegal access controller)
centralizes the detection of RIF-related illegal accesses.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls

core: arm: call call_driver_initcalls() late

Calls call_early_initcalls() and call_service_initcalls() directly
instead of call_initcalls() from init_tee_runtime(). This allows
call_driver_initcalls() to be called with PAUTH enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-of

core: add and use service_init_crypto() macro

Add the service_init_crypto() used to initialize the internal crypto API
before the rest of the registered service_init functions are called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add call_{early,service,driver}_initcalls()

Add more fine-grained replacements for call_initcalls() to enable
initcalls at several separate stages.

Signed-off-by: Jens Wiklander <jens.wikland

core: add call_{early,service,driver}_initcalls()

Add more fine-grained replacements for call_initcalls() to enable
initcalls at several separate stages.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: boot: use thread specific PAUTH keys

Use thread specific PAUTH keys during boot while using thread specific
stack pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked

core: arm: boot: use thread specific PAUTH keys

Use thread specific PAUTH keys during boot while using thread specific
stack pointer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This is needed in later patches to enabled PAUTH before

core: arm: introduce boot_init_primary_final()

Introduce boot_init_primary_final() and move the call to
call_finalcalls() into that function.

This is needed in later patches to enabled PAUTH before
boot_init_primary_final() is called.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: scmi-msg: fix clock rates description remaining count

Fix value of remaining clocks to describe on SCMI clock protocol
message CLOCK_DESCRIBE_RATES that does not take into account the
numbe

drivers: scmi-msg: fix clock rates description remaining count

Fix value of remaining clocks to describe on SCMI clock protocol
message CLOCK_DESCRIBE_RATES that does not take into account the
number of returned clock in the response.

Fixes: 90252e2a52c7 ("drivers: scmi-msg: clock adapts to output buffer size")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

drivers: scmi-msg: correct voltage domain protocol version

Fix the version ID of the implemented SCMI voltage domain protocol that
is v2.0 (ID 0x20000), not v3.0 (ID 0x30000).

Fixes: 006d89b8f49f (

drivers: scmi-msg: correct voltage domain protocol version

Fix the version ID of the implemented SCMI voltage domain protocol that
is v2.0 (ID 0x20000), not v3.0 (ID 0x30000).

Fixes: 006d89b8f49f ("drivers: scmi-msg: add SCMI Voltage Domain protocol")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>

show more ...

plat-sam: implement PL310 SMC protocol

When Linux runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
Let CFG_PL310_SIP_PROTOCOL=y, and the L2 ca

plat-sam: implement PL310 SMC protocol

When Linux runs in normal world, it expects the PL310 to be initially
disabled, and then invokes SMCs to enable it.
Let CFG_PL310_SIP_PROTOCOL=y, and the L2 cache will be left untouched
until the OS enables it.

Signed-off-by: Tony Han <tony.han@microchip.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: update core local flags in native_intr_handler

The AArch32 version of the native_intr_handler() macro has until now
called C function without updating the core local flags to indicate

core: arm32: update core local flags in native_intr_handler

The AArch32 version of the native_intr_handler() macro has until now
called C function without updating the core local flags to indicate that
the temporary stack is in use. This can lead to errors with
CFG_CORE_DEBUG_CHECK_STACKS=y so fix this by setting THREAD_CLF_TMP and
THREAD_CLF_FIQ or THREAD_CLF_IRQ as needed.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: clk: clk_get_rates_array() returns ordered rates

Explicitly state in clk_get_rates_array() inline description comment
that the output rates arrays is ordered by increasing frequency
values.

drivers: clk: clk_get_rates_array() returns ordered rates

Explicitly state in clk_get_rates_array() inline description comment
that the output rates arrays is ordered by increasing frequency
values. This change allows to better fit the sole consumer of this
API function that is the SCMI server implementation. SCMI specification
states that discrete clock rates list shall follow this order.

Update at91_cpu_opp clock driver to ensure it satisfy this constraint.
The SAM platforms that embed this driver (sama7g5) already satisfy this
constraints but only at its DTS level. This change ensures the driver
will always.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ta: pkcs11: correct RSA keys extended attributes sanitation

Fix RSA key attributes function load_tee_rsa_key_attrs() that badly
checks that the 5 extended RSA attributes are found in the key object.

ta: pkcs11: correct RSA keys extended attributes sanitation

Fix RSA key attributes function load_tee_rsa_key_attrs() that badly
checks that the 5 extended RSA attributes are found in the key object.

Link: https://github.com/OP-TEE/optee_test/issues/721#issuecomment-2068055537
Link: https://github.com/OP-TEE/optee_test/issues/721#issuecomment-2072064963
Fixes: 0442c956edfb ("ta: pkcs11: Add support for RSA signing & verification")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

plat-stm32mp1: fix use after free in PMIC driver

Fix PMIC regulator levels arrays handling that missed a pointer reset
after the buffer is freed. At runtime, pmic_list_voltages() handler
function us

plat-stm32mp1: fix use after free in PMIC driver

Fix PMIC regulator levels arrays handling that missed a pointer reset
after the buffer is freed. At runtime, pmic_list_voltages() handler
function uses that reference and is expected to allocate back the
buffer in case non-secure world requests voltage enumeration for the
related regulator.

Fixes: a7990eb02b82 ("plat-stm32mp1: set voltage list at pmic driver init")
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: apply "-march" and "-mabi" options to assembler

Update platform-aflags-generic to include the -march option. Without
specifying -march, the assembler will enable the C extension by defa

core: riscv: apply "-march" and "-mabi" options to assembler

Update platform-aflags-generic to include the -march option. Without
specifying -march, the assembler will enable the C extension by default
and generate compressed instructions, even if CFG_RISCV_ISA_C=n.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: use configuration options for RISC-V extensions

RISC-V is a modular ISA, add config options to allow platforms
to customize their binaries with specific "-march" and "-mabi".

Also, ena

core: riscv: use configuration options for RISC-V extensions

RISC-V is a modular ISA, add config options to allow platforms
to customize their binaries with specific "-march" and "-mabi".

Also, enable RVC and FPU extension for QEMU virt machine.

Note that the RISC-V FPU for OP-TEE will be introduced later.
Enable FPU to temporarily bypass incompatible soft/hard-fp
linker errors.

Signed-off-by: Yu Chien Peter Lin <peterlin@andestech.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...