| Age | Commit message (Collapse) | Author |
|---|
|
The hardware unique key should preferably only be used to generate other
keys. This is encouraged with huk_subkey_derive() which is used to
derive a subkey from the hardware unique key.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
mutex::owner_id was used for debugging purposes only.
Since commit 8aff6c039ee5 ("core: remove thread_{add,rem}_mutex()"), it is
never set to a valid thread ID anymore. Let's just remove the field.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When using BSD queues from <sys/queues.h>, a queue entry is declared
with a macro:
TAILQ_ENTRY(type) var;
This makes checkpatch.pl unhappy because the type is unknown:
WARNING: Missing a blank line after declarations
#52: FILE: core/arch/arm/include/mm/tee_pager.h:32:
+ struct pgt *pgt;
+ TAILQ_ENTRY(tee_pager_area) link;
This patch adds a regular expression to typedefs.chackpatch that
matches the macro part, thus fixing the warning.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Simplify gprof implementation via defining original mcount APIs: _mcount
(for aarch64) and __gnu_mcount_nc (for arm) inserted by compiler instead
of providing them via __utee_mcount API.
Also remove weak definitions of mcount API that were earlier mandated by
linker script via PROVIDE().
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Update CHANGELOG.md and collect Tested-by tags.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)
Tested-by: Peng Fan <peng.fan@nxp.com> (imx6q-sabresd, imx8mm-evk)
Tested-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com> (bcm-ns3)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3/virtualization)
Tested-by: Akshay Bhat <akshay.bhat@timesys.com> (Atmel SAM)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (Developerbox)
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey AOSP, HiKey960 AOSP)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v8)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)
Tested-by: Andrew F. Davis <afd@ti.com> (DRA7xx, AM43xx, AM57xx, AM65x)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> (WaRP7)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx6qsabresd)
|
|
UART2 is console interface provided on the 40-pin Low Speed
Connector in addition to the default UART3.
Reviewed-by: Victor Chong <victor.chong@linaro.org>
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
|
|
If any error is encountered when the TEE core attempts to load a TA from
TA storage, the next storage is tried and so on until the TA is
successfully loaded or there is no more storage to try. In this case, a
generic error code (TEE_ERROR_ITEM_NOT_FOUND) is returned to the caller
of load_elf() and ultimately to the client. This is not super useful,
especially when debug traces are disabled, because the user has no way
to differentiate a true "not found" situation (which might be a
configuration or deployement issue) from an issue with the TA file
itself or an out-of-memory condition etc.
This commit changes the return code of load_elf() to better reflect the
errors. When load_elf_from_store() returns TEE_ERROR_ITEM_NOT_FOUND or
TEE_ERROR_STORAGE_NOT_AVAILABLE, the next storage is tried.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
low level driver for Broadcom IPROC GPIO controller.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
|
|
-add more device ranges and definitions.
-fix dynamic shm api.
-cleanup plaform def.
-enable PL022 SPI, bcm HWRNG and bcm SOTP driver.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
|
|
Under very rare timing circumstances, a data corruption might occur on
a dirty cache line that is evicted from the L1 Data Cache due to another
cache line being entirely written.
Configurations affected:
This erratum affects configurations with either:
- One processor if the ACP is present
- Two or more processors
This erratum can be worked round by setting bit[22] of the undocumented
Diagnostic Control Register to 1. This register is encoded as
CP15 c15 0 c0 1. The bit can be written in Secure state only, with the
following.
Read/Modify/Write code sequence:
MRC p15,0,rt,c15,c0,1
ORR rt,rt,#0x00400000
MCR p15,0,rt,c15,c0,1
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
|
|
Tune ACTLR. To SLL, the value is 0xE at runtime.
To others, the value should be 0x4F at runtime.
Bit3 will be enabled when enable L2.
The SMP bit for i.MX6SLL needs to be make ldrex/strex
instruction work properly.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
|
|
The default value of L1PCTL field in ACTLR is 0x3, which is
"3 outstanding pre-fetches permitted", the value should not
be override with 0 to decrease the performance.
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
|
|
be040a3e949b ("libmbedtls: preserve mempool usage on reinit") from
branch import/mbedtls-2.16.0
Preserve the use_mempool field when reinitializing X in
mbedtls_mpi_read_binary().
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
ae499f6a39f3 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W") from
branch import/mbedtls-2.16.0
Initialize W using mbedtls_mpi_init_mempool() instead of memset() to
ensure that the temporary variable uses the designated memory pool if
configured.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Fixes the preallocation to make room for the actual content also in
crypto_bignum_allocate() by calling mbedtls_mpi_grow().
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This call should be used to query OP-TEE about number of threads
(basically, CFG_NUM_THREADS build option).
It is introduced after discussion at [1] about possibility to read
number of supported threads. It is needed for XEN OP-TEE mediator to
mitigate possible DoS from virtual guest. If XEN knows number of
OP-TEE threads, it can limit number of standard calls from the guest
on own side.
Also, it can be used by optee client driver, to ratelimit number of calls
from its side.
Link: [1] https://lists.xenproject.org/archives/html/xen-devel/2019-01/msg01460.html
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Add KEEP_PAGER() for pl022_ops and pl061_ops structs.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
read16() was replaced with io_read8() instead of io_read16() so fix it.
Fixes: 918bb3a5 ("core: upgrade from write32() to io_write32() and friends")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
If the expected number of packets are not received during the
transmit+receive cycle, just receive the remaining data after the
cycle if the Receive FIFO (SSPSR_RNE) is not empty, without depending
on the busy (SSPSR_BSY) flag, else we might miss reading some data as
indicated in [1].
LINK: [1] https://github.com/OP-TEE/optee_os/issues/1461#issuecomment-306156463
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
After truncating a persistent object, update dataSize in the
corresponding TEE_ObjectInfo structure.
Signed-off-by: Christopher Tam <godtamit@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)
|
|
When OP-TEE is build with CFG_WITH_LPAE=y, the things stored in the
.nozi section do not need to be aligned on more than 4 KiB. Only the
non-LPAE case requires 16 KiB alignment for the L1 page table.
Use an #ifdef to minimize the extra space between .heap1 and .nozi,
thus making the heap size closer to what is requested by
CFG_CORE_HEAP_SIZE. This can be useful when trying to minimize the
size of the TEE core binary, which could otherwise be bigger than
necessary by as much as 12 KiB.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Symbols defined inside output sections are relative to the section
start. Therefore, when we want to check the actual address, we need
to apply the ABSOLUTE() builtin function to the symbol.
Note that symbols defined outside output sections are absolute by
default, and therefore need not be treated the same.
kern.ld.S has two incorrect assertions which can never fail, because
the value that is checked is in fact 0 (since we are at the beginning
of a section in both cases).
Fix the code by adding the missing ABSOLUTE().
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Use the generic RAM layout to configure the TZC380 according to the
device configuration.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Peng Fan <peng.fan@nxp.com>
|
|
The tzc_auto_configure() function takes an address, a size, the attribute
and a region as arguments. It calculates the fitting tzc380 region
configuration and applies it to the controller.
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
The TZC380 IP has an action configuration which defines the action taken
if a region is accessed with the wrong permissions.
Devices do not have to set the action register explicitly, add a
function to retrieve the default configuration.
Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
low level driver for Broadcom SOTP controller.
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Rahul Gupta <rahul.gupta@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
|
|
low level driver for Broadcom random number generator IP.
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Bharat Kumar Reddy Gooty <bharat.gooty@broadcom.com>
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
|
|
plat-rpi3 have quite standard memory layout, so there is no sense
to maintain separate configuration if it possible to use generic
one.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
|
|
Set secure hardening for the GPIOZ pins according to their
peripheral registration.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
With this change, platform configures the ETZPC firewall
according to shared peripheral being assigned to either the
secure or the non-secure world.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This change add a platform consistency test between shared
resource registering and SoC RCC hardening.
When secure resources are registered, RCC secure hardening
must be enabled unless what secure world cannot guaranty
the resource reliability.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add API function stm32mp_register_clock_parents_secure().
The function registers as secure the parent clock(s) of the
target clock reference. This API is used by shared_resources.c
when a clock is registered as secure so that its dependencies
are also registered as secure.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This change implements a driver for the stm32mp1 resources that may
be assigned to either secure or non-secure worlds upon the platform
configuration.
Other drivers shall register their resources (when applicable) using
the API functions stm32mp_register_{secure|non_secure}_periph*():
- stm32mp_register_*_periph() registers a resource from its
platform ID.
- stm32mp_register_*_periph_iomem() registers a resource from its
IOMEM base address.
- stm32mp_register_*_periph_gpio() registers a resource from its
GPIO reference, bank and position.
Shared resource driver exports some APIs to query a resource
registration state, stm32mp_periph_is_*(),
stm32mp_gpio_bank_is_*(), stm32mp_clock_is_*().
The driver saves the peripheral assignation. The API does not
allow peripherals to change state at runtime. Moverover, to
prevent testing a resource status before it is registered,
the first query on a resource state locks further registering.
Later attempt to register a peripheral will panic the core.
Resources are either secure on non-secure but clock that maybe
shared in which case it will be assigned to the secure world but
a platform service will allow non-secure to access the resource
(i.e. enable/disable the clock). Note such service is out of the
scope of this change, yet this explains API stm32mp_clock_is_shared().
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Local function ckeck_gpio_bank() panics if expected conditions
are not met. This change corrects inline comment that state
the function returns a error code.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Get pinctrl support from stm32_gpio.h into STM32 I2C driver.
When device tree content defines pins related to an I2C interface,
the I2C driver saves the pins configuration instances and set the
registered pins in the expected power mode at runtime.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add Sandeep Tripathy <sandeep.tripathy@broadcom.com> as reviewer.
bcm-optee-feedback-list.pdl@broadcom.com is the mail distribution
list having currently active or interested tee developers within
Broadcom. Keep this entry as a list.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Igor no longer works for Linaro and emails to igor.opaniuk@linaro.org
cannot be delivered. However, he still helps with the Poplar board, so
remove his old Linaro address from the general section and add him to
the Poplar section as a reviewer.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Igor Opaniuk <igor.opaniuk@gmail.com>
|
|
Swap RCC_BASE and PWR_BASE mapping registering for a nice alpha
ordering of the mapping definitions.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Use vaddr_t and paddr_t instead of uintptr_t where applicable.
This change also simplifies some platform get-base-address functions
to use io_pa_or_va().
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update platform to conform with OP-TEE directive about local variables
initialization.
Also rename variable labels excep into exceptions as more explicit.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Assert clock and UART base address were found from
DTB instead of panicking. This can help debugging.
Invalid clock or iomem base address already lead to
core panic, an assertion here is far enough.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update stm32_uart driver to conform with OP-TEE directive about local
variables initialization.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update stm32_etzpc driver to conform with OP-TEE directive about local
variables initialization.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Local functions valid_decprot_id() valid_tzma_id() are used only
in debug configuration. This adds a __maybe_unused attribute to
prevent compiler from warning with a trace like:
core/drivers/stm32_etzpc.c:100:13: warning: ‘valid_tzma_id’ defined but not used [-Wunused-function]
static bool valid_tzma_id(unsigned int id)
^~~~~~~~~~~~~
core/drivers/stm32_etzpc.c:95:13: warning: ‘valid_decprot_id’ defined but not used [-Wunused-function]
static bool valid_decprot_id(unsigned int id)
^~~~~~~~~~~~~~~~
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Rename variable labels excep into exceptions as more explicit.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update stm32_gpio driver to conform with OP-TEE directive about local
variables initialization.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Platform embeds RNG driver and maps the RNG1 interface registers.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Drivers is embedded upon CFG_STM32_RNG=y.
The driver main API functions are:
- stm32_rng_read() to get a buffer of random bytes,
- stm32_rng_read_raw() to get a buffer of random bytes assuming the
RNG hardware is ready, i.e clock enabled.
The device driver is initialized from DT resource when a secure DTB,
currently the embedded DTB, is found.
STM32 RNG driver assumes the platform supports at most RNG instance
in the secure world.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Implement {incr|decr}_shrefcnt(refcount, secure_flag) to provide
reference counting for secure, non secure and resources used both
from secure and non secure world.
Functions {incr|decr}_refcnt(refcount) is a secure refcount only
reference counting.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This change removes -pedantic from the build directive from all
warning build level. The rational is that OP-TEE OS package no
longer supports being built in pedantic mode allowing now use
of implementation sequence that are rejected in pedantic mode,
for example using = { } for initializing structured local variables
in a structure agnostic way which OP-TEE OS community as agreed to
use.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
