| Age | Commit message (Collapse) | Author |
|---|
|
Replace use of readX() and writeX() with io_readX() and io_writeX().
The former function are about to be deprecated in favor to the later.
This change upgrades core generic code and drivers.
At some place, io_clrbitsX(), io_setbitsX() and io_clrsetbitsX()
replace the writeX(readX() ...) operations when obvious.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Introduce io_setbits8(), io_clrbits8(), io_clrsetbits8() and
io_setbits16(), io_clrbits16(), io_clrsetbits16() for bit clear/set
util over 8bit and 16bit memory cells on the model of existing
io_clrsetbits32() and friends.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
write8(), write16() and write32() expect the target written address
as 1st argument and the written value as 2nd argument. This is
confusing as put_be32(), put_be64(), io_mask32(), and the io_*bits32()
functions expect the opposite: 1st argument is the address and 2nd
argument is the written value(s).
This change introduces functions io_write8(), io_write16() and
io_write32() with io_mask32() like APIs. This change introduces
io_read*() for consistency: all prefixed with io_.
This change preserve the write8/write16/write32 functions for
compatibility. These will be deprecated in the next OP-TEE release
to lower confusion around these.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Reset API functions:
- stm32_reset_assert(id) asserts reset signal on target resource.
- stm32_reset_deassert(id) releases reset signal on target resource.
Driver API relies on resource IDs defined in the platform DT bindings
header file dt-bindings/reset/stm32mp1_reset.h.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
phys_to_virt_io() converts a physical address previously registered with
type MEM_AREA_IO_SEC or MEM_AREA_IO_NSEC to a virtual address.
If both secure and non-secure mappings exist for the PA, the secure
mapping is used. This is usually fine, but some platforms may not allow
accessing a non-secure PA with a secure mapping.
Therefore, either overlaps should be avoided when registering memory,
or phys_to_virt(pa, type) should be used instead of phys_to_virt_io().
This commit adds a warning message in case phys_to_virt_io() finds two
mappings.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Device memory registered via register_phys_mem() is currently rounded
up/down to CORE_MMU_PGDIR_SIZE (1 MiB, or 2 MiB for LPAE). This is not
needed and possibly incorrect for SoCs that define I/O memory maps with
regions aligned on a small page (4 KiB), because using a larger
granularity could result in overlaps between secure and non-secure
mappings. This could cause issues depending on the type of memory
firewall used by the SoC and its configuration. In any case, memory
types other than MEM_AREA_IO_{SEC,NSEC} *can* be mapped with small page
granularity using register_phys_mem(), so the situation is a bit
inconsistent.
This commit removes the rounding by default and provides a new macro:
register_phys_mem_pgdir(). Platforms that still need to use PGDIR_SIZE
granularity (typically because it consumes less page table space) need
to replace register_phys_mem() by register_phys_mem_pgdir().
In order to avoid any functional change in platform code, all calls to
register_phys_mem() with device memory are replaced with
register_phys_mem_pgdir(). In addition, CORE_MMU_DEVICE_SIZE is removed
and replaced with CORE_MMU_PGDIR_SIZE since there is no unique mapping
size for device memory anymore.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Change API for io_clrbits32(), io_setbits32() and io_clrsetbits32() to
have a vaddr_t type address argument, rather than uintptr_t as
previously.
This change updates accordingly the callers of these functions
that cover only stm32mp1 related resources.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Platform provides resources expected by the GPIO driver: those deal
with the relationship between platform GPIO banks identifiers and
the bank resources (base address, clock).
Platform maps all non-secure GPIOs as secure world may use non-secure
interfaces, i.e a non-secure UART console.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Driver is embedded upon CFG_STM32_GPIO=y.
STM32 GPIO driver API main functions:
- stm32_gpio_set_output_level() sets target output GPIO level,
- stm32_gpio_get_input_level() returns target input GPIO level,
- stm32_pinctrl_load_active_cfg() loads interface pin mux active state,
- stm32_pinctrl_load_standby_cfg() loads interface pin mux standby state,
- stm32_pinctrl_fdt_get_pinctrl() save pin configuration from DT content,
- stm32_gpio_set_secure_cfg() sets secure state for target GPIO/pin mux.
GPIO driver does not register to PM framework. It is the GPIO/pin owner
responsibility to call stm32_pinctrl_load_{active|standby}_cfg() on
peripherals power state transitions.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu Belou <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Platform defines the macro used for DECPROT IDs in the STM32 ETZPC
driver interface.
When platform embeds a secure DTB, it is used to initialize the ETZPC
driver. When not using DT, platform shall call ETZPC initialization
API function.
Platform initialization loads a static configuration for the platform
resources statically assigned to either secure or non-secure worlds.
This change updates the stm32mp157c SoC description DT source file
to explicitly enable ETZPC support in the secure world.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
ETZPC is a hardware instance that control access permissions to
some stm32mp SoC peripheral interfaces and internal memories.
This change introduce the stm32_etzpc driver. It is embedded upon
build directive CFG_STM32_ETZPC=y.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Mathieu BELOU <mathieu.belou@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Get the frequency of the root oscillator clocks from
a secure device tree, that is the embedded DTB.
Secure status state in the DTB defines whether RCC
subsystem shall be secure or not. If not, non-secure
world can access all clock interfaces hence secure world
cannot guaranty its configuration. Yet, the DT allows
such a debug/test configuration.
Most clock tree configuration is under the responsibility
of an earlier boot stage. Configuration of parenthood
and related divisors as well as configuration of
intermediate PLLs found in the DT are ignored.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Introduce the stm32mp1 clock driver. This change defines the
structures used to describe the clock tree and the driver main API
functions:
- stm32_clock_enable()
- stm32_clock_disable()
- stm32_clock_is_enabled()
- stm32_clock_get_rate()
The API is exported from stm32_util.h. Drivers are expected to include
stm32_util.h to access the platform clock support.
Note stm32_clock_get_rate() needs the root oscillator frequency values
Oscillators frequency depend on the board a.k.a the platform.
This information is currently missing in the driver. Introducing
CFG_xxx build directives it not the preferred way which is the DTB.
This change does not read root oscillators frequency value from the DTB.
Map RCC interface registers from RCC_BASE. RCC is the interface for
SoC clock configuration and control.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@st.com>
Signed-off-by: Nicolas Le Bayon <nicolas.le.bayon@st.com>
Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Add and refine some RCC register descriptions.
Remove declaration of stm32_rcc_secure(), not used.
Implement stm32_rcc_is_secure() and stm32_rcc_is_mckprot(). These
reflect 2 security hardening states of the RCC in the SoC.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Removes the unused memalign() function. Usage of this function will
cause severe fragmentation of the heap.
Another problem is with the implementation which is added on top of bget
while still depending heavily on internals of bget. The implementation was
somewhat buggy since it can sometimes can cause:
E/TC:0 0 assertion 'bn->prevfree == 0' failed at lib/libutils/isoc/bget_malloc.c
:423 <create_free_block>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
PWR is a memory mapped SoC interface for power control. This change
maps and defines the interface for the stm32mp1 platform.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Prior to this patch was _TEE_MathAPI_Init() in
lib/libutee/tee_api_arith_mpi.c supplying a data buffer which was only 4
byte aligned while mempool_alloc_pool() requires the alignment of long.
This will work in 32-bit mode, but could lead to alignment problem in
64-bit mode. The same problem can happen with
lib/libutee/tee_api_arith_mpa.c, but so far it has remained hidden.
Incorrect alignment can result in errors like:
E/TA: assertion '!((vaddr_t)data & (POOL_ALIGN - 1))' failed at lib/libutils/ext/mempool.c:134 in mempool_alloc_pool()
This fix introduces MEMPOOL_ALIGN which specifies required alignment of
data supplied to mempool_alloc_pool().
Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Accepts query buffer size when invoking pseudo TAs with
CFG_SECURE_DATA_PATH=y.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
There are two fast SMC calls from hypervisor:
OPTEE_SMC_VM_CREATED is called during virtual guest creation. Only
after successful return hypervisor should forward any SMC calls from
guest to OP-TEE.
OPTEE_SMC_VM_DESTROYED is called during VM destruction. Hypervisor
should ensure that all virtual CPUs are stopped. This will ensure, that
there are no active threads from destroyed VM in OP-TEE.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Don't create boot thread and don't initialize TEE runtime
if virtualization is enabled. This will be done by virtualization
framework for each virtual guest separately.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This one function can be called in init_primary_helper() in default
configuration or by virtualization framework for each virtual guest
separately if virtualization is enabled.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
If virtualization support is enabled, malloc memory pool is not initialized
at this stage. When virtualization is disabled, nex_malloc and nex_calloc
are aliases for malloc/calloc so no problem will be there.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
If virtualization is enabled, we need do configure right context
upon entry from SMCs. Also we need to switch back to default context
when leaving OP-TEE.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Virtualization subsystem maintains different TA memory ranges
for every virtual guest. So, if virtualization support is enabled,
tee_mmu should get memory configuration there.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Because of different memory layout, we need more page tables when
virtualization support is enabled.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
If CFG_VIRTUALIZATION is enabled, then initial memory layout does not need
TA_RAM, TEE sections (.bss and .data) but it needs core sections
(.nex_bss and .nex_data) mapped.
.data section should be mapped as RO, so it can serve as a template for
virtual guests .data sections.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This function will be called at OP-TEE initialization to
configure memory subsystem of virtualization framework.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This patch adds virtualization framework to OP-TEE.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When virtualization is enabled, there is separate memory map
for every virtual guest.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Virtualization subsystem will initialize threads every time new
guest context is created, so it is good to have whole thread
initialization in one function.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
For virtualization support we need to have multiple mmu partitions.
One partition per virtual machine. Partition holds information about
page tables, ASID, etc. When OP-TEE switches to another partition,
it effectivelly changes how it sees memory. In this way it is possible
to have multiple memory layouts with different shared buffers and TAs
mapped, even with different .bss and .data sections.
If virtualization is disabled, then only one, default partition exists
and it is impossible to allocate more.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This memory type describes mapping that covers all secure memory
as a flat mapping, so it is possible to access any portion of
secure memory at any time.
It will be used with virtualization extensions.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This flag tells tee_mm to use nex_malloc pool instead of default malloc
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
strdup() uses malloc() internally, which is not good for
nexus part of OP-TEE.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
pl011 driver is a core code, so it should use nexus memory allocator.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Variables that are needed by OP-TEE nexus will be moved
to nexus memory.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This patch is the first in series of patches that split OP-TEE RW memory
into two regions: nexus memory and TEE memory. Nexus memory will
be always mapped and it will be used to store all data that is
vital for OP-TEE core and is not bound to virtual guests.
TEE memory is a memory that holds data specific for certain guest.
There will be TEE memory bank for every guest and it will be mapped
into OP-TEE address space only during call from that guest.
This patch adds nexus memory and moves stacks into it. Also
it provides __nex_bss and __nex_data macros, so one can easily set right
section for a variable.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add statistic for OP-TEE nexus memory allocator.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Now, when we have separate allocator for nexus
part of OP-TEE, it is good to add tests for it.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
If virtualization enabled, this pool will be used to allocate
memory for OP-TEE nexus needs.
Without virtualization, generic malloc pool will be used.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
plat-rcar have quite standard memory layout, so there is no sense
to maintain separate configuration if it possible to use generic
one.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds a memleak function to the status PTA which calls mdbg_check(1)
to dump all allocations.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When there is some data already pending in the cbc->block and the input
data size is not large enough to do cbc_encrypt(), the pending data is
going to be overwritten. For example, a serial input with size like 3,3...
uncovers this bug.
Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
|
|
get_elf_segments() doesn't initialize the returned segs array properly,
some fields are left uninitialized. Fix this by doing a compound
assignment when initializing new elements in the array.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Just like the get_prop_tee_dev_id() in tee_svc.c, it returns
TEE_ERROR_BAD_STATE, when tee_otp_get_die_id() reports someting bad.
Put the same check in tee_fs_init_key_manager() as well.
Fixes: https://github.com/OP-TEE/optee_os/issues/2762
Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: use URL in Fixes: tag]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
In error condition on checking "ta_size", was returning
error from function without cleaning allocated memory.
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/pull/2776
[jf: minor edits to commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Fixes the following warnings:
$ pycodestyle --version
2.5.0
$ pycodestyle scripts/*.py
scripts/bin_to_c.py:15:9: E117 over-indented
scripts/bin_to_c.py:34:9: E117 over-indented
scripts/bin_to_c.py:37:17: E117 over-indented
scripts/bin_to_c.py:49:17: E117 over-indented
scripts/bin_to_c.py:50:25: E117 over-indented
scripts/bin_to_c.py:54:25: E117 over-indented
scripts/bin_to_c.py:56:25: E117 over-indented
scripts/bin_to_c.py:62:9: E117 over-indented
$ cd core/arch/arm/plat-stm32mp1/scripts; \
pycodestyle stm32image.py
stm32image.py:21:9: E117 over-indented
stm32image.py:27:9: E117 over-indented
stm32image.py:29:17: E117 over-indented
stm32image.py:39:9: E117 over-indented
stm32image.py:77:9: E117 over-indented
stm32image.py:84:17: E117 over-indented
stm32image.py:96:9: E117 over-indented
stm32image.py:100:9: E117 over-indented
stm32image.py:125:9: E117 over-indented
stm32image.py:140:9: E117 over-indented
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Add base platform support for Broadcom ns3 SoC.
Broadcom ns3 is ARMv8-A based SoS with Cortex-A72 cores
and GICv3. It is configured to run with TF-A.
Signed-off-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Reviewed-by: Raveendra Padasalagi <raveendra.padasalagi@broadcom.com>
Reviewed-by: Scott Branden <scott.branden@broadcom.com>
Reviewed-by: Pramod Kumar <pramod.kumar@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Fixes a race where FIQ isn't masked in the abort handler which results
lost register content and invalid processing of the abort when resumed.
Fixes: 18901324e00a ("Support ARM GICv3 mode")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Free the o->attr in the error handling part.
Fixes: https://github.com/OP-TEE/optee_os/issues/2738
Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com>
[jf: do not set o->attr = 0; move tee_obj_free(o) under if (o) { ... }]
[jf: add spaces to subject; use URL in Fixes: tag]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
|
