Merge with Upstream optee_os repo #2
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enable stats PTA to catch compilation issues. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jerome Forissier <[email protected]> Reviewed-by: Etienne Carriere <[email protected]>
Remove useless CFG_NXP_CAAM_ACIPHER compilation flag. This flag acts as a duplicate of CFG_CRYPTO_DRV_ACIPHER compilation flag. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jens Wiklander <[email protected]>
Move CFG_WITH_SOFTWARE_PRNG default definition to crypto.mk to make it overide-able by the HW crypto implementation. Without this fix, forcing CFG_WITH_SOFTWARE_PRNG to n in a crypto driver configuration file will trigger the following compilation issue: core/drivers/crypto/<driver>/crypto.mk:140: *** CFG_WITH_SOFTWARE_PRNG is set to 'y' (from file) but its value must be 'n' [Mandated by xxx]. Stop. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jens Wiklander <[email protected]>
…platforms Remove the enablement of CFG_WITH_SOFTWARE_PRNG ?= y since it's already globally enabled. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jens Wiklander <[email protected]>
…tforms Remove the enablement of CFG_WITH_SOFTWARE_PRNG flag when the CAAM is disabled. CFG_WITH_SOFTWARE_PRNG is enabled by default. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jens Wiklander <[email protected]>
Re-work the CAAM crypto makefile to make it more readable. Signed-off-by: Clement Faure <[email protected]> Acked-by: Jens Wiklander <[email protected]>
These functions should contain tailing ret instruction to return to caller. Signed-off-by: Alvin Chang <[email protected]> Acked-by: Jerome Forissier <[email protected]>
Symmetric keys should be compared in constant time to protect against side channel attacks. Signed-off-by: Jorge Ramirez-Ortiz <[email protected]> Acked-by: Jerome Forissier <[email protected]>
With CFG_FTRACE_SUPPORT=y CFG_ULIBS_MCOUNT=y CFG_SYSCALL_FTRACE=y
(tested on QEMUv8), OP-TEE boot hangs due to infinite recursion:
ftrace_enter()
get_fbuf()
thread_get_id_may_fail()
_mcount() [or __gnu_mcount_nc()]
ftrace_enter()
...
Break the cycle by tagging thread_get_id_may_fail() with __noprof so
that it doesn't call _mcount()/__gnu_mcount_nc().
Signed-off-by: Jerome Forissier <[email protected]>
Acked-by: Jens Wiklander <[email protected]>
Reviewed-by: Sumit Garg <[email protected]>
As its name implies, thread_init_core_local_stacks() performs stack initializations therefore it should not invoke the stack-checking hooks which are enabled when CFG_CORE_DEBUG_CHECK_STACKS=y. This is done by adding the __nostackcheck qualifier to the function. Without it, the boot hangs early and nothing is printed on the secure console. Note that this also fixes similar symptoms with syscall profiling (CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y) because the _mcount()/ __gnu_mcount_nc() hooks need the stack. Both __nostackcheck and __noprof expand to __attribute__((no_instrument_function)). Fixes: ca82589 ("core: split core/arch/arm/kernel/thread.c") Signed-off-by: Jerome Forissier <[email protected]> Reviewed-by: Sumit Garg <[email protected]>
When CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y, the following call stack
happens (QEMUv8):
_mcount()
ftrace_enter()
get_fbuf()
thread_get_tsd()
thread_get_id()
Therefore thread_get_tsd() and thread_get_id() must be tagged with
__noprof, otherwise a recursive call to _mcount() is triggered leading
to infinite recursion, stack overflow and a lockup of the TEE core.
Signed-off-by: Jerome Forissier <[email protected]>
Reviewed-by: Sumit Garg <[email protected]>
Update CI to enable function tracing in the TEE core on QEMUv8 to make sure that no annotion disabling function instrumentation (__noprof) is missing. Only one test is enabled because the whole test suite takes too long to execute with instrumentation enabled, and running more test cases is unlikely to uncover more bugs because this is mostly about low level functions (thread handling...). Signed-off-by: Jerome Forissier <[email protected]> Reviewed-by: Sumit Garg <[email protected]>
Disable TPM2 MMIO driver and remove its integration from platform vexpress. OP-TEE will instead rely on a remote REE TPM2 driver allowing REE OS to embed TPM2 software stack and leverage TPM2 features. Acked-by: Jens Wiklander <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Remove TPM2 driver from OP-TEE core. OP-TEE will instead rely on a remote REE TPM2 driver allowing REE OS to embed TPM2 software stack and leverage TPM2 features. Acked-by: Jens Wiklander <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Current CSR macros with inline assembly will lead to compilation error, because they use pre-processor stringizing not value substitution. The definitions such as CSR_XSTATUS are not sustituted to CSR encoding in CSR macros and compiler generates: Error: unknown CSR `CSR_XSTATUS'. This patch fixes it by making the given CSR to be an assembly input operand with constraint "i", which is used to indicate the operand is an immediate integer operand. Thus, the CSR encoding can be correctly compiled. Signed-off-by: Alvin Chang <[email protected]> Acked-by: Jens Wiklander <[email protected]> Acked-by: Jerome Forissier <[email protected]>
Adds bitstring function bit_ffs_from() that mimics bit_ffs() but looks from a start bit position given as argument, and defines bit_ffs() based on bit_ffs_from(). Reviewed-by: Jens Wiklander <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Fixes inline comment typo in OP-TEE standard SMCs description and CFG_CORE_ASYNC_NOTIF switch description. Reviewed-by: Jens Wiklander <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
The RISC-V privileged specification defines that at least one hart must have a hart ID of zero. Since at least one stack_tmp_stride is required for calculating the initial SP value for each hart, the formula should be address of stack_tmp plus (hartid+1) multiplied by stack_tmp_stride. This commit fixes the formula for initializing SP of each hart, otherwise the stack underflow happens to hart 0. Fixes: 93e54a6 ("riscv: kernel: entry.S: provide entry script") Signed-off-by: Alvin Chang <[email protected]> Reviewed-by: Marouene Boubakri <[email protected]> Acked-by: Jerome Forissier <[email protected]>
Adds core_mmu_tee_load_pa for a dynamic record of where OP-TEE is loaded into memory. With CFG_CORE_PHYS_RELOCATABLE=y core_mmu_tee_base_pa may need to be updated during early boot since the physical address to use isn't determined until then. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds core_mmu_get_ta_range() to return the range of physical memory reserved for TAs. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Avoid using TEE_RAM_START, TEE_RAM_PH_SIZE, TA_RAM_START, and TA_RAM_SIZE where secure_only[] can be used instead to calculate the same numbers. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
In get_ta_ram_size() use core_mmu_get_ta_range() instead of the define TA_RAM_SIZE. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Removes the TA_RAM_START and TA_RAM_SIZE defines since core_mmu.c can calculate the values based registered secure_only memory. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Only call add_pager_vaspace() when compiled with pager enabled to avoid redundant looping over the memory areas to map. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds defines to interpret FF-A Boot Info header and descriptor using two new structs and accompanying defines. Acked-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds dt_getprop_as_number() to read a property and parse it as a number returned as a uint64_t. The size of the property determines if it's read as an unsigned 32-bit or 64-bit integer. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds core_mmu_set_secure_memory() for use with CFG_CORE_PHYS_RELOCATABLE where the secure physical memory range is determined at boot. Reviewed-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
With CFG_CORE_SEL2_SPMC=y OP-TEE is executed as an SP at S-EL1. The manifest describing the OP-TEE SP is passed as a boot argument. The manifest contains among other things the two properties "load-address" and "mem-size". These cover the secure memory allocated for OP-TEE to cover core and TA memory. The retrieved memory range is saved with a call to core_mmu_set_secure_memory() to be used when initializing MMU and other memory configuration. Acked-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
With CFG_CORE_PHYS_RELOCATABLE=y enable support in OP-TEE to relocate itself to allow it to run from physical address that differs from the link address. This feature is currently only supported with CFG_CORE_SEL2_SPMC=y since the TEE core has to know the range of available memory. With SPMC at EL2 this is accomplished via get_sec_mem_from_manifest(). An SPMC at S-EL2 may need to load OP-TEE at a different address depending on configuration. Acked-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
Adds a build with CFG_CORE_SEL2_SPMC=y and CFG_CORE_PHYS_RELOCATABLE=y. Dummy values are needed for CFG_TZDRAM_START and CFG_TZDRAM_SIZE since vexpress-qemu_armv8a doesn't have default values for those in this configuration. Acked-by: Etienne Carriere <[email protected]> Signed-off-by: Jens Wiklander <[email protected]>
This commit renames interrupt controller function names to be more generic: - Rename main_init_gic() to primary_init_intc() - Rename secondary_init_gic() to secondary_init_intc() Signed-off-by: Marouene Boubakri <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
…river An initial implementation of RISC-V PLIC driver conforming to the specification. CFG_RISCV_PLIC flag allows building it or not for platforms with custom PLIC IP. Signed-off-by: Marouene Boubakri <[email protected]> Acked-by: Jerome Forissier <[email protected]>
Rename interrupt controller initialization functions to primary_init_intc() and secondary_init_intc(). To be called by platform boot code to initialize interrupt controller on boot hart and secondary harts, respectively. Signed-off-by: Marouene Boubakri <[email protected]> Reviewed-by: Jerome Forissier <[email protected]>
In case of an update operation, the total input data size processed must be a multiple of a block size. The total block size is equal to the input data size and the saved buffer size. If the reallocation DMA buffer is less than the input data size, buffer length plus saved buffer size need to be adjusted to align on multiple of a block size. Depending on the memory buffer input configuration, the function caam_dmaobj_sgtbuf_build() might modify the data size to be processed in the loop. This case happens sometimes on i.MX platforms where the input buffer physical address in above 32 bits. This implies reporting the data size re-ajustment when data is saved in the context buffer. Signed-off-by: Olivier Masse <[email protected]> Signed-off-by: Clement Faure <[email protected]> Acked-by: Jerome Forissier <[email protected]>
Changes stm32_gpio driver to support generic pin control framework (CFG_DRIVERS_PINCTRL=y). Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Adds helper function stm32_gpio_pinctrl_bank_pin() to get an array of bank and pin IDs related to a pin control state. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Adds helper function stm32_pinctrl_set_secure_cfg() to set the GPIO pin secure state (secure or non-secure) for each pin referenced by a pin control state. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Adds shared resources helper functions stm32mp_register_secure_pinctrl() and stm32mp_register_non_secure_pinctrl() for when a platform driver registers pins from a pin control state with secure or non-secure attribute. These function are required when CFG_DRIVERS_PINCTRL is enabled. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Updates stm32_uart driver for when CFG_DRIVERS_PINCTRL is enabled making UART driver to get pin control configuration using the generic pin control framework. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Updates stm32_i2c driver for when CFG_DRIVERS_PINCTRL is enabled making I2C driver to get pin control configuration using the generic pin control framework. When enabled, stm32_i2c driver get the active and sleep pin control configuration from the device tree. Sleep pinctrl configuration is optional. SE050 and STM32MP1 PMIC drivers that use the stm32_i2c bus are both updated accordingly. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Changes platform stm32mp1 configuration to always enable CFG_DRIVERS_PINCTRL. The platform requires pinctrl_apply_state() to be unpaged has it can be used during PM suspend and resume sequences. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1 platform configuration enforces the switch is enabled. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1 platform configuration enforces the switch is enabled. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Removes implementation when CFG_DRIVERS_PINCTRL is disables as stm32mp1 platform configuration enforces the switch is enabled. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Moves macros and structures definitions from stm32_gpio.h header file to the driver source file as these definition do not need to be visible from other drivers thank to pin control abstraction. Acked-by: Gatien Chevallier <[email protected]> Signed-off-by: Etienne Carriere <[email protected]>
Ankita13-code
requested review from
zatkh,
Anna-Trikalinou and
tgopinath-microsoft
and removed request for
tgopinath-microsoft
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
|
@zatkh @Anna-Trikalinou can you please review this PR? |
|
This pull request has been marked as a stale pull request because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this pull request will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR merges the upstream optee_os repo with the current repo for providing a common platform for supporting all architectures like ARM and X86.