u-boot.git/lib/optee/optee.c, branch master Unnamed repository; edit this file 'description' to name the repository. lib: optee: Add line ending to debug() outputs 2025-09-24T17:04:04+00:00 Jan Kiszka jan.kiszka@siemens.com 2025-09-15T13:41:46+00:00 7cae89bac47cd8e79c91034865e5a671334f73fd Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> 
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
lib: Remove <common.h> inclusion from these files 2023-12-21T13:54:37+00:00 Tom Rini trini@konsulko.com 2023-12-14T18:16:58+00:00 467382ca03758e4f3f13107e3a83669e93a7461e After some header file cleanups to add missing include files, remove common.h from all files in the lib directory. This primarily means just dropping the line but in a few cases we need to add in other header files now. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
After some header file cleanups to add missing include files, remove
common.h from all files in the lib directory. This primarily means just
dropping the line but in a few cases we need to add in other header
files now.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
fdtdec: Support reserved-memory flags 2021-10-13T21:18:30+00:00 Thierry Reding treding@nvidia.com 2021-09-03T13:16:21+00:00 b9aad375917d4ae0dec5aedcdfa79929e1dbb730 Reserved memory nodes can have additional flags. Support reading and writing these flags to ensure that reserved memory nodes can be properly parsed and emitted. This converts support for the existing "no-map" flag to avoid extending the argument list for fdtdec_add_reserved_memory() to excessive length. Signed-off-by: Thierry Reding <treding@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com> 
Reserved memory nodes can have additional flags. Support reading and
writing these flags to ensure that reserved memory nodes can be properly
parsed and emitted.

This converts support for the existing "no-map" flag to avoid extending
the argument list for fdtdec_add_reserved_memory() to excessive length.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
fdtdec: Support compatible string list for reserved memory 2021-10-13T21:18:30+00:00 Thierry Reding treding@nvidia.com 2021-09-03T13:16:19+00:00 46cb067803bef50cb8a1334a56897d05b5f85e02 Reserved memory nodes can have a compatible string list to identify the type of reserved memory that they represent. Support specifying an optional compatible string list when creating these nodes. Signed-off-by: Thierry Reding <treding@nvidia.com> Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Warren <twarren@nvidia.com> 
Reserved memory nodes can have a compatible string list to identify the
type of reserved memory that they represent. Support specifying an
optional compatible string list when creating these nodes.

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Warren <twarren@nvidia.com>
lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image() 2021-10-05T12:46:23+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-09-07T17:07:06+00:00 26fc66709c0de7732a12fd59dbce5a83eb454bae The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the memory allocated to the OPTEE region. according to according to commit c5a6e8bd00cc ("optee: Add optee_verify_bootm_image()"). The TZDRAM is with some limitations, described by "/reserved-memory" nodes in the devicetree. Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary regions which have nothing to do with actual DRAM. They are not used to configure the hardware or set up the Trust Zone Controller (TZC) for OP-TEE -- the devicetree values are used instead. When a valid OP-TEE image does not fall within the region described by these configs, u-boot will refuse to load it. In fact, it mostly serves to cause "bootm" to reject perfectly good OP-TEE images. Ironically, someone has to correctly configure the devicetree for TZDRAM, then go back and enter the same information in Kconfig for "bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the verification of OPTEE images. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> 
The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the
memory allocated to the OPTEE region. according to according to commit
c5a6e8bd00cc ("optee: Add optee_verify_bootm_image()"). The TZDRAM is
with some limitations, described by "/reserved-memory" nodes in the
devicetree.

Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary
regions which have nothing to do with actual DRAM. They are not used
to configure the hardware or set up the Trust Zone Controller (TZC)
for OP-TEE -- the devicetree values are used instead.

When a valid OP-TEE image does not fall within the region described by
these configs, u-boot will refuse to load it. In fact, it mostly
serves to cause "bootm" to reject perfectly good OP-TEE images.

Ironically, someone has to correctly configure the devicetree for
TZDRAM, then go back and enter the same information in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
lib: optee: remove the duplicate CONFIG_OPTEE 2021-10-05T12:44:48+00:00 Patrick Delaunay patrick.delaunay@foss.st.com 2021-09-02T09:56:16+00:00 51827f9a8be3def01b837a2809094e2fd2703b6a The configuration CONFIG_OPTEE is defined 2 times: 1- in lib/optee/Kconfig for support of OPTEE images loaded by bootm command 2- in drivers/tee/optee/Kconfig for support of OP-TEE driver. It is abnormal to have the same CONFIG define for 2 purpose; and it is difficult to managed correctly their dependencies. Moreover CONFIG_SPL_OPTEE is defined in common/spl/Kconfig to manage OPTEE image load in SPL. This definition causes an issue with the macro CONFIG_IS_ENABLED(OPTEE) to test the availability of the OP-TEE driver. This patch cleans the configuration dependency with: - CONFIG_OPTEE_IMAGE (renamed) => support of OP-TEE image in U-Boot - CONFIG_SPL_OPTEE_IMAGE (renamed) => support of OP-TEE image in SPL - CONFIG_OPTEE (same) => support of OP-TEE driver in U-Boot - CONFIG_OPTEE_LIB (new) => support of OP-TEE library After this patch, the macro have the correct behavior: - CONFIG_IS_ENABLED(OPTEE_IMAGE) => Load of OP-TEE image is supported - CONFIG_IS_ENABLED(OPTEE) => OP-TEE driver is supported Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
The configuration CONFIG_OPTEE is defined 2 times:
1- in lib/optee/Kconfig for support of OPTEE images loaded by bootm command
2- in drivers/tee/optee/Kconfig for support of OP-TEE driver.

It is abnormal to have the same CONFIG define for 2 purpose;
and it is difficult to managed correctly their dependencies.

Moreover CONFIG_SPL_OPTEE is defined in common/spl/Kconfig
to manage OPTEE image load in SPL.

This definition causes an issue with the macro CONFIG_IS_ENABLED(OPTEE)
to test the availability of the OP-TEE driver.

This patch cleans the configuration dependency with:
- CONFIG_OPTEE_IMAGE (renamed) => support of OP-TEE image in U-Boot
- CONFIG_SPL_OPTEE_IMAGE (renamed) => support of OP-TEE image in SPL
- CONFIG_OPTEE (same) => support of OP-TEE driver in U-Boot
- CONFIG_OPTEE_LIB (new) => support of OP-TEE library

After this patch, the macro have the correct behavior:
- CONFIG_IS_ENABLED(OPTEE_IMAGE) => Load of OP-TEE image is supported
- CONFIG_IS_ENABLED(OPTEE) => OP-TEE driver is supported

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
lib: optee: migration optee_copy_fdt_nodes for OF_LIVE support 2021-04-12T18:25:31+00:00 Patrick Delaunay patrick.delaunay@foss.st.com 2021-02-08T12:54:31+00:00 a2535243e0114a48a4225a38819aa7d9fdc3d02c The optee_copy_fdt_nodes is only used to copy op-tee nodes of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated) to external device tree but it is not compatible with OF_LIVE. This patch migrates all used function fdt_ functions to read node on old_blob to ofnode functions, compatible with OF_LIVE and remove this parameter "old_blob". The generated "device tree" is checked on stm32mp platform with OF_LIVE activated. Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
The optee_copy_fdt_nodes is only used to copy op-tee nodes
of U-Boot device tree (from gd->fdt_blob when OF_LIVE is not activated)
to external device tree but it is not compatible with OF_LIVE.

This patch migrates all used function fdt_ functions to read node on
old_blob to ofnode functions, compatible with OF_LIVE and remove this
parameter "old_blob".

The generated "device tree" is checked on stm32mp platform with OF_LIVE
activated.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
common: Drop asm/global_data.h from common header 2021-02-02T20:33:42+00:00 Simon Glass sjg@chromium.org 2020-10-31T03:38:53+00:00 401d1c4f5d2d29c4bc4beaec95402ca23eb63295 Move this out of the common header and include it only where needed. In a number of cases this requires adding "struct udevice;" to avoid adding another large header or in other cases replacing / adding missing header files that had been pulled in, very indirectly. Finally, we have a few cases where we did not need to include <asm/global_data.h> at all, so remove that include. Signed-off-by: Simon Glass <sjg@chromium.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
Move this out of the common header and include it only where needed.  In
a number of cases this requires adding "struct udevice;" to avoid adding
another large header or in other cases replacing / adding missing header
files that had been pulled in, very indirectly.   Finally, we have a few
cases where we did not need to include <asm/global_data.h> at all, so
remove that include.

Signed-off-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
optee: add property no-map to secure reserved memory 2020-09-22T18:54:13+00:00 Etienne Carriere etienne.carriere@st.com 2020-09-10T08:50:01+00:00 3e15c315f97401f394ae83ed17fbef72b765222a OP-TEE reserved memory node must set property "no-map" to prevent Linux kernel from mapping secure memory unless what non-secure world speculative accesses of the CPU can violate the memory firmware configuration. Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree") Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Signed-off-by: Patrice Chotard <patrice.chotard@st.com> 
OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
fdtdec: optionally add property no-map to created reserved memory node 2020-09-22T18:54:13+00:00 Etienne Carriere etienne.carriere@st.com 2020-09-10T08:49:59+00:00 ccaa5747bdeae4261199dd7e80771e4de1c550ca Add boolean input argument @no_map to helper function fdtdec_add_reserved_memory() to add or not "no-map" property for an added reserved memory node. Property no-map is used by the Linux kernel to not not map memory in its static memory mapping. It is needed for example for the| consistency of system non-cached memory and to prevent speculative accesses to some firewalled memory. No functional change. A later change will update to OPTEE library to add no-map property to OP-TEE reserved memory nodes. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Signed-off-by: Patrice Chotard <patrice.chotard@st.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Add boolean input argument @no_map to helper function
fdtdec_add_reserved_memory() to add or not "no-map" property
for an added reserved memory node.

Property no-map is used by the Linux kernel to not not map memory
in its static memory mapping. It is needed for example for the|
consistency of system non-cached memory and to prevent speculative
accesses to some firewalled memory.

No functional change. A later change will update to OPTEE library to
add no-map property to OP-TEE reserved memory nodes.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>
Reviewed-by: Simon Glass <sjg@chromium.org>