core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wi

core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag(

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag() which will return an empty newly allocated file if
none can be found.

file_add_slice() is added to add slices to a file, one by one.

With this can multiple threads try to load a TA at once, the first one
taking the lock will add all the slices to the file.

The code in user_ta.c and elf_load.c using the <file.h> interface can
be optimized to allow more operations in parallel.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex i

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex is destroyed with mutex_destroy(). From
mutex_destroy_check() the corresponding lockdep node and all edges
referring to it are removed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_SMC_VM_DESTROYED which is not reliable.

New capability flag OPTEE_SMC_SEC_CAP_VIRTUALIZATION solves this issue.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much more quickly. For instance, with QEMU and CFG_ULIBS_SHARED=y, the
average time for the relocation loop in tee_ta_init_user_ta_session()
is reduced from 60-70 ms to 2-3 ms (tested with xtest).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

user_ta: fix spelling mistake in debug message

Fixes a spelling mistake.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused
confusion during kernel boot by users. It is only needed for
debug purposes.

Reduce this message to only debug verbosity.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)
^~~~~~~~~~~~~~~~~~~

Fixes: aea0999e2360 ("core: explicit return value for sm_platform_handler()")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

hikey960: add support for 6G boards (CFG_DRAM_SIZE_GB=6)

Adds support for CFG_DRAM_SIZE_GB=6 and declares the non-secure
physical memory range 4~7G which may be used as shared memory by Linux
[1].

hikey960: add support for 6G boards (CFG_DRAM_SIZE_GB=6)

Adds support for CFG_DRAM_SIZE_GB=6 and declares the non-secure
physical memory range 4~7G which may be used as shared memory by Linux
[1].

Link: [1] https://github.com/96boards-hikey/OpenPlatformPkg/blob/50c813d0b9b3/Platforms/Hisilicon/HiKey960/Library/HiKey960Lib/HiKey960Mem.c#L40-L42
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey960: fix memory mapping for 4G boards (CFG_DRAM_SIZE_GB=4)

HiKey960 boards equipped with 4G of RAM may use physical addresses in
the range 8G~8.5G [1]. This range is currently not declared in O

hikey960: fix memory mapping for 4G boards (CFG_DRAM_SIZE_GB=4)

HiKey960 boards equipped with 4G of RAM may use physical addresses in
the range 8G~8.5G [1]. This range is currently not declared in OP-TEE,
so if Linux happens to be using it for shared memory, it will cause
problems. This can happen when:
1. Dynamic shared memory is enabled in OP-TEE (CFG_CORE_DYN_SHM=y) and
used by the kernel driver ("optee: dynamic shared memory is enabled" in
the boot log), and
2. The UEFI firmware is recent enough to report the whole physical
address range to the kernel (introduced in edk2's OpenPlatformPkg
commit 50c813d0b9b3 ("Platforms/HiKey960: Support 4G or more memory
space for RAM") [2].

The typical error is (the address could be any value >4G):

E/TC:6 0 tee_entry_std:551 Bad arg address 0x217e9a000

This commit fixes the issue by adding the missing memory range.
Obviously, dealing with PAs greater than 4G requires a 64-bit TEE core
or CFG_CORE_LARGE_PHYSICAL_ADDR=y, so a compile-time check is added.

Link: [1] https://github.com/96boards-hikey/OpenPlatformPkg/blob/50c813d0b9b3/Platforms/Hisilicon/HiKey960/Library/HiKey960Lib/HiKey960Mem.c#L34-L38
Link: [2] https://github.com/96boards-hikey/OpenPlatformPkg/commit/50c813d0b9b3
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Sungjin Park <sungjinp@gmail.com>

show more ...

core: imx: Fix compilation warnings leading to build breakage

The following two commits slipped through warnings that weren't caught by
Shippable:

Commit 4cb61ae7d98e ("core: imx: Add simple CAAM p

core: imx: Fix compilation warnings leading to build breakage

The following two commits slipped through warnings that weren't caught by
Shippable:

Commit 4cb61ae7d98e ("core: imx: Add simple CAAM permissions set routine")
Commit f142f6f224fe ("core: imx: Add in calls to set CAAM job-ring
permissions")

This patch fixes both warnings.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reported-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

PTA: change method for checking memory in derive TA key

The tee_vbuf_is_sec() which ends up as core_vbuf_is() doesn't work with
paged user space memory, so instead use tee_mmu_check_access_rights().

PTA: change method for checking memory in derive TA key

The tee_vbuf_is_sec() which ends up as core_vbuf_is() doesn't work with
paged user space memory, so instead use tee_mmu_check_access_rights().

Fixes: a30ddda9e488 ("PTA: add support for deriving device and TA unique keys")

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use
case could be when you need to encrypt some data in a Trusted App and
then give it back to normal world.

By default device unique properties (HUK and TA UUID) will be used when
deriving a key. However, the one calling the PTA derive key function
also have the ability to provide some extra data that will be mixed in
together with existing device unique properties. That gives the ability
to derive keys that are not only device and Trusted Application unique,
but also tied to some additional data, it could for example be a
password or something similar.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: enable ftrace for TAs built using shared libraries

To enable ftrace for TAs built with shared libraries, we need to dump
the TA state (include regions dump along with mapping to <uuid>.elf) in

core: enable ftrace for TAs built using shared libraries

To enable ftrace for TAs built with shared libraries, we need to dump
the TA state (include regions dump along with mapping to <uuid>.elf) in
corresponding ftrace buffer for symbolize.py script to map symbols to
particular shared libraries.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)

show more ...

core: prepare support for TA function tracing

To support TA function tracing OP-TEE core role being:
- To initialize and register ftrace buffer per TA session.
- To dump TA ftrace buffer to normal w

core: prepare support for TA function tracing

To support TA function tracing OP-TEE core role being:
- To initialize and register ftrace buffer per TA session.
- To dump TA ftrace buffer to normal world via RPC call in case TA
session closes or in case of TA abort.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)

show more ...

core: fix AArch64 user TA stack dump

Restores user TA stack base and size __print_stack_unwind_arm64() to be
able to dump the user TA stack.

Fixes: c0bc8d0e7d72 ("core: print TA stack dump from thr

core: fix AArch64 user TA stack dump

Restores user TA stack base and size __print_stack_unwind_arm64() to be
able to dump the user TA stack.

Fixes: c0bc8d0e7d72 ("core: print TA stack dump from thread context")
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm: explicit return value for sm_from_nsec()

Define macros to explicit return value for sm_from_nsec() used
in monitor assembly trampoline to invoke either secure or non-secure
world.

Signed-

core: sm: explicit return value for sm_from_nsec()

Define macros to explicit return value for sm_from_nsec() used
in monitor assembly trampoline to invoke either secure or non-secure
world.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu)

show more ...

core: sm: embed sm_platform_handler upon CFG_SM_PLATFORM_HANDLER

When CFG_SM_PLATFORM_HANDLER is disabled don't even call platform
handler which is not embedded. This change aligns sm_platform_handl

core: sm: embed sm_platform_handler upon CFG_SM_PLATFORM_HANDLER

When CFG_SM_PLATFORM_HANDLER is disabled don't even call platform
handler which is not embedded. This change aligns sm_platform_handler()
and std_handler() in secure monitor integration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: explicit return value for sm_platform_handler()

Changes sm_platform_handler() to explicitly return whether the SMC
was handled or if it shall be relayed to another layer. Prior this
change the

core: explicit return value for sm_platform_handler()

Changes sm_platform_handler() to explicitly return whether the SMC
was handled or if it shall be relayed to another layer. Prior this
change the function returned false when the SMC had been handled and
true otherwise which are not obvious return values.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix missing unpaged constraint on mobj_with_fobj_get_pa()

mobj_with_fobj_get_pa() gets called when a TA crashed and core prints
some information about the TA. This change ensures the function

core: fix missing unpaged constraint on mobj_with_fobj_get_pa()

mobj_with_fobj_get_pa() gets called when a TA crashed and core prints
some information about the TA. This change ensures the function belongs
to an unpaged section.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ensure embedded DTB found trace is output once

Move info trace "Embedded DTB found" so that it is output only once
even when get_embedded_dt() is called several times.

Signed-off-by: Etienne

core: ensure embedded DTB found trace is output once

Move info trace "Embedded DTB found" so that it is output only once
even when get_embedded_dt() is called several times.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix core panic when CFG_UNWIND=n

This change fixes a core panic occurrence when a TA panics while core
is built with CFG_TEE_CORE_DEBUG=y and CFG_UNWIND=n.

When a TA panics while CFG_UNWIND=n

core: fix core panic when CFG_UNWIND=n

This change fixes a core panic occurrence when a TA panics while core
is built with CFG_TEE_CORE_DEBUG=y and CFG_UNWIND=n.

When a TA panics while CFG_UNWIND=n, the thread specific data holding
abort_type was not loaded prior this change. The abort sequence that
print information to the console dumps now does not attemp to dump
un-relevant CPU register content.

Prior this change, ARM32 code could panic since reading an invalid SPSR
value when printing CPU state to the console, with an error trace like:

E/TC:? 0 TA panicked with code 0xbeef
E/TC:? 0 assertion 'thread_get_exceptions() & THREAD_EXCP_FOREIGN_INTR' failed at core/arch/arm/include/kernel/misc.h:22 <get_core_pos>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>


Prior this change ARM64 code printed irrelevant CPU state information
as below:

E/TC:? 0 TA panicked with code 0xbeef
E/TC:? 0
E/TC:? 0 User TA undef-abort at address 0x0
E/TC:? 0 esr 0x00000000 ttbr0 0x200000e173020 ttbr1 0x00000000 cidr 0x0
E/TC:? 0 cpu #0 cpsr 0x00000000
E/TC:? 0 x0 0000000000000000 x1 0000000000000000
(...)
E/TC:? 0 x30 0000000000000000 elr 0000000000000000
E/TC:? 0 sp_el0 0000000000000000

Fixes: c0bc8d0e7d72 ("core: print TA stack dump from thread context")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move embedded DTB out of init sections

This change makes generic boot to discover non-secure memory and
console configuration from the external DTB only, no more from the
embedded DTB as prior

core: move embedded DTB out of init sections

This change makes generic boot to discover non-secure memory and
console configuration from the external DTB only, no more from the
embedded DTB as prior this change. When generic boot attempts to access
embedded DTB, the embedded DTB gets located in init read-only data
section become unnecessary too big. With this change, embedded DTB now
lies in the standard pageable read-only data section, relaxing memory
footprint constraint.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32mp1: update DTS files to Linux kernel 5.2-rc1

Synchronize stm32mp1 DTS files with those published in Linux kernel
source tree at commit a188339ca5a3 ("Linux 5.2-rc1").

This change updates plat

stm32mp1: update DTS files to Linux kernel 5.2-rc1

Synchronize stm32mp1 DTS files with those published in Linux kernel
source tree at commit a188339ca5a3 ("Linux 5.2-rc1").

This change updates platforms EV1 and ED1 and introduces DK1 and DK2
known as DiscoveryKit board. It also introduces stpmic1 bindings header
file needed for platform DTS files compilation.

Among other changes, this commit introduces STPMIC1 and BSEC description
nodes. STPMIC1 defines regulators. BSEC describes fuses and uses the
status / secure-status to define fuse access scope in the scope of BSEC
support.

This change strictly dumps Linux kernel DTS files into OP-TEE but
regarding stm32mp157c.dtsi for which the OP-TEE DTS file adds node
for the ETZPC device which is mandated by OP-TEE but not defined in
non-secure Linux kernel scope.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...