prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bit

prng: move old implementation to be weak default

The patch replaces the original entropy scheme using system time with
the new api plat_prng_add_jitter_entropy().

The old scheme aimed to get 64 bits of entropy from the current time
expressed in 64 bits in ms each time. Most of this was in fact zeros or
unchanging for >256s. If you call it twice with 1ms, it actually
provides 0 bits of entropy.

The replacement scheme aims to get 2 bits of entropy from the counter,
which typically operates faster than 1MHz, greater than a thousand times
more precision than the old way, each time.

For backwards compatibility, the old scheme is retained as the default
or arches or platforms that did not provide an override to collect
jitter in a better way.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601

prng: implement CNTPCT-based jitter entropy for all arm arch devices

Tests dumping CNTPCT at the same point in three boots on Hikey
gave the following spread:

0xebff3fdd80daceb5
0xebff3fdd80da4601
0xeaff3fdd7edb5dcc

things like eMMC async init from power up, interrupt jitter, branch
prediction misses, peripheral async clock drift, cache fill delays,
and so on accumulate in the counter at better than us resolution,
and make the exact count we reach the dump point differ, even in a
supposedly deterministic boot flow.

There appear to be ~12 bits of real entropy in the initial jitter, by
the time of the sample point which was at OP-TEE entry from a-t-f.

A new general jitter harvesting API is introduced
plat_prng_add_jitter_entropy(). The first time it is called on
PRNG init, 16 bits of CNTPCT are used as seed entropy. Thereafter
only the two LSB of CNTPCT are harvested each time, being provided
as entropy to the PRNG every time it reaches 8 bits.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-ti: Enable GIC driver support for DRA7xx

The DRA7xx platform contains a standard GICv2. Enable this driver.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklan

plat-ti: Enable GIC driver support for DRA7xx

The DRA7xx platform contains a standard GICv2. Enable this driver.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix traces in selftest pseudo TA

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissi

core: fix traces in selftest pseudo TA

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: allow pseudo TA to not define some handlers

Pseudo TAs that do not need to handle creation, destruction,
session opening and closure do not need to define a handler
for that.

Update pseudo TA

core: allow pseudo TA to not define some handlers

Pseudo TAs that do not need to handle creation, destruction,
session opening and closure do not need to define a handler
for that.

Update pseudo TAs where such handlers at not really useful.
Keep the handlers for the selftest pseudo TA for its traces.


Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: allow pseudo TAs to define properties

Before this change, pseudo TAs only supported the multi-session
property. This change allows pseudo TAs to define their expected
properties.

This change

core: allow pseudo TAs to define properties

Before this change, pseudo TAs only supported the multi-session
property. This change allows pseudo TAs to define their expected
properties.

This change will be required for the secure data path (SDP) support.
It allows a TA to be invoked with parameters referring to SDP
memory buffers.

During core init, the pseudo TA support verifies that all registered
pseudo TAs conforms with some It allows core to nicely panic if a
pseudo TA was badly declared, including UUID overlapping between
pseudo TAs.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: Add TRNG driver for DRA7

Add driver for the True Random Number Generator (TRNG) available
on DRA7xx platforms.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Joakim Bech <joakim.

drivers: Add TRNG driver for DRA7

Add driver for the True Random Number Generator (TRNG) available
on DRA7xx platforms.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mm: fix map_pa2va()'s bad behavior

map->region_size is `unsigned'. In 64-bit machine,
~((vaddr_t)map->region_size - 1)) will discard high
32-bit. results wrong va value.

Signed-off-by: Zhizho

core: mm: fix map_pa2va()'s bad behavior

map->region_size is `unsigned'. In 64-bit machine,
~((vaddr_t)map->region_size - 1)) will discard high
32-bit. results wrong va value.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: make exception vector 11-bit aligned

bit 0 to bit 10 in VBAR_EL1 is RES0. We should not rely on
RES0 values.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens

core: arm64: make exception vector 11-bit aligned

bit 0 to bit 10 in VBAR_EL1 is RES0. We should not rely on
RES0 values.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: don't assume VA address size to 32-bit

For some board's PA may larger than 32-bit, in order to
create identity memory mapping, we should enlarge TCR.T0SZ.
Rename ADDR_SPACE_SIZE to CFG_LPAE_AD

core: don't assume VA address size to 32-bit

For some board's PA may larger than 32-bit, in order to
create identity memory mapping, we should enlarge TCR.T0SZ.
Rename ADDR_SPACE_SIZE to CFG_LPAE_ADDR_SPACE_SIZE, and move
the config entry to core/arch/arm/arm.mk.

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix phys_to_virt() in thread_std_smc_entry()

enum tee_core_memtypes (MEM_AREA_NSEC_SHM) is required by
phys_to_virt(), rather than enum buf_is_attr (CORE_MEM_NSEC_SHM)

Signed-off-by: Sunny Ku

core: fix phys_to_virt() in thread_std_smc_entry()

enum tee_core_memtypes (MEM_AREA_NSEC_SHM) is required by
phys_to_virt(), rather than enum buf_is_attr (CORE_MEM_NSEC_SHM)

Signed-off-by: Sunny Kuo <sunnychingk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: update commit message with exact function/type names]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rename 'static TA' into 'pseudo TA'

This renaming prevents confusion of what is a static TA: static
TAs are NOT Trusted Application operating at OP-TEE core privilege
execution level. There are rath

rename 'static TA' into 'pseudo TA'

This renaming prevents confusion of what is a static TA: static
TAs are NOT Trusted Application operating at OP-TEE core privilege
execution level. There are rather OP-TEE core services that offer
an invocation API based on GP TEE specified invocation API:
open session, invoke command and close session.

This change renames all 'static TA' references into 'pseudo TA'
references.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: do not assume GNU awk is available

The rshift(), strtonum() and and() functions are GNU extensions to awk.
Therefore, the build will fail if another variant of awk is installed
on the build sy

core: do not assume GNU awk is available

The rshift(), strtonum() and and() functions are GNU extensions to awk.
Therefore, the build will fail if another variant of awk is installed
on the build system.
Replace the awk calls with bash arithmetic to avoid any issues. We know
we can rely on the shell being bash, since the main Makefile has
SHELL = /bin/bash.

Fixes: aa4cc147a462 ("core: fix build error with large tee-init_load_addr")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: pager: bugfix linking

Fixes problem when linking and mobj_phys_get_pa() and mobj_mm_get_pa()
ends up in the paged region instead of the unpaged as expected.
Unfortunately the KEEP_PAGER()

core: arm: pager: bugfix linking

Fixes problem when linking and mobj_phys_get_pa() and mobj_mm_get_pa()
ends up in the paged region instead of the unpaged as expected.
Unfortunately the KEEP_PAGER() macro used iwth these functions when
compiling for AArch64 triggers an assert in the linker so it has to be
guarded with #ifndef ARM64.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, pager, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_virt, b2260, pager, GP)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix flush_ctx_range_from_list()

Fixes missing NULL check in flush_ctx_range_from_list() needed
when the entire pgt list is emptied.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.o

core: bugfix flush_ctx_range_from_list()

Fixes missing NULL check in flush_ctx_range_from_list() needed
when the entire pgt list is emptied.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix tee_pager_rem_uta_region()

Prior to this patch tee_pager_rem_uta_region() just removed a matching
area without proper unregistration. This patch fixes that by looking up
all physical pa

core: bugfix tee_pager_rem_uta_region()

Prior to this patch tee_pager_rem_uta_region() just removed a matching
area without proper unregistration. This patch fixes that by looking up
all physical pages that may use the area and frees the page.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix tee_mmu_rem_rwmem()

Prior to this patch tee_mmu_rem_rwmem() checked that the size of the
supplied mobj matches the size of the region entry. Since a mobj may
have any size and region en

core: bugfix tee_mmu_rem_rwmem()

Prior to this patch tee_mmu_rem_rwmem() checked that the size of the
supplied mobj matches the size of the region entry. Since a mobj may
have any size and region entries always are page or page directory
sized, region entries that should have been removed were not. This patch
fixes that by only checking that mobj and va matches the region entry.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix build error with large tee-init_load_addr

If tee-init_load_addr is higher than 0xffffffff. building failed with:

Traceback (most recent call last):
File "./scripts/gen_hashed_bin.py", l

core: fix build error with large tee-init_load_addr

If tee-init_load_addr is higher than 0xffffffff. building failed with:

Traceback (most recent call last):
File "./scripts/gen_hashed_bin.py", line 148, in <module>
main()
File "./scripts/gen_hashed_bin.py", line 132, in main
write_header(outf, 0, args, 0)
File "./scripts/gen_hashed_bin.py", line 44, in write_header
args.init_mem_usage, paged_size))
struct.error: 'I' format requires 0 <= number <= 4294967295
make: *** [out/arm-plat-vexpress/core/tee.bin] Error 1
make: Leaving directory `/home/zh/work/github/optee_os'

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG_TA_GPROF_SUPPORT=y.

Profiling support in itself adds no significant performance overhead.
Instrumented applications however may run 1.3x - 2x slower, and have a
larger .bss section (+1.36 times .text size for 32-bit TAs, +1.77 times
.text size for 64-bit ones).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant comm

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant commands
are added. With this change:
- optee_msg.h is used by the driver and OP-TEE OS (note: there are two
slightly different versions of the file adapted to each environment but
they define the same things)
- optee_msg_supplicant.h is used by OP-TEE OS and tee-supplicant

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove tee_dispatch_* functions

Prior to this patch the tee_dispatch_* functions where called when invoking
TAs from normal world.

The tee_dipatch_* functions provided little value and has no

core: remove tee_dispatch_* functions

Prior to this patch the tee_dispatch_* functions where called when invoking
TAs from normal world.

The tee_dipatch_* functions provided little value and has now been
collapsed into the architecture specific entry_std.c reducing the stack
usage.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: fix copy_init assembly warning

Fixes assembly warning:
Warning: duplicated register (r13) in register list
in the copy_init loop used when pager is enabled.

Reviewed-by: Etienn

core: generic_entry: fix copy_init assembly warning

Fixes assembly warning:
Warning: duplicated register (r13) in register list
in the copy_init loop used when pager is enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix warning with CFG_PAGED_USER_TA=n

Fixes warning when using pager with CFG_PAGED_USER_TA=n.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander

core: pager: fix warning with CFG_PAGED_USER_TA=n

Fixes warning when using pager with CFG_PAGED_USER_TA=n.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optimize cache handling in load_elf_segments()

Prior to this patch the entire TA code was dcache cleaned and icache invalided
resulting in many unneeded paged faults when the pager is enabled.

core: optimize cache handling in load_elf_segments()

Prior to this patch the entire TA code was dcache cleaned and icache invalided
resulting in many unneeded paged faults when the pager is enabled.

With this patch the pager is taken into account. When pager is enabled
only clean dcache and invalide icache for mapped pages.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (HiKey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...