core: add condvar synchronization primitive

Adds condvar synchronization primitive which is similar to
pthread_condvar.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Foris

core: add condvar synchronization primitive

Adds condvar synchronization primitive which is similar to
pthread_condvar.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reimplement mutex with wait_queue

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@

core: reimplement mutex with wait_queue

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add wait_queue primitive for synchronization

Adds a new primitive for synchronization, wait_queue.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.fo

core: add wait_queue primitive for synchronization

Adds a new primitive for synchronization, wait_queue.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter to the trace_printf() and trace_ext_puts() function
is removed because there seems to be no sensible use case mandating
sync == false.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (p

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (part of ELF spec, pointing out segments to load)
<Sections>

A struct ta_head is placed in the first section of the first segment
to carry flags and other properties of the TA.

elf32.h, elf64.h and elf_common.h are imported from FreeBSD.

In addition to the R_ARM_RELATIVE relocation type, adds support for
R_ARM_ABS32 relocations. Since a symbol table is needed to process this
relocation type a separate program header is added in the TA ELF
containing the sections .dynamic, .dynsym, .dynstr and .hash. These
sections are only needed during relocation and could be released once
the TA is relocated.

A default signing key has been generated with
openssl genrsa -out key.pem
and added as keys/default_ta.pem

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world needs to restore full
NS context for this platform.

Signed-off-by: Harinarayan Bhatta <harinarayan.bhatta@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro.org>
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU platform)

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

Signed-off-by: Paul Swan <paswan@microsoft.com>

show more ...

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated functions
tee_get_l2cc_mutex(), tee_set_l2cc_mutex(), tee_enable_l2cc_mutex()
and tee_disable_l2cc_mutex()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wik

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

arm32: Keep CPSR.E bit value

Fix the problem which CPSR's status bit may be overwritten when
resume from normal world. This problem was caused by
function init_regs which called by thread scheduler.

arm32: Keep CPSR.E bit value

Fix the problem which CPSR's status bit may be overwritten when
resume from normal world. This problem was caused by
function init_regs which called by thread scheduler.

Change-Id: I04cea2f107df25fbeab7c33f54e6557ecf9d5033
Signed-off-by: duxiaoqiang <xiaoqiang.du@linaro.org>

show more ...

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() fun

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() function.

Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

arm64: SHA-224/SHA-256 using ARMv8-A cryptographic extensions

Import SHA-2 assembly code from the Linux kernel (linaro contribution).
Enabled with CFG_CRYPTO_SHA256_ARM64_CE=y, set by default on HiK

arm64: SHA-224/SHA-256 using ARMv8-A cryptographic extensions

Import SHA-2 assembly code from the Linux kernel (linaro contribution).
Enabled with CFG_CRYPTO_SHA256_ARM64_CE=y, set by default on HiKey.
Performance gains compared to the C implementation are as follows
(sha-perf results for SHA-256 on HiKey in MiB/s):

Size | Accelerated?
(KiB) | No Yes
------+-------------
1 | 11.4 18.3
2 | 16.8 35.6
4 | 21.8 66.8
8 | 25.7 118.9
16 | 28.3 195.5
32 | 29.7 289.7
64 | 30.5 383.3
128 | 30.9 456.9
256 | 31.2 505.3
384 | 31.2 520.7

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm64: SHA-1 using ARMv8-A cryptographic extensions

- LibTomCrypt: add a new macro, HASH_PROCESS_NBLOCKS, similar to
HASH_PROCESS but accepts a function that digests n blocks of data, not
just 1.
-

arm64: SHA-1 using ARMv8-A cryptographic extensions

- LibTomCrypt: add a new macro, HASH_PROCESS_NBLOCKS, similar to
HASH_PROCESS but accepts a function that digests n blocks of data, not
just 1.
- Import sha1_ce_transform() from the Linux kernel (Linaro contribution)
which implements the main SHA-1 transform in assembler using the ARMv-8
cryptographic extensions.
- Acceleration is enabled by setting CFG_CRYPTO_SHA1_ARM64_CE=y (this
is the default when PLATFORM=hikey).

Performance was compared to the plain C version using sha-perf
(https://github.com/linaro-swg/sha-perf.git). Average hashing speed on
HiKey is (MiB/s):

Size | Accelerated?
(KiB) | No Yes
------+-------------
1 | 12.3 18.4
2 | 18.6 35.6
4 | 24.9 66.9
8 | 29.9 118.0
16 | 33.3 192.9
32 | 35.3 282.6
64 | 36.4 369.6
128 | 37.0 436.4
256 | 37.3 479.9
384 | 37.4 494.4

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm: mm: v7 panic when device's va conflicts with TA address space

If mm->va is smaller than 32M, then mm->va will conflict with
user TA address space. This mapping will be overridden/hidden
later w

arm: mm: v7 panic when device's va conflicts with TA address space

If mm->va is smaller than 32M, then mm->va will conflict with
user TA address space. This mapping will be overridden/hidden
later when a user TA is loaded since these low addresses are
used as TA virtual address space.

Some SoCs have devices at low addresses, so we need to map at
least those devices at a virtual address which isn't the same
as the physical.

TODO: support mapping devices at a virtual address which isn't
the same as the physical address.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

arm: mm: lpae use XLAT_ENTRY_SIZE to replace sizeof(uint64_t)

Use XLAT_ENTRY_SIZE to replace sizeof(uint64_t). XLAT_ENTRY_SIZE is
better than sizeof(uint64_t), although they have same value.

Signed

arm: mm: lpae use XLAT_ENTRY_SIZE to replace sizeof(uint64_t)

Use XLAT_ENTRY_SIZE to replace sizeof(uint64_t). XLAT_ENTRY_SIZE is
better than sizeof(uint64_t), although they have same value.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

arm: mm: lpae clear mmu table when initialization

Clear the tables when initialization to avoid junk data which
may crash system when setting ttbrx.

To ARMv7, non-lpae, this commit 'bc4de3134468a4b

arm: mm: lpae clear mmu table when initialization

Clear the tables when initialization to avoid junk data which
may crash system when setting ttbrx.

To ARMv7, non-lpae, this commit 'bc4de3134468a4b1760e6fd5cf09377bf7a7e7c3'
fix an issue when setting ttbr0 which crash system, because of junk data
in table.

This patch is to fix such issue.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

ECC: optimize the pool of temporary variables

ECC is using a lot (80) temporary variables. These variables
are taken from a static pool, each being of the maximum key size
supported in OP-TEE: 4096b

ECC: optimize the pool of temporary variables

ECC is using a lot (80) temporary variables. These variables
are taken from a static pool, each being of the maximum key size
supported in OP-TEE: 4096bits, times 2 to include
wrapping multiplication in temporary computation.

With the introduction of being able to get temporary variables
of a given size, the current patch optimize the use of the variables
in case of ECC.

Thanks to this patch, the number of temporary variables is back to 50,
and the emulated esram size (QEMU / FVP / HiKey) is back to 200KB.

Note that further optimization can be performed, for ECC and also
for other algorithms (RSA,...).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Build for PLATFORM=vexpress-qemu_virt by default

Also, for STM platforms, set CROSS_COMPILE=arm-linux-gnueabihf-
by default (which is a more standard prefix for the 32-bit
compiler).

Signed-off-by:

Build for PLATFORM=vexpress-qemu_virt by default

Also, for STM platforms, set CROSS_COMPILE=arm-linux-gnueabihf-
by default (which is a more standard prefix for the 32-bit
compiler).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm32 core_mmu_v7.c: bugfix map_page_memarea()

Fixes the problem that some page entries can not be mapped in
map_page_memarea().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by

arm32 core_mmu_v7.c: bugfix map_page_memarea()

Fixes the problem that some page entries can not be mapped in
map_page_memarea().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>

show more ...

Align __start_ta_head_section on 8-byte boundary

Fixes an issue on 64-bit HiKey when running the self-tests of
https://github.com/OP-TEE/optee_os/pull/371. The tests would pass
when CFG_TEE_CORE_LOG

Align __start_ta_head_section on 8-byte boundary

Fixes an issue on 64-bit HiKey when running the self-tests of
https://github.com/OP-TEE/optee_os/pull/371. The tests would pass
when CFG_TEE_CORE_LOG_LEVEL=2 but fail with static TA not found
when log level is 3.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ECC: sign and self tests, at crypto_ops level

Note that in case of pager, the emulated esram size
has been increased from 200KB to 256KB.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Rev

ECC: sign and self tests, at crypto_ops level

Note that in case of pager, the emulated esram size
has been increased from 200KB to 256KB.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32 & 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey with pager)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

arm64: AES using ARMv8-A cryptographic extensions

Adds AES acceleration to LibTomCrypt when CFG_CRYPTO_AES_ARM64_CE=y.

This commit implements an ltc_cipher_descriptor with accelerated
encryption an

arm64: AES using ARMv8-A cryptographic extensions

Adds AES acceleration to LibTomCrypt when CFG_CRYPTO_AES_ARM64_CE=y.

This commit implements an ltc_cipher_descriptor with accelerated
encryption and decryption for AES modes: ECB, CBC and CTR.
XTS will also benefit from CE acceleration since it relies on
ecb_encrypt() and ecb_decrypt(), but it may be beneficial to later
add multiple-blocks XTS operations to the descriptor.

The ARMv8 CE assembler code comes from the Linux kernel:
arch/arm64/crypto/{aes-modes.S,aes-ce.S,aes-ce-cipher.c}.

Tested on HiKey. CE code was benchmarked against plain C code using
the test application at http://github.com/linaro-swg/aes-perf.git.
A Trusted Application is invoked to encrypt a buffer of a given
size using TEE_CipherUpdate(). The client application measures the
time it takes for TEEC_InvokeCommand() to execute. The throughput
values below are computed from the average time it takes to encrypt
one buffer of the specified size. '+' after a mode means accelerated
with crypto extensions.

Average encryption speed (MiB/s):

Size | Mode
(KiB) | ECB CBC CTR XTS ECB+ CBC+ CTR+ XTS+
------+--------------------------------------------------
1 | 11.8 10.6 10.2 9.2 23.7 23.2 23.5 13.0
2 | 15.6 13.5 12.8 11.7 46.4 44.9 45.7 18.3
4 | 18.6 15.8 14.8 13.6 89.4 84.1 87.5 23.0
8 | 20.6 17.2 16.1 14.7 165.4 148.1 159.3 26.3
16 | 21.8 17.9 16.8 15.4 292.3 240.2 272.2 28.4
32 | 22.4 18.4 17.1 15.8 470.4 351.9 422.2 29.6
64 | 22.8 18.6 17.3 16.0 684.6 461.6 585.0 30.3
128 | 23.0 18.7 17.4 16.1 884.2 546.6 726.5 30.6

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

show more ...

core: mm: fix adding integer overflow issue

On ARMv7 platform, it is easy that "base + size" wraps down to 0.
For example, base is 0xfc100000, size is 0x3f00000, then base + size is 0.
We should use

core: mm: fix adding integer overflow issue

On ARMv7 platform, it is easy that "base + size" wraps down to 0.
For example, base is 0xfc100000, size is 0x3f00000, then base + size is 0.
We should use the "end" address to do the comparation, but not "end + 1".

This patch also can be used for ARMv8.

Signed-off-by: Peng Fan <van.freenix@gmail.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64-bit)

show more ...

core: preallocate RPC argument

Preallocates an RPC argument structure when starting a new thread. Since
a thread can only have one active RPC at a time it's enough to allocate
one RPC argument for a

core: preallocate RPC argument

Preallocates an RPC argument structure when starting a new thread. Since
a thread can only have one active RPC at a time it's enough to allocate
one RPC argument for all RPC during the lifetime of the thread. The
preallocated RPC argument is used internally by thread_rpc_cmd(). This
simplifies all calls to thread_rpc_cmd().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...