History log of /optee_os/core/drivers/crypto/ (Results 151 – 175 of 355)
Revision Date Author Comments
(<<< Hide modified files)
(Show modified files >>>)
8ac3cb3722-Feb-2023 Anton Antonov <Anton.Antonov@arm.com>

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable leng

core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size

Check if original buffer is large enough for a result of
RSA PKCS_V1_5 decryption operation.
With this change PKCS11 variable length buffers are supported
for all RSA operations:
- Crypto API checks it for PKCS_V1_5 and OAEP encryptions.
- OAEP decryption already supports it.

This fixes: https://github.com/OP-TEE/optee_os/issues/5841

Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>

show more ...


/optee_os/.github/workflows/ci.yml
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/entry_a32.S
/optee_os/core/arch/arm/kernel/entry_a64.S
/optee_os/core/arch/arm/kernel/kern.ld.S
/optee_os/core/arch/arm/kernel/link.mk
/optee_os/core/arch/arm/kernel/link_dummies_paged.c
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/kernel/thread.c
/optee_os/core/arch/arm/kernel/thread_optee_smc.c
/optee_os/core/arch/arm/mm/core_mmu_lpae.c
/optee_os/core/arch/arm/mm/core_mmu_v7.c
/optee_os/core/arch/arm/plat-imx/drivers/tzc380.c
/optee_os/core/arch/arm/plat-imx/link.mk
/optee_os/core/arch/arm/plat-k3/conf.mk
/optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c
/optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h
/optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/arch/arm/plat-totalcompute/conf.mk
/optee_os/core/arch/arm/plat-vexpress/conf.mk
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/arch/arm/tee/entry_fast.c
/optee_os/core/arch/riscv/kernel/thread_arch.c
/optee_os/core/arch/riscv/plat-spike/conf.mk
/optee_os/core/crypto/crypto.c
/optee_os/core/drivers/clk/clk-stm32mp15.c
caam/acipher/caam_rsa.c
/optee_os/core/drivers/rstctrl/stm32_rstctrl.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/drivers/stm32_etzpc.c
/optee_os/core/drivers/stm32_gpio.c
/optee_os/core/drivers/stm32_rng.c
/optee_os/core/drivers/stm32_uart.c
/optee_os/core/include/crypto/crypto.h
/optee_os/core/include/drivers/gic.h
/optee_os/core/include/kernel/boot.h
/optee_os/core/include/kernel/user_mode_ctx_struct.h
/optee_os/core/include/kernel/virtualization.h
/optee_os/core/include/mm/core_mmu.h
/optee_os/core/kernel/ldelf_loader.c
/optee_os/core/kernel/thread.c
/optee_os/core/kernel/tpm.c
/optee_os/core/lib/libtomcrypt/ed25519.c
/optee_os/core/mm/core_mmu.c
/optee_os/core/pta/bcm/wdt.c
/optee_os/core/pta/k3/otp.c
/optee_os/core/pta/k3/sub.mk
/optee_os/core/pta/stats.c
/optee_os/core/pta/sub.mk
/optee_os/core/pta/tests/misc.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/ldelf/include/ldelf.h
/optee_os/ldelf/main.c
/optee_os/ldelf/ta_elf.c
/optee_os/ldelf/ta_elf.h
/optee_os/lib/libutee/arch/arm/arm32_user_sysreg.txt
/optee_os/lib/libutee/include/k3/otp_keywriting_ta.h
/optee_os/lib/libutee/include/utee_defines.h
/optee_os/lib/libutils/ext/include/compiler.h
/optee_os/lib/libutils/ext/pthread_stubs.c
/optee_os/lib/libutils/ext/sub.mk
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/mk/config.mk
/optee_os/mk/lib.mk
/optee_os/scripts/ts_bin_to_c.py
2234f3c926-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to

versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to software operations (RSA sign/verify) triggers a
fault detection; we will disable this config while a solution is
found.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

2b83a59501-Feb-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: rsa: only support sign/verify operations

RSA encryption/decryption is not supported (the PLM does not
return the size of the encrypted/decrypted buffers).

Signed-off-by: Jorge Ramir

crypto: versal: rsa: only support sign/verify operations

RSA encryption/decryption is not supported (the PLM does not
return the size of the encrypted/decrypted buffers).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

e8bbd0e030-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: ecc: sign/verify fix

Both the message (hash) and the generated signatures must be swapped.

The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.

crypto: versal: ecc: sign/verify fix

Both the message (hash) and the generated signatures must be swapped.

The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.

Signing and verifying using pkcs#11 alone (ie like done in xtest) was
not sufficient to capture this bug.

PTOOL='pkcs11-tool --module /usr/lib/libckteec.so.0.1.0'
SO_PIN=55555555
PIN=44444444
FILE=hello

printf "OP-TEE: create key pair"
$PTOOL --id 01 --label ldts --token-label fio --pin $PIN \
--keypairgen \
--key-type EC:prime384v1

printf "OP-TEE: read the public key"
$PTOOL -l --pin $PIN --id 01 \
--read-object --type pubkey --output-file pubkey.spki

printf "Openssl: export key to PEM"
openssl ec -inform DER -outform PEM -in pubkey.spki -pubin > pubkey.pub

printf "Create file to sign"
echo "hello world" > $FILE

printf "OpenSSL: create the file sha384"
openssl dgst -binary -sha384 $FILE > $FILE.hash

printf "OP-TEE: generate signature "
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--sign
--input-file $FILE.hash
--output-file $FILE.sig
--mechanism ECDSA
-f openssl

printf "OpenSSL: verify signature"
openssl dgst -sha384 -verify pubkey.pub -signature "$FILE".sig "$FILE"

printf "OP-TEE: verify signature"
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--verify \
--input-file $FILE.hash \
--signature-format openssl \
--signature-file $FILE.sig \
--mechanism ECDSA

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/.github/workflows/ci.yml
/optee_os/core/arch/arm/arm.mk
/optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi
/optee_os/core/arch/arm/dts/stm32mp131.dtsi
/optee_os/core/arch/arm/dts/stm32mp135f-dk.dts
/optee_os/core/arch/arm/include/hafnium.h
/optee_os/core/arch/arm/include/kernel/thread_arch.h
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/entry_a64.S
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/kernel/thread_a32.S
/optee_os/core/arch/arm/kernel/thread_a64.S
/optee_os/core/arch/arm/kernel/thread_spmc.c
/optee_os/core/arch/arm/mm/mobj_ffa.c
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-vexpress/conf.mk
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/arch/riscv/include/kernel/arch_scall.h
/optee_os/core/arch/riscv/include/kernel/thread_arch.h
/optee_os/core/arch/riscv/include/kernel/thread_private_arch.h
/optee_os/core/arch/riscv/include/riscv.h
/optee_os/core/arch/riscv/include/riscv_macros.S
/optee_os/core/arch/riscv/kernel/abort.c
/optee_os/core/arch/riscv/kernel/arch_scall.c
/optee_os/core/arch/riscv/kernel/arch_scall_rv.S
/optee_os/core/arch/riscv/kernel/asm-defines.c
/optee_os/core/arch/riscv/kernel/cache_helpers_rv.S
/optee_os/core/arch/riscv/kernel/sub.mk
/optee_os/core/arch/riscv/kernel/thread_arch.c
/optee_os/core/arch/riscv/kernel/thread_rv.S
/optee_os/core/crypto.mk
/optee_os/core/crypto/crypto.c
versal/ecc.c
/optee_os/core/drivers/hfic.c
/optee_os/core/drivers/ls_sfp.c
/optee_os/core/drivers/stm32_rng.c
/optee_os/core/drivers/sub.mk
/optee_os/core/include/crypto/crypto_impl.h
/optee_os/core/include/drivers/hfic.h
/optee_os/core/include/drivers/ls_sfp.h
/optee_os/core/kernel/ldelf_loader.c
/optee_os/core/kernel/sub.mk
/optee_os/core/lib/libtomcrypt/ecc.c
/optee_os/core/lib/libtomcrypt/hash.c
/optee_os/core/lib/libtomcrypt/hmac.c
/optee_os/core/lib/libtomcrypt/shake.c
/optee_os/core/lib/libtomcrypt/src/hashes/sub.mk
/optee_os/core/lib/libtomcrypt/sub.mk
/optee_os/core/lib/libtomcrypt/tomcrypt.c
/optee_os/core/pta/tests/invoke.c
/optee_os/core/tee/tee_svc.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/core/tee/tee_svc_storage.c
/optee_os/ldelf/include/ldelf.h
/optee_os/ldelf/main.c
/optee_os/lib/libutee/arch/arm/sub.mk
/optee_os/lib/libutee/arch/arm/user_ta_entry.c
/optee_os/lib/libutee/arch/arm/user_ta_entry_compat.c
/optee_os/lib/libutee/include/tee_api_compat.h
/optee_os/lib/libutee/include/tee_api_defines.h
/optee_os/lib/libutee/include/tee_api_defines_extensions.h
/optee_os/lib/libutee/include/tee_api_types.h
/optee_os/lib/libutee/include/tee_internal_api.h
/optee_os/lib/libutee/include/user_ta_header.h
/optee_os/lib/libutee/include/utee_defines.h
/optee_os/lib/libutee/tee_api.c
/optee_os/lib/libutee/tee_api_arith_mpi.c
/optee_os/lib/libutee/tee_api_objects.c
/optee_os/lib/libutee/tee_api_operations.c
/optee_os/lib/libutee/tee_api_panic.c
/optee_os/lib/libutee/tee_api_private.h
/optee_os/lib/libutee/tee_api_property.c
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/mk/compile.mk
/optee_os/mk/config.mk
/optee_os/scripts/checkpatch.sh
/optee_os/ta/arch/arm/user_ta_header.c
/optee_os/ta/avb/entry.c
/optee_os/ta/pkcs11/src/persistent_token.c
/optee_os/ta/pkcs11/src/pkcs11_helpers.c
/optee_os/ta/pkcs11/src/processing.c
/optee_os/ta/pkcs11/src/processing_asymm.c
/optee_os/ta/pkcs11/src/processing_digest.c
/optee_os/ta/pkcs11/src/processing_symm.c
/optee_os/ta/ta.mk
/optee_os/ta/trusted_keys/entry.c
e7b1739124-Jan-2023 Clement Faure <clement.faure@nxp.com>

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: crypto_api: remove unused includes

Remove unused includes from the crypto API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

1bd5ecaf24-Jan-2023 Clement Faure <clement.faure@nxp.com>

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acke

drivers: caam: remove unused includes

Remove unused includes from the CAAM driver.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

3cd271a424-Jan-2023 Clement Faure <clement.faure@nxp.com>

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error

core: crypto_api: fix malloc() allocation check

Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer
for not being checked right after malloc() call.
This is a false positive error since EM.data value is checked along
EM_gen.data value later.
Check EM.data and EM_gen.data values separately to make Coverity happy.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

530f76bb24-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz

drivers: crypto: se050: increase DER signature buffer

In order to support P-521 (132 byte {r,s} pairs), the buffer storing
the DER signature must be large enough.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

5abb46e223-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the

crypto: drivers: se050: fix generation of oid values

Converting the OID watermarked value (8 bytes) to a bignum removes the
first byte if this is different than zero.

The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being
retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into
a bignum and back to its original binary value.

This will cause cryptographic operations to fail as the secured keys
and objects become not addressable.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...


/optee_os/.github/workflows/ci.yml
/optee_os/CHANGELOG.md
/optee_os/MAINTAINERS
/optee_os/Makefile
/optee_os/core/arch/arm/include/kernel/arch_scall.h
/optee_os/core/arch/arm/include/kernel/thread_arch.h
/optee_os/core/arch/arm/include/kernel/thread_private_arch.h
/optee_os/core/arch/arm/kernel/arch_scall.c
/optee_os/core/arch/arm/kernel/arch_scall_a32.S
/optee_os/core/arch/arm/kernel/arch_scall_a64.S
/optee_os/core/arch/arm/kernel/asm-defines.c
/optee_os/core/arch/arm/kernel/ldelf_loader.c
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/stmm_sp.c
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/kernel/thread.c
/optee_os/core/arch/arm/kernel/thread_a32.S
/optee_os/core/arch/arm/kernel/thread_a64.S
/optee_os/core/arch/arm/plat-imx/conf.mk
/optee_os/core/arch/arm/plat-k3/platform_config.h
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-versal/conf.mk
/optee_os/core/arch/arm/plat-versal/main.c
/optee_os/core/arch/arm/plat-versal/platform_config.h
/optee_os/core/arch/arm/tee/sub.mk
/optee_os/core/arch/riscv/include/kernel/thread_arch.h
/optee_os/core/arch/riscv/kernel/boot.c
/optee_os/core/arch/riscv/kernel/entry.S
/optee_os/core/arch/riscv/kernel/sub.mk
se050/adaptors/utils/utils.c
/optee_os/core/drivers/sub.mk
/optee_os/core/drivers/versal_huk.c
/optee_os/core/include/drivers/clk_dt.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/include/kernel/scall.h
/optee_os/core/include/kernel/ts_manager.h
/optee_os/core/kernel/scall.c
/optee_os/core/kernel/sub.mk
/optee_os/core/kernel/tee_ta_manager.c
/optee_os/core/kernel/user_ta.c
/optee_os/core/pta/imx/digprog.c
/optee_os/core/pta/imx/ocotp.c
/optee_os/core/pta/imx/sub.mk
/optee_os/core/pta/sub.mk
/optee_os/lib/libutee/include/pta_imx_digprog.h
/optee_os/lib/libutee/include/pta_imx_ocotp.h
/optee_os/lib/libutee/include/pta_stm32mp_bsec.h
/optee_os/lib/libutils/ext/arch/riscv/atomic_rv.S
/optee_os/lib/libutils/ext/arch/riscv/sub.mk
/optee_os/mk/config.mk
c36f205e17-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off

crypto: se050: update policies

Certain devices (depending on the applet) will use the common
policies for the object's read/write permissions.

This commit makes sure both are supported.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...


/optee_os/.github/workflows/ci.yml
/optee_os/core/arch/arm/crypto/sha512_armv8a_ce.c
/optee_os/core/arch/arm/crypto/sha512_armv8a_ce_a64.S
/optee_os/core/arch/arm/crypto/sm3_armv8a_ce.c
/optee_os/core/arch/arm/crypto/sm3_armv8a_ce_a64.S
/optee_os/core/arch/arm/crypto/sub.mk
/optee_os/core/arch/arm/dts/stm32mp135f-dk.dts
/optee_os/core/arch/arm/include/kernel/delay_arch.h
/optee_os/core/arch/arm/include/scmi/scmi_server.h
/optee_os/core/arch/arm/kernel/boot.c
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/plat-mediatek/conf.mk
/optee_os/core/arch/arm/plat-mediatek/platform_config.h
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/platform_config.h
/optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c
/optee_os/core/arch/arm/plat-vexpress/conf.mk
/optee_os/core/arch/arm/tee/entry_fast.c
/optee_os/core/arch/riscv/include/kernel/clint.h
/optee_os/core/arch/riscv/include/kernel/delay_arch.h
/optee_os/core/arch/riscv/include/kernel/time.h
/optee_os/core/arch/riscv/kernel/kern.ld.S
/optee_os/core/arch/riscv/kernel/link.mk
/optee_os/core/arch/riscv/kernel/sub.mk
/optee_os/core/arch/riscv/kernel/tee_time_rdtime.c
/optee_os/core/arch/riscv/plat-spike/conf.mk
/optee_os/core/arch/riscv/plat-virt/conf.mk
/optee_os/core/arch/riscv/plat-virt/main.c
/optee_os/core/arch/riscv/plat-virt/platform_config.h
/optee_os/core/arch/riscv/plat-virt/sub.mk
/optee_os/core/arch/riscv/riscv.mk
/optee_os/core/arch/riscv/tee/sub.mk
/optee_os/core/core.mk
/optee_os/core/crypto.mk
/optee_os/core/crypto/sm3.c
/optee_os/core/drivers/clk/clk.c
se050/adaptors/apis/sss.c
/optee_os/core/drivers/rstctrl/rstctrl.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/drivers/stm32mp15_huk.c
/optee_os/core/include/crypto/crypto_accel.h
/optee_os/core/include/drivers/clk.h
/optee_os/core/include/drivers/rstctrl.h
/optee_os/core/include/drivers/stm32_bsec.h
/optee_os/core/include/kernel/delay.h
/optee_os/core/include/kernel/dt_driver.h
/optee_os/core/kernel/delay.c
/optee_os/core/kernel/dt_driver.c
/optee_os/core/kernel/notif.c
/optee_os/core/kernel/otp_stubs.c
/optee_os/core/kernel/sub.mk
/optee_os/core/kernel/tee_time.c
/optee_os/core/kernel/tee_time_ree.c
/optee_os/core/lib/libtomcrypt/ecc.c
/optee_os/core/lib/libtomcrypt/sha512_accel.c
/optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk
/optee_os/core/lib/libtomcrypt/sub.mk
/optee_os/core/lib/scmi-server/conf-optee-fvp.mk
/optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk
/optee_os/core/lib/scmi-server/conf.mk
/optee_os/core/lib/scmi-server/include/optee_scmi.h
/optee_os/core/lib/scmi-server/scmi_server.c
/optee_os/core/lib/scmi-server/sub-optee-fvp.mk
/optee_os/core/lib/scmi-server/sub-optee-stm32mp1.mk
/optee_os/core/lib/scmi-server/sub.mk
/optee_os/core/pta/scmi.c
/optee_os/lib/libmbedtls/core/hash.c
/optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h
/optee_os/lib/libutee/arch/riscv/sub.mk
/optee_os/lib/libutee/arch/riscv/utee_syscalls_rv.S
/optee_os/lib/libutee/include/pta_scmi_client.h
/optee_os/lib/libutils/ext/include/config.h
/optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S
/optee_os/lib/libutils/isoc/arch/riscv/sub.mk
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/assert.h
/optee_os/lib/libutils/isoc/include/setjmp.h
/optee_os/mk/config.mk
00b7e9c703-Jan-2023 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@found

crypto: se050: fix typo in information message

The SCP03 "built-in" keys were incorrectly being reported to the
console as a nonsensical "build-int".

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

39100dea12-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might l

crypto: se050: fix build warning

When the configured logging level does not output IMSG, the static
function get_scp03_ksrc_name() is not called.

This causes a function unused warning which might lead to a build
error.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

6cc77cdd08-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signe

crypto: drivers: se050-f: ecc: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

58986cdf12-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050-f: rsa: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signe

crypto: drivers: se050-f: rsa: can fallback to softw-ops

The SE050-F device can select to fallback to specific unsupported
operations.

This allows xtests to run to completion without errors.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

d8eed0c108-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050: ecc: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a

crypto: drivers: se050: ecc: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a software
based implementation as long as the private key is not in the secure
element.

Use CFG_NXP_SE05X_ECC_DRV_FALLBACK to enable this feature.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

a40be7eb08-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050: rsa: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a

crypto: drivers: se050: rsa: fallback to softw-ops

Operations that require a public key might fallback to a software
based implementation.

Operations that require a private key might fallback to a software
based implementation as long as the private key is not in the secure
element.

Use CFG_NXP_SE05X_RSA_DRV_FALLBACK to enable this feature.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

f8dc366908-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050-f: rsa: fix support

The NXP SE050-F does not support raw RSA keys, only CRT types.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.

crypto: drivers: se050-f: rsa: fix support

The NXP SE050-F does not support raw RSA keys, only CRT types.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

73bc4c5908-Dec-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: drivers: se050: adaptor: provide the oefid interface

Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of th

crypto: drivers: se050: adaptor: provide the oefid interface

Not all the NXP SE05X secure elements provide the same level of
cryptographic support. This interface allows runtime identification
of the device under control

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...


/optee_os/.github/workflows/ci.yml
/optee_os/MAINTAINERS
/optee_os/core/arch/arm/dts/at91-sama5d27_som1.dtsi
/optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts
/optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts
/optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi
/optee_os/core/arch/arm/dts/sama5d2.dtsi
/optee_os/core/arch/arm/dts/stm32mp131.dtsi
/optee_os/core/arch/arm/dts/stm32mp135f-dk.dts
/optee_os/core/arch/arm/dts/stm32mp151.dtsi
/optee_os/core/arch/arm/plat-d06/conf.mk
/optee_os/core/arch/arm/plat-d06/main.c
/optee_os/core/arch/arm/plat-d06/platform_config.h
/optee_os/core/arch/arm/plat-stm/main.c
/optee_os/core/arch/arm/plat-stm32mp1/conf.mk
/optee_os/core/arch/arm/plat-stm32mp1/main.c
/optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_smc.h
/optee_os/core/arch/arm/plat-stm32mp1/platform_config.h
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h
/optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
/optee_os/core/arch/arm/plat-versal/conf.mk
/optee_os/core/arch/arm/plat-vexpress/main.c
/optee_os/core/crypto/crypto.c
/optee_os/core/crypto/sm4-xts.c
/optee_os/core/crypto/sm4.c
/optee_os/core/crypto/sm4.h
/optee_os/core/crypto/sub.mk
/optee_os/core/drivers/atmel_rstc.c
/optee_os/core/drivers/atmel_shdwc.c
/optee_os/core/drivers/atmel_wdt.c
se050/adaptors/include/se050.h
se050/adaptors/utils/scp_config.c
/optee_os/core/drivers/imx_lpuart.c
/optee_os/core/drivers/lpc_uart.c
/optee_os/core/drivers/ls_sfp.c
/optee_os/core/drivers/stm32_bsec.c
/optee_os/core/drivers/sub.mk
/optee_os/core/drivers/versal_pm.c
/optee_os/core/drivers/versal_puf.c
/optee_os/core/include/crypto/crypto_impl.h
/optee_os/core/include/drivers/lpc_uart.h
/optee_os/core/include/drivers/ls_sfp.h
/optee_os/core/include/drivers/serial.h
/optee_os/core/include/drivers/stm32_bsec.h
/optee_os/core/include/drivers/versal_puf.h
/optee_os/core/kernel/console.c
/optee_os/core/kernel/embedded_ts.c
/optee_os/core/kernel/tee_misc.c
/optee_os/core/lib/libtomcrypt/ccm.c
/optee_os/core/lib/libtomcrypt/mpi_desc.c
/optee_os/core/lib/libtomcrypt/rsa.c
/optee_os/core/pta/stm32mp/bsec_pta.c
/optee_os/core/pta/stm32mp/sub.mk
/optee_os/core/pta/sub.mk
/optee_os/core/tee/tee_cryp_utl.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/core/tee/tee_svc_storage.c
/optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h
/optee_os/lib/libmbedtls/include/mbedtls_config_uta.h
/optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c
/optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S
/optee_os/lib/libutee/arch/arm/utee_syscalls_a64.S
/optee_os/lib/libutee/arch/riscv/sub.mk
/optee_os/lib/libutee/arch/riscv/utee_syscalls_rv64.S
/optee_os/lib/libutee/include/pta_stm32mp_bsec.h
/optee_os/lib/libutee/include/tee_api_compat.h
/optee_os/lib/libutee/include/tee_api_defines.h
/optee_os/lib/libutee/include/tee_api_defines_extensions.h
/optee_os/lib/libutee/include/tee_internal_api.h
/optee_os/lib/libutee/include/utee_defines.h
/optee_os/lib/libutee/include/utee_syscalls.h
/optee_os/lib/libutee/include/utee_syscalls_asm.S
/optee_os/lib/libutee/tee_api.c
/optee_os/lib/libutee/tee_api_operations.c
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/mk/config.mk
/optee_os/ta/mk/build-user-ta.mk
/optee_os/ta/mk/ta_dev_kit.mk
/optee_os/ta/pkcs11/include/pkcs11_ta.h
/optee_os/ta/pkcs11/src/pkcs11_attributes.c
/optee_os/ta/pkcs11/src/pkcs11_attributes.h
/optee_os/ta/pkcs11/src/processing.c
/optee_os/ta/pkcs11/src/processing.h
/optee_os/ta/pkcs11/src/processing_asymm.c
/optee_os/ta/pkcs11/src/processing_digest.c
/optee_os/ta/pkcs11/src/processing_rsa.c
/optee_os/ta/pkcs11/src/processing_symm.c
/optee_os/ta/pkcs11/src/token_capabilities.c
4502832d30-Nov-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cef8ce1211-Nov-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <j

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

49b0febc04-Jul-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: elliptic curve cryptography driver

This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked

crypto: versal: elliptic curve cryptography driver

This driver uses the PLM xilsecure service to deliver ECC sign/verify
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...


/optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi
/optee_os/core/arch/arm/dts/stm32mp151.dtsi
/optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts
/optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts
/optee_os/core/arch/arm/dts/stm32mp157c-ev1.dts
/optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi
/optee_os/core/arch/arm/include/kernel/cache_helpers_arch.h
/optee_os/core/arch/arm/include/kernel/misc_arch.h
/optee_os/core/arch/arm/kernel/sub.mk
/optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c
/optee_os/core/arch/riscv/include/kernel/cache_helpers_arch.h
/optee_os/core/arch/riscv/include/kernel/misc_arch.h
/optee_os/core/arch/riscv/include/kernel/tee_l2cc_mutex.h
/optee_os/core/arch/riscv/include/kernel/thread_arch.h
/optee_os/core/arch/riscv/include/mm/core_mmu_arch.h
/optee_os/core/arch/riscv/include/riscv.h
/optee_os/core/arch/riscv/include/riscv_macros.S
/optee_os/core/arch/riscv/include/sbi.h
/optee_os/core/arch/riscv/kernel/idle.c
/optee_os/core/arch/riscv/kernel/sbi.c
/optee_os/core/arch/riscv/kernel/sbi_console.c
/optee_os/core/arch/riscv/kernel/spinlock.S
/optee_os/core/arch/riscv/kernel/sub.mk
/optee_os/core/arch/riscv/kernel/tee_time.c
/optee_os/core/arch/riscv/mm/sub.mk
/optee_os/core/arch/riscv/mm/tlb_helpers_rv.S
/optee_os/core/arch/riscv/plat-spike/conf.mk
/optee_os/core/arch/riscv/plat-spike/drivers/sub.mk
/optee_os/core/arch/riscv/plat-spike/main.c
/optee_os/core/arch/riscv/riscv.mk
/optee_os/core/crypto/signed_hdr.c
versal/ecc.c
versal/sub.mk
/optee_os/core/include/crypto/crypto_impl.h
/optee_os/core/include/kernel/cache_helpers.h
/optee_os/core/include/kernel/misc.h
/optee_os/core/include/tee/tee_svc_cryp.h
/optee_os/core/include/tee/tee_svc_storage.h
/optee_os/core/kernel/ree_fs_ta.c
/optee_os/core/kernel/sub.mk
/optee_os/core/kernel/trace_ext.c
/optee_os/core/lib/libtomcrypt/ecc.c
/optee_os/core/tee/tee_svc_cryp.c
/optee_os/core/tee/tee_svc_storage.c
/optee_os/ldelf/ldelf.ld.S
/optee_os/ldelf/ldelf.mk
/optee_os/ldelf/start_rv64.S
/optee_os/ldelf/sub.mk
/optee_os/ldelf/ta_elf.c
/optee_os/ldelf/ta_elf_rel.c
/optee_os/lib/libmbedtls/core/ecc.c
/optee_os/lib/libutee/include/elf_common.h
/optee_os/lib/libutee/include/tee_api.h
/optee_os/lib/libutee/include/tee_internal_api.h
/optee_os/lib/libutee/include/tee_ta_api.h
/optee_os/lib/libutee/include/utee_syscalls.h
/optee_os/lib/libutee/include/utee_types.h
/optee_os/lib/libutee/tee_api_objects.c
/optee_os/lib/libutee/tee_api_operations.c
/optee_os/lib/libutils/ext/include/confine_array_index.h
b303be9201-Apr-2022 Jens Wiklander <jens.wiklander@linaro.org>

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_C

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_CALLEE_DONE()
to record that the function was indeed called and a redundant copy of
the return value.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...


/optee_os/MAINTAINERS
/optee_os/core/arch/arm/arm.mk
/optee_os/core/arch/arm/include/ffa.h
/optee_os/core/arch/arm/include/kernel/secure_partition.h
/optee_os/core/arch/arm/include/kernel/thread_private_arch.h
/optee_os/core/arch/arm/kernel/link_dummies_paged.c
/optee_os/core/arch/arm/kernel/secure_partition.c
/optee_os/core/arch/arm/kernel/spmc_sp_handler.c
/optee_os/core/arch/arm/kernel/stmm_sp.c
/optee_os/core/arch/arm/kernel/thread_a32.S
/optee_os/core/arch/arm/kernel/thread_spmc.c
/optee_os/core/arch/arm/kernel/thread_spmc_a32.S
/optee_os/core/arch/arm/kernel/thread_spmc_a64.S
/optee_os/core/arch/arm/mm/mobj_ffa.c
/optee_os/core/arch/arm/mm/sp_mem.c
crypto_api/acipher/rsa.c
/optee_os/core/include/drivers/stm32_gpio.h
/optee_os/core/include/kernel/tee_ta_manager.h
/optee_os/core/include/kernel/thread.h
/optee_os/core/include/kernel/ts_manager.h
/optee_os/core/kernel/tee_ta_manager.c
/optee_os/core/kernel/user_ta.c
/optee_os/core/lib/libtomcrypt/rsa.c
/optee_os/core/lib/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c
/optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
/optee_os/core/pta/stats.c
/optee_os/core/sub.mk
/optee_os/core/tests/ftmn_boot_tests.c
/optee_os/core/tests/sub.mk
/optee_os/lib/libmbedtls/core/rsa.c
/optee_os/lib/libmbedtls/mbedtls/library/rsa.c
/optee_os/lib/libutee/arch/arm/user_ta_entry.c
/optee_os/lib/libutee/include/utee_types.h
/optee_os/lib/libutils/ext/fault_mitigation.c
/optee_os/lib/libutils/ext/include/fault_mitigation.h
/optee_os/lib/libutils/ext/include/stdlib_ext.h
/optee_os/lib/libutils/ext/include/string_ext.h
/optee_os/lib/libutils/ext/include/types_ext.h
/optee_os/lib/libutils/ext/sub.mk
/optee_os/lib/libutils/isoc/bget_malloc.c
/optee_os/lib/libutils/isoc/include/assert.h
/optee_os/lib/libutils/isoc/include/inttypes.h
/optee_os/lib/libutils/isoc/include/limits.h
/optee_os/lib/libutils/isoc/include/malloc.h
/optee_os/lib/libutils/isoc/include/memory.h
/optee_os/lib/libutils/isoc/include/signal.h
/optee_os/lib/libutils/isoc/include/stdint.h
/optee_os/lib/libutils/isoc/include/stdio.h
/optee_os/lib/libutils/isoc/include/stdlib.h
/optee_os/lib/libutils/isoc/include/string.h
/optee_os/lib/libutils/isoc/include/time.h
/optee_os/lib/libutils/isoc/include/unistd.h
/optee_os/lib/libutils/isoc/include/wchar.h
/optee_os/mk/compile.mk
/optee_os/mk/config.mk
dc23c44820-Oct-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

614bc03404-Jul-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

e41e74a810-Nov-2022 Jorge Ramirez-Ortiz <jorge@foundries.io>

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal w

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal world
request [1].

The rotation configuration that can be built-in in the driver allows
the algorithm to rotate to a HUK based secret key or back to the
factory based keys.

[1] https://u-boot.readthedocs.io/en/latest/usage/cmd/scp03.html

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

12345678910>>...15