crypto - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
8ac3cb37	22-Feb-2023	Anton Antonov <Anton.Antonov@arm.com>	core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size Check if original buffer is large enough for a result of RSA PKCS_V1_5 decryption operation. With this change PKCS11 variable leng core: drivers: crypto: caam: Check PKCS_V1_5 decryption buffer size Check if original buffer is large enough for a result of RSA PKCS_V1_5 decryption operation. With this change PKCS11 variable length buffers are supported for all RSA operations: - Crypto API checks it for PKCS_V1_5 and OAEP encryptions. - OAEP decryption already supports it. This fixes: https://github.com/OP-TEE/optee_os/issues/5841 Acked-by: Clement Faure <clement.faure@nxp.com> Signed-off-by: Anton Antonov <Anton.Antonov@arm.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/drivers/tzc380.c /optee_os/core/arch/arm/plat-imx/link.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/clk/clk-stm32mp15.c caam/acipher/caam_rsa.c /optee_os/core/drivers/rstctrl/stm32_rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/tpm.c /optee_os/core/lib/libtomcrypt/ed25519.c /optee_os/core/mm/core_mmu.c /optee_os/core/pta/bcm/wdt.c /optee_os/core/pta/k3/otp.c /optee_os/core/pta/k3/sub.mk /optee_os/core/pta/stats.c /optee_os/core/pta/sub.mk /optee_os/core/pta/tests/misc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/main.c /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf.h /optee_os/lib/libutee/arch/arm/arm32_user_sysreg.txt /optee_os/lib/libutee/include/k3/otp_keywriting_ta.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/pthread_stubs.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/config.mk /optee_os/mk/lib.mk /optee_os/scripts/ts_bin_to_c.py
2234f3c9	26-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	versal: enable the crypto driver The crypto driver API provides an extra indirection level to enable different ciphers. Since Versal ACAP supports acipher and authenc, enable them. Falling-back to versal: enable the crypto driver The crypto driver API provides an extra indirection level to enable different ciphers. Since Versal ACAP supports acipher and authenc, enable them. Falling-back to software operations (RSA sign/verify) triggers a fault detection; we will disable this config while a solution is found. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/plat-versal/conf.mk versal/crypto.mk
2b83a595	01-Feb-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: rsa: only support sign/verify operations RSA encryption/decryption is not supported (the PLM does not return the size of the encrypted/decrypted buffers). Signed-off-by: Jorge Ramir crypto: versal: rsa: only support sign/verify operations RSA encryption/decryption is not supported (the PLM does not return the size of the encrypted/decrypted buffers). Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... versal/rsa.c
e8bbd0e0	30-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: ecc: sign/verify fix Both the message (hash) and the generated signatures must be swapped. The following custom tests were executed for P384 (prime384v1) and P521 (nistp521) curves. crypto: versal: ecc: sign/verify fix Both the message (hash) and the generated signatures must be swapped. The following custom tests were executed for P384 (prime384v1) and P521 (nistp521) curves. Signing and verifying using pkcs#11 alone (ie like done in xtest) was not sufficient to capture this bug. PTOOL='pkcs11-tool --module /usr/lib/libckteec.so.0.1.0' SO_PIN=55555555 PIN=44444444 FILE=hello printf "OP-TEE: create key pair" $PTOOL --id 01 --label ldts --token-label fio --pin $PIN \ --keypairgen \ --key-type EC:prime384v1 printf "OP-TEE: read the public key" $PTOOL -l --pin $PIN --id 01 \ --read-object --type pubkey --output-file pubkey.spki printf "Openssl: export key to PEM" openssl ec -inform DER -outform PEM -in pubkey.spki -pubin > pubkey.pub printf "Create file to sign" echo "hello world" > $FILE printf "OpenSSL: create the file sha384" openssl dgst -binary -sha384 $FILE > $FILE.hash printf "OP-TEE: generate signature " $PTOOL --pin $PIN --id 01 --label ldts --token-label fio \ --sign --input-file $FILE.hash --output-file $FILE.sig --mechanism ECDSA -f openssl printf "OpenSSL: verify signature" openssl dgst -sha384 -verify pubkey.pub -signature "$FILE".sig "$FILE" printf "OP-TEE: verify signature" $PTOOL --pin $PIN --id 01 --label ldts --token-label fio \ --verify \ --input-file $FILE.hash \ --signature-format openssl \ --signature-file $FILE.sig \ --mechanism ECDSA Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/include/hafnium.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/riscv/include/kernel/arch_scall.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/riscv_macros.S /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/arch_scall.c /optee_os/core/arch/riscv/kernel/arch_scall_rv.S /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/cache_helpers_rv.S /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/crypto.mk /optee_os/core/crypto/crypto.c versal/ecc.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/hfic.h /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/sub.mk /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/hash.c /optee_os/core/lib/libtomcrypt/hmac.c /optee_os/core/lib/libtomcrypt/shake.c /optee_os/core/lib/libtomcrypt/src/hashes/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/pta/tests/invoke.c /optee_os/core/tee/tee_svc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/core/tee/tee_svc_storage.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/main.c /optee_os/lib/libutee/arch/arm/sub.mk /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/lib/libutee/arch/arm/user_ta_entry_compat.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/tee_api_types.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_panic.c /optee_os/lib/libutee/tee_api_private.h /optee_os/lib/libutee/tee_api_property.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/checkpatch.sh /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/avb/entry.c /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/ta.mk /optee_os/ta/trusted_keys/entry.c
e7b17391	24-Jan-2023	Clement Faure <clement.faure@nxp.com>	core: crypto_api: remove unused includes Remove unused includes from the crypto API. Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> core: crypto_api: remove unused includes Remove unused includes from the crypto API. Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... crypto_api/acipher/ecc.c crypto_api/cipher/cipher.c crypto_api/hash/hash.c
1bd5ecaf	24-Jan-2023	Clement Faure <clement.faure@nxp.com>	drivers: caam: remove unused includes Remove unused includes from the CAAM driver. Signed-off-by: Clement Faure <clement.faure@nxp.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acke drivers: caam: remove unused includes Remove unused includes from the CAAM driver. Signed-off-by: Clement Faure <clement.faure@nxp.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/plat-imx/main.c caam/acipher/caam_math.c caam/utils/utils_delay.c
3cd271a4	24-Jan-2023	Clement Faure <clement.faure@nxp.com>	core: crypto_api: fix malloc() allocation check Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer for not being checked right after malloc() call. This is a false positive error core: crypto_api: fix malloc() allocation check Coverity reports a CERT-C ERR33-C coding violation on EM.data pointer for not being checked right after malloc() call. This is a false positive error since EM.data value is checked along EM_gen.data value later. Check EM.data and EM_gen.data values separately to make Coverity happy. Signed-off-by: Clement Faure <clement.faure@nxp.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1_ek.dts /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/platform_config.h /optee_os/core/arch/riscv/include/kernel/stmm_sp.h crypto_api/acipher/rsassa.c /optee_os/core/pta/device.c
530f76bb	24-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	drivers: crypto: se050: increase DER signature buffer In order to support P-521 (132 byte {r,s} pairs), the buffer storing the DER signature must be large enough. Signed-off-by: Jorge Ramirez-Ortiz drivers: crypto: se050: increase DER signature buffer In order to support P-521 (132 byte {r,s} pairs), the buffer storing the DER signature must be large enough. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml se050/core/ecc.c
5abb46e2	23-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050: fix generation of oid values Converting the OID watermarked value (8 bytes) to a bignum removes the first byte if this is different than zero. The failing case observed the crypto: drivers: se050: fix generation of oid values Converting the OID watermarked value (8 bytes) to a bignum removes the first byte if this is different than zero. The failing case observed the value 0x57.72.15.66.1a.f2.9d.00 being retrieved as 0x57.72.15.66.1a.f2.9d after having been transformed into a bignum and back to its original binary value. This will cause cryptographic operations to fail as the secured keys and objects become not addressable. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/Makefile /optee_os/core/arch/arm/include/kernel/arch_scall.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/kernel/arch_scall.c /optee_os/core/arch/arm/kernel/arch_scall_a32.S /optee_os/core/arch/arm/kernel/arch_scall_a64.S /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-versal/main.c /optee_os/core/arch/arm/plat-versal/platform_config.h /optee_os/core/arch/arm/tee/sub.mk /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/sub.mk se050/adaptors/utils/utils.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_huk.c /optee_os/core/include/drivers/clk_dt.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/scall.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/scall.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/pta/imx/digprog.c /optee_os/core/pta/imx/ocotp.c /optee_os/core/pta/imx/sub.mk /optee_os/core/pta/sub.mk /optee_os/lib/libutee/include/pta_imx_digprog.h /optee_os/lib/libutee/include/pta_imx_ocotp.h /optee_os/lib/libutee/include/pta_stm32mp_bsec.h /optee_os/lib/libutils/ext/arch/riscv/atomic_rv.S /optee_os/lib/libutils/ext/arch/riscv/sub.mk /optee_os/mk/config.mk
c36f205e	17-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: se050: update policies Certain devices (depending on the applet) will use the common policies for the object's read/write permissions. This commit makes sure both are supported. Signed-off crypto: se050: update policies Certain devices (depending on the applet) will use the common policies for the object's read/write permissions. This commit makes sure both are supported. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/crypto/sha512_armv8a_ce.c /optee_os/core/arch/arm/crypto/sha512_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sm3_armv8a_ce.c /optee_os/core/arch/arm/crypto/sm3_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sub.mk /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/include/kernel/delay_arch.h /optee_os/core/arch/arm/include/scmi/scmi_server.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/include/kernel/clint.h /optee_os/core/arch/riscv/include/kernel/delay_arch.h /optee_os/core/arch/riscv/include/kernel/time.h /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time_rdtime.c /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/arch/riscv/plat-virt/sub.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/arch/riscv/tee/sub.mk /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/crypto/sm3.c /optee_os/core/drivers/clk/clk.c se050/adaptors/apis/sss.c /optee_os/core/drivers/rstctrl/rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/include/crypto/crypto_accel.h /optee_os/core/include/drivers/clk.h /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/kernel/delay.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/kernel/delay.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/notif.c /optee_os/core/kernel/otp_stubs.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_time.c /optee_os/core/kernel/tee_time_ree.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/sha512_accel.c /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/scmi-server/conf-optee-fvp.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/optee_scmi.h /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/sub-optee-fvp.mk /optee_os/core/lib/scmi-server/sub-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/sub.mk /optee_os/core/pta/scmi.c /optee_os/lib/libmbedtls/core/hash.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv.S /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutils/ext/include/config.h /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/arch/riscv/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/assert.h /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/mk/config.mk
00b7e9c7	03-Jan-2023	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: se050: fix typo in information message The SCP03 "built-in" keys were incorrectly being reported to the console as a nonsensical "build-int". Signed-off-by: Jorge Ramirez-Ortiz <jorge@found crypto: se050: fix typo in information message The SCP03 "built-in" keys were incorrectly being reported to the console as a nonsensical "build-int". Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/adaptors/utils/scp_config.c
39100dea	12-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: se050: fix build warning When the configured logging level does not output IMSG, the static function get_scp03_ksrc_name() is not called. This causes a function unused warning which might l crypto: se050: fix build warning When the configured logging level does not output IMSG, the static function get_scp03_ksrc_name() is not called. This causes a function unused warning which might lead to a build error. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.github/workflows/ci.yml se050/adaptors/utils/scp_config.c
6cc77cdd	08-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050-f: ecc: can fallback to softw-ops The SE050-F device can select to fallback to specific unsupported operations. This allows xtests to run to completion without errors. Signe crypto: drivers: se050-f: ecc: can fallback to softw-ops The SE050-F device can select to fallback to specific unsupported operations. This allows xtests to run to completion without errors. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/core/ecc.c
58986cdf	12-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050-f: rsa: can fallback to softw-ops The SE050-F device can select to fallback to specific unsupported operations. This allows xtests to run to completion without errors. Signe crypto: drivers: se050-f: rsa: can fallback to softw-ops The SE050-F device can select to fallback to specific unsupported operations. This allows xtests to run to completion without errors. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/core/rsa.c
d8eed0c1	08-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050: ecc: fallback to softw-ops Operations that require a public key might fallback to a software based implementation. Operations that require a private key might fallback to a crypto: drivers: se050: ecc: fallback to softw-ops Operations that require a public key might fallback to a software based implementation. Operations that require a private key might fallback to a software based implementation as long as the private key is not in the secure element. Use CFG_NXP_SE05X_ECC_DRV_FALLBACK to enable this feature. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/core/ecc.c se050/crypto.mk
a40be7eb	08-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050: rsa: fallback to softw-ops Operations that require a public key might fallback to a software based implementation. Operations that require a private key might fallback to a crypto: drivers: se050: rsa: fallback to softw-ops Operations that require a public key might fallback to a software based implementation. Operations that require a private key might fallback to a software based implementation as long as the private key is not in the secure element. Use CFG_NXP_SE05X_RSA_DRV_FALLBACK to enable this feature. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/core/rsa.c se050/crypto.mk
f8dc3669	08-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050-f: rsa: fix support The NXP SE050-F does not support raw RSA keys, only CRT types. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome. crypto: drivers: se050-f: rsa: fix support The NXP SE050-F does not support raw RSA keys, only CRT types. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/core/rsa.c
73bc4c59	08-Dec-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: drivers: se050: adaptor: provide the oefid interface Not all the NXP SE05X secure elements provide the same level of cryptographic support. This interface allows runtime identification of th crypto: drivers: se050: adaptor: provide the oefid interface Not all the NXP SE05X secure elements provide the same level of cryptographic support. This interface allows runtime identification of the device under control Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/at91-sama5d27_som1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts /optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-d06/main.c /optee_os/core/arch/arm/plat-d06/platform_config.h /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_smc.h /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/crypto/crypto.c /optee_os/core/crypto/sm4-xts.c /optee_os/core/crypto/sm4.c /optee_os/core/crypto/sm4.h /optee_os/core/crypto/sub.mk /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/atmel_shdwc.c /optee_os/core/drivers/atmel_wdt.c se050/adaptors/include/se050.h se050/adaptors/utils/scp_config.c /optee_os/core/drivers/imx_lpuart.c /optee_os/core/drivers/lpc_uart.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_pm.c /optee_os/core/drivers/versal_puf.c /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/lpc_uart.h /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/include/drivers/serial.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/versal_puf.h /optee_os/core/kernel/console.c /optee_os/core/kernel/embedded_ts.c /optee_os/core/kernel/tee_misc.c /optee_os/core/lib/libtomcrypt/ccm.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/pta/stm32mp/bsec_pta.c /optee_os/core/pta/stm32mp/sub.mk /optee_os/core/pta/sub.mk /optee_os/core/tee/tee_cryp_utl.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/core/tee/tee_svc_storage.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S /optee_os/lib/libutee/arch/arm/utee_syscalls_a64.S /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv64.S /optee_os/lib/libutee/include/pta_stm32mp_bsec.h /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/include/utee_syscalls.h /optee_os/lib/libutee/include/utee_syscalls_asm.S /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/config.mk /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_rsa.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/pkcs11/src/token_capabilities.c
4502832d	30-Nov-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	drivers: versal: SHA3-384 engine support Enable the PLM controlled SHA3-384 cryptographic engine for TEE core usage. Since the engine does not have the concept of "context", it can't provide the le drivers: versal: SHA3-384 engine support Enable the PLM controlled SHA3-384 cryptographic engine for TEE core usage. Since the engine does not have the concept of "context", it can't provide the level support required by user-space (multiple parallel contexts) hence why it is being provided just to the core. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/crypto.mk versal/ipi.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_sha3_384.c /optee_os/core/include/drivers/versal_sha3_384.h
cef8ce12	11-Nov-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: RSA driver This driver uses the PLM xilsecure service to deliver RSA encryption/decryption functionality. https://github.com/Xilinx/embeddedsw Signed-off-by: Jorge Ramirez-Ortiz <j crypto: versal: RSA driver This driver uses the PLM xilsecure service to deliver RSA encryption/decryption functionality. https://github.com/Xilinx/embeddedsw Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/core.mk versal/rsa.c versal/sub.mk /optee_os/core/include/kernel/boot.h /optee_os/lib/libutils/isoc/stack_check.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/ta.mk
49b0febc	04-Jul-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: elliptic curve cryptography driver This driver uses the PLM xilsecure service to deliver ECC sign/verify functionality. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked crypto: versal: elliptic curve cryptography driver This driver uses the PLM xilsecure service to deliver ECC sign/verify functionality. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts /optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp157c-ev1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/include/kernel/cache_helpers_arch.h /optee_os/core/arch/arm/include/kernel/misc_arch.h /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/riscv/include/kernel/cache_helpers_arch.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/tee_l2cc_mutex.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/riscv_macros.S /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/kernel/idle.c /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/sbi_console.c /optee_os/core/arch/riscv/kernel/spinlock.S /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time.c /optee_os/core/arch/riscv/mm/sub.mk /optee_os/core/arch/riscv/mm/tlb_helpers_rv.S /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-spike/drivers/sub.mk /optee_os/core/arch/riscv/plat-spike/main.c /optee_os/core/arch/riscv/riscv.mk /optee_os/core/crypto/signed_hdr.c versal/ecc.c versal/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/kernel/cache_helpers.h /optee_os/core/include/kernel/misc.h /optee_os/core/include/tee/tee_svc_cryp.h /optee_os/core/include/tee/tee_svc_storage.h /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/trace_ext.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/core/tee/tee_svc_storage.c /optee_os/ldelf/ldelf.ld.S /optee_os/ldelf/ldelf.mk /optee_os/ldelf/start_rv64.S /optee_os/ldelf/sub.mk /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libutee/include/elf_common.h /optee_os/lib/libutee/include/tee_api.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/tee_ta_api.h /optee_os/lib/libutee/include/utee_syscalls.h /optee_os/lib/libutee/include/utee_types.h /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/confine_array_index.h
b303be92	01-Apr-2022	Jens Wiklander <jens.wiklander@linaro.org>	drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify() Adds a stubbed fault mitigation for the drivers version of crypto_acipher_rsassa_verify). End the function with FTMN_C drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify() Adds a stubbed fault mitigation for the drivers version of crypto_acipher_rsassa_verify). End the function with FTMN_CALLEE_DONE() to record that the function was indeed called and a redundant copy of the return value. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/sp_mem.c crypto_api/acipher/rsa.c /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c /optee_os/core/pta/stats.c /optee_os/core/sub.mk /optee_os/core/tests/ftmn_boot_tests.c /optee_os/core/tests/sub.mk /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/mbedtls/library/rsa.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/lib/libutee/include/utee_types.h /optee_os/lib/libutils/ext/fault_mitigation.c /optee_os/lib/libutils/ext/include/fault_mitigation.h /optee_os/lib/libutils/ext/include/stdlib_ext.h /optee_os/lib/libutils/ext/include/string_ext.h /optee_os/lib/libutils/ext/include/types_ext.h /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/assert.h /optee_os/lib/libutils/isoc/include/inttypes.h /optee_os/lib/libutils/isoc/include/limits.h /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/include/memory.h /optee_os/lib/libutils/isoc/include/signal.h /optee_os/lib/libutils/isoc/include/stdint.h /optee_os/lib/libutils/isoc/include/stdio.h /optee_os/lib/libutils/isoc/include/stdlib.h /optee_os/lib/libutils/isoc/include/string.h /optee_os/lib/libutils/isoc/include/time.h /optee_os/lib/libutils/isoc/include/unistd.h /optee_os/lib/libutils/isoc/include/wchar.h /optee_os/mk/compile.mk /optee_os/mk/config.mk
dc23c448	20-Oct-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: authentication driver This driver uses the PLM xilsecure service to deliver authentication functionality using AES-GCM. The driver currently does not handle unaligned data and lengt crypto: versal: authentication driver This driver uses the PLM xilsecure service to deliver authentication functionality using AES-GCM. The driver currently does not handle unaligned data and lengths; due to this the corresponding xtest regression test will not pass (xtest -t regression 4005 will fail). Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/plat-versal/conf.mk versal/authenc.c versal/ipi.c versal/sub.mk
614bc034	04-Jul-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: versal: interprocessor communication Interface to the PLM xilsecure service. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> crypto: versal: interprocessor communication Interface to the PLM xilsecure service. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/crypto/signed_hdr.c sub.mk versal/include/ipi.h versal/ipi.c versal/sub.mk /optee_os/core/kernel/ree_fs_ta.c
e41e74a8	10-Nov-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: se050: provision SCP03 keys on SCP03 enablement. Rotate the SCP03 keys as soon as the SCP03 communication channel is established. This can happen during boot or at a later time via normal w crypto: se050: provision SCP03 keys on SCP03 enablement. Rotate the SCP03 keys as soon as the SCP03 communication channel is established. This can happen during boot or at a later time via normal world request [1]. The rotation configuration that can be built-in in the driver allows the algorithm to rotate to a HUK based secret key or back to the factory based keys. [1] https://u-boot.readthedocs.io/en/latest/usage/cmd/scp03.html Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... se050/adaptors/apis/sss.c se050/crypto.mk
1 2 3 4 5 678 9 10 >>...15