core: use monotonic counter for secure storage without RPMB

If OP-TEE is configured without RPMB (CFG_REE_FS_INTEGRITY_RPMB=n), use
the non-volatile monotonic counter interface instead to protect ag

core: use monotonic counter for secure storage without RPMB

If OP-TEE is configured without RPMB (CFG_REE_FS_INTEGRITY_RPMB=n), use
the non-volatile monotonic counter interface instead to protect against
rollback of the REE FS base secure storage.

If configured without CFG_WARN_INSECURE=y, accept
TEE_ERROR_NOT_IMPLEMENTED error from nv_counter_get_ree_fs() and
nv_counter_incr_ree_fs_to() and warn once to make clear that the
configuration isn't secure.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buf

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buffer. Core buffers are normal secure memory while user space
buffers should only be accessed using the user_access.h functions.

The different FS storage implementations are updated accordingly.

Note that the RPMB FS storage implementation resorts to using
enter_user_access() and exit_user_access() due to internal complexities.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words

Remove 'All rights reserved' from Linaro files

The text 'All rights reserved' is useless [1]. The Free Software
Foundation's REUSE Initiative best practices document [2] does not
contain these words. Therefore, we can safely remove the text from the
files that are owned by Linaro.

Generated by:
spdxify.py --linaro-only --strip-arr optee_os/

Link: [1] https://en.wikipedia.org/wiki/All_rights_reserved
Link: [2] https://reuse.software/practices/
Link: [3] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.p

Remove license notice from Linaro files

Now that we have added SPDX identifiers, we can safely remove the
verbose license text from the files that are owned by Linaro.

Generated by [1]:
spdxify.py --linaro-only --strip-license-text optee_os/

Link: [1] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] wa

Add SPDX license identifiers

Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.

Generated by [2]:
spdxify.py --add-spdx optee_os/

The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.

Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: FS: add hash parameter to dirfile interface

Adds a hash parameter to the dirfile interface. The hash is used in the
same way as in the htree interface, that is, used to verify integrity on
ope

core: FS: add hash parameter to dirfile interface

Adds a hash parameter to the dirfile interface. The hash is used in the
same way as in the htree interface, that is, used to verify integrity on
open and used to get updated hash on writes.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: don't store uuid in dirfile interface

Skips storing pointer to uuid in struct tee_fs_dirfile_dirh.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: FS: don't store uuid in dirfile interface

Skips storing pointer to uuid in struct tee_fs_dirfile_dirh.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FS: introduce dirfile interface

Introduces the dirfile interface which keeps a list of secure storage
objects. Each object is represented by the UUID of the owning TA, a hash
of the object, an

core: FS: introduce dirfile interface

Introduces the dirfile interface which keeps a list of secure storage
objects. Each object is represented by the UUID of the owning TA, a hash
of the object, and a handle to the name used in normal world to store
the encrypted data of the object.

The interface allows queued atomic updates to avoid difficult races
during creation and renaming of objects.

By keeping the list of the secure object files in a single database the
collected state of the objects can be represented by a single hash or
even a counter. This gives some flexibility when implementing
anti-rollback protection.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...