core: mutex: mutex is abstract pull it from arch folder

This commit moves mutex* and wait_queue* from arch folder to core/kernel
to make it architecture-independent.

Signed-off-by: Marouene Boubakr

core: mutex: mutex is abstract pull it from arch folder

This commit moves mutex* and wait_queue* from arch folder to core/kernel
to make it architecture-independent.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens W

plat-ls: add i2c driver for NXP LS Platforms

I2C Driver compilation is enabled by default for LX2160A-RDB
and LX2160A-QDS.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmet

Add 3DES CMAC implementation

CMAC is a Cipher-Based MAC that improves some of the security deficiencies
found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation
for approved symmetric block chipers, namely AES and TDEA.

CMAC has similar use cases and security guarantees as HMAC, with the
difference that it uses a different primitive (symmetric cipher instead
of hash function).
CMAC may be appropriate for information systems in which an approved block
cipher is more readily available than an approved hash function.

Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018),
data integrity assurance (ICV).

CMAC is public domain.

OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit
adds TDEA CMAC support.

Signed-off-by: Alexander Zakharov <uglym8@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: wrap commit description at 75 characters]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC a

drivers: dcp: add DCP support

The Data Co-Processor (DCP) provides hardware acceleraiton for
cryptographic algorithms. The features of DCP are:
- AES128 ECB and CBC
- SHA1, SHA256
- AES128-CMAC algorithm
- SRAM key storage
- HUK generation

This driver adds DCP support for the following platforms:
- imx6slevk
- imx6sllevk
- imx6ullevk
- imx6ulzevk

Signed-off-by: Remi Koman <remi.koman@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assump

drivers: crypto: se050: Global Platform SCP03 key provisioning

Remove the need to store the SCP03 keys by deriving them from the HUK
and the SE050 unique hardware identifier.

Works under the assumption that the HUK is unknown and never exposed
outside the TEE.

CFG_CORE_SE05X_SCP03_PROVISION
Needs to be configured to exec the feature.

CFG_CORE_SE05X_DISPLAY_SCP03_KEYS:
Outputs the current and the new SCP03 keys to the console during
provisioning.

Note that to provision new SCP03 keys, SCP03 must already be in
operation (ie, have an encrypted communication channel between the
processor and the SE050).

Tested on imx8mm EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
c

core: ltc: move sm2_kdf() to common core/crypto/sm2-kdf.c

The key derivation function sm2_kdf() is a helper function used by SM2
KEP (Key Exchange Protocol) and PKE (Private Key Encryption). It is
currently implemented in core/lib/libtomcrypt/sm2_kdf.c, next to the SM2
source code based on LibTomCrypt.

In order to provide an MBed TLS implementation of SM2, the helper
function shall be outside the LibTomCrypt directory. Move it to
core/crypto/sm2-kdf.c.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup proces

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup process
using libdl.
It makes it easy to:
- add new features in the supplicant that aren't needed in upstream,
e.g. Rich OS specific services;
- sync upstream version with own fork;

This patch adds a new RPC - 'OPTEE_RPC_CMD_SUPP_PLUGIN' as an unified
interface between OP-TEE and any plugins. Kernel code can use it
to call for execution of some command in plugins.

Every plugin has own name based on UUID.
OP-TEE has access to plugins by it.

See definition of protocol for the plugin RPC command
in 'core/include/optee_rpc_cmd.h' file.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etie

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as for utee_* syscalls. To distinguish between the different SVCs, the
syscall handler pointer is updated before entering ldelf and restored
after returning. The step of opening a system PTA session and invoking
the commands there is eliminated, the necessary functionality is
implemented in the ldelf syscall functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: add handle_db_is_empty() function

Implements a function that checks if a handle database is empty, i.e.
all pointers stored in the database are NULL.

Acked-by: Etienne Carriere <etienne.carri

core: add handle_db_is_empty() function

Implements a function that checks if a handle database is empty, i.e.
all pointers stored in the database are NULL.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
se

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
session without modifying the ts_ops defined in the session context.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open_ta_binary(), etc.) or they provide an interface for TAs to
invoke services implemented in user space by ldelf (call_ldelf_dlopen(),
call_ldelf_dlsym()). Extract these to a separate file as a first step
towards converting the PTA system_*() calls into proper ldelf-specific
syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it gene

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it generic and reachable for all sessions, not just TAs. This
enables extracting ldelf related code from system PTA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: remove unused TEE_TIME_BOOT_TICKS_HZ

The TEE_TIME_BOOT_TICKS_HZ macro is not used, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.car

core: remove unused TEE_TIME_BOOT_TICKS_HZ

The TEE_TIME_BOOT_TICKS_HZ macro is not used, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose exis

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose existing pl022_flush_fifo API to caller via spi_ops.

The validation is performed on bcm platform.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Reviewed-by: Victor Chong <victor.chong@linaro.org>

show more ...

core: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections

The DECLARE_KEEP_PAGER() and DECLARE_KEEP_INIT() macros create symbols
in a special section called __keep_meta_vars_pager. The

core: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections

The DECLARE_KEEP_PAGER() and DECLARE_KEEP_INIT() macros create symbols
in a special section called __keep_meta_vars_pager. The behavior
differs slightly in C and assembler:

- In C, the section is of type SHT_PROGBITS and has (SHF_ALLOC |
SHF_WRITE) flags,
- In assembler, the section is also SHT_PROGBITS but has no flags.

Enter the Clang linker, ld.lld. When used with --gc-sections, all
sections without the SHF_ALLOC flag (and a few other conditions) are
marked "live" in a first pass before dependencies on other sections
are considered. A side effect is that the reference to the symbol given
in DECLARE_KEEP_*() is ignored and the macro does not pull the desired
section in the link. That section is garbage collected instead.

Whether or not it is a bug in the linker is slightly above my level of
expertise. However, the DECLARE_KEEP_*() macros declare global symbols
that reference other symbols, so it really is allocatable stuff and
having the SHF_ALLOC flag does make sense. It is also consistent with
the C version. Note that adding the flag does not take more space in the
final executable since core/arch/arm/kernel/kern.ld.S discards the
__keep_meta_vars_pager output section anyways.

Therefore, add "a" to the .section command in DECLARE_KEEP_*().

Fixes a core crash which may be reproduced on QEMUv8 with xtest 1013
when OP-TEE is compiled with Clang 11 and CFG_WITH_PAGER=y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: svc store: delete keys from secure elements

The cryptographic API provides an interface for the creation of
cryptographic keys.

These keys can be stored in secure elements and handlers to the

core: svc store: delete keys from secure elements

The cryptographic API provides an interface for the creation of
cryptographic keys.

These keys can be stored in secure elements and handlers to these keys
(since the keys themselves can not be read from the secure elements)
given back to the caller.

When the object holding a key is being deleted, the cryptographic API
must be informed in order to proceed with the deletion of the real
key from the secure element.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used fo

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used for the SM2 PKE algorithms.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: unify ECC and SM2_DSA sign/verify

Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify
functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify
function

core: crypto: unify ECC and SM2_DSA sign/verify

Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify
functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify
functions that are calling the ecc key operations set.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add struct crypto_ecc_[public/keypair]_ops

In order to enable one ECC HW driver and one ECC SW library at build and
runtime, introduces struct crypto_ecc_public_ops and
struct crypto_e

core: crypto: add struct crypto_ecc_[public/keypair]_ops

In order to enable one ECC HW driver and one ECC SW library at build and
runtime, introduces struct crypto_ecc_public_ops and
struct crypto_ecc_keypair_ops respectively to the struct ecc_public_key
and struct ecc_keypair.

At key (public/keypair) allocation, the HW driver is first called and
if key type/size not supported, the SW library is then called.
When key is allocated with success, the key->ops is set with the
cryptographic functions pointer to call when using keys to:
- Generate keypair
- Sign with keypair
- Shared secret with keypair
- Verify with public key
- Free public key

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix secure partition TA context

Fix secure partition invocation in tee_ta_manager.c. The TA context
instance is found in the secure partition context (as here *_stmm_ctx()),
instead of the tru

core: fix secure partition TA context

Fix secure partition invocation in tee_ta_manager.c. The TA context
instance is found in the secure partition context (as here *_stmm_ctx()),
instead of the trusted service context as for regular TAs and PTAs.

This change moves to_ta_session() from header file to source file
so that is_stmm_ctx() is visible and can be asserted.

Tested-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_mode_ctx will be the common ground for the fields used by both TAs
and SPs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: add secure partitions store

SPs need to be started as part of the initialisation process of the
OP-TEE kernel. The secure partition store uses the embedded_ts store to
load SPs

Signed-off-by:

core: add secure partitions store

SPs need to be started as part of the initialisation process of the
OP-TEE kernel. The secure partition store uses the embedded_ts store to
load SPs

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that th

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that the stores are not only used by the
TAs but that they can also be used by SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...