tee - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
785da9b0	03-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	core: tee: sub.mk: don't build tee_ta_enc_manager.c when CFG_WITH_USER_TA=n This commit makes tee_ta_enc_manager.c source file depend on CFG_WITH_USER_TA flag. Building it when CFG_WITH_USER_TA=n le core: tee: sub.mk: don't build tee_ta_enc_manager.c when CFG_WITH_USER_TA=n This commit makes tee_ta_enc_manager.c source file depend on CFG_WITH_USER_TA flag. Building it when CFG_WITH_USER_TA=n leads to an inconsistency (extra unresolved symbols). Moreover it adds unused code. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/tlb_helpers.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/pgt_cache.c /optee_os/core/arch/arm/plat-hikey/spi_test.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/drivers/bcm_gpio.c /optee_os/core/drivers/ls_gpio.c /optee_os/core/drivers/pl022_spi.c /optee_os/core/drivers/pl061_gpio.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/gpio.h /optee_os/core/include/kernel/mutex.h /optee_os/core/include/kernel/wait_queue.h /optee_os/core/kernel/mutex.c /optee_os/core/kernel/mutex_lockdep.c /optee_os/core/kernel/mutex_lockdep.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/wait_queue.c /optee_os/core/mm/vm.c /optee_os/core/pta/bcm/gpio.c /optee_os/core/pta/system.c sub.mk /optee_os/ldelf/ta_elf.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/pkcs11/src/sanitize_object.c /optee_os/ta/trusted_keys/entry.c
913847f3	19-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: assert result in file_num_to_str() Adds an assert() that snprintf() succeeds in file_num_to_str(). This fixes coverity scan: CID 1501823 (#1 of 1): Unchecked return value (CHECKED_RETURN) R core: assert result in file_num_to_str() Adds an assert() that snprintf() succeeds in file_num_to_str(). This fixes coverity scan: CID 1501823 (#1 of 1): Unchecked return value (CHECKED_RETURN) Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/mm/mobj.h /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/core_pos_a32.S /optee_os/core/arch/arm/plat-rcar/core_pos_a64.S /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rcar/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/se050/adaptors/sub.mk /optee_os/core/drivers/crypto/se050/cflags.mk /optee_os/core/drivers/crypto/se050/core/sub.mk /optee_os/core/drivers/crypto/se050/sub.mk /optee_os/core/drivers/ls_i2c.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_i2c.h /optee_os/core/lib/libtomcrypt/mpi_desc.c tadb.c /optee_os/lib/libmbedtls/core/cmac.c /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_panic.c /optee_os/mk/compile.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/pkcs11/src/token_capabilities.c /optee_os/ta/pkcs11/src/token_capabilities.h
eee637e7	10-Feb-2021	Alexander Zakharov <uglym8@gmail.com>	Add 3DES CMAC implementation CMAC is a Cipher-Based MAC that improves some of the security deficiencies found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation for approved symmet Add 3DES CMAC implementation CMAC is a Cipher-Based MAC that improves some of the security deficiencies found in CBC-MAC. It is described in NIST SP800-38B as a mode of operation for approved symmetric block chipers, namely AES and TDEA. CMAC has similar use cases and security guarantees as HMAC, with the difference that it uses a different primitive (symmetric cipher instead of hash function). CMAC may be appropriate for information systems in which an approved block cipher is more readily available than an approved hash function. Commonly it is used for symmetric key diversification (ASC X9 TR 31-2018), data integrity assurance (ICV). CMAC is public domain. OP-TEE core already supports for AES CMAC, but not TDEA CMAC. This commit adds TDEA CMAC support. Signed-off-by: Alexander Zakharov <uglym8@gmail.com> Reviewed-by: Jerome Forissier <jerome@forissier.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> [jf: wrap commit description at 75 characters] Signed-off-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/fsl-lx2160a-qds.dts /optee_os/core/arch/arm/dts/fsl-lx2160a-rdb.dts /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/cache_helpers.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-dcp.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/crypto.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/session.c /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/imx/dcp/dcp_huk.c /optee_os/core/drivers/imx/dcp/dcp_utils.c /optee_os/core/drivers/imx/dcp/include/dcp_utils.h /optee_os/core/drivers/imx/dcp/include/local.h /optee_os/core/drivers/imx/dcp/sub.mk /optee_os/core/drivers/imx/sub.mk /optee_os/core/drivers/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/kernel/huk_subkey.h /optee_os/core/lib/libtomcrypt/cmac.c tee_cryp_utl.c /optee_os/lib/libmbedtls/core/des3_cmac.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/mbed_helpers.c /optee_os/lib/libmbedtls/core/mbed_helpers.h /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-dsa.h /optee_os/lib/libmbedtls/core/sm2-kep.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/core/sm2-pke.h /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/attributes.c /optee_os/ta/pkcs11/src/attributes.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/object.h /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_token.c
7e35937a	25-Jan-2021	Jerome Forissier <jerome@forissier.org>	core: crypto: sm2: do not panic core if key allocation fails During SM2 key derivation via syscall_cryp_derive_key(), if crypto_acipher_alloc_ecc_public_key() fails for whatever reason in get_sm2_ke core: crypto: sm2: do not panic core if key allocation fails During SM2 key derivation via syscall_cryp_derive_key(), if crypto_acipher_alloc_ecc_public_key() fails for whatever reason in get_sm2_kep_params(), peer_key and/or peer_eph_key are left in an invalid state and it is incorrect to call crypto_acipher_free_ecc_public_key() in this case. Doing so causes a core panic: E/TC:? 0 assertion 'key->ops && key->ops->free' failed at core/crypto/crypto.c:702 <crypto_acipher_free_ecc_public_key> E/TC:1 0 Panic at core/kernel/assert.c:28 <_assert_break> Fix the get_sm2_kep_params() cleanup code to avoid this situation. Signed-off-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/crypto/sm2-kdf.c /optee_os/core/crypto/sub.mk /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/crypto/se050/core/ctr.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/glue/i2c.c /optee_os/core/include/crypto/sm2-kdf.h /optee_os/core/lib/libtomcrypt/acipher_helpers.h /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/sm2-kep.c /optee_os/core/lib/libtomcrypt/sm2-pke.c /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/pta/system.c tee_svc_cryp.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/ecp_curves.c /optee_os/lib/libutee/include/pta_system.h /optee_os/lib/libutee/include/tee_internal_api_extensions.h /optee_os/lib/libutee/tee_system_pta.c /optee_os/lib/libutee/tee_tcpudp_socket.c
f97ae380	08-Dec-2020	Aleksandr Anisimov <a.anisimov@omprussia.ru>	core: add a new RPC as an interface to tee-supplicant plugins Any external TEE services can be designed as a tee-supplicant plugin. The plugins will be loaded by the supplicant during startup proces core: add a new RPC as an interface to tee-supplicant plugins Any external TEE services can be designed as a tee-supplicant plugin. The plugins will be loaded by the supplicant during startup process using libdl. It makes it easy to: - add new features in the supplicant that aren't needed in upstream, e.g. Rich OS specific services; - sync upstream version with own fork; This patch adds a new RPC - 'OPTEE_RPC_CMD_SUPP_PLUGIN' as an unified interface between OP-TEE and any plugins. Kernel code can use it to call for execution of some command in plugins. Every plugin has own name based on UUID. OP-TEE has access to plugins by it. See definition of protocol for the plugin RPC command in 'core/include/optee_rpc_cmd.h' file. Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/kernel/boot.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummies_init.c /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/drivers/imx_snvs.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/include/kernel/rpc_io_i2c.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/tee_supp_plugin_rpc.h /optee_os/core/pta/sub.mk sub.mk tee_supp_plugin_rpc.c /optee_os/lib/libmbedtls/core/aes_cbc.c /optee_os/lib/libmbedtls/core/aes_ctr.c /optee_os/lib/libmbedtls/core/aes_ecb.c /optee_os/lib/libmbedtls/core/dh.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/mbed_helpers.h /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/include/sys/queue.h /optee_os/lib/libutils/isoc/sub.mk /optee_os/mk/config.mk /optee_os/ta/arch/arm/link.mk /optee_os/ta/avb/entry.c /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/pkcs11/src/attributes.c /optee_os/ta/pkcs11/src/attributes.h /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_helpers.h /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h /optee_os/ta/pkcs11/src/sanitize_object.c
d53897cd	14-Jan-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: fix bad memset() in update_write_helper() update_write_helper() is clearing uninitialized parts of blk_buf. There's an error in the logic calculating how much should be cleared resulting in a core: fix bad memset() in update_write_helper() update_write_helper() is clearing uninitialized parts of blk_buf. There's an error in the logic calculating how much should be cleared resulting in a negative size being supplied to memset(). Fix this by always clearing blk_buf before usage. Fixes: cd799689cd3d ("core: rpmb: fix initialization of new rpmb data") Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey) Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_rpmb_fs.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h
19cb73dd	14-Jan-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: fix file handle leakage in syscall_storage_next_enum() Prior to this patch was syscall_storage_next_enum() opening a file handle with tee_svc_storage_read_head() but never freeing the handle. core: fix file handle leakage in syscall_storage_next_enum() Prior to this patch was syscall_storage_next_enum() opening a file handle with tee_svc_storage_read_head() but never freeing the handle. Fix this by closing the file handle as part of cleaning up before returning. Fixes: 928efd065222 ("core: syscall_storage_next_enum() use live pobj") Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/kernel/tee_ta_manager.c tee_svc_storage.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/attributes.c /optee_os/ta/pkcs11/src/attributes.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/object.h /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h
cd799689	08-Jan-2021	Etienne Carriere <etienne.carriere@linaro.org>	core: rpmb: fix initialization of new rpmb data Add memset() calls to ensure added object is extended with byte value 0 as specified in GPD TEE specification. Fixes: 64c6d2917d12 ("core: rpmb fs us core: rpmb: fix initialization of new rpmb data Add memset() calls to ensure added object is extended with byte value 0 as specified in GPD TEE specification. Fixes: 64c6d2917d12 ("core: rpmb fs uses mempool for temporary transfer buffers") Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_rpmb_fs.c /optee_os/mk/config.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/object.h /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h
a1bc38c8	30-Nov-2020	Robin van der Gracht <robin@protonic.nl>	core: tee_rpmb_fs: Return error when block decryption fails When decrypt_block fails (although unlikely) it shouldn't be silently ignored. In such case the data in the buffer pointed to by out is u core: tee_rpmb_fs: Return error when block decryption fails When decrypt_block fails (although unlikely) it shouldn't be silently ignored. In such case the data in the buffer pointed to by out is unmodified or bogus while the return code is TEE_SUCCESS. Signed-off-by: Robin van der Gracht <robin@protonic.nl> Reviewed-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/.shippable.yml /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/drivers/imx_snvs.c /optee_os/core/arch/arm/plat-imx/link.mk /optee_os/core/arch/arm/plat-rzn1/link.mk tee_rpmb_fs.c
64c6d291	13-Dec-2020	Etienne Carriere <etienne.carriere@linaro.org>	core: rpmb fs uses mempool for temporary transfer buffers RPMB FS driver may allocates a temporary buffer of size the one provided by userland caller. These may be big buffer of dozens of kbytes and core: rpmb fs uses mempool for temporary transfer buffers RPMB FS driver may allocates a temporary buffer of size the one provided by userland caller. These may be big buffer of dozens of kbytes and may exhaust the heap capacities. Change the implementation to use a 4kByte temporary buffer to update RPMB data instead of an allocated buffer of the object target size. RPMB FAT entry data is updated by chunks of the temporary buffer size, and RPMB FAT meta data is updated afterwards as prior this change. Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/core/arch/arm/include/kernel/ldelf_loader.h /optee_os/core/arch/arm/include/tee/arch_svc.h /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/crypto_conf.mk /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/include/kernel/handle.h /optee_os/core/include/kernel/ldelf_syscalls.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/handle.c /optee_os/core/kernel/ldelf_syscalls.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/pta/system.c tee_rpmb_fs.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/include/ldelf_syscalls.h /optee_os/ldelf/start_a32.S /optee_os/ldelf/start_a64.S /optee_os/ldelf/sub.mk /optee_os/ldelf/sys.c /optee_os/ldelf/sys.h /optee_os/ldelf/syscalls_a32.S /optee_os/ldelf/syscalls_a64.S /optee_os/ldelf/syscalls_asm.S /optee_os/ldelf/ta_elf.c /optee_os/lib/libutee/trace_ext.c
3c534211	05-Dec-2020	Stefan Schmidt <snst@meek.de>	core: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left So far the error TEE_ERROR_OUT_OF_MEMORY was returned if no free memory could be allocated in the RPMB to store new data. According to core: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left So far the error TEE_ERROR_OUT_OF_MEMORY was returned if no free memory could be allocated in the RPMB to store new data. According to TEE Internal Core API Specification the error TEE_ERROR_STORAGE_NO_SPACE shall be returned if insufficient space is available to create the persistent object. Signed-off-by: Stefan Schmidt <snst@meek.de> Reviewed-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/kernel/delay.h /optee_os/core/arch/arm/kernel/tee_time_arm_cntpct.c /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/drivers/crypto/se050/adaptors/apis/apdu.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050_apdu_apis.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/core/sub.mk /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/pta/tests/misc.c tee_rpmb_fs.c /optee_os/lib/libutee/include/arm_user_sysreg.h /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/attributes.c /optee_os/ta/pkcs11/src/attributes.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/sanitize_object.c /optee_os/ta/pkcs11/src/sanitize_object.h /optee_os/ta/pkcs11/src/token_capabilities.c /optee_os/ta/ta.mk
1defc238	14-Dec-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: copy ctx_finalize in syscall_cryp_state_copy() Copies the ctx_finalize() when a state is copied using syscall_cryp_state_copy() in order to support proper cleanup of the state once it's remove core: copy ctx_finalize in syscall_cryp_state_copy() Copies the ctx_finalize() when a state is copied using syscall_cryp_state_copy() in order to support proper cleanup of the state once it's removed. Acked-by: Jerome Forissier <jerome@forissier.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Suggested-by: Tony He <tony.he@armchina.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/main.c /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-rcar/link.mk /optee_os/core/arch/arm/plat-rockchip/platform.c /optee_os/core/arch/arm/plat-rzg/conf.mk /optee_os/core/arch/arm/plat-rzg/link.mk /optee_os/core/arch/arm/plat-rzg/main.c /optee_os/core/arch/arm/plat-rzg/platform_config.h /optee_os/core/arch/arm/plat-rzg/sub.mk /optee_os/core/crypto.mk /optee_os/core/crypto/aes-cts.c /optee_os/core/drivers/crypto/se050/core/huk.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/crypto/se050/glue/i2c.c /optee_os/core/drivers/crypto/se050/glue/user.c /optee_os/core/drivers/crypto/se050/sub.mk /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/pl022_spi.c /optee_os/core/drivers/tzc380.c /optee_os/core/include/keep.h /optee_os/core/include/kernel/tee_time.h /optee_os/core/include/spi.h /optee_os/core/sub.mk tee_svc_cryp.c /optee_os/lib/libutee/include/user_ta_header.h /optee_os/mk/cc-option.mk /optee_os/mk/checkconf.mk /optee_os/mk/config.mk /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_helpers.h /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_aes.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/pkcs11/src/token_capabilities.c
5dfe86d0	25-Aug-2020	Jorge Ramirez-Ortiz <jorge@foundries.io>	core: svc store: delete keys from secure elements The cryptographic API provides an interface for the creation of cryptographic keys. These keys can be stored in secure elements and handlers to the core: svc store: delete keys from secure elements The cryptographic API provides an interface for the creation of cryptographic keys. These keys can be stored in secure elements and handlers to these keys (since the keys themselves can not be read from the secure elements) given back to the caller. When the object holding a key is being deleted, the cryptographic API must be informed in order to proceed with the deletion of the real key from the secure element. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/se050/adaptors/apis/apdu.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/apis/user.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_apdu_apis.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_sss_apis.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_user_apis.h /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/sub.mk /optee_os/core/drivers/crypto/se050/adaptors/utils/info.c /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/crypto/se050/core/ctr.c /optee_os/core/drivers/crypto/se050/core/huk.c /optee_os/core/drivers/crypto/se050/core/include/se050_cipher_algorithms.h /optee_os/core/drivers/crypto/se050/core/rng.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/core/scp03.c /optee_os/core/drivers/crypto/se050/core/storage.c /optee_os/core/drivers/crypto/se050/core/sub.mk /optee_os/core/drivers/crypto/se050/session.c /optee_os/core/drivers/crypto/se050/sub.mk /optee_os/core/drivers/crypto/sub.mk /optee_os/core/include/crypto/crypto.h /optee_os/core/lib/libtomcrypt/sm2-pke.c /optee_os/core/pta/scp03.c /optee_os/core/pta/sub.mk tee_svc_storage.c /optee_os/lib/libutee/include/scp03_pta.h
a8fb1651	13-Nov-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: fix RPMB rollback vulnerability Normal world is used to pass the RPMB request to the eMMC. If normal world saves a write request and returns an error instead it can be used at a later stage wh core: fix RPMB rollback vulnerability Normal world is used to pass the RPMB request to the eMMC. If normal world saves a write request and returns an error instead it can be used at a later stage where OP-TEE doesn't expect a certain block to be updated. For more details on possible attacks and mitigations see [1] and [2]. The mitigation consists of two parts, while initializing and later how each write request is handled. While initializing the RPMB file system we don't have a spare dummy block so the alternative method of reading a block and writing it again is used instead. For normal write request all errors after the request message has been created will be retried 10 times. If a write request fails after 10 retries RPMB is disabled entirely until next boot. An eventual requesting TA is with an unexpected error code since we can't tell if the request has been committed to storage or not. Link: [1] https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications Link: [2] https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-replay-protected-memory-block-protocol-vulernabilities.pdf Acked-by: Joakim Bech <joakim.bech@linaro.org> Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/acipher/sub.mk /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt.h /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/lib/libtomcrypt/acipher_helpers.h /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/sm2-dsa.c /optee_os/core/lib/libtomcrypt/sm2-pke.c /optee_os/core/lib/libtomcrypt/src/pk/dh/dh_make_key.c tee_rpmb_fs.c
08e47d6b	07-Oct-2020	Cedric Neveux <cedric.neveux@nxp.com>	core: crypto: unify ECC and SM2_DSA sign/verify Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify function core: crypto: unify ECC and SM2_DSA sign/verify Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify functions that are calling the ecc key operations set. Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto/crypto.c /optee_os/core/include/crypto/crypto.h /optee_os/core/lib/libtomcrypt/ecc.c tee_svc_cryp.c /optee_os/lib/libmbedtls/core/ecc.c
df00cf59	06-Oct-2020	Cedric Neveux <cedric.neveux@nxp.com>	core: crypto: add struct crypto_ecc_[public/keypair]_ops In order to enable one ECC HW driver and one ECC SW library at build and runtime, introduces struct crypto_ecc_public_ops and struct crypto_e core: crypto: add struct crypto_ecc_[public/keypair]_ops In order to enable one ECC HW driver and one ECC SW library at build and runtime, introduces struct crypto_ecc_public_ops and struct crypto_ecc_keypair_ops respectively to the struct ecc_public_key and struct ecc_keypair. At key (public/keypair) allocation, the HW driver is first called and if key type/size not supported, the SW library is then called. When key is allocated with success, the key->ops is set with the cryptographic functions pointer to call when using keys to: - Generate keypair - Sign with keypair - Shared secret with keypair - Verify with public key - Free public key Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.checkpatch.conf /optee_os/core/arch/arm/include/kernel/early_ta.h /optee_os/core/arch/arm/include/kernel/embedded_ts.h /optee_os/core/arch/arm/include/kernel/ldelf_loader.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/user_ta.h /optee_os/core/arch/arm/kernel/early_ta.c /optee_os/core/arch/arm/kernel/embedded_ts.c /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/ree_fs_ta.c /optee_os/core/arch/arm/kernel/secstor_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-imx/registers/imx8m-crm.h /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/imx_i2c.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_store.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/pta/device.c /optee_os/core/pta/system.c /optee_os/core/sub.mk tee_svc_cryp.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/mk/config.mk /optee_os/scripts/ts_bin_to_c.py /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c
89c9728d	19-Oct-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: replace tee_mmu prefix with vm Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions belonging to these fi core: replace tee_mmu prefix with vm Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions belonging to these files are renamed with a vm prefix. Introduces: vm_map_param(), vm_clean_param(), vm_buf_is_inside_private(), vm_buf_intersects_private(), vm_buf_to_mboj_offs(), vm_buf_is_inside_um_private(), vm_buf_intersects_um_private(), vm_add_rwmem(), vm_rem_rwmem(), vm_va2pa(), vm_pa2va(), vm_check_access_rights(), vm_set_ctx() replacing their tee_mmu_*() counterpart. Acked-by: Joakim Bech <joakim.bech@linaro.org> Acked-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/sub.mk /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/arch/arm/tee/svc_cache.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/include/mm/vm.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c /optee_os/core/kernel/user_access.c /optee_os/core/mm/sub.mk /optee_os/core/mm/vm.c /optee_os/core/pta/benchmark.c /optee_os/core/pta/gprof.c /optee_os/core/pta/sdp.c /optee_os/core/pta/system.c tee_obj.c tee_svc.c tee_svc_cryp.c tee_svc_storage.c
1f648d54	09-Oct-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: remove struct tee_ta_ctx from struct user_mode_ctx Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode entity to be independent of the TA concept, that is, making room for core: remove struct tee_ta_ctx from struct user_mode_ctx Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode entity to be independent of the TA concept, that is, making room for SPs in user mode. A pointer to a struct user_mode_ctx is passed to many memory management functions where a pointer to a struct ts_ctx is needed too. Prior to this patch it was possible to calculate that address of corresponding struct ts_ctx with help of the container_of() macro, that is no longer possible. Instead is a struct ts_ctx *ts_ctx field added to struct user_mode_ctx in order to allow such lookups. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/user_ta.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/kernel/tee_ta_manager.c tee_svc.c
3560d990	01-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: add generic struct ts_ctx Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx where generic context operations are performed. struct tee_ta_ctx adds a field with struct ts_ core: add generic struct ts_ctx Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx where generic context operations are performed. struct tee_ta_ctx adds a field with struct ts_ctx for conversion to struct ts_ctx where needed. The struct ts_session is updated to keep a pointer to a struct ts_ctx instead of the previous struct tee_ta_ctx. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/kernel/pseudo_ta.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/user_ta.h /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/pgt_cache.c /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/tee/svc_cache.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/mm/tee_mmu.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c tee_svc.c
00b3b9a2	31-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: add generic struct ts_session As a step in making room for Secure Partitions (SPs) running at S-EL0 add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS. Adds the generic struct t core: add generic struct ts_session As a step in making room for Secure Partitions (SPs) running at S-EL0 add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS. Adds the generic struct ts_session. All future sessions structs (currently only struct tee_ta_session exists) should add this struct to allow generic session operations. With this struct comes new functions replacing previous struct tee_ta_session oriented functions. The following functions are replaced as: tee_ta_get_current_session() -> ts_get_current_session() tee_ta_push_current_session() -> ts_push_current_session() tee_ta_pop_current_session() -> ts_pop_current_session() tee_ta_get_calling_session() -> ts_get_calling_session() ts_get_current_session() is changed compared to its predecessor to panic() in case of failure to return a valid pointer. A new function ts_get_current_session_may_fail() is added to handle an eventual case where a return NULL session may be handled. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/.travis.yml /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-vexpress/vendor_props.c /optee_os/core/arch/arm/sm/sm_a32.S /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/arch/arm/tee/svc_cache.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/tee/tee_svc.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c /optee_os/core/kernel/user_access.c /optee_os/core/pta/gprof.c /optee_os/core/pta/system.c /optee_os/core/pta/tests/fs_htree.c /optee_os/core/pta/tests/invoke.c socket.c tee_obj.c tee_svc.c tee_svc_cryp.c tee_svc_storage.c /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/newlib/strtoul.c /optee_os/mk/cc-option.mk
8f51d0a4	16-Oct-2020	Stefan Schmidt <snst@meek.de>	core: rpmb: check return value of encrypt_block() Added error handling if call of function encrypt_block() fails in tee_rpmb_req_pack(). Signed-off-by: Stefan Schmidt <snst@meek.de> Reviewed-by: Je core: rpmb: check return value of encrypt_block() Added error handling if call of function encrypt_block() fails in tee_rpmb_req_pack(). Signed-off-by: Stefan Schmidt <snst@meek.de> Reviewed-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/early_ta.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/plat-zynqmp/conf.mk /optee_os/core/arch/arm/plat-zynqmp/platform_config.h tee_rpmb_fs.c /optee_os/lib/libutils/ext/arch/arm/auxval.c /optee_os/lib/libutils/ext/arch/arm/sub.mk /optee_os/scripts/pem_to_pub_c.py /optee_os/scripts/sign_encrypt.py /optee_os/scripts/ta_bin_to_c.py /optee_os/ta/arch/arm/link.mk /optee_os/ta/mk/ta_dev_kit.mk
3b11b1d2	12-Oct-2020	Jerome Forissier <jerome@forissier.org>	core: rpmb: fix off-by-one in block index check The max block index check in tee_rpmb_req_pack() is incorrect and would fail when trying to access the last block of the partition. Signed-off-by: Je core: rpmb: fix off-by-one in block index check The max block index check in tee_rpmb_req_pack() is incorrect and would fail when trying to access the last block of the partition. Signed-off-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/drivers/scmi-msg/base.c /optee_os/core/drivers/scmi-msg/base.h /optee_os/core/drivers/scmi-msg/clock.h /optee_os/core/drivers/scmi-msg/common.h /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/reset_domain.c /optee_os/core/drivers/scmi-msg/reset_domain.h /optee_os/core/drivers/scmi-msg/voltage_domain.c /optee_os/core/drivers/scmi-msg/voltage_domain.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/dt-bindings/regulator/st,stm32mp15-regulator.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/kernel/tee_ta_manager.c tee_rpmb_fs.c /optee_os/mk/config.mk
589a4941	09-Oct-2020	Jerome Forissier <jerome@forissier.org>	core: use vaddr_t instead of uint32_t for object IDs Some function incorrectly use uint32_t for object identifiers: tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum(). Those obje core: use vaddr_t instead of uint32_t for object IDs Some function incorrectly use uint32_t for object identifiers: tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum(). Those object IDs are actually virtual addresses so they need to be of type vaddr_t. Link: https://github.com/OP-TEE/optee_os/issues/4035#issuecomment-680037072 Signed-off-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.h /optee_os/core/arch/arm/plat-stm32mp1/pm/psci.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/drivers/scmi-msg/clock.c /optee_os/core/drivers/scmi-msg/common.h /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/scmi-msg/voltage_domain.c /optee_os/core/drivers/scmi-msg/voltage_domain.h /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stpmic1.c /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/scmi.h /optee_os/core/include/drivers/stpmic1.h /optee_os/core/include/dt-bindings/reset/stm32mp1-resets.h /optee_os/core/include/tee/tee_obj.h tee_obj.c tee_svc_cryp.c tee_svc_storage.c /optee_os/lib/libutils/ext/arch/arm/mcount_a32.S
3b354b19	02-Oct-2020	Neil Shipp <neilsh@microsoft.com>	core: Fix RPMB fat entry cache buffer overflow Ensure that fat_entry_dir_update can only update entries less than the current cache size and not just the maximum size limit of the cache. Signed-off core: Fix RPMB fat entry cache buffer overflow Ensure that fat_entry_dir_update can only update entries less than the current cache size and not just the maximum size limit of the cache. Signed-off-by: Neil Shipp <neilsh@microsoft.com> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_rpmb_fs.c
919a5a68	06-Oct-2020	Jerome Forissier <jerome@forissier.org>	Use fallthrough pseudo-keyword in switch/case statements Use fallthrough; in switch/case statements. Imported libraries (libtomcrypt, libmbedtls) are not modified to minimize differences with upstre Use fallthrough pseudo-keyword in switch/case statements Use fallthrough; in switch/case statements. Imported libraries (libtomcrypt, libmbedtls) are not modified to minimize differences with upstream. Signed-off-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/include/kernel/dt.h /optee_os/core/pta/tests/aes_perf.c tee_svc.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/snprintk.c
1 2 3 4 567 8 9 10 >>...24