tee - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
1f648d54	09-Oct-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: remove struct tee_ta_ctx from struct user_mode_ctx Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode entity to be independent of the TA concept, that is, making room for core: remove struct tee_ta_ctx from struct user_mode_ctx Removes struct tee_ta_ctx from struct user_mode_ctx allowing a user mode entity to be independent of the TA concept, that is, making room for SPs in user mode. A pointer to a struct user_mode_ctx is passed to many memory management functions where a pointer to a struct ts_ctx is needed too. Prior to this patch it was possible to calculate that address of corresponding struct ts_ctx with help of the container_of() macro, that is no longer possible. Instead is a struct ts_ctx *ts_ctx field added to struct user_mode_ctx in order to allow such lookups. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/user_ta.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/kernel/tee_ta_manager.c tee_svc.c
3560d990	01-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: add generic struct ts_ctx Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx where generic context operations are performed. struct tee_ta_ctx adds a field with struct ts_ core: add generic struct ts_ctx Adds the generic struct ts_ctx to be used instead of struct tee_ta_ctx where generic context operations are performed. struct tee_ta_ctx adds a field with struct ts_ctx for conversion to struct ts_ctx where needed. The struct ts_session is updated to keep a pointer to a struct ts_ctx instead of the previous struct tee_ta_ctx. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/kernel/pseudo_ta.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/user_ta.h /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/pgt_cache.c /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/tee/svc_cache.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/mm/tee_mmu.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c tee_svc.c
00b3b9a2	31-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: add generic struct ts_session As a step in making room for Secure Partitions (SPs) running at S-EL0 add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS. Adds the generic struct t core: add generic struct ts_session As a step in making room for Secure Partitions (SPs) running at S-EL0 add a Trusted Service (TS) abstraction. Both TAs and SPs is a TS. Adds the generic struct ts_session. All future sessions structs (currently only struct tee_ta_session exists) should add this struct to allow generic session operations. With this struct comes new functions replacing previous struct tee_ta_session oriented functions. The following functions are replaced as: tee_ta_get_current_session() -> ts_get_current_session() tee_ta_push_current_session() -> ts_push_current_session() tee_ta_pop_current_session() -> ts_pop_current_session() tee_ta_get_calling_session() -> ts_get_calling_session() ts_get_current_session() is changed compared to its predecessor to panic() in case of failure to return a valid pointer. A new function ts_get_current_session_may_fail() is added to handle an eventual case where a return NULL session may be handled. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/.travis.yml /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-vexpress/vendor_props.c /optee_os/core/arch/arm/sm/sm_a32.S /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/arch/arm/tee/svc_cache.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/include/tee/tee_svc.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c /optee_os/core/kernel/user_access.c /optee_os/core/pta/gprof.c /optee_os/core/pta/system.c /optee_os/core/pta/tests/fs_htree.c /optee_os/core/pta/tests/invoke.c socket.c tee_obj.c tee_svc.c tee_svc_cryp.c tee_svc_storage.c /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/newlib/strtoul.c /optee_os/mk/cc-option.mk
8f51d0a4	16-Oct-2020	Stefan Schmidt <snst@meek.de>	core: rpmb: check return value of encrypt_block() Added error handling if call of function encrypt_block() fails in tee_rpmb_req_pack(). Signed-off-by: Stefan Schmidt <snst@meek.de> Reviewed-by: Je core: rpmb: check return value of encrypt_block() Added error handling if call of function encrypt_block() fails in tee_rpmb_req_pack(). Signed-off-by: Stefan Schmidt <snst@meek.de> Reviewed-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/early_ta.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/plat-zynqmp/conf.mk /optee_os/core/arch/arm/plat-zynqmp/platform_config.h tee_rpmb_fs.c /optee_os/lib/libutils/ext/arch/arm/auxval.c /optee_os/lib/libutils/ext/arch/arm/sub.mk /optee_os/scripts/pem_to_pub_c.py /optee_os/scripts/sign_encrypt.py /optee_os/scripts/ta_bin_to_c.py /optee_os/ta/arch/arm/link.mk /optee_os/ta/mk/ta_dev_kit.mk
3b11b1d2	12-Oct-2020	Jerome Forissier <jerome@forissier.org>	core: rpmb: fix off-by-one in block index check The max block index check in tee_rpmb_req_pack() is incorrect and would fail when trying to access the last block of the partition. Signed-off-by: Je core: rpmb: fix off-by-one in block index check The max block index check in tee_rpmb_req_pack() is incorrect and would fail when trying to access the last block of the partition. Signed-off-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/drivers/scmi-msg/base.c /optee_os/core/drivers/scmi-msg/base.h /optee_os/core/drivers/scmi-msg/clock.h /optee_os/core/drivers/scmi-msg/common.h /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/reset_domain.c /optee_os/core/drivers/scmi-msg/reset_domain.h /optee_os/core/drivers/scmi-msg/voltage_domain.c /optee_os/core/drivers/scmi-msg/voltage_domain.h /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/dt-bindings/regulator/st,stm32mp15-regulator.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/kernel/tee_ta_manager.c tee_rpmb_fs.c /optee_os/mk/config.mk
589a4941	09-Oct-2020	Jerome Forissier <jerome@forissier.org>	core: use vaddr_t instead of uint32_t for object IDs Some function incorrectly use uint32_t for object identifiers: tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum(). Those obje core: use vaddr_t instead of uint32_t for object IDs Some function incorrectly use uint32_t for object identifiers: tee_obj_get(), tee_svc_cryp_get_state() and tee_svc_storage_get_enum(). Those object IDs are actually virtual addresses so they need to be of type vaddr_t. Link: https://github.com/OP-TEE/optee_os/issues/4035#issuecomment-680037072 Signed-off-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.h /optee_os/core/arch/arm/plat-stm32mp1/pm/psci.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/drivers/scmi-msg/clock.c /optee_os/core/drivers/scmi-msg/common.h /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/scmi-msg/voltage_domain.c /optee_os/core/drivers/scmi-msg/voltage_domain.h /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stpmic1.c /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/scmi.h /optee_os/core/include/drivers/stpmic1.h /optee_os/core/include/dt-bindings/reset/stm32mp1-resets.h /optee_os/core/include/tee/tee_obj.h tee_obj.c tee_svc_cryp.c tee_svc_storage.c /optee_os/lib/libutils/ext/arch/arm/mcount_a32.S
3b354b19	02-Oct-2020	Neil Shipp <neilsh@microsoft.com>	core: Fix RPMB fat entry cache buffer overflow Ensure that fat_entry_dir_update can only update entries less than the current cache size and not just the maximum size limit of the cache. Signed-off core: Fix RPMB fat entry cache buffer overflow Ensure that fat_entry_dir_update can only update entries less than the current cache size and not just the maximum size limit of the cache. Signed-off-by: Neil Shipp <neilsh@microsoft.com> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_rpmb_fs.c
919a5a68	06-Oct-2020	Jerome Forissier <jerome@forissier.org>	Use fallthrough pseudo-keyword in switch/case statements Use fallthrough; in switch/case statements. Imported libraries (libtomcrypt, libmbedtls) are not modified to minimize differences with upstre Use fallthrough pseudo-keyword in switch/case statements Use fallthrough; in switch/case statements. Imported libraries (libtomcrypt, libmbedtls) are not modified to minimize differences with upstream. Signed-off-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/include/kernel/dt.h /optee_os/core/pta/tests/aes_perf.c tee_svc.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/snprintk.c
be041efc	01-Oct-2020	Neil Shipp <neilsh@microsoft.com>	core: Bad assert in fat_entry_dir_update() Fix an assert in fat_entry_dir_update() that always fires when updating fat entries other than the first element in the cache. Signed-off-by: Neil Shipp < core: Bad assert in fat_entry_dir_update() Fix an assert in fat_entry_dir_update() that always fires when updating fat entries other than the first element in the cache. Signed-off-by: Neil Shipp <neilsh@microsoft.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/Makefile tee_rpmb_fs.c
c56cc686	13-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: include parity in DES/DES3 key sizes Update from GP 1.0 the parity bits are now included in the DES and DES3 key sizes. This is an incompatible change where 56, 112 and 168 key sizes are repla core: include parity in DES/DES3 key sizes Update from GP 1.0 the parity bits are now included in the DES and DES3 key sizes. This is an incompatible change where 56, 112 and 168 key sizes are replaced with 64, 128 and 192 respectively. This changes the ABI in a way that it's not enough even to recompile the TA. In order to maintain backwards compatibility the configuration flag CFG_COMPAT_GP10_DES is introduced (default y). The presence of the parity bits is autodetected and this update is transparent to a TA which hasn't been updated. Reviewed-by: Jerome Forissier <jerome@forissier.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c /optee_os/mk/config.mk
68c68bce	09-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_asymm_verify(): accurate DSA parameter check A comment in syscall_asymm_verify() reads: "Depending on the DSA algorithm (NIST), the digital signature output size may be truncated to th core: syscall_asymm_verify(): accurate DSA parameter check A comment in syscall_asymm_verify() reads: "Depending on the DSA algorithm (NIST), the digital signature output size may be truncated to the size of a key pair (Q prime size). Q prime size must be less or equal than the hash output length of the hash algorithm involved." Instead of just assuming that Q size is small when data length is smaller than the hash, check that it's the case also. Don't allow data length smaller than both hash size and Q size. Acked-by: Jerome Forissier <jerome@forissier.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
b9416909	24-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old TEE_ATTR Provide TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC Provides TEE_ATTR_FLAG_VALUE and TEE_ATTR_FLAG_PUBLIC which are defined already in GP v1.0 [1] and also expected in GP v1.1 [2]. The old TEE_ATTR_BIT_VALUE and TEE_ATTR_BIT_PROTECTED are kept for backwards compatibility for now. [1]: GlobalPlatform TEE Internal API Specification v1.0 [2]: GlobalPlatform TEE Internal Core API Specification v1.1 Reviewed-by: Jerome Forissier <jerome@forissier.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/drivers/imx_i2c.c tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/util.h /optee_os/mk/config.mk
d9281a0c	19-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: check that certain object attributes are consistent with max key size When populating a crypto object check that certain attributes are consistent with maximum key size. For example the attrib core: check that certain object attributes are consistent with max key size When populating a crypto object check that certain attributes are consistent with maximum key size. For example the attribute TEE_ATTR_DSA_PRIME must not have more significant bits than max key size. All these attributes are flagged with TEE_TYPE_ATTR_BIGNUM_MAXBITS and tee_svc_cryp_obj_populate_type() is updated as needed. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
d1272505	19-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: check that object attributes for current usage are relevant When populating or generating a key the relevant attributes can differ. Some attributes are parameters for the key generation. Upda core: check that object attributes for current usage are relevant When populating or generating a key the relevant attributes can differ. Some attributes are parameters for the key generation. Updates tee_svc_cryp_check_attr() and object type descriptions to be accurate. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
73e18e2d	19-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: check max key size when populating object Checks that attributes are within the bounds defined by the max key size which was supplied when the object was allocated. Acked-by: Etienne Carriere core: check max key size when populating object Checks that attributes are within the bounds defined by the max key size which was supplied when the object was allocated. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
dbc27a6f	22-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: fix calculation of DES key size Prior to this patch was the parity bits included when calculating the key size for DES keys. Fix this by subtracting the parity bits. Acked-by: Etienne Carrier core: fix calculation of DES key size Prior to this patch was the parity bits included when calculating the key size for DES keys. Fix this by subtracting the parity bits. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
6c276b08	18-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: tee_obj_get() return TEE_ERROR_BAD_STATE Updates tee_obj_get() to return TEE_ERROR_BAD_STATE when an object reference can't be found. This will allow the GP TA API to panic the caller as requi core: tee_obj_get() return TEE_ERROR_BAD_STATE Updates tee_obj_get() to return TEE_ERROR_BAD_STATE when an object reference can't be found. This will allow the GP TA API to panic the caller as required in the GP spec [1]. [1] GlobalPlatform TEE Internal Core API Specification v1.1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_obj.c
338b123e	18-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_obj_generate_key() check public rsa exponent The v1.1 spec [1] requires that the NIST SP800-56B [2] rules to be followed when generating an RSA key. Adds a check when generating a RSA core: syscall_obj_generate_key() check public rsa exponent The v1.1 spec [1] requires that the NIST SP800-56B [2] rules to be followed when generating an RSA key. Adds a check when generating a RSA key that the supplied exponent confirms with the requirements in NIST SP800-56B, thas is, the key must be odd and in the range 65537 <= e < 2^256. [1]: GlobalPlatform TEE Internal Core API Specification v1.1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Link [2]: https://csrc.nist.gov/publications/detail/sp/800-56b/rev-2/final Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c
9760936c	13-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_cryp_obj_alloc(): allow TEE_TYPE_DATA for transient objects GP 1.1 spec [1] explicitly allows creation of TEE_TYPE_DATA object. So update syscall_cryp_obj_alloc() accordingly. [1]: G core: syscall_cryp_obj_alloc(): allow TEE_TYPE_DATA for transient objects GP 1.1 spec [1] explicitly allows creation of TEE_TYPE_DATA object. So update syscall_cryp_obj_alloc() accordingly. [1]: GlobalPlatform TEE Internal Core API Specification v1.1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/include/kernel/dt.h /optee_os/core/kernel/dt.c tee_svc_cryp.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_panic.c /optee_os/lib/libutee/tee_api_private.h /optee_os/lib/libutee/tee_api_property.c /optee_os/mk/config.mk
e12c9f67	11-Sep-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: strict buffer check in syscalls following GP 1.1 GP 1.1 [1] and also earlier specifications has certain annotation in the description of API functions to among other things describe which kind core: strict buffer check in syscalls following GP 1.1 GP 1.1 [1] and also earlier specifications has certain annotation in the description of API functions to among other things describe which kind of memory a buffer is required to reside in. It could be readable, writeable, in shared memory in TA private memory. The following syscalls are updated with slightly stricter checks with regards to TA private memory where needed: - syscall_open_ta_session() - syscall_invoke_ta_command() - syscall_get_time() - syscall_set_ta_time() - syscall_cryp_obj_get_info() - syscall_cryp_random_number_generate() - syscall_authenc_dec_final() - syscall_storage_next_enum() - syscall_storage_obj_read() - syscall_storage_obj_write() [1]: GlobalPlatform TEE Internal Core API Specification v1.1 Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/kernel/user_access.h /optee_os/core/include/mm/tee_mmu_types.h /optee_os/core/kernel/user_access.c tee_svc.c tee_svc_cryp.c tee_svc_storage.c
c40a6505	21-Jun-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: separate copy_from_user() and friends Removes the tee_svc_ prefix and moves tee_svc_copy_from_user() and friends into <kernel/user_access.h> and core/kernel/user/access.c Reviewed-by: Jerome core: separate copy_from_user() and friends Removes the tee_svc_ prefix and moves tee_svc_copy_from_user() and friends into <kernel/user_access.h> and core/kernel/user/access.c Reviewed-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/unwind.h /optee_os/core/arch/arm/include/pta_stmm.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/cache_helpers_a32.S /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/misc_a32.S /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spin_lock_a32.S /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_optee_smc_a32.S /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/kernel/tlb_helpers_a32.S /optee_os/core/arch/arm/kernel/tz_ssvce_pl310_a32.S /optee_os/core/arch/arm/kernel/unwind_arm32.c /optee_os/core/arch/arm/kernel/unwind_arm64.c /optee_os/core/arch/arm/kernel/unwind_private.h /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/kernel/vfp_a32.S /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/plat-hisilicon/hi3519av100_plat_init.S /optee_os/core/arch/arm/plat-imx/a7_plat_init.S /optee_os/core/arch/arm/plat-imx/a9_plat_init.S /optee_os/core/arch/arm/plat-imx/pm/psci-cpuidle-imx7.S /optee_os/core/arch/arm/plat-imx/pm/psci-suspend-imx7.S /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/plat_init.S /optee_os/core/arch/arm/plat-rockchip/core_pos_a32.S /optee_os/core/arch/arm/plat-rockchip/plat_init.S /optee_os/core/arch/arm/plat-rzn1/a7_plat_init.S /optee_os/core/arch/arm/plat-rzn1/conf.mk /optee_os/core/arch/arm/plat-rzn1/link.mk /optee_os/core/arch/arm/plat-rzn1/main.c /optee_os/core/arch/arm/plat-rzn1/platform_config.h /optee_os/core/arch/arm/plat-rzn1/psci.c /optee_os/core/arch/arm/plat-rzn1/rzn1_regauth.h /optee_os/core/arch/arm/plat-rzn1/rzn1_tz.h /optee_os/core/arch/arm/plat-rzn1/sm_platform_handler.c /optee_os/core/arch/arm/plat-rzn1/sub.mk /optee_os/core/arch/arm/plat-stm/tz_a9init.S /optee_os/core/arch/arm/plat-stm32mp1/reset.S /optee_os/core/arch/arm/plat-sunxi/plat_init.S /optee_os/core/arch/arm/plat-ti/a9_plat_init.S /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/juno_core_pos_a32.S /optee_os/core/arch/arm/plat-vexpress/vendor_props.c /optee_os/core/arch/arm/plat-zynq7k/plat_init.S /optee_os/core/arch/arm/sm/pm_a32.S /optee_os/core/arch/arm/sm/psci-helper.S /optee_os/core/arch/arm/sm/sm_a32.S /optee_os/core/arch/arm/tee/arch_svc.c /optee_os/core/arch/arm/tee/arch_svc_a32.S /optee_os/core/arch/arm/tee/arch_svc_a64.S /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/caam/acipher/caam_prime.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/rsa.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/ns16550.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/ns16550.h /optee_os/core/include/kernel/user_access.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/mm/tee_mmu.h /optee_os/core/include/tee/tee_svc.h /optee_os/core/kernel/panic.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/user_access.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/pta/system.c /optee_os/core/sub.mk tee_svc.c tee_svc_cryp.c tee_svc_storage.c /optee_os/ldelf/ldelf.mk /optee_os/ldelf/sub.mk /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libunw/include/unw/unwind.h /optee_os/lib/libunw/sub.mk /optee_os/lib/libunw/unwind_arm32.c /optee_os/lib/libunw/unwind_arm64.c /optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S /optee_os/lib/libutee/trace_ext.c /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/include/trace.h /optee_os/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S /optee_os/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/newlib/sub.mk /optee_os/mk/config.mk /optee_os/scripts/gen_stmm_hex.py /optee_os/scripts/sign_encrypt.py /optee_os/ta/arch/arm/ta_entry_a32.S /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/attributes.c /optee_os/ta/pkcs11/src/attributes.h /optee_os/ta/pkcs11/src/entry.c /optee_os/ta/pkcs11/src/object.c /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/pkcs11_helpers.h /optee_os/ta/pkcs11/src/pkcs11_token.c /optee_os/ta/pkcs11/src/pkcs11_token.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_aes.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/pkcs11/src/sub.mk /optee_os/ta/pkcs11/src/token_capabilities.c /optee_os/ta/pkcs11/src/token_capabilities.h
63146177	19-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: add tee_pobj_create_final() Adds tee_pobj_create_final() which finalized a create operation. Until tee_pobj_create_final() has been called the struct pobj cannot be shared with any other objec core: add tee_pobj_create_final() Adds tee_pobj_create_final() which finalized a create operation. Until tee_pobj_create_final() has been called the struct pobj cannot be shared with any other object. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/tee/tee_pobj.h tee_pobj.c tee_svc_storage.c
928efd06	18-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_storage_next_enum() use live pobj Instead of using a fake pobj in syscall_storage_next_enum() retrieve the shared pobj instead in order to get the flags of an already opened object. T core: syscall_storage_next_enum() use live pobj Instead of using a fake pobj in syscall_storage_next_enum() retrieve the shared pobj instead in order to get the flags of an already opened object. TEE_POBJ_USAGE_ENUM is supplied to tee_pobj_get() to avoid checking for conflicts with how the pobj is already used. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/tee/tee_pobj.h tee_pobj.c tee_svc_storage.c
6885abf2	18-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: tee_pobj_get() takes an enum tee_pobj_usage Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a bool temporary. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signe core: tee_pobj_get() takes an enum tee_pobj_usage Changes tee_pobj_get() to take an enum tee_pobj_usage usage instead of a bool temporary. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/tee/tee_pobj.h tee_pobj.c tee_svc_storage.c
06b0fe08	14-Aug-2020	Jens Wiklander <jens.wiklander@linaro.org>	core: remove struct tee_obj::flags struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the same meaning as the flags field in struct tee_obj. To avoid the two fields getting out of sy core: remove struct tee_obj::flags struct tee_obj keeps a TEE_ObjectInfo which has a flags field with the same meaning as the flags field in struct tee_obj. To avoid the two fields getting out of sync remove struct tee_obj::flags and only use TEE_ObjectInfo::handleFlags. Additional checks are added in syscall_storage_obj_open() and syscall_storage_obj_create() to make sure that no undefined flags are added to TEE_ObjectInfo::handleFlags. Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/tee/tee_obj.h tee_svc_storage.c /optee_os/lib/libutee/tee_api_arith_mpi.c
1 2 3 4 5 678 9 10 >>...24