tee - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
fd10f62b	28-Jan-2019	Ovidiu Mihalachi <ovidiu_mihalachi@mentor.com>	core: keep alive TA context can be created after TA has panicked When a keep alive TA instance panics, it continues to exist and blocks all further use of the TA until the next reboot of the system. core: keep alive TA context can be created after TA has panicked When a keep alive TA instance panics, it continues to exist and blocks all further use of the TA until the next reboot of the system. Moreover, when a new session is trying to be created for the panicked TA (while another session to that TA is still opened), the system hangs. This change releases panicked TA context and clears all references to the released context when the TA panics regardless the TA properties. This allows keep alive TA instances to be created back after they have panicked without needing to reboot OP-TEE core. Sessions on panicked TAs have to be closed by the client by calling the proper API when session client is scheduled back. Signed-off-by: Ovidiu Mihalachi <ovidiu_mihalachi@mentor.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/mobj.h /optee_os/core/arch/arm/include/tee/entry_std.h /optee_os/core/arch/arm/kernel/generic_boot.c /optee_os/core/arch/arm/kernel/otp_stubs.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/sub.mk /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/arm/tee/entry_std.c /optee_os/core/arch/arm/tee/init.c /optee_os/core/core.mk /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_uart.h /optee_os/core/include/kernel/msg_param.h /optee_os/core/include/mm/tee_mmu.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c tee_svc.c /optee_os/mk/config.mk
9cc10bc9	25-Apr-2019	Jens Wiklander <jens.wiklander@linaro.org>	core: derive RPMB key using huk_subkey_derive() tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead of MAC:ing etc directly. Note that this is only backwards compatible if CFG_CO core: derive RPMB key using huk_subkey_derive() tee_rpmb_key_gen() uses huk_subkey_derive() to derive the RPMB instead of MAC:ing etc directly. Note that this is only backwards compatible if CFG_CORE_HUK_SUBKEY_COMPAT=y. Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_rpmb_fs.c
df91a522	25-Apr-2019	Jens Wiklander <jens.wiklander@linaro.org>	core: derive SSK using huk_subkey_derive() tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK instead of MAC:ing etc directly. Note that this is only backwards compatible if CFG_C core: derive SSK using huk_subkey_derive() tee_fs_init_key_manager() uses huk_subkey_derive() to derive the SSK instead of MAC:ing etc directly. Note that this is only backwards compatible if CFG_CORE_HUK_SUBKEY_COMPAT=y. Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/kernel/mutex.h /optee_os/core/arch/arm/include/kernel/wait_queue.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/kernel/link_dummies.c /optee_os/core/arch/arm/kernel/mutex.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/kernel/wait_queue.c /optee_os/core/arch/arm/plat-bcm/conf.mk /optee_os/core/arch/arm/plat-bcm/main.c /optee_os/core/arch/arm/plat-bcm/platform_config.h /optee_os/core/arch/arm/plat-hikey/platform_config.h /optee_os/core/arch/arm/plat-imx/a7_plat_init.S /optee_os/core/arch/arm/plat-imx/a9_plat_init.S /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/drivers/bcm_gpio.c /optee_os/core/drivers/pl022_spi.c /optee_os/core/drivers/pl061_gpio.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/bcm_gpio.h /optee_os/core/include/kernel/huk_subkey.h /optee_os/core/kernel/huk_subkey.c /optee_os/core/kernel/sub.mk /optee_os/core/lib/libtomcrypt/mpi_desc.c tee_fs_key_manager.c /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/arch/arm/gprof/gprof_a32.S /optee_os/lib/libutee/arch/arm/gprof/gprof_a64.S /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/ta.ld.S /optee_os/typedefs.checkpatch
13e224aa	11-Apr-2019	Christopher Tam <godtamit@google.com>	core: storage: set data length after truncation After truncating a persistent object, update dataSize in the corresponding TEE_ObjectInfo structure. Signed-off-by: Christopher Tam <godtamit@google. core: storage: set data length after truncation After truncating a persistent object, update dataSize in the corresponding TEE_ObjectInfo structure. Signed-off-by: Christopher Tam <godtamit@google.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP) show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/generic_boot.c /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/sub.mk /optee_os/core/arch/arm/plat-imx/drivers/tzc380.c /optee_os/core/arch/arm/plat-imx/imx.h /optee_os/core/arch/arm/plat-imx/imx6.c /optee_os/core/arch/arm/plat-imx/sub.mk /optee_os/core/arch/arm/plat-rpi3/conf.mk /optee_os/core/arch/arm/plat-rpi3/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/pm/psci.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-zynqmp/platform_config.h /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/crypto/aes-cts.c /optee_os/core/crypto/aes-gcm-ghash-tbl.c /optee_os/core/crypto/aes-gcm-sw.c /optee_os/core/crypto/aes-gcm.c /optee_os/core/crypto/cbc-mac.c /optee_os/core/crypto/crypto.c /optee_os/core/crypto/sub.mk /optee_os/core/drivers/bcm_hwrng.c /optee_os/core/drivers/bcm_sotp.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/tzc380.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/bcm_hwrng.h /optee_os/core/include/drivers/bcm_sotp.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_rng.h /optee_os/core/include/drivers/tzc380.h /optee_os/core/lib/libtomcrypt/acipher_helpers.h /optee_os/core/lib/libtomcrypt/aes.c /optee_os/core/lib/libtomcrypt/cbc.c /optee_os/core/lib/libtomcrypt/ccm.c /optee_os/core/lib/libtomcrypt/cmac.c /optee_os/core/lib/libtomcrypt/ctr.c /optee_os/core/lib/libtomcrypt/des2_key.h /optee_os/core/lib/libtomcrypt/dh.c /optee_os/core/lib/libtomcrypt/dsa.c /optee_os/core/lib/libtomcrypt/ecb.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/gcm.c /optee_os/core/lib/libtomcrypt/hash.c /optee_os/core/lib/libtomcrypt/hmac.c /optee_os/core/lib/libtomcrypt/include/tomcrypt_custom.h /optee_os/core/lib/libtomcrypt/include/tomcrypt_init.h /optee_os/core/lib/libtomcrypt/include/tomcrypt_mp.h /optee_os/core/lib/libtomcrypt/mpa_desc.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/ciphers/sub.mk /optee_os/core/lib/libtomcrypt/src/encauth/gcm/gcm_mult_h_arm_ce.c /optee_os/core/lib/libtomcrypt/src/encauth/gcm/sub.mk /optee_os/core/lib/libtomcrypt/src/encauth/sub.mk /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk /optee_os/core/lib/libtomcrypt/src/hashes/sub.mk /optee_os/core/lib/libtomcrypt/src/mac/sub.mk /optee_os/core/lib/libtomcrypt/src/math/fp/sub.mk /optee_os/core/lib/libtomcrypt/src/modes/sub.mk /optee_os/core/lib/libtomcrypt/src/pk/dsa/dsa_import.c /optee_os/core/lib/libtomcrypt/src/pk/sub.mk /optee_os/core/lib/libtomcrypt/src/prngs/sub.mk /optee_os/core/lib/libtomcrypt/src/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/lib/libtomcrypt/xts.c tee_svc_storage.c /optee_os/lib/libmbedtls/core/aes.c /optee_os/lib/libmbedtls/core/aes_cbc.c /optee_os/lib/libmbedtls/core/aes_cmac.c /optee_os/lib/libmbedtls/core/aes_ctr.c /optee_os/lib/libmbedtls/core/aes_ecb.c /optee_os/lib/libmbedtls/core/bignum.c /optee_os/lib/libmbedtls/core/des3_cbc.c /optee_os/lib/libmbedtls/core/des3_ecb.c /optee_os/lib/libmbedtls/core/des_cbc.c /optee_os/lib/libmbedtls/core/des_ecb.c /optee_os/lib/libmbedtls/core/dh.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/hash.c /optee_os/lib/libmbedtls/core/hmac.c /optee_os/lib/libmbedtls/core/mbd_rand.h /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libmbedtls/core/tomcrypt.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/mbedtls/CONTRIBUTING.md /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/README.md /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aes.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aesni.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/arc4.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/aria.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/asn1.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/asn1write.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/base64.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/blowfish.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bn_mul.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/camellia.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ccm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/certs.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/chacha20.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/chachapoly.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cipher.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cipher_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/cmac.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/compat-1.3.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ctr_drbg.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/debug.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/des.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/dhm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecjpake.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy_poll.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/error.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/gcm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/havege.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/hkdf.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/hmac_drbg.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md2.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md4.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md5.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/md_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/memory_buffer_alloc.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net_sockets.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/nist_kw.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/oid.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/padlock.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pem.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs11.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs12.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pkcs5.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_time.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/poly1305.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ripemd160.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha1.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha256.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/sha512.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cache.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ciphersuites.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cookie.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_internal.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ticket.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/threading.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/timing.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/version.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crt.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_csr.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/xtea.h /optee_os/lib/libmbedtls/mbedtls/library/aes.c /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/arc4.c /optee_os/lib/libmbedtls/mbedtls/library/aria.c /optee_os/lib/libmbedtls/mbedtls/library/asn1parse.c /optee_os/lib/libmbedtls/mbedtls/library/asn1write.c /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libmbedtls/mbedtls/library/blowfish.c /optee_os/lib/libmbedtls/mbedtls/library/camellia.c /optee_os/lib/libmbedtls/mbedtls/library/ccm.c /optee_os/lib/libmbedtls/mbedtls/library/certs.c /optee_os/lib/libmbedtls/mbedtls/library/chacha20.c /optee_os/lib/libmbedtls/mbedtls/library/chachapoly.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/cmac.c /optee_os/lib/libmbedtls/mbedtls/library/ctr_drbg.c /optee_os/lib/libmbedtls/mbedtls/library/debug.c /optee_os/lib/libmbedtls/mbedtls/library/des.c /optee_os/lib/libmbedtls/mbedtls/library/dhm.c /optee_os/lib/libmbedtls/mbedtls/library/ecdh.c /optee_os/lib/libmbedtls/mbedtls/library/ecdsa.c /optee_os/lib/libmbedtls/mbedtls/library/ecjpake.c /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/ecp_curves.c /optee_os/lib/libmbedtls/mbedtls/library/entropy.c /optee_os/lib/libmbedtls/mbedtls/library/entropy_poll.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/gcm.c /optee_os/lib/libmbedtls/mbedtls/library/havege.c /optee_os/lib/libmbedtls/mbedtls/library/hkdf.c /optee_os/lib/libmbedtls/mbedtls/library/hmac_drbg.c /optee_os/lib/libmbedtls/mbedtls/library/md.c /optee_os/lib/libmbedtls/mbedtls/library/md2.c /optee_os/lib/libmbedtls/mbedtls/library/md4.c /optee_os/lib/libmbedtls/mbedtls/library/md5.c /optee_os/lib/libmbedtls/mbedtls/library/md_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/memory_buffer_alloc.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/nist_kw.c /optee_os/lib/libmbedtls/mbedtls/library/oid.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/pk_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/pkcs12.c /optee_os/lib/libmbedtls/mbedtls/library/pkcs5.c /optee_os/lib/libmbedtls/mbedtls/library/pkparse.c /optee_os/lib/libmbedtls/mbedtls/library/pkwrite.c /optee_os/lib/libmbedtls/mbedtls/library/platform.c /optee_os/lib/libmbedtls/mbedtls/library/platform_util.c /optee_os/lib/libmbedtls/mbedtls/library/poly1305.c /optee_os/lib/libmbedtls/mbedtls/library/ripemd160.c /optee_os/lib/libmbedtls/mbedtls/library/rsa.c /optee_os/lib/libmbedtls/mbedtls/library/rsa_internal.c /optee_os/lib/libmbedtls/mbedtls/library/sha1.c /optee_os/lib/libmbedtls/mbedtls/library/sha256.c /optee_os/lib/libmbedtls/mbedtls/library/sha512.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_cache.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_ciphersuites.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_cli.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_cookie.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_srv.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_ticket.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/threading.c /optee_os/lib/libmbedtls/mbedtls/library/timing.c /optee_os/lib/libmbedtls/mbedtls/library/version.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509.c /optee_os/lib/libmbedtls/mbedtls/library/x509_create.c /optee_os/lib/libmbedtls/mbedtls/library/x509_crl.c /optee_os/lib/libmbedtls/mbedtls/library/x509_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509_csr.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/lib/libmbedtls/mbedtls/library/xtea.c /optee_os/lib/libmbedtls/sub.mk /optee_os/lib/libutee/base64.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutils/ext/include/types_ext.h /optee_os/lib/libutils/ext/trace.c /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/symbolize.py /optee_os/typedefs.checkpatch
025f5cd8	07-Mar-2019	Alexandre Jutras <alexandre.jutras@linaro.org>	core: Initialize the chip_id array when generating the SSK In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as follow: SSK = HMAC(HUK, message) message := concatenate(chip core: Initialize the chip_id array when generating the SSK In tee_fs_init_key_manager(), Secure Storage Key (SSK) is computed as follow: SSK = HMAC(HUK, message) message := concatenate(chip_id, static string) chip_id is a 32-byte array but some tee_otp_get_die_id() implementation may provide a smaller chip ID. Initialize the chip_id array to make sure the remaining bytes do not contain garbage data. Without this initialization, SSK may be inconsistent across power cycles generating failures when reading back data from the secure storage. Signed-off-by: Alexandre Jutras <alexandre.jutras@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/core/arch/arm/kernel/elf_load.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/stm32_i2c.h tee_fs_key_manager.c /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutils/ext/include/util.h /optee_os/mk/config.mk /optee_os/mk/lib.mk /optee_os/ta/arch/arm/link.mk /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/ta.mk
65fe41db	01-Mar-2019	Etienne Carriere <etienne.carriere@linaro.org>	core: cleanup generic traces Remove useless newline character in few generic debug traces. Remove argument __func__ from a FMSG trace since already output by macro FMSG(). Remove error trace from core: cleanup generic traces Remove useless newline character in few generic debug traces. Remove argument __func__ from a FMSG trace since already output by macro FMSG(). Remove error trace from syscall_storage_obj_read() that, prior this change, output failing error code from storage read() handler. This is useless and not done for other storage handlers return code. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/kernel/generic_boot.c /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/ree_fs_ta.c /optee_os/core/arch/arm/kernel/tee_time_arm_cntpct.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/unwind_arm32.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/pta/gprof.c /optee_os/core/arch/arm/tee/entry_std.c /optee_os/core/drivers/tzc380.c /optee_os/core/drivers/tzc400.c /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/lib/libtomcrypt/src/tee_ltc_provider.c tee_obj.c tee_rpmb_fs.c tee_svc_storage.c /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/mk/config.mk
48e10604	14-Feb-2019	Jerome Forissier <jerome.forissier@linaro.org>	libutils: remove buf_compare_ct() Now that we have consttime_memcmp(), buf_compare_ct() is redundant. Every time buf_compare_ct() is used, consttime_memcmp() may be used instead. This commit remove libutils: remove buf_compare_ct() Now that we have consttime_memcmp(), buf_compare_ct() is redundant. Every time buf_compare_ct() is used, consttime_memcmp() may be used instead. This commit removes buf_compare_ct(). A compatibility wrapper is kept in <string_ext.h> to avoid knowingly breaking the build of any TA that may use it. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/pta/secstor_ta_mgmt.c /optee_os/core/crypto/aes-gcm.c /optee_os/core/lib/libtomcrypt/include/tomcrypt_custom.h /optee_os/core/lib/libtomcrypt/src/tee_ltc_provider.c fs_htree.c tee_rpmb_fs.c /optee_os/lib/libutee/include/tee_api.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/consttime_memcmp.c /optee_os/lib/libutils/ext/include/string_ext.h /optee_os/lib/libutils/ext/sub.mk
ea81076f	06-Feb-2019	Jerome Forissier <jerome.forissier@linaro.org>	core: RPMB FS: check for potential overflows This commit deals with a number of potential integer overflows in the RPMB FS code. rpmb_fs_init() requests device information from the REE. The RPMB si core: RPMB FS: check for potential overflows This commit deals with a number of potential integer overflows in the RPMB FS code. rpmb_fs_init() requests device information from the REE. The RPMB size is returned in struct rpmb_dev_info (field rpmb_size_mult) and is used in a multiplication that could overflow. Use MUL_OVERFLOW() to deal with this case. Some overflow checks are also added in the read and write paths. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.12] Reviewed-by: Joakim Bech <joakim.bech@linaro.org> show more ... tee_rpmb_fs.c
06aa9a9b	05-Feb-2019	Jerome Forissier <jerome.forissier@linaro.org>	core: syscall_authenc_init(): check nonce accessibility syscall_authenc_init() does not check that the given nonce address is within TA accessible memory. Fix that. Signed-off-by: Jerome Forissier core: syscall_authenc_init(): check nonce accessibility syscall_authenc_init() does not check that the given nonce address is within TA accessible memory. Fix that. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.10] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> show more ... tee_svc_cryp.c
bd81e5b9	05-Feb-2019	Jerome Forissier <jerome.forissier@linaro.org>	core: crypto: add overflow check when copying attributes In copy_in_attrs(), attr_count * sizeof(struct utee_attribute) could overflow if a very large attr_count is given. Use MUL_OVERFLOW() to prop core: crypto: add overflow check when copying attributes In copy_in_attrs(), attr_count * sizeof(struct utee_attribute) could overflow if a very large attr_count is given. Use MUL_OVERFLOW() to properly deal with this case. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.9] Reviewed-by: Joakim Bech <joakim.bech@linaro.org> show more ... /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/crypto/signed_hdr.c tee_svc_cryp.c
99164a05	04-Feb-2019	Jerome Forissier <jerome.forissier@linaro.org>	core: do not use virtual addresses as session identifier Session context virtual address is returned to the REE in entry_open_session(); it is then used back in entry_close_session() and entry_invok core: do not use virtual addresses as session identifier Session context virtual address is returned to the REE in entry_open_session(); it is then used back in entry_close_session() and entry_invoke_command(). Sharing virtual addresses with the REE leads to virtual memory addresses disclosure that could be leveraged to defeat ASLR (if/when implemented) and/or mount an attack. Similarly, syscall_open_ta_session() returns a session ID directly derived from the session virtual address to the caller TA. This commit introduces a 32-bit identifier field in struct tee_ta_session. The ID is generated when the session is created, starting from the id of the last session in the queue, and counting up until a number that is not used in the session queue is found. Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Bastien Simondi <bsimondi@netflix.com> [2.1] Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/.travis.yml /optee_os/LICENSE /optee_os/MAINTAINERS /optee_os/README.md /optee_os/core/arch/arm/dts/stm32mp157c.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/generic_boot.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/elf_load.c /optee_os/core/arch/arm/kernel/generic_boot.c /optee_os/core/arch/arm/kernel/generic_entry_a32.S /optee_os/core/arch/arm/kernel/generic_entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/trace_ext.c /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_private.h /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/tee_mm.c /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/mm/tee_pager.c /optee_os/core/arch/arm/plat-bcm/main.c /optee_os/core/arch/arm/plat-bcm/platform_config.h /optee_os/core/arch/arm/plat-d02/main.c /optee_os/core/arch/arm/plat-hikey/main.c /optee_os/core/arch/arm/plat-hikey/spi_test.c /optee_os/core/arch/arm/plat-hisilicon/conf.mk /optee_os/core/arch/arm/plat-hisilicon/hi3519av100.h /optee_os/core/arch/arm/plat-hisilicon/hi3519av100_plat_init.S /optee_os/core/arch/arm/plat-hisilicon/main.c /optee_os/core/arch/arm/plat-hisilicon/platform_config.h /optee_os/core/arch/arm/plat-hisilicon/psci.c /optee_os/core/arch/arm/plat-hisilicon/sub.mk /optee_os/core/arch/arm/plat-imx/imx-common.c /optee_os/core/arch/arm/plat-imx/imx6.c /optee_os/core/arch/arm/plat-imx/imx6ul.c /optee_os/core/arch/arm/plat-imx/imx7.c /optee_os/core/arch/arm/plat-imx/imx_pl310.c /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-imx/mmdc.c /optee_os/core/arch/arm/plat-imx/pm/cpuidle-imx7d.c /optee_os/core/arch/arm/plat-imx/pm/gpcv2.c /optee_os/core/arch/arm/plat-imx/pm/pm-imx7.c /optee_os/core/arch/arm/plat-imx/pm/psci.c /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-marvell/armada3700/hal_sec_perf.c /optee_os/core/arch/arm/plat-marvell/armada7k8k/hal_sec_perf.c /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-mediatek/main.c /optee_os/core/arch/arm/plat-poplar/main.c /optee_os/core/arch/arm/plat-poplar/platform_config.h /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform.c /optee_os/core/arch/arm/plat-rockchip/psci_rk322x.c /optee_os/core/arch/arm/plat-rpi3/main.c /optee_os/core/arch/arm/plat-rpi3/platform_config.h /optee_os/core/arch/arm/plat-sam/main.c /optee_os/core/arch/arm/plat-sam/matrix.c /optee_os/core/arch/arm/plat-sam/platform_config.h /optee_os/core/arch/arm/plat-sprd/main.c /optee_os/core/arch/arm/plat-sprd/platform_config.h /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-stm/rng_support.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_clk.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_etzpc.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/pm/psci.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-sunxi/main.c /optee_os/core/arch/arm/plat-sunxi/psci.c /optee_os/core/arch/arm/plat-synquacer/main.c /optee_os/core/arch/arm/plat-synquacer/rng_pta.c /optee_os/core/arch/arm/plat-ti/main.c /optee_os/core/arch/arm/plat-ti/platform_config.h /optee_os/core/arch/arm/plat-ti/sm_platform_handler_a9.c /optee_os/core/arch/arm/plat-ti/ti_pl310.c /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-zynq7k/main.c /optee_os/core/arch/arm/plat-zynqmp/main.c /optee_os/core/arch/arm/plat-zynqmp/platform_config.h /optee_os/core/arch/arm/pta/core_self_tests.c /optee_os/core/arch/arm/pta/stats.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/arm/tee/entry_std.c /optee_os/core/drivers/atmel_uart.c /optee_os/core/drivers/cdns_uart.c /optee_os/core/drivers/dra7_rng.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/hi16xx_rng.c /optee_os/core/drivers/hi16xx_uart.c /optee_os/core/drivers/imx_snvs.c /optee_os/core/drivers/imx_uart.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/mvebu_uart.c /optee_os/core/drivers/ns16550.c /optee_os/core/drivers/pl011.c /optee_os/core/drivers/pl022_spi.c /optee_os/core/drivers/pl061_gpio.c /optee_os/core/drivers/scif.c /optee_os/core/drivers/serial8250_uart.c /optee_os/core/drivers/sprd_uart.c /optee_os/core/drivers/stih_asc.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/tzc380.c /optee_os/core/drivers/tzc400.c /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/stm32_etzpc.h /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/io.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/tee_mm.h /optee_os/core/kernel/console.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/lib/libtomcrypt/src/mpa_desc.c /optee_os/core/lib/libtomcrypt/src/mpi_desc.c /optee_os/core/lib/libtomcrypt/src/tee_ltc_provider.c tee_svc.c /optee_os/lib/libutee/tee_api_arith_mpa.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/include/mempool.h /optee_os/lib/libutils/ext/include/string_ext.h /optee_os/lib/libutils/ext/mempool.c /optee_os/lib/libutils/ext/nex_strdup.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/isalnum.c /optee_os/lib/libutils/isoc/iscntrl.c /optee_os/lib/libutils/isoc/isgraph.c /optee_os/lib/libutils/isoc/islower.c /optee_os/lib/libutils/isoc/isprint.c /optee_os/lib/libutils/isoc/ispunct.c /optee_os/lib/libutils/isoc/stack_check.c /optee_os/lib/libutils/isoc/sub.mk /optee_os/lib/libutils/isoc/toupper.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/link.mk
42cf03c3	24-Jan-2019	Oliver Chiang <rockerfeynman@gmail.com>	core: check the value of tee_otp_get_die_id() Just like the get_prop_tee_dev_id() in tee_svc.c, it returns TEE_ERROR_BAD_STATE, when tee_otp_get_die_id() reports someting bad. Put the same check in core: check the value of tee_otp_get_die_id() Just like the get_prop_tee_dev_id() in tee_svc.c, it returns TEE_ERROR_BAD_STATE, when tee_otp_get_die_id() reports someting bad. Put the same check in tee_fs_init_key_manager() as well. Fixes: https://github.com/OP-TEE/optee_os/issues/2762 Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> [jf: use URL in Fixes: tag] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/README.md /optee_os/core/arch/arm/kernel/ree_fs_ta.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/plat-bcm/conf.mk /optee_os/core/arch/arm/plat-bcm/main.c /optee_os/core/arch/arm/plat-bcm/platform_config.h /optee_os/core/arch/arm/plat-bcm/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/scripts/stm32image.py tee_fs_key_manager.c /optee_os/documentation/external_libraries.rst /optee_os/mk/aosp_optee.mk /optee_os/scripts/bin_to_c.py
41b29406	16-Jan-2019	Oliver Chiang <rockerfeynman@gmail.com>	core: syscall_storage_obj_create(): fix a memory leak Free the o->attr in the error handling part. Fixes: https://github.com/OP-TEE/optee_os/issues/2738 Signed-off-by: Oliver Chiang <rockerfeynman@ core: syscall_storage_obj_create(): fix a memory leak Free the o->attr in the error handling part. Fixes: https://github.com/OP-TEE/optee_os/issues/2738 Signed-off-by: Oliver Chiang <rockerfeynman@gmail.com> [jf: do not set o->attr = 0; move tee_obj_free(o) under if (o) { ... }] [jf: add spaces to subject; use URL in Fixes: tag] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU) show more ... /optee_os/core/arch/arm/plat-vexpress/main.c tee_svc_storage.c
84e9c40b	20-Nov-2018	Jens Wiklander <jens.wiklander@linaro.org>	core: svc_cryp: fix truncated buffer length Fixes truncated buffer length in multiple crypto syscalls. The buffer length is truncated on 32-bit systems because a size_t can't hold a uint64_t which i core: svc_cryp: fix truncated buffer length Fixes truncated buffer length in multiple crypto syscalls. The buffer length is truncated on 32-bit systems because a size_t can't hold a uint64_t which is use to carry the buffer length. Fixes: "Truncated buffer length in crypto system calls (x4)" as reported by Riscure. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
d5c5b0b7	20-Nov-2018	Jens Wiklander <jens.wiklander@linaro.org>	core: svc: always check ta parameters Always check TA parameters from a user TA. This prevents a user TA from passing invalid pointers to a pseudo TA. Fixes: OP-TEE-2018-0007: "Buffer checks missin core: svc: always check ta parameters Always check TA parameters from a user TA. This prevents a user TA from passing invalid pointers to a pseudo TA. Fixes: OP-TEE-2018-0007: "Buffer checks missing when calling pseudo TAs". Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/mm/tee_mmu.c /optee_os/core/arch/arm/tee/entry_std.c /optee_os/core/include/optee_msg.h tee_svc.c
359324a2	12-Oct-2018	Jens Wiklander <jens.wiklander@linaro.org>	svc: Initialize tmp_va_buf to prevent a TOCTOU attack tmp_va_buf will be used if caller parameters points to private TA memory. However, after doing the syscall to invoke the command it could be tha svc: Initialize tmp_va_buf to prevent a TOCTOU attack tmp_va_buf will be used if caller parameters points to private TA memory. However, after doing the syscall to invoke the command it could be that REE has changed caller parameters to point to regular shared memory and that could potentially open for tmp_va_buf leaking old information on the stack. Mitigate this by simplify tee_svc_update_out_param() by only taking tmp_buf_va[n] into account to tell if a temporary buffer is used or not. Note that tee_svc_copy_to_user() will make sure that only data writeable by the user TA can be updated. Fixes: "Double fetch can be used to copy from uninitialized pointer" as reported by Riscure. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/tee/entry_std.c tee_svc.c
99e8a8cc	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: fix NULL pointer dereference during storage enumeration In syscall_storage_next_enum(..) when 'tee_obj o' isn't successfully initialized, then 'o->pobj->fops' is a NULL pointer and therefore we svc: fix NULL pointer dereference during storage enumeration In syscall_storage_next_enum(..) when 'tee_obj o' isn't successfully initialized, then 'o->pobj->fops' is a NULL pointer and therefore we need to check for that before trying to dereference it in the clean-up part of the function. Fixes: "Null pointer dereference in storage system call" as reported by Riscure. Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_storage.c
ea8357c1	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: check for overflow when allocating a BigNum buffer To avoid overflow errors and copy more data than being allocated we must check for overflow when allocating a buffer for the bignum-buffer whi svc: check for overflow when allocating a BigNum buffer To avoid overflow errors and copy more data than being allocated we must check for overflow when allocating a buffer for the bignum-buffer which is 8 times larger than the binary buffer. Fixes: "Integer overflow in crypto system call" as reported by Riscure. Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
54ebc3ac	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: avoid TOCTOU issue in syscall_hash_final When checking that the supplied buffer is big enough to fit the computed digest one should use the local copy 'hlen' instead of 'hash_len' to prevent th svc: avoid TOCTOU issue in syscall_hash_final When checking that the supplied buffer is big enough to fit the computed digest one should use the local copy 'hlen' instead of 'hash_len' to prevent that a malicious attacker in REE have changed the size of 'hash_len' after it has been copied to the local buffer. (TOCTOU: Time Of Check To Time of Use) Fixes: "Double-fetch of length in syscall_hash_final (x2)" as reported by Riscure. Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
70697bf3	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: check for allocation overflow in crypto calls part 2 Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it migh svc: check for allocation overflow in crypto calls part 2 Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead to a heap based overflow with attacker controlled data written outside the boundaries of the buffer. Fixes: OP-TEE-2018-0011: "Integer overflow in crypto system calls (x2)" Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
a6372432	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: check for allocation overflow in crypto calls Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead svc: check for allocation overflow in crypto calls Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead to a heap based overflow with attacker controlled data written outside the boundaries of the buffer. Fixes: OP-TEE-2018-0010: "Integer overflow in crypto system calls (x2)" Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
b60e1cee	27-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	svc: check for allocation overflow in syscall_cryp_obj_populate Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that i svc: check for allocation overflow in syscall_cryp_obj_populate Without checking for overflow there is a risk of allocating a buffer with size smaller than anticipated and as a consequence of that it might lead to a heap based overflow with attacker controlled data written outside the boundaries of the buffer. Fixes: OP-TEE-2018-0009: "Integer overflow in crypto system calls" Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_cryp.c
8f58cdbe	10-Sep-2018	Jens Wiklander <jens.wiklander@linaro.org>	fs: prevent out of place write when no data Fixes: "Uninitialized return value returned if len equals 0" as reported by Riscure. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: fs: prevent out of place write when no data Fixes: "Uninitialized return value returned if len equals 0" as reported by Riscure. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/core/arch/arm/kernel/ree_fs_ta.c /optee_os/core/arch/arm/kernel/secstor_ta.c /optee_os/core/arch/arm/tee/entry_std.c /optee_os/core/crypto/signed_hdr.c tee_ree_fs.c
9607c419	07-Sep-2018	Joakim Bech <joakim.bech@linaro.org>	rpmb: check return value from essiv call An error in the function essiv, as for example memory allocation failure could result in an uninitialized IV, which means that the IV used for en/decryption rpmb: check return value from essiv call An error in the function essiv, as for example memory allocation failure could result in an uninitialized IV, which means that the IV used for en/decryption would consist of data previously stored at this memory location. This could eventually corrupt the filesystem. Fixes: "Return value of cryptographic function is unchecked" by Riscure. Signed-off-by: Joakim Bech <joakim.bech@linaro.org> Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7, v8) Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reported-by: Riscure <inforequest@riscure.com> Reported-by: Alyssa Milburn <a.a.milburn@vu.nl> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/Makefile /optee_os/core/arch/arm/include/kernel/pseudo_ta.h /optee_os/core/arch/arm/kernel/pseudo_ta.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/arch/arm/mm/mobj.c /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/imx-regs.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-synquacer/rng_pta.c /optee_os/core/arch/arm/plat-synquacer/rng_pta_client.h /optee_os/core/arch/arm/pta/benchmark.c /optee_os/core/arch/arm/pta/device.c /optee_os/core/arch/arm/pta/sub.mk /optee_os/core/drivers/gic.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/console.h /optee_os/core/include/drivers/stm32_uart.h /optee_os/core/include/kernel/dt.h /optee_os/core/kernel/console.c /optee_os/core/kernel/dt.c /optee_os/core/kernel/lockdep.c tee_fs_key_manager.c /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/include/pta_device.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutils/ext/include/atomic.h /optee_os/lib/libutils/ext/mempool.c /optee_os/lib/libutils/ext/trace.c /optee_os/mk/config.mk /optee_os/scripts/gen_hashed_bin.py /optee_os/scripts/gen_ld_sects.py /optee_os/scripts/symbolize.py /optee_os/ta/avb/entry.c /optee_os/ta/avb/include/ta_avb.h
b1183340	18-Dec-2018	Jerome Forissier <jerome.forissier@linaro.org>	core: syscall_storage_obj_rename(): fix handling of .rename() return status Any error returned by fops->rename() should be reflected by syscall_storage_obj_rename(). There is no reason why errors ot core: syscall_storage_obj_rename(): fix handling of .rename() return status Any error returned by fops->rename() should be reflected by syscall_storage_obj_rename(). There is no reason why errors other than TEE_ERROR_GENERIC should be ignored. Fixes the following test case: create two persistent objects (o1 and o2), close o1, rename o2 to the name of o1. TEE_RenamePersistentObject() should return TEE_ERROR_ACCESS_CONFLICT, but TEE_SUCCESS is returned instead. Fixes: https://github.com/OP-TEE/optee_os/issues/2707 Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reported-by: Chao Liu <chao.liu@amlogic.com> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.shippable.yml /optee_os/Makefile /optee_os/README.md /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/delay.h /optee_os/core/arch/arm/include/kernel/timer.h /optee_os/core/arch/arm/include/mm/core_memprot.h /optee_os/core/arch/arm/kernel/delay.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/timer_a64.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-d02/conf.mk /optee_os/core/arch/arm/plat-hikey/conf.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-poplar/conf.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rpi3/conf.mk /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sprd/conf.mk /optee_os/core/arch/arm/plat-stm/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_rcc.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/link.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/pm/psci.c /optee_os/core/arch/arm/plat-stm32mp1/pm/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/scripts/stm32image.py /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/plat-sunxi/conf.mk /optee_os/core/arch/arm/plat-synquacer/conf.mk /optee_os/core/arch/arm/plat-synquacer/main.c /optee_os/core/arch/arm/plat-synquacer/platform_config.h /optee_os/core/arch/arm/plat-synquacer/rng_pta.c /optee_os/core/arch/arm/plat-synquacer/rng_pta.h /optee_os/core/arch/arm/plat-synquacer/rng_pta_client.h /optee_os/core/arch/arm/plat-synquacer/sub.mk /optee_os/core/arch/arm/plat-ti/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-zynq7k/conf.mk /optee_os/core/arch/arm/plat-zynqmp/conf.mk /optee_os/core/crypto.mk /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/serial.h /optee_os/core/include/io.h /optee_os/core/include/kernel/pm.h /optee_os/core/kernel/pm.c /optee_os/core/kernel/sub.mk /optee_os/core/lib/libtomcrypt/include/tomcrypt_custom.h /optee_os/core/lib/libtomcrypt/include/tomcrypt_hash.h /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sha512_256.c /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk /optee_os/core/lib/libtomcrypt/src/tee_ltc_provider.c /optee_os/core/sub.mk tee_svc_storage.c /optee_os/documentation/porting_guidelines.md /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/sub.mk /optee_os/lib/libutee/tee_api_arith_mpa.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/mk/aosp_optee.mk /optee_os/mk/config.mk /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/ta.mk
1 2 3 4 5 6 7 8 910>>...24