tee - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
f5c3d85a	01-Dec-2020	Julien Masson <jmasson@baylibre.com>	core: crypto: add support MD5 hashes in RSA sign/verify/cipher Introduce support of using MD5 hashes in RSA sign/verify/cipher operations, which is required by AOSP Keymaster. This is verified in core: crypto: add support MD5 hashes in RSA sign/verify/cipher Introduce support of using MD5 hashes in RSA sign/verify/cipher operations, which is required by AOSP Keymaster. This is verified in VerificationOperationsTest.RsaSuccess VTS Test [1], which checks usage of such digests: NONE, MD5, SHA1, SHA_2_224, SHA_2_256, SHA_2_384, SHA_2_512. This patch has been inspired by commit[2]: Link: [1] https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp Link: [2] https://github.com/OP-TEE/optee_os/commit/199d0b7310d1705661a106358f1f0b46e4c5c587 ("core: crypto: add support MD5 hashes in RSA sign/verify") Signed-off-by: Julien Masson <jmasson@baylibre.com> Signed-off-by: Safae Ouajih <souajih@baylibre.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/zynqmp_csu_puf.c /optee_os/core/lib/libtomcrypt/rsa.c tee_svc_cryp.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c
3d70a974	19-Jun-2018	Igor Opaniuk <igor.opaniuk@linaro.org>	core: crypto: change supported HMAC key size ranges Change supported HMAC key size range from 64 to 1024 when CFG_HMAC_64_1024_RANGE config is enabled, This is required to successfully pass AOSP Key core: crypto: change supported HMAC key size ranges Change supported HMAC key size range from 64 to 1024 when CFG_HMAC_64_1024_RANGE config is enabled, This is required to successfully pass AOSP Keymaster VTS tests. From TEE Internal Core API specificaion: "Table 5-9, support for other sizes or algorithms is implementation-defined." Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org> Signed-off-by: Safae Ouajih <souajih@baylibre.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/tzc380.c /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-totalcompute/platform_config.h /optee_os/core/drivers/clk/sam/sama5d2_clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/caam_jr.c /optee_os/core/drivers/crypto/caam/include/caam_hal_jr.h /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/kernel/boot.h tee_svc_cryp.c /optee_os/mk/config.mk /optee_os/ta/pkcs11/src/entry.c
c4cab13e	20-Feb-2023	Clement Faure <clement.faure@nxp.com>	core: crypto: fix memory leak in Ed25519 support The software implementation of ED25519 algorithm has a memory leak in the key and key pair allocation. Upon every public key allocation, a key pair i core: crypto: fix memory leak in Ed25519 support The software implementation of ED25519 algorithm has a memory leak in the key and key pair allocation. Upon every public key allocation, a key pair is allocated (public and private components). When freeing the public key, only the public component is freed. To reproduce the issue: $ while xtest 4016; do :; done Until the following error: * regression_4016 Test TEE Internal API ED25519 sign/verify E/LD: copy_section_headers:1124 sys_copy_from_ta_bin E/TC:? 0 ldelf_init_with_ldelf:131 ldelf failed with res: 0xffff000c /usr/src/debug/optee-test/master.imx-r0/host/xtest/regression_4000.c:6062: xtest_teec_open_session(&session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff000c = TEEC_ERROR_OUT_OF_MEMORY, expected 0x0 = TEEC_SUCCESS regression_4016 FAILED To fix the memory leak, a separate public key allocation function must be defined along a ED25519 public key structure. Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support") Signed-off-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/link.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-totalcompute/conf.mk /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/crypto/versal/crypto.mk /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/drivers/crypto/versal/rsa.c /optee_os/core/drivers/rstctrl/stm32_rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_etzpc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/crypto/crypto.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/kernel/user_mode_ctx_struct.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c /optee_os/core/kernel/tpm.c /optee_os/core/lib/libtomcrypt/ed25519.c /optee_os/core/mm/core_mmu.c /optee_os/core/pta/bcm/wdt.c /optee_os/core/pta/k3/otp.c /optee_os/core/pta/k3/sub.mk /optee_os/core/pta/stats.c /optee_os/core/pta/sub.mk /optee_os/core/pta/tests/misc.c tee_svc_cryp.c /optee_os/ldelf/include/ldelf.h /optee_os/ldelf/main.c /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf.h /optee_os/lib/libutee/arch/arm/arm32_user_sysreg.txt /optee_os/lib/libutee/include/k3/otp_keywriting_ta.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/lib/libutils/ext/pthread_stubs.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/config.mk /optee_os/mk/lib.mk /optee_os/scripts/ts_bin_to_c.py
138c5102	14-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject. All syscalls operating on an object handle and can return TEE_ERROR_CO GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject. All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also do special treatment when TEE_ERROR_CORRUPT_OBJECT is returned. Prior to gpd.ta.doesNotCloseHandleOnCorruptObject this meant removing the object and closing the object handle. With the gpd.ta.doesNotCloseHandleOnCorruptObject property the object handle shouldn't be close if this the current TA has the property set to true. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_storage.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/avb/entry.c /optee_os/ta/pkcs11/src/persistent_token.c /optee_os/ta/pkcs11/src/pkcs11_helpers.c /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_symm.c /optee_os/ta/trusted_keys/entry.c
e81ed9d4	07-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_hash_final() support XOF Adds support in syscall_hash_final() for Extendable Output Functions, that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now. Acked-by: Etienne Carriere <etie core: syscall_hash_final() support XOF Adds support in syscall_hash_final() for Extendable Output Functions, that is, TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256 for now. Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/lib/libtomcrypt/hash.c /optee_os/core/lib/libtomcrypt/hmac.c /optee_os/core/lib/libtomcrypt/shake.c /optee_os/core/lib/libtomcrypt/src/hashes/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c tee_svc_cryp.c
260b4028	02-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: crypto: add API for SHA-3 Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are Extendable-Output Functions (XOF), core: crypto: add API for SHA-3 Adds an API for the SHA-3 [1] algorithms SHA3-224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, and SHAKE256. SHAKE128 and SHAKE256 are Extendable-Output Functions (XOF), but handled as hashes in the API. Adds API for SHA-3 based HMAC functions. For XOF algorithms crypto_hash_final() can be called multiple times and generate an arbitrary amount of data. Note that this data will have a common prefix if done over the same input (see A.2 in [1]). [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto/crypto.c /optee_os/core/include/crypto/crypto_impl.h tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c
c6b8eb2d	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel Updates used values for gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE Internal Core API version 1.3.1. Note GP131: Update gpd.tee.trustedStorage.antiRollback.protectionLevel Updates used values for gpd.tee.trustedStorage.antiRollback.protectionLevel according to TEE Internal Core API version 1.3.1. Note that protection level 0 is not valid any longer, so report level 100 when RPMB isn't in use. Only root can tamper with the REE FS storage due to the REE file system permissions. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc.c
5c4bbf0f	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: add TA property gpd.client.endian Adds the new property "gpd.client.endian" to report the endianness used by a client. At the moment there is no way for a client to report its endianness to GP131: add TA property gpd.client.endian Adds the new property "gpd.client.endian" to report the endianness used by a client. At the moment there is no way for a client to report its endianness to OP-TEE so assume that all are little-endian. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_property.c /optee_os/ta/arch/arm/user_ta_header.c
999b69d0	02-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to TEE Internal Core API version 1.3.1. The srcLen and dstLen GP131: Update TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() Updates TEE_AsymmetricEncrypt() and TEE_AsymmetricDecrypt() according to TEE Internal Core API version 1.3.1. The srcLen and dstLen parameters are changed to use size_t instead of uint32_t Adds the optional attribute TEE_ATTR_RSA_OAEP_MGF_HASH which if provided specifies the MGF1 hash function to use. Prior to GP v1.3.1 it was implementation defined. OP-TEE only supports using the same MGF1 hash function as the internal hash function of the algorithim, that is, for the algorithm TEE_ALG_RSAES_PKCS1_OAEP_MGF1_x that hash function TEE_ALG_x is used. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c
f22e1655	01-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update TEE_CreatePersistentObject() Update TEE_CreatePersistentObject() according to TEE Internal Core API version 1.3.1. The objectIDLen parameter is changed to use size_t instead of uint32_ GP131: Update TEE_CreatePersistentObject() Update TEE_CreatePersistentObject() according to TEE Internal Core API version 1.3.1. The objectIDLen parameter is changed to use size_t instead of uint32_t. The object parameter is now an optional pointer to a handle. When NULL the standard says: If attributes is a handle on an initialized transient object, the initialized transient object SHALL be transformed to a persistent object. So syscall_storage_obj_create() is also updated accordingly. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/pta/tests/invoke.c tee_svc_storage.c /optee_os/lib/libutee/arch/arm/sub.mk /optee_os/lib/libutee/arch/arm/user_ta_entry_compat.c /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_types.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_panic.c /optee_os/lib/libutee/tee_api_private.h /optee_os/lib/libutee/tee_api_property.c /optee_os/ta/arch/arm/user_ta_header.c
b93c7dff	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Update HKDF defines OP-TEE provides an HKDF implementation as an extension to the TEE Internal Core API which predates version 1.3 of the specification where HKDF was officially introduced. GP131: Update HKDF defines OP-TEE provides an HKDF implementation as an extension to the TEE Internal Core API which predates version 1.3 of the specification where HKDF was officially introduced. Update with the official defines and resolve name clashes. With this OP-TEE supports both the old extension and the new official API. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h
fe2fd3ff	24-Nov-2022	Jens Wiklander <jens.wiklander@linaro.org>	GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA* Adds the defines - TEE_ALG_ECDH_DERIVE_SHARED_SECRET - TEE_ALG_ECDSA_SHA1 - TEE_ALG_ECDSA_SHA224 - TEE_ALG_ECDSA_SHA256 - TEE_ALG_ GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA* Adds the defines - TEE_ALG_ECDH_DERIVE_SHARED_SECRET - TEE_ALG_ECDSA_SHA1 - TEE_ALG_ECDSA_SHA224 - TEE_ALG_ECDSA_SHA256 - TEE_ALG_ECDSA_SHA386 - TEE_ALG_ECDSA_SHA512 from TEE Internal Core API version 1.3.1 to replace the previous now deprecated defines: - TEE_ALG_ECDSA_P192 - TEE_ALG_ECDSA_P224 - TEE_ALG_ECDSA_P256 - TEE_ALG_ECDSA_P384 - TEE_ALG_ECDSA_P521 - TEE_ALG_ECDH_P192 - TEE_ALG_ECDH_P224 - TEE_ALG_ECDH_P256 - TEE_ALG_ECDH_P384 - TEE_ALG_ECDH_P521 The new defines have new values and the values from the old defines are not reused. The syscall ABI maintains compatibility by handling both the old and new values in parallel from now on. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/Makefile /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/crypto/sha512_armv8a_ce.c /optee_os/core/arch/arm/crypto/sha512_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sm3_armv8a_ce.c /optee_os/core/arch/arm/crypto/sm3_armv8a_ce_a64.S /optee_os/core/arch/arm/crypto/sub.mk /optee_os/core/arch/arm/dts/at91-sama5d27_som1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_som1_ek.dts /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1.dtsi /optee_os/core/arch/arm/dts/at91-sama5d27_wlsom1_ek.dts /optee_os/core/arch/arm/dts/at91-sama5d2_xplained.dts /optee_os/core/arch/arm/dts/sama5d2.dtsi /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/include/hafnium.h /optee_os/core/arch/arm/include/kernel/arch_scall.h /optee_os/core/arch/arm/include/kernel/delay_arch.h /optee_os/core/arch/arm/include/kernel/stmm_sp.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/scmi/scmi_server.h /optee_os/core/arch/arm/kernel/arch_scall.c /optee_os/core/arch/arm/kernel/arch_scall_a32.S /optee_os/core/arch/arm/kernel/arch_scall_a64.S /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-mediatek/conf.mk /optee_os/core/arch/arm/plat-mediatek/platform_config.h /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_smc.h /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-versal/main.c /optee_os/core/arch/arm/plat-versal/platform_config.h /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/arm/tee/sub.mk /optee_os/core/arch/riscv/include/kernel/arch_scall.h /optee_os/core/arch/riscv/include/kernel/clint.h /optee_os/core/arch/riscv/include/kernel/delay_arch.h /optee_os/core/arch/riscv/include/kernel/stmm_sp.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/kernel/time.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/riscv_macros.S /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/arch_scall.c /optee_os/core/arch/riscv/kernel/arch_scall_rv.S /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/cache_helpers_rv.S /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time_rdtime.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/arch/riscv/plat-virt/sub.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/arch/riscv/tee/sub.mk /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/crypto/sm3.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/atmel_shdwc.c /optee_os/core/drivers/atmel_wdt.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_math.c /optee_os/core/drivers/crypto/caam/utils/utils_delay.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/crypto/crypto_api/cipher/cipher.c /optee_os/core/drivers/crypto/crypto_api/hash/hash.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050.h /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/adaptors/utils/utils.c /optee_os/core/drivers/crypto/se050/core/ecc.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/hfic.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/rstctrl/rstctrl.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_huk.c /optee_os/core/include/crypto/crypto_accel.h /optee_os/core/include/drivers/clk.h /optee_os/core/include/drivers/clk_dt.h /optee_os/core/include/drivers/hfic.h /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/kernel/delay.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/scall.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/delay.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/notif.c /optee_os/core/kernel/otp_stubs.c /optee_os/core/kernel/scall.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_misc.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/tee_time.c /optee_os/core/kernel/tee_time_ree.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/sha512_accel.c /optee_os/core/lib/libtomcrypt/src/hashes/sha2/sub.mk /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/scmi-server/conf-optee-fvp.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/optee_scmi.h /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/sub-optee-fvp.mk /optee_os/core/lib/scmi-server/sub-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/sub.mk /optee_os/core/pta/device.c /optee_os/core/pta/imx/digprog.c /optee_os/core/pta/imx/ocotp.c /optee_os/core/pta/imx/sub.mk /optee_os/core/pta/scmi.c /optee_os/core/pta/stm32mp/bsec_pta.c /optee_os/core/pta/stm32mp/sub.mk /optee_os/core/pta/sub.mk tee_svc_cryp.c /optee_os/lib/libmbedtls/core/hash.c /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv.S /optee_os/lib/libutee/include/pta_imx_digprog.h /optee_os/lib/libutee/include/pta_imx_ocotp.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutee/include/pta_stm32mp_bsec.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/arch/riscv/atomic_rv.S /optee_os/lib/libutils/ext/arch/riscv/sub.mk /optee_os/lib/libutils/ext/include/config.h /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/arch/riscv/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/assert.h /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/checkpatch.sh /optee_os/ta/avb/entry.c /optee_os/ta/ta.mk
3e8a6147	15-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced support for the ED25519 algorithm. This included parsing a TEE_ATTR_EDDSA core: crypto: fix TEE_ATTR_EDDSA_PREHASH interpretation Commit 0aaad418ac8b ("core: crypto: add Ed25519 support") introduced support for the ED25519 algorithm. This included parsing a TEE_ATTR_EDDSA_PREHASH parameter that unfortunately was not fully compliant with the standard. So fix this with a more strict interpretation of TEE_ATTR_EDDSA_PREHASH as described in the specification. Fixes: 0aaad418ac8b ("core: crypto: add Ed25519 support") Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Valerii Chubar <valerii_chubar@epam.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/lib/libtomcrypt/ccm.c tee_svc_cryp.c
de1cd722	20-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: syscall_storage_obj_write(): handle corrupt object All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code is TEE_ERRO core: syscall_storage_obj_write(): handle corrupt object All syscalls operating on an object handle and can return TEE_ERROR_CORRUPT_OBJECT must also remove the object if the return code is TEE_ERROR_CORRUPT_OBJECT. This is missing in syscall_storage_obj_write() so add the missing call to remove the object if it is corrupt. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-d06/main.c /optee_os/core/arch/arm/plat-d06/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/drivers/lpc_uart.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_pm.c /optee_os/core/drivers/versal_puf.c /optee_os/core/include/drivers/lpc_uart.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/versal_puf.h /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/rsa.c tee_svc_storage.c /optee_os/lib/libutee/arch/arm/utee_syscalls_a32.S /optee_os/lib/libutee/arch/arm/utee_syscalls_a64.S /optee_os/lib/libutee/arch/riscv/sub.mk /optee_os/lib/libutee/arch/riscv/utee_syscalls_rv64.S /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/utee_syscalls_asm.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_digest.c /optee_os/ta/pkcs11/src/processing_symm.c
d684a4ef	08-Dec-2022	Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>	core: crypto: Fix tee_obj_attr_copy_from for X25519 Make sure in tee_obj_attr_copy_from() if the source object type is TEE_TYPE_X25519_KEYPAIR the destination object type should be TEE_TYPE_X25519_P core: crypto: Fix tee_obj_attr_copy_from for X25519 Make sure in tee_obj_attr_copy_from() if the source object type is TEE_TYPE_X25519_KEYPAIR the destination object type should be TEE_TYPE_X25519_PUBLIC_KEY. The function should extract public key attributes if presented with a key pair object. According to the TEE Internal Core API Specification v1.2 we should check if the source is of type _KEYPAIR then the destination is a subset of type _PUBLIC_KEY when populating the destination object as listed in the Table 5-11. Fixes: 90040fa4c81c ("core: crypto: add X25519 support") Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com> show more ... /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/plat-stm/main.c /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/drivers/imx_lpuart.c /optee_os/core/drivers/ls_sfp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_sfp.h /optee_os/core/include/drivers/serial.h /optee_os/core/kernel/console.c tee_svc_cryp.c /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_syscalls.h /optee_os/lib/libutee/tee_api.c /optee_os/ta/pkcs11/include/pkcs11_ta.h /optee_os/ta/pkcs11/src/pkcs11_attributes.c /optee_os/ta/pkcs11/src/pkcs11_attributes.h /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing.h /optee_os/ta/pkcs11/src/processing_asymm.c /optee_os/ta/pkcs11/src/processing_rsa.c /optee_os/ta/pkcs11/src/token_capabilities.c
1b865ed6	05-Dec-2022	Jens Wiklander <jens.wiklander@linaro.org>	Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_* Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by mistake the wrong values for these two. To fix this we're are renaming these IDs alt Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_* Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by mistake the wrong values for these two. To fix this we're are renaming these IDs alternative IDs which OP-TEE will recognize in addition to the correct official values when deriving a key using the TEE_ALG_SM2_KEP algorithm. TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters so there is no need to translate back to the old invalid values. Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP") Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/crypto/crypto.c /optee_os/core/crypto/sm4-xts.c /optee_os/core/crypto/sm4.c /optee_os/core/crypto/sm4.h /optee_os/core/crypto/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/kernel/embedded_ts.c tee_svc_cryp.c /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/ta/pkcs11/src/processing.c
696f56ac	22-Nov-2022	Pingan Xie <xiepingan3@huawei.com>	core, libutee: introduce TEE_ALG_SM4_XTS In this patch, The sm4-xts algorithm is supported in the GP process. Signed-off-by: Pingan Xie <xiepingan3@huawei.com> Reviewed-by: Xiaoxu Zeng <zengxiaoxu@ core, libutee: introduce TEE_ALG_SM4_XTS In this patch, The sm4-xts algorithm is supported in the GP process. Signed-off-by: Pingan Xie <xiepingan3@huawei.com> Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/core.mk /optee_os/core/crypto.mk /optee_os/core/drivers/crypto/versal/ecc.c /optee_os/core/drivers/crypto/versal/ipi.c /optee_os/core/drivers/crypto/versal/rsa.c /optee_os/core/drivers/crypto/versal/sub.mk /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_sha3_384.c /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/versal_sha3_384.h /optee_os/core/include/kernel/boot.h /optee_os/core/lib/libtomcrypt/ecc.c tee_cryp_utl.c tee_svc_cryp.c /optee_os/ldelf/ldelf.ld.S /optee_os/ldelf/ldelf.mk /optee_os/ldelf/start_rv64.S /optee_os/ldelf/sub.mk /optee_os/ldelf/ta_elf.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libutee/include/elf_common.h /optee_os/lib/libutee/include/tee_api_compat.h /optee_os/lib/libutee/include/tee_api_defines.h /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/confine_array_index.h /optee_os/lib/libutils/isoc/stack_check.c /optee_os/mk/config.mk /optee_os/ta/arch/arm/user_ta_header.c /optee_os/ta/mk/build-user-ta.mk /optee_os/ta/mk/ta_dev_kit.mk /optee_os/ta/ta.mk
041e28a1	21-Nov-2022	Etienne Carriere <etienne.carriere@linaro.org>	core: tee_svc_storage: remove unused local variable Removes file local variable from syscall_storage_obj_open() that is not used. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewe core: tee_svc_storage: remove unused local variable Removes file local variable from syscall_storage_obj_open() that is not used. Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... tee_svc_storage.c
75d6a373	28-Nov-2022	Jens Wiklander <jens.wiklander@linaro.org>	Use struct utee_object_info in TA syscall abi TEE_ObjectInfo was until now used in the syscall ABI provided to TAs. TEE_ObjectInfo changes in later versions of the TEE Internal Core API so add an in Use struct utee_object_info in TA syscall abi TEE_ObjectInfo was until now used in the syscall ABI provided to TAs. TEE_ObjectInfo changes in later versions of the TEE Internal Core API so add an independent definition with struct utee_object_info in order to preserve a stable ABI. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/include/tee/tee_svc_cryp.h /optee_os/core/include/tee/tee_svc_storage.h tee_svc_cryp.c tee_svc_storage.c /optee_os/lib/libutee/include/utee_syscalls.h /optee_os/lib/libutee/include/utee_types.h /optee_os/lib/libutee/tee_api_objects.c /optee_os/lib/libutee/tee_api_operations.c
181f0998	28-Nov-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: update to new field names in TEE_ObjectInfo With GP TEE Internal Core API version 1.1.1 the two fields keySize and maxKeySize was renamed to objectSize and maxObjectSize respectively. Update t core: update to new field names in TEE_ObjectInfo With GP TEE Internal Core API version 1.1.1 the two fields keySize and maxKeySize was renamed to objectSize and maxObjectSize respectively. Update the rest of the core code to reflect that change as a preparation for future updates. Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts /optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp157c-ev1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/cache_helpers_arch.h /optee_os/core/arch/arm/include/kernel/misc_arch.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a32.S /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/sp_mem.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-zynqmp/conf.mk /optee_os/core/arch/arm/plat-zynqmp/platform_config.h /optee_os/core/arch/riscv/include/kernel/cache_helpers_arch.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/tee_l2cc_mutex.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/riscv_macros.S /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/kernel/idle.c /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/sbi_console.c /optee_os/core/arch/riscv/kernel/spinlock.S /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/kernel/tee_time.c /optee_os/core/arch/riscv/mm/sub.mk /optee_os/core/arch/riscv/mm/tlb_helpers_rv.S /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-spike/drivers/sub.mk /optee_os/core/arch/riscv/plat-spike/main.c /optee_os/core/arch/riscv/riscv.mk /optee_os/core/crypto/signed_hdr.c /optee_os/core/drivers/crypto/crypto_api/acipher/rsa.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/crypto/sub.mk /optee_os/core/drivers/crypto/versal/authenc.c /optee_os/core/drivers/crypto/versal/include/ipi.h /optee_os/core/drivers/crypto/versal/ipi.c /optee_os/core/drivers/crypto/versal/sub.mk /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/kernel/cache_helpers.h /optee_os/core/include/kernel/misc.h /optee_os/core/include/kernel/tee_ta_manager.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/ts_manager.h /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/sub.mk /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/trace_ext.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/lib/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c /optee_os/core/pta/stats.c /optee_os/core/sub.mk tee_svc_cryp.c tee_svc_storage.c /optee_os/core/tests/ftmn_boot_tests.c /optee_os/core/tests/sub.mk /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/mbedtls/library/rsa.c /optee_os/lib/libutee/arch/arm/user_ta_entry.c /optee_os/lib/libutee/include/tee_api.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/include/tee_ta_api.h /optee_os/lib/libutee/include/utee_types.h /optee_os/lib/libutils/ext/fault_mitigation.c /optee_os/lib/libutils/ext/include/fault_mitigation.h /optee_os/lib/libutils/ext/include/stdlib_ext.h /optee_os/lib/libutils/ext/include/string_ext.h /optee_os/lib/libutils/ext/include/types_ext.h /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/assert.h /optee_os/lib/libutils/isoc/include/inttypes.h /optee_os/lib/libutils/isoc/include/limits.h /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/include/memory.h /optee_os/lib/libutils/isoc/include/signal.h /optee_os/lib/libutils/isoc/include/stdint.h /optee_os/lib/libutils/isoc/include/stdio.h /optee_os/lib/libutils/isoc/include/stdlib.h /optee_os/lib/libutils/isoc/include/string.h /optee_os/lib/libutils/isoc/include/time.h /optee_os/lib/libutils/isoc/include/unistd.h /optee_os/lib/libutils/isoc/include/wchar.h /optee_os/mk/compile.mk /optee_os/mk/config.mk
3241779b	09-Nov-2022	Jens Wiklander <jens.wiklander@linaro.org>	core: fix potential integer overflow in syscall_log() Fixes a potential integer overflow in syscall_log(). Note that an eventual overflow would still be caught by copy_from_user(), but it's preferab core: fix potential integer overflow in syscall_log() Fixes a potential integer overflow in syscall_log(). Note that an eventual overflow would still be caught by copy_from_user(), but it's preferable to catch this earlier. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Suggested-by: Asaf Modelevsky <amodele@amazon.com> Reported-by: Asaf Modelevsky <amodele@amazon.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/include/arm32.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/mm/pgt_cache.c /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-d06/core_pos_a64.S /optee_os/core/arch/arm/plat-d06/main.c /optee_os/core/arch/arm/plat-d06/platform_config.h /optee_os/core/arch/arm/plat-d06/sub.mk /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-versal/conf.mk /optee_os/core/arch/arm/plat-zynq7k/conf.mk /optee_os/core/arch/arm/sm/sm.c /optee_os/core/crypto/signed_hdr.c /optee_os/core/drivers/atmel_piobu.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/atmel_rtc.c /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/atmel_shdwc.c /optee_os/core/drivers/atmel_tcb.c /optee_os/core/drivers/atmel_trng.c /optee_os/core/drivers/atmel_wdt.c /optee_os/core/drivers/clk/clk_dt.c /optee_os/core/drivers/clk/sam/sama5d2_clk.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/crypto_api/acipher/rsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/crypto/crypto_api/include/drvcrypt_acipher.h /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/drivers/crypto/se050/session.c /optee_os/core/drivers/imx_i2c.c /optee_os/core/drivers/imx_lpuart.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/imx_uart.c /optee_os/core/drivers/imx_wdog.c /optee_os/core/drivers/ls_dspi.c /optee_os/core/drivers/ls_gpio.c /optee_os/core/drivers/ls_i2c.c /optee_os/core/drivers/ls_sec_mon.c /optee_os/core/drivers/pl011.c /optee_os/core/drivers/pm/sam/at91_pm.c /optee_os/core/drivers/serial8250_uart.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_nvm.c /optee_os/core/drivers/versal_trng.c /optee_os/core/drivers/xiphera_trng.c /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/include/drivers/versal_nvm.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/signed_hdr.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/lib/libtomcrypt/rsa.c /optee_os/core/mm/vm.c /optee_os/core/pta/bcm/sotp.c /optee_os/core/pta/secstor_ta_mgmt.c tee_svc.c /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libutils/ext/include/compiler.h /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py /optee_os/ta/arch/arm/link.mk /optee_os/ta/arch/arm/link_shlib.mk /optee_os/typedefs.checkpatch
499f488f	25-Oct-2022	Joakim Nordell <joakim.nordell@axis.com>	core: avoid TA panic when secure storage is corrupt init_head_from_data() triggers a TA panic in case corrupt data is read from the secure storage, for instance by request from the PKCS#11 trusted a core: avoid TA panic when secure storage is corrupt init_head_from_data() triggers a TA panic in case corrupt data is read from the secure storage, for instance by request from the PKCS#11 trusted application. "Every Trusted Storage implementation is expected to return TEE_ERROR_CORRUPT_OBJECT if a Trusted Application attempts to open an object and the TEE determines that its contents (or those of the storage itself) have been tampered with or rolled back." See TEE Internal Core API Specification v1.1.2, section 5.7.1. Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Zengxx <zengxiaoxu@huawei.com> Signed-off-by: Joakim Nordell <joakim.nordell@axis.com> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/stm32mp15_huk.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/versal_pm.c /optee_os/core/drivers/xiphera_trng.c /optee_os/core/include/drivers/stm32mp1_rcc.h /optee_os/core/include/drivers/versal_pm.h /optee_os/core/kernel/ts_manager.c /optee_os/core/lib/libtomcrypt/ed25519.c fs_htree.c /optee_os/lib/libutils/ext/include/util.h /optee_os/lib/libutils/isoc/bget.c /optee_os/mk/config.mk
6301ca1c	24-Sep-2022	Jorge Ramirez-Ortiz <jorge@foundries.io>	crypto: se050: updates to the crypto object deletion interface Keys created on the Secure Element NVM via the PKCS#11 TA are removed by scanning the data buffer holding the reference to the key duri crypto: se050: updates to the crypto object deletion interface Keys created on the Secure Element NVM via the PKCS#11 TA are removed by scanning the data buffer holding the reference to the key during the release of the object. The storage allocated to hold those keys (ECC/RSA) is always below the page size length which seems like a reasonable figure to use for future extensions. - This commit avoids scanning objects larger than that length. This commit also updates the interface to delegate the actual handling of the object to the crypto driver instead of passing just the raw data contained in the object. The cryptographic layer is also being allowed to block the deletion of the object. This is to cover the scenario where the I2C device is not accessible while a reference to the key is being removed from the secure storage in the filesystem. Incidentally also fixes regression 6018: this test releases an object of size 0xA0000 which can't be scanned due to this part of the code hitting an Out of Memory condition. Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/se050/core/storage.c /optee_os/core/drivers/crypto/se050/crypto.mk /optee_os/core/include/crypto/crypto.h tee_svc_storage.c /optee_os/mk/config.mk /optee_os/ta/pkcs11/src/processing.c /optee_os/ta/pkcs11/src/processing_ec.c
4adb4a1f	06-Oct-2022	Jerome Forissier <jerome.forissier@linaro.org>	core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR The ECC curve is not an attribute of an Ed25519 key pair, let alone a mandatory one for key generation. It was mis core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR The ECC curve is not an attribute of an Ed25519 key pair, let alone a mandatory one for key generation. It was mistakenly added by commit 03e07432b68f ("ta: pkcs11: Add Ed25519 support"), thus breaking xtest regression_4007_ed25519 (subcase .1 Generate Ed25519 key). Remove that attribute from the key type definition. Fixes: 03e07432b68f ("ta: pkcs11: Add Ed25519 support") Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml tee_svc_cryp.c
d9f0ee43	05-Oct-2022	james.jiang <james.jiang@mediatek.com>	core: mmu: Fix wrong input argument of tee_mm_init() Since commit [1], tee_mm_init() take pool size instead of end address. This change corrects the input arg of caller which still use old definitio core: mmu: Fix wrong input argument of tee_mm_init() Since commit [1], tee_mm_init() take pool size instead of end address. This change corrects the input arg of caller which still use old definition. Link: [1] 2380d70 ("core: mmu: fix overflow with high address in tee_mm_pool_t") Signed-off-by: james.jiang <james.jiang@mediatek.com> Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk tee_rpmb_fs.c
1 234 5 6 7 8 9 10 >>...24