GP11 : trusted storage verify (block enc fs)

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@l

GP11 : trusted storage verify (block enc fs)

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can

Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can seek to a position larger than file size and write data
from the position.

The file hole implementation actually is not an efficient solution,
because we always fill zero in these holes.

Signed-off-by: James Kung <james.kung@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents hard-coding the structure in xtest.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c for consistent naming and error checking.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.o

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (p

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (part of ELF spec, pointing out segments to load)
<Sections>

A struct ta_head is placed in the first section of the first segment
to carry flags and other properties of the TA.

elf32.h, elf64.h and elf_common.h are imported from FreeBSD.

In addition to the R_ARM_RELATIVE relocation type, adds support for
R_ARM_ABS32 relocations. Since a symbol table is needed to process this
relocation type a separate program header is added in the TA ELF
containing the sections .dynamic, .dynsym, .dynstr and .hash. These
sections are only needed during relocation and could be released once
the TA is relocated.

A default signing key has been generated with
openssl genrsa -out key.pem
and added as keys/default_ta.pem

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro.org>
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be use

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be used as basis to support atomic
operation and enhance encrypt fs performance.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() fun

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() function.

Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

core: optimize size with const crypto_ops

Optimize size of unpaged data by making crypto_ops const.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand

core: optimize size with const crypto_ops

Optimize size of unpaged data by making crypto_ops const.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

ECC: ECDH at GP level

Following derive key algorithm of Global Platform Internal Core API v1.1
are implemented:
TEE_ALG_ECDH_P192
TEE_ALG_ECDH_P224
TEE_ALG_ECDH_P256
TEE_ALG_ECDH_P38

ECC: ECDH at GP level

Following derive key algorithm of Global Platform Internal Core API v1.1
are implemented:
TEE_ALG_ECDH_P192
TEE_ALG_ECDH_P224
TEE_ALG_ECDH_P256
TEE_ALG_ECDH_P384
TEE_ALG_ECDH_P521

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Fix Key-Pair Parts for Operation Modes

Table 6-6 "Key-Pair Parts for Operation Modes" of Internal Core API v1.1
shows that public key is used in case of encrypt / verify, but that a
key pair can be

Fix Key-Pair Parts for Operation Modes

Table 6-6 "Key-Pair Parts for Operation Modes" of Internal Core API v1.1
shows that public key is used in case of encrypt / verify, but that a
key pair can be given anyhow, only the public key part being used.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Sign

ECC: ECDSA at GP level

Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

GP11 : Time functions fix/panic reason

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.

GP11 : Time functions fix/panic reason

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

SE API: Use tee_svc_copy_kaddr_to_user32() to avoid buffer overflow

Note: buffer overflow is supposed to happen when we have
64-bit kernel and 32-bit TA, but SE API can only be tested
on QEMU which

SE API: Use tee_svc_copy_kaddr_to_user32() to avoid buffer overflow

Note: buffer overflow is supposed to happen when we have
64-bit kernel and 32-bit TA, but SE API can only be tested
on QEMU which cannot hosts 64-bit kernel for now. Thus, the
test is just make sure the change doesn't corrupt SE API
implementation.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU+jcardsim)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm64: fix buffer overflows when copying kernel addresses to user space

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by:

arm64: fix buffer overflows when copying kernel addresses to user space

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Fix buffer length test in tee_svc_cryp_obj_populate_type()

Make sure attribute is of reference type before checking its ref.length.
Fixes failure of xtest 4007 (TEE_ATTR_DH_X_BITS attribute) on HiKe

Fix buffer length test in tee_svc_cryp_obj_populate_type()

Make sure attribute is of reference type before checking its ref.length.
Fixes failure of xtest 4007 (TEE_ATTR_DH_X_BITS attribute) on HiKey and
FVP with 64-bit TEE core. Tested on HiKey and FVP (32 and 64-bit).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Cedric Chaumont <cedric.chaumont@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

GP Internal Core API v1.1 : Transient Object Functions

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.w

GP Internal Core API v1.1 : Transient Object Functions

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

File Storage: fix position in case of seek

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Bran

File Storage: fix position in case of seek

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

GP Internal Core API v1.1 : TEE_CreatePersistentObject

Deprecated TEE_DATA_FLAG_EXCLUSIVE
Replaced by TEE__DATA_FLAG_OVERWRITE

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: J

GP Internal Core API v1.1 : TEE_CreatePersistentObject

Deprecated TEE_DATA_FLAG_EXCLUSIVE
Replaced by TEE__DATA_FLAG_OVERWRITE

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

Move fail recovery logic to tee_fs_common.c

This patch tries to move REE filesystem operations to a common
file (tee_fs_common.c), and let tee_enc_fs.c concentrated on file
encryption and authentica

Move fail recovery logic to tee_fs_common.c

This patch tries to move REE filesystem operations to a common
file (tee_fs_common.c), and let tee_enc_fs.c concentrated on file
encryption and authentications.

For the atomic file operation (rollback to previous commit if operation
failed), it can be handled in the common file. Both tee_fs.c and
tee_enc_fs.c replied on tee_fs_common.c, thus both of them can gain
atomicy property.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Fail recovery in encrypted file system

- File will be deleted if the file content of a new created file
cannot be successfully encrypted and write back to normal world
file system.

Signed-off-b

Fail recovery in encrypted file system

- File will be deleted if the file content of a new created file
cannot be successfully encrypted and write back to normal world
file system.

Signed-off-by: James Kung <james.kung@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Enhancing Secure Storage

- Implement encrypted file system key manager
* Key generation for SSK, FEK
* Provide helper APIs to do file encryption/decryption
* Finished key manager test cases fo

Enhancing Secure Storage

- Implement encrypted file system key manager
* Key generation for SSK, FEK
* Provide helper APIs to do file encryption/decryption
* Finished key manager test cases for file encryption/decryption tests

- Implements encrypted file system operations file-based operation
* file content is encrypted and MACed before storing
on normal world file system.
* file hole is not implemented because this is
meaningless in the context of secure storage.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Signed-off-by: James Kung <james.kung@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Tested-by: James Kung <james.kung@linaro.org> (QEMU)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

TEE_HANDLE_FLAG_INITIALIZED cleared in tee_svc_cryp_obj_reset()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Joakim Be

TEE_HANDLE_FLAG_INITIALIZED cleared in tee_svc_cryp_obj_reset()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...