core: pta: attestation: fixes for CFG_PAN=y

- Add missing enter_user_access()/exit_user_access() to
cmd_hash_ta_memory() so that the PTA is allowed to access the TA
directly.
- Use to_bounce_par

core: pta: attestation: fixes for CFG_PAN=y

- Add missing enter_user_access()/exit_user_access() to
cmd_hash_ta_memory() so that the PTA is allowed to access the TA
directly.
- Use to_bounce_params() and from_bounce_params() in the invoke entry
point in order to use bounce buffers for memref parameters when the
caller is a user space TA and PAN is enabled.

Fixes xtest 1037 with CFG_ATTESTATION_PTA=y CFG_PAN=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user

core: pta: add helper functions to support calls from TA when CFG_PAN=y

Introduce helper function to make it easier to use bounce buffers in a
PTA entry point to support calls with memrefs from user space TAs when
PAN is enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: attestation: exclude memory regions without VM_FLAG_READONLY

When selecting which memory region of a TA should be hashed, exclude
those without VM_FLAG_READONLY in their flag field instead of r

pta: attestation: exclude memory regions without VM_FLAG_READONLY

When selecting which memory region of a TA should be hashed, exclude
those without VM_FLAG_READONLY in their flag field instead of requiring
the absence of TEE_MATTR_UW in attr. This makes the code more
consistent and fixes an issue triggered by commit 52e7b1a67f8f ("core:
use user-access functions in ldelf interaction"). With that commit, an
additional region is mapped read-only (i.e., no TEE_MATTR_UW) but does
not have a fixed content for the TA. It can be excluded easily since it
does not have the VM_FLAG_READONLY flag.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

optee-fvp: Enable CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS

Enable the SCMI-Perf protocol operations for the optee-fvp target.

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Ca

optee-fvp: Enable CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS

Enable the SCMI-Perf protocol operations for the optee-fvp target.

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: scmi-server: Add support for conditional options for SCMI-Perf

SCMI-Server is built upon the SCP-firmware source tree and
a recent change [1] being proposed is moving functionalities
into side

core: scmi-server: Add support for conditional options for SCMI-Perf

SCMI-Server is built upon the SCP-firmware source tree and
a recent change [1] being proposed is moving functionalities
into side source files.

This patch adds support to fetch those additional files based
on two options:
CFG_SCPFW_SCMI_PERF_FAST_CHANNELS (existing)
CFG_SCPFW_SCMI_PERF_PROTOCOL_OPS (new)

[1] https://github.com/ARM-software/SCP-firmware/pull/812

Signed-off-by: Nicola Mazzucato <nicola.mazzucato@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto_api: fixes typo "bytes" to "bits"

Fixes a typo for *gen_keypair() in struct drvcrypt_ecc where the last
parameter was "size_bytes" while the value represents bits, so fix this by
renami

core: crypto_api: fixes typo "bytes" to "bits"

Fixes a typo for *gen_keypair() in struct drvcrypt_ecc where the last
parameter was "size_bytes" while the value represents bits, so fix this by
renaming it to "size_bits".

Fixes: d29cd2efcd46 ("core: driver: generic resources for crypto device driver - ECC")
Signed-off-by: Katsunori Kikuchi <Katsunori.Kikuchi@sony.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: fix to extract DH secret length from modulus

Prior to this patch, the DH secret, due to its mechanism, becomes a value
less than the key length of the Private key. Consequently, whe

drivers: crypto: fix to extract DH secret length from modulus

Prior to this patch, the DH secret, due to its mechanism, becomes a value
less than the key length of the Private key. Consequently, when obtaining
the maximum size of the secret from the current key length of the Public
key, the secret length falls short. So change this to extract DH secret
length from modulus instead of public key length.

Fixes: f6e2b9e2d1a2 ("drivers: crypto: implement crypto driver - DH")
Signed-off-by: Katsunori Kikuchi <Katsunori.Kikuchi@sony.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by:

core: drivers: ls_dspi: Make dspi_flush_fifo() static

Make dspi_flush_fifo() static as it gets exposed via ls_dspi_ops
structure.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-b

core: drivers: ls_dspi: Move SPI mode flag defines to header file

SPI mode flags are used by NXP SoC specific functions for MS PTA.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: drivers: ls_dspi: Add flush DSPI module

Add flush DSPI module. This is called in ls_dspi_ops structure.

Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklande

core: drivers: ls_dspi: Add flush DSPI module

Add flush DSPI module. This is called in ls_dspi_ops structure.

Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm: plat-ls: Add CFG_WITH_ARM_TRUSTED_FW flag

If using ARM Trusted Firmware-A, then the GIC initialization is done in
BL31.

Fixes: 2b9f23923175 ("plat-ls: Add support for armv8 platform flav

core: arm: plat-ls: Add CFG_WITH_ARM_TRUSTED_FW flag

If using ARM Trusted Firmware-A, then the GIC initialization is done in
BL31.

Fixes: 2b9f23923175 ("plat-ls: Add support for armv8 platform flavours")
Signed-off-by: Carl Lamb <calamb@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm: plat-bcm: Force CFG_CORE_ARM64_PA_BITS=48

Set CFG_CORE_ARM64_PA_BITS in Broadcom platform file. This fixes a crash
when setting up memory addresses on the Broadcom stingray NS3 platform.

core: arm: plat-bcm: Force CFG_CORE_ARM64_PA_BITS=48

Set CFG_CORE_ARM64_PA_BITS in Broadcom platform file. This fixes a crash
when setting up memory addresses on the Broadcom stingray NS3 platform.

Signed-off-by: Stephen Carlson <stcarlso@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: drivers: ls_sfp: Add missing argument in dt_map_dev() function call

dt_map_dev() function call is missing an argument which results in
compilation error. Add the missing argument.

Fixes: 011c

core: drivers: ls_sfp: Add missing argument in dt_map_dev() function call

dt_map_dev() function call is missing an argument which results in
compilation error. Add the missing argument.

Fixes: 011c182a606b ("core: drivers: nxp: Add LX series SFP driver")
Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: arm64: preserve PSTATE.PAN when making SPSR

When setup_unwind_user_mode() prepares to resume execution after
syscall_sys_return() or when a thread is suspended a new SPSR is
fabricated base on

core: arm64: preserve PSTATE.PAN when making SPSR

When setup_unwind_user_mode() prepares to resume execution after
syscall_sys_return() or when a thread is suspended a new SPSR is
fabricated base on the current PSTATE.

Until now when remaining in S-EL1 to fabricate an SPSR only the
PSTATE.DAIF bits had to be taken into account. However, with PSTATE.PAN
there's yet another bit to consider. Since PSTATE has a few more bits
and more may be added as AArch64 evolves this problem is only going to
get worse. So implement this in a single internal C function to replace
current open codes C and assembly versions.

The AArch64 assembly versions of thread_rpc() are renamed to
thread_rpc_spsr() to indicate that SPSR is passed in the second argument
instead of having it open coded internally in the assembly function.

New C wrapper functions are added to preserve the old thread_rpc()
interface as needed.

handle_user_mode_panic() is still basing its created SPSR on the saved
SPSR from S-EL0, but now PAN bit is copied too.

Fixes: 6fa59c9a70dc ("arm64: Introduce permissive PAN implementation")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: add feat_pan_implemented()

Adds the helper function feat_pan_implemented() to extract the
implemented PAN version. No version is 0 so this function can be used
tested as a boolean too.

S

core: arm: add feat_pan_implemented()

Adds the helper function feat_pan_implemented() to extract the
implemented PAN version. No version is 0 so this function can be used
tested as a boolean too.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

arm64: add read_pan() and SPSR_64_PAN

Adds the wrapper function read_pan() to read PSTATE.PAN, also adds a
SPSR_64_PAN define.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by:

arm64: add read_pan() and SPSR_64_PAN

Adds the wrapper function read_pan() to read PSTATE.PAN, also adds a
SPSR_64_PAN define.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buf

core: update FS storage API with user space buffer

Updates the create(), read(), and write() function pointers in struct
ts_store_ops to take a user space buffer in addition to the previous
core buffer. Core buffers are normal secure memory while user space
buffers should only be accessed using the user_access.h functions.

The different FS storage implementations are updated accordingly.

Note that the RPMB FS storage implementation resorts to using
enter_user_access() and exit_user_access() due to internal complexities.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: syscall_storage_obj_rename(): fix direct user memory access

Fixes a direct user memory access in syscall_storage_obj_rename() which
can lead to a data abort if PAN is enabled.

Fixes: 84f78978

core: syscall_storage_obj_rename(): fix direct user memory access

Fixes a direct user memory access in syscall_storage_obj_rename() which
can lead to a data abort if PAN is enabled.

Fixes: 84f78978974b ("core: use user-access functions for storage svc")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pta: socket: fix direct user memory access

Replaces direct user memory accesses in the socket PTA with
copy_to_user() and copy_from_user(). This avoids PAN errors when PAN is
active.

Fixes: 4

core: pta: socket: fix direct user memory access

Replaces direct user memory accesses in the socket PTA with
copy_to_user() and copy_from_user(). This avoids PAN errors when PAN is
active.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix reading result in ldelf_dlopen()

The commit 52e7b1a67f8f ("core: use user-access functions in ldelf
interaction") start to use a bounce buffer to initialize the argument
for LDELF_DL_ENTRY

core: fix reading result in ldelf_dlopen()

The commit 52e7b1a67f8f ("core: use user-access functions in ldelf
interaction") start to use a bounce buffer to initialize the argument
for LDELF_DL_ENTRY_DLSYM. However, it also reads the result of
LDELF_DL_ENTRY_DLSYM from the bounce buffer. This is an error since the
result of LDELF_DL_ENTRY_DLSYM still remains on the stack used by ldelf.
So fix this by reading the result from the ldelf stack.

Fixes: 52e7b1a67f8f ("core: use user-access functions in ldelf interaction")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of

core: add user buffer to tee_invoke_supp_plugin_rpc()

Adds a user buffer to tee_invoke_supp_plugin_rpc() so direct user memory
access can be used when called with a buffer in user memory instead of
core memory. tee_invoke_supp_plugin_rpc() can still take a core memory
buffer as an argument if needed.

PTA_SYSTEM_SUPP_PLUGIN_INVOKE in the system PTA is updated to pass the
memref as a user memory buffer instead of a core memory buffer.

This fixes a direct privileged memory access to user space memory.

Fixes: 4e154320e47c ("core: Apply finer-grained PAN")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add default copy_to_user{,_private}()

Adds default implementations for copy_to_user_private() and
copy_to_user() when CFG_WITH_USER_TA=n.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.

core: add default copy_to_user{,_private}()

Adds default implementations for copy_to_user_private() and
copy_to_user() when CFG_WITH_USER_TA=n.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add check_user_access() helper function

Adds check_user_access() to simplify checking if a user mode memory
buffer may be accessed as expected.

Signed-off-by: Jens Wiklander <jens.wiklander@l

core: add check_user_access() helper function

Adds check_user_access() to simplify checking if a user mode memory
buffer may be accessed as expected.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: add drvcrypt_register_x25519() and drvcrypt_register_x448()

Add X25519 and X448 drvcrypt.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linar

crypto: add drvcrypt_register_x25519() and drvcrypt_register_x448()

Add X25519 and X448 drvcrypt.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.o

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...