drivers: stm32_bsec: add BSEC_DEN_ALL_MSK support

Correctly handle the reserved bits in register BSEC_DEN with the mask
BSEC_DEN_ALL_MSK.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com

drivers: stm32_bsec: add BSEC_DEN_ALL_MSK support

Correctly handle the reserved bits in register BSEC_DEN with the mask
BSEC_DEN_ALL_MSK.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

drivers: stm32_bsec: fix stm32_bsec_find_otp_in_nvmem_layout()

Remove the unnecessary ';' at the end of the function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Pat

drivers: stm32_bsec: fix stm32_bsec_find_otp_in_nvmem_layout()

Remove the unnecessary ';' at the end of the function.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

show more ...

core: riscv: Add external DT initialization and updating

Initialize the external DT which is provided by early boot stage. The
external DT is updated by adding reserved-memory node for secure RAM.

core: riscv: Add external DT initialization and updating

Initialize the external DT which is provided by early boot stage. The
external DT is updated by adding reserved-memory node for secure RAM.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Get external device tree provided by early boot stage

Early boot stage (i.e., M-mode firmware) can provide external device
tree via register a1. Implement code that OP-TEE gets device t

core: riscv: Get external device tree provided by early boot stage

Early boot stage (i.e., M-mode firmware) can provide external device
tree via register a1. Implement code that OP-TEE gets device tree from
a1 and saves the value into s1 for future use. Platform can also define
CFG_DT_ADDR to forcely set the physical address of the device tree.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt

core: kernel: Refine variable declarations and return values in dt.c

Provide initialization values for local variables. The return values of
libfdt functions are returned instead of -1 since libfdt has its own
error codes and they are useful for debug.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture

core: arm: Move some DT functions to common kernel

Some existed functions for device tree in ARM could be also used for
other architectures. This commit moves most of functions from ARM
architecture into "core/kernel/dt.c", including external DT descriptor,
DT overlay, external DT initialization, API for adding DT child nodes
and reserved-memory nodes. Since "core/kernel/dt.c" is dependent with
CFG_DT, other functions which are independent with CFG_DT are put into
new file "core/kernel/boot.c".

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: fix update from user parameters with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
fu

core: fix update from user parameters with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
functions when OP-TEE kernel updates the parameters from user stack. A
bounce buffer is allocated and the user stack contents are duplicated
into the bounce buffer before OP-TEE kernel accesses them.

Fixes: 376448c26af4 ("core: use user-access functions for passing params")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix ldelf invalid access to user stack with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-ac

core: fix ldelf invalid access to user stack with CFG_PAN=y

When CFG_PAN is enabled, OP-TEE kernel can not directly access the user
memory, otherwise an exception occurs. To fix it, we apply user-access
functions when ldelf gets the parameters from the user stack "arg".

Fixes: 52e7b1a67f8f ("core: use user-access functions in ldelf interaction")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: simplify using {high,low}32_from_64()

Simplify spmc_sp_handle_mem_share() using high32_from_64() and
low32_from_64() instead of reg_pair_from_64().

Signed-off-by: Jens Wiklander <jens.w

core: spmc: simplify using {high,low}32_from_64()

Simplify spmc_sp_handle_mem_share() using high32_from_64() and
low32_from_64() instead of reg_pair_from_64().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions,

core: Apply finer-grained PAN

Prior to this commit, the PAN was disabled for most of the time,
within the thread scall handler. After resolving all outstanding
missing unprivileged access functions, we can now enable finer-
grained PAN, where the unprivileged access is only allowed inside
handful of special user-access functions.

There are some exceptions where we toggle PAN to allow the OP-TEE
core to access user memory, instead of using user-access functions
or bounce buffers. Those are crypto services and ldelf syscall
handlers. Those are chosen to avoid potential large bounce buffer
allocations.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions for crypto service

Use user-access functions for crypto service functions, excluding
encryption, decryption and hasn operations, which might require
large bounce buff

core: use user-access functions for crypto service

Use user-access functions for crypto service functions, excluding
encryption, decryption and hasn operations, which might require
large bounce buffer allocations. Besides these operations, user-
access functions are applied for those functions that takes
attributes, IVs, big numbers, and auxiliary data from the user-
space.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the

core: use user-access functions in system PTA

When user TAs call into the system PTA, allocate bounce buffers and
copy data from the user buffers to the bounce buffers, which can be
accessed by the core kernel functions.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use GET_USER_SCALAR() to save TA panic regs

Use GET_USER_SCALAR() macro to retrieve register values from the
user stack upon TA panic.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Revie

core: use GET_USER_SCALAR() to save TA panic regs

Use GET_USER_SCALAR() macro to retrieve register values from the
user stack upon TA panic.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions for storage svc

Use user-access functions within storage service syscalls, mainly to
copy object id from user-spaced buffers.

Signed-off-by: Seonghyun Park <seonghp@

core: use user-access functions for storage svc

Use user-access functions within storage service syscalls, mainly to
copy object id from user-spaced buffers.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions for passing params

Use user-access functions for parameter-passing between user TA and
the core when calling another TA from a TA and when entering a user
TA.

Signed

core: use user-access functions for passing params

Use user-access functions for parameter-passing between user TA and
the core when calling another TA from a TA and when entering a user
TA.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seon

core: use user-access functions in ldelf interaction

When interacting with LDELF, replace implicit user space accesses from
privileged mode using proper user-access functions.

Co-developed-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Review

core: add bb_strndup_user()

Adds bb_strndup_user() to copy a user space string into a bounce buffer
large enough to hold the string.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

core: add more user access functions

Add more user access functions: clear_user(), strnlen_user() and
bb_memdup_user(), which can be used to manipulate, check or duplicate
given user space buffers.

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(),

core: add bounce buffer to user mode context

Adds a bounce buffer for user space buffer to be used during syscall
processing to avoid unchecked privileged access into user space memory.

bb_alloc(), bb_free(), and bb_reset() are added to manage memory
allocation from the bounce buffer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

arm64: Introduce permissive PAN implementation

Privileged Access Never (PAN) is a part of ARMv8.1 extension that
restricts accesses to unprivileged memory from privileged mode
in order to prevent un

arm64: Introduce permissive PAN implementation

Privileged Access Never (PAN) is a part of ARMv8.1 extension that
restricts accesses to unprivileged memory from privileged mode
in order to prevent unintended accesses to potentially malicious
memory.

This introduces configuration of PAN and helper functions
enter_user_access() and exit_user_access() that toggles PSTATE.PAN
that controls the behavior of PAN.

Current OP-TEE impelmentation is not ready to apply strict PAN policy
due to missing user-access function uses, etc.

Hence, this patch takes a very permissive approach (yet better
than nothing), where PAN is deactivated in the entire lifetime of
thread_svc_handler (i.e., system call).

Signed-off-by: Seonghyun Park <seonghp@amazon.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: stub stm32mp13 regulators

Implements stubs for SCMI regulators that are to be exposed by STM32MP13
SCMI server but are not implemented yet in OP-TEE core. The drivers for
these regula

plat-stm32mp1: stub stm32mp13 regulators

Implements stubs for SCMI regulators that are to be exposed by STM32MP13
SCMI server but are not implemented yet in OP-TEE core. The drivers for
these regulators (IOD SDMMC1/2 and VREFBUF) will be implemented once
there is a regulator framework in OP-TEE. In the meantime, stubbing those
allows to use the platform.

Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: J

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: Jihwan Park <jihwp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: change log level in SCMI server

The SCMI server prints debug messages when handling some SCMI services.
At runtime this leads to a lot of traces and debug log level is too
verbose. Th

plat-stm32mp1: change log level in SCMI server

The SCMI server prints debug messages when handling some SCMI services.
At runtime this leads to a lot of traces and debug log level is too
verbose. Therefore change all debug traces to flow level for that
source file.

Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>

show more ...

core: tee_svc_cryp: report RSAES_PKCS1_OAEP_MGF1 bad hash ID

Fixes syscall_asymm_operate() to report inconsistent hash algorithm
specified as attribute for TEE_ALG_RSAES_PKCS1_OAEP_MGF1_* operations

core: tee_svc_cryp: report RSAES_PKCS1_OAEP_MGF1 bad hash ID

Fixes syscall_asymm_operate() to report inconsistent hash algorithm
specified as attribute for TEE_ALG_RSAES_PKCS1_OAEP_MGF1_* operations
as OP-TEE only supports the hash predefined for the request algorithm
TEE_ALG_RSAES_PKCS1_OAEP_MGF1_xxx.

Link: https://github.com/OP-TEE/optee_os/issues/6143
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

qemu_armv8a: fix build with CFG_USER_TA_TARGETS=ta_arm32

The proper way to build in-tree TAs in 64-bit mode by default is to set
supported-ta-targets to "ta_arm64 ta_arm32". Indeed, the default targ

qemu_armv8a: fix build with CFG_USER_TA_TARGETS=ta_arm32

The proper way to build in-tree TAs in 64-bit mode by default is to set
supported-ta-targets to "ta_arm64 ta_arm32". Indeed, the default target
is always defined as the first entry in supported-ta-targets, as
documented in mk/config.mk.

Fixes the following build error:

$ make CFG_USER_TA_TARGETS=ta_arm32 PLATFORM=vexpress-qemu_armv8a
bash: -W: invalid option
...

default-user-ta-target is not to be used by the platform configuration
files. It is meant to be set by the main Makefile. For this reason,
replace the conditional assignment (?=) with $(call force, ...) in order
to catch inconsistencies in a more friendly way.

Fixes: 07031b23de23 ("qemu_armv8a: set default-user-ta-target ?= ta_arm64")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...