core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffe

core: tee_ta_instance_stats(): correct the allocation size of dump_ctx

Problem: Wrongly use sizeof(struct tee_ta_dump_stats) to calculate out
the allocation size of dump_ctx. This error causes buffer overflow when
iterating dump_ctx.

Solution: Correct the allocation size to
sizeof(struct tee_ta_dump_ctx) * ta_count.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

drivers: caam: fix MP abstraction layer functions

Compile manufacturing HAL functions only if the platform supports it.

Fixes: d538d2936c22 ("drivers: caam: add manufacturing protection feature")
S

drivers: caam: fix MP abstraction layer functions

Compile manufacturing HAL functions only if the platform supports it.

Fixes: d538d2936c22 ("drivers: caam: add manufacturing protection feature")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag

Add CFG_NXP_CAAM_MATH_DRV compilation flag for caam_math.c
Remove CFG_NXP_CAAM_ACIPHER_DRV flag.
Bind the compilation of caam_rsa.c an

drivers: caam: math: add CFG_NXP_CAAM_MATH_DRV compilation flag

Add CFG_NXP_CAAM_MATH_DRV compilation flag for caam_math.c
Remove CFG_NXP_CAAM_ACIPHER_DRV flag.
Bind the compilation of caam_rsa.c and caam_prime_rsa.c to
CFG_NXP_CAAM_RSA_DRV.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libtomcrypt: fix pkcs_1_v1_5_decode() when empty message

In case of EME-PKCS1-v1_5 decoding, the encoded message
format is as follow : EM = 0x00 || 0x02 || PS || 0x00 || M.
When using an empty messa

libtomcrypt: fix pkcs_1_v1_5_decode() when empty message

In case of EME-PKCS1-v1_5 decoding, the encoded message
format is as follow : EM = 0x00 || 0x02 || PS || 0x00 || M.
When using an empty message, the 0x00 octet that separates
the padding string and message is located at the end. Thus,
update the condition to pass the check in case of empty message.

This fixes the following AOSP cts test:
Module: CtsKeystoreTestCases
Test: testEmptyPlaintextEncryptsAndDecrypts
Link: https://android.googlesource.com/platform/cts/+/refs/tags/android-cts-12.0_r6/tests/tests/keystore/src/android/keystore/cts/CipherTest.java

Signed-off-by: Safae Ouajih <souajih@baylibre.com>
[jf: upstream commit caf350028833]
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: crypto: add support for SM2_DSA_SM3

Adds TEE_TYPE_SM2_DSA_SM3_PUBLIC_KEY to
drvcrypt_asym_alloc_ecc_public_key() and adds
TEE_TYPE_SM2_DSA_SM3_KEYPAIR to drvcrypt_asym_alloc_ecc_keypair().

drivers: crypto: add support for SM2_DSA_SM3

Adds TEE_TYPE_SM2_DSA_SM3_PUBLIC_KEY to
drvcrypt_asym_alloc_ecc_public_key() and adds
TEE_TYPE_SM2_DSA_SM3_KEYPAIR to drvcrypt_asym_alloc_ecc_keypair(). Adds
support for TEE_MAIN_ALGO_SM2_DSA_SM3 in ecc_sign and ecc_verify.

Signed-off-by: Zexi Yu <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove duplicate driver_init() call

Remove duplicated call to driver_init().
The previous driver_init() call would only initialize the driver.
The new driver_init() call initializes the d

core: imx: remove duplicate driver_init() call

Remove duplicated call to driver_init().
The previous driver_init() call would only initialize the driver.
The new driver_init() call initializes the driver and its power
management callback.

Fixes: 97eb916803fe ("drivers: imx: tzc380: re-configure TZ380 upon PM resume")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Fix idx truncation bug

When the idx of TA memory mapping is assigned, it is saved in the
l1_idx_t, which is the uint8_t or uint16_t type. But when it is
parsed, it is saved in uint8_t whic

core: mm: Fix idx truncation bug

When the idx of TA memory mapping is assigned, it is saved in the
l1_idx_t, which is the uint8_t or uint16_t type. But when it is
parsed, it is saved in uint8_t which can cause truncation.
To solve this problem, the idx should be saved in the l1_idx_t
type when parsing the idx.

Signed-off-by: leisen <leisen1@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: edit commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: fix loading of encrypted TA

The total size of headers for TAs signed with a subkey varies, take that
into account when sanity checking the img_size field of the signed
header.

Fixes: 19b1ce2b

core: fix loading of encrypted TA

The total size of headers for TAs signed with a subkey varies, take that
into account when sanity checking the img_size field of the signed
header.

Fixes: 19b1ce2b2b2b ("core: ree_fs: check ta size before use")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA

core: dump_ta_memstats(): check TA initialization completion before accessing it

Problem: In some concurrent cases, TA dump will try to
dump a TA which has not completed TA initialization and
the TA stack pointer isn't set. That causes a data abort
when accessing its stack.

Solution: Check the user TA initialization is completed or not.
If it is still being initialized, return TEE_ERROR_BAD_STATE.
https://github.com/OP-TEE/optee_os/issues/5905

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>

show more ...

drivers: se050: allow configuring the Secure Element applet

Add CFG_CORE_SE05X_VER to allow configuring the desirable applet
version.
This enables making the driver compatible with newer elements.

drivers: se050: allow configuring the Secure Element applet

Add CFG_CORE_SE05X_VER to allow configuring the desirable applet
version.
This enables making the driver compatible with newer elements.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.

dts: stm32: add OTP index for HUK on stm32mp15 platform

Add the OTP index on stm32mp15 platform to indicate where to find the
previously provisioned HUK.

Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas BOURGOIN <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: use DT HUK NVMEM layout API

Adds the possibility to get the HUK from OTP definition in the device tree
using the function stm32_bsec_find_otp_in_nvmem_layout().

Signed-off-b

drivers: stm32mp15_huk: use DT HUK NVMEM layout API

Adds the possibility to get the HUK from OTP definition in the device tree
using the function stm32_bsec_find_otp_in_nvmem_layout().

Signed-off-by: Thomas BOURGOIN <thomas.bourgoin@foss.st.com>
Acked-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

se050: ecc: SE050-F shared secret

The SE050-F does not support shared secret generation.
Allow this operation to also fallback to its software implementation.

Fixes: 6cc77cdd73aa ("crypto: drivers:

se050: ecc: SE050-F shared secret

The SE050-F does not support shared secret generation.
Allow this operation to also fallback to its software implementation.

Fixes: 6cc77cdd73aa ("crypto: drivers: se050-f: ecc: can fallback to softw-ops")
Test: xtest regression_4009
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: attestation: fix compilation incompatible pointer warning

To reproduce (any 64bits platform will do):
$ make PLATFORM=imx-mx8mmevk CFG_ATTESTATION_PTA=y CFG_WERROR=y

core/pta/attestation.c: In

pta: attestation: fix compilation incompatible pointer warning

To reproduce (any 64bits platform will do):
$ make PLATFORM=imx-mx8mmevk CFG_ATTESTATION_PTA=y CFG_WERROR=y

core/pta/attestation.c: In function ‘cmd_get_pubkey’:
core/pta/attestation.c:358:30: warning: initialization of ‘uint32_t *’ {aka ‘unsigned int *’} from incompatible pointer type ‘size_t *’ {aka ‘long unsigned int *’} [-Wincompatible-pointer-types]
358 | uint32_t *e_out_sz = &params[0].memref.size;
| ^
core/pta/attestation.c:360:30: warning: initialization of ‘uint32_t *’ {aka ‘unsigned int *’} from incompatible pointer type ‘size_t *’ {aka ‘long unsigned int *’} [-Wincompatible-pointer-types]
360 | uint32_t *n_out_sz = &params[1].memref.size;
| ^

Fixes: 7509620b8b95 ("GP131: Update TEE_Param")
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: Allow multiple SPs with same UUID

The FF-A spec allows multiple SPs to have the same UUID. This makes
it possible to use the FF-A UUID as a identifier for the protocol on
top of the FF-A

core: ffa: Allow multiple SPs with same UUID

The FF-A spec allows multiple SPs to have the same UUID. This makes
it possible to use the FF-A UUID as a identifier for the protocol on
top of the FF-A layer.
To achieve this we have to make sure that the FFA_PARTITION_INFO_GET can
return more then one endpoint id if we pass a UUID.
To make sure that there is no collision between the SP binaries names,
we distinguish between the FF-A UUID and the SP UUID. The SP UUID is used
to identify the SP itself. While the FF-A UUID is used as part of the
FF-A protocol.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: imx_ele: add ELE driver

Add EdgeLock Enclave (or ELE) driver support.
ELE is a built-in security subsystem available on imx8ulp and imx93
providing security features to the Cortex-A.

Signe

drivers: imx_ele: add ELE driver

Add EdgeLock Enclave (or ELE) driver support.
ELE is a built-in security subsystem available on imx8ulp and imx93
providing security features to the Cortex-A.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_mu: add MU base address and size for imx93

Add definition of MU_BASE and MU_SIZE for imx93.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.fori

drivers: imx_mu: add MU base address and size for imx93

Add definition of MU_BASE and MU_SIZE for imx93.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_mu: add MU base address and size for imx8ulp

Add definition of MU_BASE and MU_SIZE for imx8ulp.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.

drivers: imx_mu: add MU base address and size for imx8ulp

Add definition of MU_BASE and MU_SIZE for imx8ulp.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_mu: increase maximum MU message size

Increase MU message maximum size to 17 words. It corresponds to the
biggest message of the ELE API.

Signed-off-by: Clement Faure <clement.faure@nxp

drivers: imx_mu: increase maximum MU message size

Increase MU message maximum size to 17 words. It corresponds to the
biggest message of the ELE API.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_mu: add support for imx93

Add MU support for imx93.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carr

drivers: imx_mu: add support for imx93

Add MU support for imx93.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: spmc: move FIP SP deinit call

Move the FIP SP deinit call to before starting the SPs. This change does
not affect functionality, it's just to make the SP packages' lifetime
clearer in the code

core: spmc: move FIP SP deinit call

Move the FIP SP deinit call to before starting the SPs. This change does
not affect functionality, it's just to make the SP packages' lifetime
clearer in the code.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: spmc: fix FIP SP loading

The memory management in process_sp_pkg() function contains errors. It
tries to add new mappings for the SP packages that reside in the TA_RAM
PA range, but this range

core: spmc: fix FIP SP loading

The memory management in process_sp_pkg() function contains errors. It
tries to add new mappings for the SP packages that reside in the TA_RAM
PA range, but this range is already mapped so this is unnecessary and
wrong. Fix the code by simply using phys_to_virt() instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <j

core: ltc: use SHA-3 crypto accelerated function

Uses the recently provided accelerated SHA-3 function in LTC

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions

Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
A

core: arm64: SHAKE128 using ARMv8.2-A cryptographic extensions

Adds support for SHAKE128 or SHA3-128 sized blocks in
sha3_ce_transform().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions

Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPT

core: arm64: SHA-3 using ARMv8.2-A cryptographic extensions

Import SHA-3 assembly code from the Linux kernel (Linaro contribution).
Enabled with CFG_CRYPTO_SHA3_ARM_CE=y, set by default if
CFG_CRYPTO_WITH_CE82=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...