plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: E

plat-stm32mp1: conf: default disable CFG_EXTERNAL_DT

Default configuration for stm32mp1 does not access external DTB.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use t

core: boot: do not force implement the external device-tree ABI

Do not implement external device tree ABI if CFG_EXTERNAL_DT=n. Some
ecosystem implementation do not require OP-TEE to modify or use this
external device tree. This change is useful on 32bits systems where
OP-TEE only needs to pass BL33 DTB base address provided by earlier
boot stage: TF-A BL2.

CFG_EXTERNAL_DT default value is defined by CFG_DT for backward
compatibility of OP-TEE default configuration.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR

The ECC curve is not an attribute of an Ed25519 key pair, let alone a
mandatory one for key generation. It was mis

core: crypto: remove TEE_ATTR_ECC_CURVE as an attribute of TEE_TYPE_ED25519_KEYPAIR

The ECC curve is not an attribute of an Ed25519 key pair, let alone a
mandatory one for key generation. It was mistakenly added by commit
03e07432b68f ("ta: pkcs11: Add Ed25519 support"), thus breaking xtest
regression_4007_ed25519 (subcase .1 Generate Ed25519 key).
Remove that attribute from the key type definition.

Fixes: 03e07432b68f ("ta: pkcs11: Add Ed25519 support")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definitio

core: mmu: Fix wrong input argument of tee_mm_init()

Since commit [1], tee_mm_init() take pool size instead of end address.
This change corrects the input arg of caller which still use old
definition.

Link: [1] 2380d70 ("core: mmu: fix overflow with high address in tee_mm_pool_t")
Signed-off-by: james.jiang <james.jiang@mediatek.com>
Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.fori

plat-stm32mp1: conf: fix tzdram default size when w/o rsv-shm

Fix the default TZDRAM size that is 32MByte when CFG_CORE_RESERVED_SHM
is disable, not 30MByte.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-

plat-k3: Add support for j784s4 platform

Add SA2UL and TRNG support for TI SoC J784S4 through OP-TEE.

Signed-off-by: Jayesh Choudhary <j-choudhary@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
[jf: wrap line >80 characters]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than

core: tee_entry: fix array out of bounds check in cleanup_shm_refs()

cleanup_shm_refs() can be called with num_params larger than what has
been used by copy_in_params(). If num_params is larger than
TEE_NUM_PARAMS copy_in_params() will return an error and
cleanup_shm_refs() is called to clean up.

This leads to accessing uint64_t saved_attr[TEE_NUM_PARAMS] in
entry_invoke_command() or entry_open_session() out of bounds and
possibly also the u[TEE_NUM_PARAMS] array in struct tee_ta_param.

So fix this by capping num_params TEE_NUM_PARAMS in cleanup_shm_refs().

Fixes: b05cd886e06d ("core: enable non-contiguous temporary reference parameters")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-

ta: pkcs11: Add Ed25519 support

Add functionality to generate, import keys, sign/verify for
ED25519, ED25519ctx and ED25519ph.

The values for the object identifies originates from:
https://www.rfc-editor.org/rfc/rfc8420.html
A.1. ASN.1 Object for Ed25519

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libtomcrypt: Remove prng_state* NULL pointer check from ed25519_make_key()

For the same reasons as in commit 2d7740f6f44c ("core: libtomcrypt:
Remove prng_state* NULL pointer check from x25519_make_

libtomcrypt: Remove prng_state* NULL pointer check from ed25519_make_key()

For the same reasons as in commit 2d7740f6f44c ("core: libtomcrypt:
Remove prng_state* NULL pointer check from x25519_make_key()"), remove
the NULL pointer check in ed25519_make_key().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Car

core: riscv: include: introduce riscv.h header

Creates header file risc.v to define most of the RISC-V operations.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it

core: riscv: define RISC-V instruction set architecture in encoding.h

Define standard RISC-V instruction opcodes, control and status registers.
This file is auto-generated from riscv-opcodes and it is subject of
regular updates.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: plat-spike: default configuration for Spike platform

This commit sets the build configuration for a minimalist core to run
on Spike platform.

Signed-off-by: Marouene Boubakri <marouene

core: riscv: plat-spike: default configuration for Spike platform

This commit sets the build configuration for a minimalist core to run
on Spike platform.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c:

core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c: In function 'select_vector_wa_spectre_bhb':
core/arch/arm/kernel/thread.c:644:48: error: 'thread_user_kdata_page' undeclared (first use in this function); did you mean 'thread_user_kcode_size'?
644 | struct thread_core_local *cl = (void *)thread_user_kdata_page;
| ^~~~~~~~~~~~~~~~~~~~~~
| thread_user_kcode_size
core/arch/arm/kernel/thread.c:644:48: note: each undeclared identifier is reported only once for each function it appears in
core/arch/arm/kernel/thread.c:646:27: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
646 | cl[get_core_pos()].bhb_loop_count = loop_count;
| ^
core/arch/arm/kernel/thread.c:648:32: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
648 | thread_get_core_local()->bhb_loop_count = loop_count;
| ^~

Fix this by disabling the unused code.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
ar

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
are available in struct user_mode_ctx so pass a pointer to that struct
instead. This saves a few function arguments and also makes it a bit
more clear how a function can be used.

pgt_clear_ctx_range(), pgt_flush_ctx_range() and pgt_flush_ctx() are
renamed to drop the "_ctx" part in their names since it's not relevant
any longer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struc

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struct
vm_region. The translation tables will be kept available for the S-EL0
context as long at the mappings are unchanged.

Secure Partitions (SPs) can depend on translation tables always being
available and avoid having to wait for translation tables.

Memory for the translation tables is allocated from the same memory as
used for TAs and SPs. The number of available translation tables are
limited by the amount of TA/SP memory available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This m

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This matches better how page tables are managed since pgt_put_all()
doesn't free the tables, they are just put in a cache list from which
they later can be free or re-allocated.

pgt_alloc() to pgt_get_all():
pgt_get_all() may actually not allocate a new table, not if it can be
found in the cache list.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translat

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translation tables
core_mmu_populate_user_map() will only update translation tables which
are new and not populated yet.

Each user space context has a linked list of struct vm_region describing
the logical memory map. To ensure that this logical memory map is kept
in sync with the translation tables in use set_um_region() must be used
to copy the content of a struct vm_region into translation tables as
needed.

If the current context is updated then the pgts currently in use are
updated. However, if the context isn't current then the cached tables
are updated instead. When cached tables are updated some of the needed
translation tables may actually be missing. This is ignored at this
stage and later taken care of by core_mmu_populate_user_map() since
those tables will be new and have the "populated" entry set to false.
Once core_mmu_populate_user_map() has initialized tables "populated" is
set to true for each table.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too.

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too. The purpose of this is to allow core_mmu_populate_user_map() to
skip already initialized translation tables.

Add two helper functions pgt_pop_from_cache_list() and
pgt_push_to_cache_list() to be used when updating the translation tables
currently in the cache list.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etien

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <e

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs wa

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs was enabled this parameter was always true. So simplify the logic by
removing this parameter and where used internally always do as if
save_ctx was true. This means that pgts used for paging will always
first be pushed to the cache list to later be reclaimed by other means.

This patch does not change the de facto behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each priv

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each privileged thread has its own APIA key. There are also a
separate APIA key for each physical core used when handling an abort or
when using the tmp stack.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...