core: pager: fix split_region() to maintain order

Fixes split_region() to maintain the order of paged regions when a
region is split into two.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_page

core: pager: fix split_region() to maintain order

Fixes split_region() to maintain the order of paged regions when a
region is split into two.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1 w/ gp, stmm)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager fix alloc_merged_pgt_array()

Fix the logic for how a shared pgt is detected in
alloc_merged_pgt_array(). Without this there's a buffer overrun in the
pgt_array plus of course not quite

core: pager fix alloc_merged_pgt_array()

Fix the logic for how a shared pgt is detected in
alloc_merged_pgt_array(). Without this there's a buffer overrun in the
pgt_array plus of course not quite right pgt pointers in that array.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix split_region() pgt assignment

Fixes an error in how pgt_array is copied from the original paged region
into the new split off region.

Fixes: 4a3f6ad054d4 ("core: pager: let struct

core: pager: fix split_region() pgt assignment

Fixes an error in how pgt_array is copied from the original paged region
into the new split off region.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix increment calculation in tee_pager_set_um_region_attr()

With the introduction of the commit referred below may a paged region
span multiple translation tables, but tee_pager_set_um_

core: pager: fix increment calculation in tee_pager_set_um_region_attr()

With the introduction of the commit referred below may a paged region
span multiple translation tables, but tee_pager_set_um_region_attr()
wasn't updated to handle this. So fix this by accurately calculate
the increment in the main loop of that function.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-zynq7k: fix wrong argument ordering in NS world unlocking

A defect was introduced in 3.5.0 where the register value and address
in io_write32 are displaced, which eventually led to failure swit

plat-zynq7k: fix wrong argument ordering in NS world unlocking

A defect was introduced in 3.5.0 where the register value and address
in io_write32 are displaced, which eventually led to failure switching
to NS world.

Fixes: af4c7f4b3ad2 ("zynq7k: upgrade from write32() to io_write32() and friends")
Signed-off-by: Yan Yan <yan.yan@windriver.com>
Tested-by: Yan Yan <yan.yan@windriver.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: add compulab iot-gate-imx8 board support

Support for Compulab IoT Gateway (imx8mm) platform.
(PLATFORM=imx-mx8mm_cl_iot_gate)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
A

plat-imx: add compulab iot-gate-imx8 board support

Support for Compulab IoT Gateway (imx8mm) platform.
(PLATFORM=imx-mx8mm_cl_iot_gate)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

libtomcrypt: fix rsa key generation public exponent

Fix libtomcrypt crypto_acipher_gen_rsa_key() to call rsa_make_key_bn_e()
API to generate a RSA key with a public exponent up to 256 bits.

RSA sta

libtomcrypt: fix rsa key generation public exponent

Fix libtomcrypt crypto_acipher_gen_rsa_key() to call rsa_make_key_bn_e()
API to generate a RSA key with a public exponent up to 256 bits.

RSA standard specify that public exponent e can be between 65537 (included)
and 2^256 (excluded).

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core_mmu: fix implicit behavior of core_mmu_add_mapping()

In core_mmu_add_mapping() requested physical address
rounded up/down to granule size (0x100000), which leads
to establishing of virtual mapp

core_mmu: fix implicit behavior of core_mmu_add_mapping()

In core_mmu_add_mapping() requested physical address
rounded up/down to granule size (0x100000), which leads
to establishing of virtual mappings with overlapped
physical counterparts. If two virtual mappings overlaps
due to such roundings, then following phys_to_virt() can
implicitly return result of virtual address from
unexpected mapping. This patch fix such behavior by
returning virtual address of newly established mapping.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Rybakov <a.rybakov@omp.ru>

show more ...

rsa: add rsa key generate with public exponent upto 256 bits

Function rsa_make_key() limits the RSA key generates to a public
exponent of type long (32 bits or 64 bits).
RSA standard specify that pu

rsa: add rsa key generate with public exponent upto 256 bits

Function rsa_make_key() limits the RSA key generates to a public
exponent of type long (32 bits or 64 bits).
RSA standard specify that public exponent e can be between 65537 (included)
and 2^256 (excluded).

Add function rsa_make_key_ubin_e to use a hexadecimal public exponent.
Add function rsa_make_key_bn_e to use a bignumber public exponent
(op-tee).

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
[jf: cherry-pick commit 49556a8e606cfa37375324a6051833f3db916640 upstream]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks are OK since db->files mustn't be NULL if db->nbits is
larger than 0.

This confuses coverity to emit a warning, so change the function to
check db->nbits instead.

This fixes coverity scan:
CID 1501793 (#1 of 1): Dereference after null check (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix tee_fs_dirfile_get_tmp() coverity warning

In tee_fs_dirfile_get_tmp() dirh->files is checked to be not NULL
leading but at another place dirh->nbits is checked instead before
accessing dir

core: fix tee_fs_dirfile_get_tmp() coverity warning

In tee_fs_dirfile_get_tmp() dirh->files is checked to be not NULL
leading but at another place dirh->nbits is checked instead before
accessing dirh->files. Both checks are OK since dirh->files mustn't be
NULL if dirh->nbits is larger than 0.

This confuses coverity to emit a warning, so change the function to
check dirh->nbits instead.

This fixes coverity scan:
CID 1501821 (#1 of 1): Dereference after null check (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a result, but the normal function calling convention requires
r4-r7 to be preserved so save and restore them.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FF-A: add missing break statements to spmc_sp_msg_handler()

Some break statements are missing in spmc_sp_msg_handler(). Add them.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jero

core: FF-A: add missing break statements to spmc_sp_msg_handler()

Some break statements are missing in spmc_sp_msg_handler(). Add them.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: enable hardware RNG pseudo TA

Enable access of hardware entropy through HWRNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.

plat: rcar: enable hardware RNG pseudo TA

Enable access of hardware entropy through HWRNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this rea

core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this reason the interface of rng.pta implemented for Developerbox
platform is re-used. Interface is generic and corresponds to in-kernel
optee-rng driver.

Pseudo TA interface is specifically used so that credible entropy is
available to REE early at boot, even before user-space is fully up.

[1] https://lwn.net/Articles/777260/

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
}

According to OpenSSL,
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
part is encoded as
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05

Links for reference:
OpenSSL: https://bit.ly/3hVZ7Is
RFC: https://datatracker.ietf.org/doc/html/rfc8017#section-9.2[Page 46]

But in this case it was being formed as
0x2A,0x86,0x48,0x86,0x48,0x02,0x05 which was wrong.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jer

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platfor

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers preven

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers prevents crashes with ASLR enabled.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
fu

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
function.

ROM API provides 32 bytes of random data at a time. To optimally use it, we
need to cache received random vector and provide random number bytes from
it one by one.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: add support for ROM API calls including HW RNG

RCAR Gen3 SoCs have public ROM API functions that provide access to various
security-related features, including access to hardware random

plat: rcar: add support for ROM API calls including HW RNG

RCAR Gen3 SoCs have public ROM API functions that provide access to various
security-related features, including access to hardware random number
generator.

This patch adds both generic ROM API interface and wrapper function for
ROM_GetRndVector() call.

As ROM API code is written with identity mapping in mind, we can't call
those function with MMU enabled. So we need a special trampoline function
that would disable MMU, save state and jump to ROM API code.

Beginning with the latest revisions (H3 ES3.0, M3 ES1.1, etc) of Renesas
SoCs, ROM API addresses are fixed, but prior to that each family had own
address, so we need to maintain table of all possible addressed and select
correct one in runtime.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: store PRR value in global variable

Product Register will be needed not only by get_core_pos_mpidr
function but by other platform code as well. So move its cached
value into variable in m

plat: rcar: store PRR value in global variable

Product Register will be needed not only by get_core_pos_mpidr
function but by other platform code as well. So move its cached
value into variable in main.c

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: disable aarch32 support for OP-TEE core

While it is theoretically possible to boot RCar Gen3 SoC in aarch32
mode, it isn't supported by Renesas BSP. ARM TF provided by Renesas
boots only

plat: rcar: disable aarch32 support for OP-TEE core

While it is theoretically possible to boot RCar Gen3 SoC in aarch32
mode, it isn't supported by Renesas BSP. ARM TF provided by Renesas
boots only in aarch64 mode. Also it lacks aarch32 assembler code, so
it is not possible to built it for aarch32 at all.

Therefore, there is a little sense in supporting aarch32 in
OP-TEE (for plat-rcar, of course) - user just can't boot it. On other
hand it requires additional efforts to maintain aarch32 assembly code
that newer will be used.

This patch enforces CFG_ARM64_core build option and removes all
aarch32 related parts.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

boot: introduce plat_get_aslr_seed()

Platforms may provide own ways to get ASLR seed, so this commit
adds weak function plat_get_aslr_seed(), which is called when we
can't obtain seed from FDT.

Sig

boot: introduce plat_get_aslr_seed()

Platforms may provide own ways to get ASLR seed, so this commit
adds weak function plat_get_aslr_seed(), which is called when we
can't obtain seed from FDT.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...