ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_g

ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_get_current_session() in ftrace_update_times() in replacement of
tee_ta_get_current_session(). At this point it can happen that no
current session exists, in which case the function should simply return.
Unfortunately ts_get_current_session() will call panic() is such a
situation. The proper function is ts_get_current_session_may_fail().

Fixes: 00b3b9a25e76 ("core: add generic struct ts_session")
Fixes: https://github.com/OP-TEE/optee_os/issues/4313
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: rpmb: fix initialization of new rpmb data

Add memset() calls to ensure added object is extended with byte value 0
as specified in GPD TEE specification.

Fixes: 64c6d2917d12 ("core: rpmb fs us

core: rpmb: fix initialization of new rpmb data

Add memset() calls to ensure added object is extended with byte value 0
as specified in GPD TEE specification.

Fixes: 64c6d2917d12 ("core: rpmb fs uses mempool for temporary transfer buffers")
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: tee_rpmb_fs: Return error when block decryption fails

When decrypt_block fails (although unlikely) it shouldn't be silently
ignored. In such case the data in the buffer pointed to by *out is
u

core: tee_rpmb_fs: Return error when block decryption fails

When decrypt_block fails (although unlikely) it shouldn't be silently
ignored. In such case the data in the buffer pointed to by *out is
unmodified or bogus while the return code is TEE_SUCCESS.

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: remove temporary external DT mapping

During boot the external DT is mapped while processing the DT. Once
OP-TEE is done with the DT it should be unmapped to avoid stale mappings
that might cau

core: remove temporary external DT mapping

During boot the external DT is mapped while processing the DT. Once
OP-TEE is done with the DT it should be unmapped to avoid stale mappings
that might cause problems later. Fix this by calling
core_mmu_rem_mapping() from release_external_dt() just before jumping to
normal world.

Fixes: https://github.com/OP-TEE/optee_os/issues/4278
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ifdef frag_id member in struct dt_descriptor

The frag_id member in struct dt_descriptor is only used if
CFG_EXTERNAL_DTB_OVERLAY is defined, so make it conditional.

Acked-by: Etienne Carriere

core: ifdef frag_id member in struct dt_descriptor

The frag_id member in struct dt_descriptor is only used if
CFG_EXTERNAL_DTB_OVERLAY is defined, so make it conditional.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_remove_mapping()

Adds core_mmu_remove_mapping() which removes mappings earlier added with
core_mmu_add_mapping().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acke

core: add core_mmu_remove_mapping()

Adds core_mmu_remove_mapping() which removes mappings earlier added with
core_mmu_add_mapping().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: remove security check for i.MX6SDL

The i.MX6SDL SoCs do not expose the security configuration in the HPSR
registers correctly, they always return SNVS_SECURITY_CFG_FAB (000),
however the

core: imx: remove security check for i.MX6SDL

The i.MX6SDL SoCs do not expose the security configuration in the HPSR
registers correctly, they always return SNVS_SECURITY_CFG_FAB (000),
however the SSM information is still exposed correctly.
Remove the check for the security configuration, since the bits all read
zero on these SoCs, even if they are securely booted.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat-imx, plat-rzn1: remove redundant recipes to generate tee-raw.bin

Since commit 5ae0290f7f3b ("core: kernel: link.mk: Move rules to generate
tee-raw.bin and tee.srec from rcar platform"), the rec

plat-imx, plat-rzn1: remove redundant recipes to generate tee-raw.bin

Since commit 5ae0290f7f3b ("core: kernel: link.mk: Move rules to generate
tee-raw.bin and tee.srec from rcar platform"), the recipe to produce
tee-raw.bin is in the common makefile core/arch/arm/kernel/link.mk.
Therefore the recipes in core/arch/arm/plat-imx/link.mk and
core/arch/arm/plat-rzn1/link.mk are redundant and need to be removed.
Fixes the following build warning:

$ make -s PLATFORM=imx-mx6ullevk
core/arch/arm/plat-imx/link.mk:7: warning: overriding recipe for target 'out/arm-plat-imx/core/tee-raw.bin'
core/arch/arm/kernel/link.mk:230: warning: ignoring old recipe for target 'out/arm-plat-imx/core/tee-raw.bin'

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

core: rpmb fs uses mempool for temporary transfer buffers

RPMB FS driver may allocates a temporary buffer of size the one provided
by userland caller. These may be big buffer of dozens of kbytes and

core: rpmb fs uses mempool for temporary transfer buffers

RPMB FS driver may allocates a temporary buffer of size the one provided
by userland caller. These may be big buffer of dozens of kbytes and may
exhaust the heap capacities. Change the implementation to use a 4kByte
temporary buffer to update RPMB data instead of an allocated buffer of
the object target size. RPMB FAT entry data is updated by chunks of the
temporary buffer size, and RPMB FAT meta data is updated afterwards as
prior this change.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: do not enable CFG_CRYPTO_DRIVER with CFG_NXP_CAAM

Some IMX users might choose a different crypto driver (like the SE050)
but still require CAAM to provide the hardware unique key and perha

plat-imx: do not enable CFG_CRYPTO_DRIVER with CFG_NXP_CAAM

Some IMX users might choose a different crypto driver (like the SE050)
but still require CAAM to provide the hardware unique key and perhaps
the RNG - since reading the RNG over I2C can impact performance on
some platforms.

This commit allows for such configuration.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as

core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as for utee_* syscalls. To distinguish between the different SVCs, the
syscall handler pointer is updated before entering ldelf and restored
after returning. The step of opening a system PTA session and invoking
the commands there is eliminated, the necessary functionality is
implemented in the ldelf syscall functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: add handle_db_is_empty() function

Implements a function that checks if a handle database is empty, i.e.
all pointers stored in the database are NULL.

Acked-by: Etienne Carriere <etienne.carri

core: add handle_db_is_empty() function

Implements a function that checks if a handle database is empty, i.e.
all pointers stored in the database are NULL.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
se

core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
session without modifying the ts_ops defined in the session context.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open

core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open_ta_binary(), etc.) or they provide an interface for TAs to
invoke services implemented in user space by ldelf (call_ldelf_dlopen(),
call_ldelf_dlsym()). Extract these to a separate file as a first step
towards converting the PTA system_*() calls into proper ldelf-specific
syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it gene

core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it generic and reachable for all sessions, not just TAs. This
enables extracting ldelf related code from system PTA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: prefer struct user_mode_ctx in system PTA

Most functions in system PTA have struct ts_session as parameter, but
only use it for getting the pointer to user_mode_ctx. This commit
simplifies the

core: prefer struct user_mode_ctx in system PTA

Most functions in system PTA have struct ts_session as parameter, but
only use it for getting the pointer to user_mode_ctx. This commit
simplifies the code by doing the casting in a single place and passing
user_mode_ctx as an argument instead.

This also eliminates casting to user_ta_ctx as an intermediate step. It
is a preparation step for extracting ldelf related functions from system
PTA to an ldelf specific syscall handler.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left

So far the error TEE_ERROR_OUT_OF_MEMORY was returned if no
free memory could be allocated in the RPMB to store new data.
According to

core: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left

So far the error TEE_ERROR_OUT_OF_MEMORY was returned if no
free memory could be allocated in the RPMB to store new data.
According to TEE Internal Core API Specification the error
TEE_ERROR_STORAGE_NO_SPACE shall be returned if insufficient
space is available to create the persistent object.

Signed-off-by: Stefan Schmidt <snst@meek.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Reintroduce memalign() and friends

memalign() and friends where removed with the
commit 8cd8a6296974 ("Remove memalign()").

At the time memalign() was unused and a bit buggy. This new memalign()
is

Reintroduce memalign() and friends

memalign() and friends where removed with the
commit 8cd8a6296974 ("Remove memalign()").

At the time memalign() was unused and a bit buggy. This new memalign()
is believed to work correctly due to extensive testing. Recently
memalign() has been needed by certain drivers so it makes sense to add
it again.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_v8: configure secure interrupts

Configures GIC and enable reception of interrupts from the secure uart.
This enables testing of secure interrupts on the QEMU v8 platform by
typing in the secure

qemu_v8: configure secure interrupts

Configures GIC and enable reception of interrupts from the secure uart.
This enables testing of secure interrupts on the QEMU v8 platform by
typing in the secure log.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: build: elliptic curve

Makefile changes to compile-in and enable elliptic curve support.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wikland

crypto: se050: build: elliptic curve

Makefile changes to compile-in and enable elliptic curve support.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: core: elliptic curve implementation

Elliptic curve driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etie

crypto: se050: core: elliptic curve implementation

Elliptic curve driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: adaptors: elliptic curve

APDU and utility functions required to support elliptic curve
cryptography.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander

crypto: se050: adaptors: elliptic curve

APDU and utility functions required to support elliptic curve
cryptography.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: limitations to RSA crypto

The supported algorithms for encryption/decryption are:
PKCS1_OAEP
PKCS1_V1_5

When using PKCS1_PSS_MGF1 the se050 also has some restrictions on

drivers: crypto: se050: limitations to RSA crypto

The supported algorithms for encryption/decryption are:
PKCS1_OAEP
PKCS1_V1_5

When using PKCS1_PSS_MGF1 the se050 also has some restrictions on the
hash algorithms that can be used depending on the RSA key size.

Source: Plug And Trust MW documentation, Release v02,14,00 (Apr 03,
2020)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

Use barrier_read_cntpct() to read CNTPCT

Arm ARM quite clearly mentions [1] [2] that such reads must be preceded
by an ISB to forbid re-ordering.

[1] https://developer.arm.com/documentation/ddi0487

Use barrier_read_cntpct() to read CNTPCT

Arm ARM quite clearly mentions [1] [2] that such reads must be preceded
by an ISB to forbid re-ordering.

[1] https://developer.arm.com/documentation/ddi0487/fc/ page D13-2863
"Synchronization requirements for AArch64 System registers" and page
G8-6146 "Ordering of reads of System registers".
[2] https://developer.arm.com/documentation/ddi0406/cd/ page B3-1441
"Ordering of reads of system control registers"

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Olivier Deprez <Olivier.Deprez@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add barrier_read_cntpct()

Adds barrier_read_cntpct() to arm.h. To be used as a helper when reading
CNTPCT.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <eti

core: add barrier_read_cntpct()

Adds barrier_read_cntpct() to arm.h. To be used as a helper when reading
CNTPCT.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...