core: crypto: fix invalid SM3 output with Clang -Os

Several crypto tests fail when OP-TEE is built with Clang in non-debug
mode, more precisely with -Os. xtest numbers 4001, 4002, 4006 and 4014
are

core: crypto: fix invalid SM3 output with Clang -Os

Several crypto tests fail when OP-TEE is built with Clang in non-debug
mode, more precisely with -Os. xtest numbers 4001, 4002, 4006 and 4014
are impacted.

The root cause is the shift operations in the ROTL(x, n) are undefined
when n > 32 because the values to shift are uint32_t, but the macro is
used with 0 <= n < 64.

By masking n with 0x1F (thus implementing a modulo 32), we continue
rotating the bits when n >= 32.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_C

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_CLF_TMP is not set or the opposite. In such cases,
get_stack_limits() would return invalid values. The consequence is a
debugging issue: no stack dump on core panic or abort.

This was found with the help of compiler instrumentation
(-finstrument-functions).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug). This is not done consistently, fix that.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <j

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Fau

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: change caam_cipher_block() prototype for added block

Introduce 'blocks' parameter for caam_cipher_block() function for
addtionnal data block to handle during cipher operations.
Add `e

drivers: caam: change caam_cipher_block() prototype for added block

Introduce 'blocks' parameter for caam_cipher_block() function for
addtionnal data block to handle during cipher operations.
Add `enum caam_cipher_block` to describe these additionnal data blocks.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: change caam_set_or_alloc_align_buf() prototype

The function now returns an `enum caam_status`.
It also returns a boolean with realloc pointer : true if the buffer is
reallocated by th

drivers: caam: change caam_set_or_alloc_align_buf() prototype

The function now returns an `enum caam_status`.
It also returns a boolean with realloc pointer : true if the buffer is
reallocated by the function, false otherwise.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: move MAX_DESC_ENTRIES to local.h

Move maximum job ring descriptor entries to local.h

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@lin

drivers: caam: move MAX_DESC_ENTRIES to local.h

Move maximum job ring descriptor entries to local.h

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates

drivers: imx_i2c: add I2C support

This driver provides native access to the I2C bus on iMX.

The driver will not query the clock hierarchy - to find the base clock
rate - because it overcomplicates the deliverable for not much added
value (this can be done at a later time if required).

The U-Boot and Linux GPL code was initially used as a reference;
however due to the simpler OP-TEE use case requirements, the code was
later re-written following the reference manual [1].

This driver will not access addresses within a I2C slave map.

This driver must not be used while the Linux kernel is running unless
the following is guaranteed:
- that the I2C bus will not be suspended.
- that there will not be collisions with other bus masters.

Without those guarantees, please use a trampoline driver to route the
I2C requests to Linux.

Tested on imx8mm-lpddr4.

[1] i.MX 8M Mini Applications Processor Reference Manual
Document Number: IMX8MMMRM
Rev.2 08/2019

Tested-by: Jorge Ramirez-Ortiz <jorge@foundries.io> (imx8mm)
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: call release_external_dt() via finalcalls

Calls release_external_dt() via finalcalls instead of a direct call
in paged_init_primary().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

core: call release_external_dt() via finalcalls

Calls release_external_dt() via finalcalls instead of a direct call
in paged_init_primary().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add call_finalcalls()

Adds call_finalcalls() called at the end of paged_init_primary() just
before switching to normal world boot. This allows separation of
initcalls and finalcalls needed by

core: add call_finalcalls()

Adds call_finalcalls() called at the end of paged_init_primary() just
before switching to normal world boot. This allows separation of
initcalls and finalcalls needed by virtualization.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call call_initcalls() directly

Now that init_teecore() is only a wrapper around call_initcalls(), drop
that function and call call_initcalls() directly from
init_tee_runtime().

Also move the

core: call call_initcalls() directly

Now that init_teecore() is only a wrapper around call_initcalls(), drop
that function and call call_initcalls() directly from
init_tee_runtime().

Also move the file to core/kernel/initcall.c since that's what it does.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call fobj_generate_authenc_key() via initcalls

Calls fobj_generate_authenc_key() via initcalls instead of a direct call
in init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@lina

core: call fobj_generate_authenc_key() via initcalls

Calls fobj_generate_authenc_key() via initcalls instead of a direct call
in init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call time_source_init() via initcalls

Calls time_source_init() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off

core: call time_source_init() via initcalls

Calls time_source_init() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call teecore_init_pub_ram() via initcalls

Calls teecore_init_pub_ram() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Si

core: call teecore_init_pub_ram() via initcalls

Calls teecore_init_pub_ram() via initcalls instead of a direct call in
init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move tee_svc_uref_base to init_user_ta()

tee_svc_uref_base is only needed with user TAs so move initialization to
init_user_ta() in order to simplify init_teecore().

Reviewed-by: Etienne Carr

core: move tee_svc_uref_base to init_user_ta()

tee_svc_uref_base is only needed with user TAs so move initialization to
init_user_ta() in order to simplify init_teecore().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add debug prints for initcall functions

Adds debug prints when calling function. Enabled with DMSG() prints and
gives an output like:
D/TC:0 0 call_initcalls:30 level 3 check_ta_store()
D/TC:0

core: add debug prints for initcall functions

Adds debug prints when calling function. Enabled with DMSG() prints and
gives an output like:
D/TC:0 0 call_initcalls:30 level 3 check_ta_store()
D/TC:0 0 check_ta_store:635 TA store: "REE"
D/TC:0 0 call_initcalls:30 level 3 init_user_ta()
D/TC:0 0 call_initcalls:30 level 3 verify_pseudo_tas_conformance()
D/TC:0 0 call_initcalls:30 level 3 mobj_mapped_shm_init()
D/TC:0 0 mobj_mapped_shm_init:447 Shared memory address range: e300000, 10300000
D/TC:0 0 call_initcalls:30 level 3 tee_cryp_init()
D/TC:0 0 call_initcalls:30 level 4 tee_fs_init_key_manager()
D/TC:0 0 call_initcalls:30 level 5 init_console_itr()
D/TC:0 0 gic_it_set_cpu_mask:251 cpu_mask: writing 0xff to 0x10d00828
D/TC:0 0 gic_it_set_cpu_mask:253 cpu_mask: 0xff
D/TC:0 0 gic_it_set_prio:266 prio: writing 0x1 to 0x10d00428
D/TC:0 0 call_initcalls:30 level 6 mobj_init()
D/TC:0 0 call_initcalls:30 level 6 default_mobj_init()
I/TC:0 0 init_teecore:73 Initialized

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix print_kernel_stack() outside normal thread context

print_kernel_stack() depends on thread_stack_start() and
thread_stack_size() to get information about the current stack and stop
unwindin

core: fix print_kernel_stack() outside normal thread context

print_kernel_stack() depends on thread_stack_start() and
thread_stack_size() to get information about the current stack and stop
unwinding outside of the expected range. These functions can only be
used in a thread context; they don't work during the early boot when a
temporary stack is used. Therefore, we often get truncated stack dumps
when an abort or panic() occurs during boot.

This commit introduces a new function: get_stack_limits(), which will
correctly identify cases when the temporary stack is used. Tested on
QEMU (32/64 bits) by calling panic() at various stages of the boot. A
complete call stack was printed on the console every time (note: with
optimization set to -O0 via CFG_CC_OPTIMIZE_FOR_SIZE=n).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize thread_core_local::curr_thread to -1

The struct thread_core_local for each CPU is global, hence initialized
to zero when .bss is cleared. So before threads are initialized we have
a

core: initialize thread_core_local::curr_thread to -1

The struct thread_core_local for each CPU is global, hence initialized
to zero when .bss is cleared. So before threads are initialized we have
a seemingly valid curr_thread value (0) when we should really have -1.
thread_get_id_may_fail() can return 0 although there is no current
thread.

Fix this by setting curr_thread to -1 earlier in the boot.

Note: this moves code out of thread_init_threads(), which is called by
virt_guest_created() when virtualization is enabled. I think it is the
right thing to do because I see no reason why the thread_core_local
structures should be cleared when a guest is added (the data belong to
.nex_bss).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
CC: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: clang: increase temporary stack size

When building for HiKey with Clang 10.0.0 and DEBUG=1 we get the
following panic:

D/TC:0 0 check_pa_matches_va:2120 va 0x3b000000 maps 0x3f200000,

core: arm64: clang: increase temporary stack size

When building for HiKey with Clang 10.0.0 and DEBUG=1 we get the
following panic:

D/TC:0 0 check_pa_matches_va:2120 va 0x3b000000 maps 0x3f200000, expect 0x0
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:2121 <check_pa_matches_va>

The root cause is an overflow of the temporary stack. DEBUG=1 sets
CFG_CC_OPTIMIZE_FOR_SIZE=n which in turn sets the optimization flags to
-O0 instead of -Os. In this configuration, Clang apparently needs much
more stack space (not something observed with GCC).

This commit increases the temporary stacks from approximately 2K per
core to approximately 4K per core.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey620 AOSP)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <et

core: remove generic_ from generic_boot

Now that the CFG_GENERIC_BOOT configuration flag has been removed also
remove "generic_" prefix from and in the related files.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make generic boot mandatory

The OP-TEE booting has since quite some time been unified in the sense
that all platforms use CFG_GENERIC_BOOT=y. Make this configuration option
mandatory and remov

core: make generic boot mandatory

The OP-TEE booting has since quite some time been unified in the sense
that all platforms use CFG_GENERIC_BOOT=y. Make this configuration option
mandatory and remove the CFG_GENERIC_BOOT flag.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...