core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport

core: add optee_ffa.h defining the OP-TEE ABI for FF-A

Adds optee_ffa.h which defines the OP-TEE ABI when Arm Platform Security
Architecture Firmware Framework for Arm V8-A [1] is used as transport
instead of raw proprietary SMCs. This ABI where OP-TEE specific
implementation is used to fill the implementation specific gaps in the
specification is called OP-TEE FF-A, or sometimes just FF-A.

A new memref type, struct optee_msg_param_fmem, is added to carry
information needed to create new shared memory mobjs.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add FF-A 1.0 definitions

This patch adds FF-A 1.0 definitions based on [1] and an earlier version
of this .h file [2] from TF-A.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_F

core: add FF-A 1.0 definitions

This patch adds FF-A 1.0 definitions based on [1] and an earlier version
of this .h file [2] from TF-A.

Link: [1] https://static.docs.arm.com/den0077/a/DEN0077A_PSA_Firmware_Framework_Arm_v8-A_1.0_EAC.pdf
Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/plain/include/services/spci_beta0.h?h=topics/spci_beta0_spmd&id=c5afe561f653449f4fd9df1d50cf70c60fc0d343

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: psci.h: add PSCI_CPU_ON_SMC64

Adds PSCI_CPU_ON_SMC64 which is using the 64-bit calling convention as a
complement to define PSCI_CPU_ON using the 32-bit calling convention.

Acked-by: Etienne

core: psci.h: add PSCI_CPU_ON_SMC64

Adds PSCI_CPU_ON_SMC64 which is using the 64-bit calling convention as a
complement to define PSCI_CPU_ON using the 32-bit calling convention.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_etzpc: rename internal function init_device_from_hw_config()

Fix typo in function label: init_devive_from_hw_config() is renamed
init_device_from_hw_config().

Fix also a typo in source file i

stm32_etzpc: rename internal function init_device_from_hw_config()

Fix typo in function label: init_devive_from_hw_config() is renamed
init_device_from_hw_config().

Fix also a typo in source file inline comment.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce recursive mutexes

Adds support for recursive mutex objects. A recursive mutex may be
locked several times by the same thread without causing a deadlock.
The implementation is copied

core: introduce recursive mutexes

Adds support for recursive mutex objects. A recursive mutex may be
locked several times by the same thread without causing a deadlock.
The implementation is copied from the get_pool()/put_pool() functions
in lib/libutils/ext/mempool.c, which will be updated to use the new
mutex type in a later commit.

In order to avoid the overhead associated with recursive mutexes when
not needed, a new struct recursive_mutex is introduced as well as
specific functions: mutex_init_recursive(), mutex_destroy_recursive(),
mutex_lock_recursive() and mutex_unlock_recursive(). A static initializer
is also available (RECURSIVE_MUTEX_INITIALIZER).
mutex_get_recursive_lock_depth() returns the current lock depth (only
valid to call from the thread holding the lock).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mutex: replace -1 with THREAD_ID_INVALID

Code cleanup: use THREAD_ID_INVALID rather that its value (-1).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <

core: mutex: replace -1 with THREAD_ID_INVALID

Code cleanup: use THREAD_ID_INVALID rather that its value (-1).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is m

core: make thread ID a short int

Changes thread_get_id() and thread_get_id_may_fail() to return 'short
int' instead of 'int'. That is, 16 bits instead of 32 on all supported
architectures which is more than enough since the largest thread ID
value is (CFG_NUM_THREADS - 1). Note, struct wait_queue_elem::handle
is already a short int.

trace_ext_get_thread_id() is not changed (still returns an int) because
it is part of the TA API and modifying it would needlessly introduce
incompatibilities.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't f

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't fail with TEE_ERROR_BAD_PARAMETERS.

Signed-off-by: Roland Nagy <rnagy@xmimx.tk>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jen

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on that is calculated with NULL as base.

Also fixed a cast in the same code lines to keep constness.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carr

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by:

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwi

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. N

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. Not sure it matters much, but in order to avoid any functional
change, CFG_WITH_STACK_CANARIES ?= n is added to plat-bcm/conf.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: fix invalid SM3 output with Clang -Os

Several crypto tests fail when OP-TEE is built with Clang in non-debug
mode, more precisely with -Os. xtest numbers 4001, 4002, 4006 and 4014
are

core: crypto: fix invalid SM3 output with Clang -Os

Several crypto tests fail when OP-TEE is built with Clang in non-debug
mode, more precisely with -Os. xtest numbers 4001, 4002, 4006 and 4014
are impacted.

The root cause is the shift operations in the ROTL(x, n) are undefined
when n > 32 because the values to shift are uint32_t, but the macro is
used with 0 <= n < 64.

By masking n with 0x1F (thus implementing a modulo 32), we continue
rotating the bits when n >= 32.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_C

core: add missing THREAD_CLF_TMP flag updates

There are a few places where the value of thread_core_local::flags
does not reflect the stack being used, i.e., the temporary stack is
used but THREAD_CLF_TMP is not set or the opposite. In such cases,
get_stack_limits() would return invalid values. The consequence is a
debugging issue: no stack dump on core panic or abort.

This was found with the help of compiler instrumentation
(-finstrument-functions).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug

core: print CPU initialization messages with IMSG()

Start and end of initialization for each CPU is important information
that deserves to be shown with I (information) severity rather than D
(debug). This is not done consistently, fix that.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <j

drivers: caam: implement CMAC for CAAM

Implement CMAC for CAAM.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric

drivers: crypto: generic resources for crypto device driver - CMAC

Add a generic cryptographic driver CMAC interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander

drivers: caam: add input data check for caam_cpy_block_src()

Make sure input data of caam_cpy_block_src() is not empty.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Fau

drivers: caam: minor fixes for cipher

Initialize `algo_id` and `algo_md` variables to their final values at
declaration.
Remove useless `size_topost` variable assignment.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

drivers: caam: locally export caam_cipher_initialize/free/copy_state

Rename and export to local.h the following functions:
caam_cipher_initialize()
caam_cipher_free()
caam_cipher_copy_state()

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...