plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Review

plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissie

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add read_mpidr() macro

Adds the macro read_mpidr() to arm64.h to avoid ifdefs in code.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklan

core: arm64.h: add read_mpidr() macro

Adds the macro read_mpidr() to arm64.h to avoid ifdefs in code.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: read thread_vector_table from assembly

Reads and returns thread_vector_table directly from assembly instead of
saving the return value from generic_boot_init_primary(). With this
generic_boot_

core: read thread_vector_table from assembly

Reads and returns thread_vector_table directly from assembly instead of
saving the return value from generic_boot_init_primary(). With this
generic_boot_init_primary() is declared in the same way when configured
with or without TF-A.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pseudo_ta: check size of mapped mobj

Add a check in copy_in_param() to see that the mobj is large enough
to hold the mapped parameter.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Sig

core: pseudo_ta: check size of mapped mobj

Add a check in copy_in_param() to see that the mobj is large enough
to hold the mapped parameter.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj_phys_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wi

core: mobj_phys_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mobj_reg_shm_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens

core: mobj_reg_shm_get_va(): check offset is in range

Checks that the supplied offset is still within the range of the mobj.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove num_pages from struct mobj_reg_shm

Removes the redundant element num_pages from struct mobj_reg_shm.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander

core: remove num_pages from struct mobj_reg_shm

Removes the redundant element num_pages from struct mobj_reg_shm.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a cou

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a couple of minor issues:

1. Values 0x00000009-0x7FFFFFFF are "Reserved for future use" according
to the TEE Internal Core API specification v1.2.1 (Table 5-6),

2. The meaning of this #define is not clear: "extension" is not a
kind of operation like "cipher", "MAC", "asymmetric signature" etc.
The algorithm added by the above commit is TEE_ALG_RSASSA_PKCS1_V1_5
which is an asymmetric signature and should therefore be associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

I suppose the operation value was added in a attempt to keep the
structure of algorithm identifiers as defined in the GP v1.1
specification, where some particular bits indicate some attributes of
the algorithm. This scheme has since been abandoned by GlobalPlatform so
there is no reason to keep it.

Therefore, this commit removes the TEE_OPERATION_EXTENSION macro and
makes a special case in the TEE_GET_CLASS() macro so that algorithm
TEE_ALG_RSASSA_PKCS1_V1_5 is associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Gabor Szekely <szvgabor@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix assigned size of struct mobj_reg_shm

Prior to this patch a struct mobj_reg_shm was initialized with num_pages
* SMALL_PAGE_SIZE without taking page_offset into account. This patch
fixes th

core: fix assigned size of struct mobj_reg_shm

Prior to this patch a struct mobj_reg_shm was initialized with num_pages
* SMALL_PAGE_SIZE without taking page_offset into account. This patch
fixes that by subtracting the result of the multiplication above with
page_offset.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: calculate size/address cells with overlay

In case an external device tree overlay is configured within OP-TEE,
fdt_{size,address}_cells will return the defaults from the device tree
specificat

core: calculate size/address cells with overlay

In case an external device tree overlay is configured within OP-TEE,
fdt_{size,address}_cells will return the defaults from the device tree
specification. These will be wrong for 32-bit ARM platforms, instead
calculate them from the paddr_t size instead.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

virt: core_mmu: use nexus memory area for temporary map

If CFG_VIRTUALIZATION is enabled, page allocator code will
try to allocate pages from nexus sections, which were not
mapped by default.

Signe

virt: core_mmu: use nexus memory area for temporary map

If CFG_VIRTUALIZATION is enabled, page allocator code will
try to allocate pages from nexus sections, which were not
mapped by default.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix typo error in nsec ddr discovery

In core_mmu_set_discovered_nsec_ddr(), core_mmap_is_end_of_table
always returns false and the loop body cannot be executed, which
is unexpected.

Reviewed-

core: fix typo error in nsec ddr discovery

In core_mmu_set_discovered_nsec_ddr(), core_mmap_is_end_of_table
always returns false and the loop body cannot be executed, which
is unexpected.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Fangsuo Wu <fangsuowu@asrmicro.com>

show more ...

core: introduce a new memory type for external dtb image

When CFG_DT=y, the external dtb image is mapped as
IO_NSEC memory type in init_external_dt function,
which may conflicts with dynamic shared

core: introduce a new memory type for external dtb image

When CFG_DT=y, the external dtb image is mapped as
IO_NSEC memory type in init_external_dt function,
which may conflicts with dynamic shared memory check.
Below is the panic log with qemu boot:

E/TC:0 0 check_phys_mem_is_outside:333 Non-sec mem (0x40000000:0x3fe00000) overlaps map (type 13 0x40000000:0x100000)
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:334 <check_phys_mem_is_outside>
E/TC:0 0 TEE load address @ 0x1bd0f000

This patch introduces a new memory type MEM_AREA_EXT_DT
which is used to map external dtb image. This memory type
will be skipped over in core_mmu_set_discovered_nsec_ddr()
in order to avoid the above panic.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Fangsuo Wu <fangsuowu@asrmicro.com>

show more ...

core: fix compiling error if reserved SHM not used

Fix compiling error when only use dynamic shared memory
(i.e: CFG_CORE_DYN_SHM=y && CFG_CORE_RESERVED_SHM=n) with
CFG_SHMEM_START and CFG_SHMEM_SIZ

core: fix compiling error if reserved SHM not used

Fix compiling error when only use dynamic shared memory
(i.e: CFG_CORE_DYN_SHM=y && CFG_CORE_RESERVED_SHM=n) with
CFG_SHMEM_START and CFG_SHMEM_SIZE not defined.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Fangsuo Wu <fangsuowu@asrmicro.com>

show more ...

core: adjust nsec ddr memory size correctly

In carve_out_phys_mem(), when pa has the same address
with m[n].addr, the m[n].size should also be adjusted.

Reviewed-by: Jens Wiklander <jens.wiklander@

core: adjust nsec ddr memory size correctly

In carve_out_phys_mem(), when pa has the same address
with m[n].addr, the m[n].size should also be adjusted.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Fangsuo Wu <fangsuowu@asrmicro.com>

show more ...

core: ltc: sm2: add missing status check

crypto_acipher_sm2_pke_decrypt() fails to check a return status from
LibTomCrypt. Add the missing check.

Fixes: f9a78287dd12 ("core: ltc: add support for SM

core: ltc: sm2: add missing status check

crypto_acipher_sm2_pke_decrypt() fails to check a return status from
LibTomCrypt. Add the missing check.

Fixes: f9a78287dd12 ("core: ltc: add support for SM2 PKE")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: force disable core ALSR

We need to disable core ASLR for two reasons:
1. There is no source for ALSR seed, as Rcar platform
does not provide DTB to OP-TEE
2. OP-TEE crashes during boo

plat: rcar: force disable core ALSR

We need to disable core ASLR for two reasons:
1. There is no source for ALSR seed, as Rcar platform
does not provide DTB to OP-TEE
2. OP-TEE crashes during boot with enabled CFG_CORE_ASLR

Mainly we are disabling ASLR for the second reason. Further
investigation is needed to see why enabled ASLR causes data
abort in MMIO functions.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: generate .srec file using gen_tee_bin

After recent changes, we are not able to use raw binary generated
from the elf file. Instead we need to use gen_tee_bin script to
generate the heade

plat: rcar: generate .srec file using gen_tee_bin

After recent changes, we are not able to use raw binary generated
from the elf file. Instead we need to use gen_tee_bin script to
generate the header-less binary with the correct layout.

This change also generates tee-raw.bin as byproduct. This file is
usable also, because it allows to flash OP-TEE using JTAG.

Fixes: 5dd1570ac5b ("core: add embedded data region")
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled w

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add support for SM2 KEP

Adds support for the SM3 Key Exchange Protocol [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

core: ltc: add support for SM2 KEP

Adds support for the SM3 Key Exchange Protocol [1] for use by
OP-TEE core based on LibTomCrypt.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: SM2 PKE: export sm2_kdf()

The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to

core: ltc: SM2 PKE: export sm2_kdf()

The Key Derivation Function used by the SM2 Public Key Encryption
algorithm is also used by the Key Exchange Protocol. Move it to its
file in order to be able to re-use it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: SM2 DSA: fix configuration variable name

The name of the config variable indicating support for SM2 DSA is
_CFG_CORE_LTC_SM2_DSA, not _CFG_CORE_LTC_SM2_DSA_SM3.

Fixes: 76c7ba4b9ff7 ("cor

core: ltc: SM2 DSA: fix configuration variable name

The name of the config variable indicating support for SM2 DSA is
_CFG_CORE_LTC_SM2_DSA, not _CFG_CORE_LTC_SM2_DSA_SM3.

Fixes: 76c7ba4b9ff7 ("core: ltc: add support for SM2 DSA")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: ecc_populate_ltc_private_key(): copy public part

A private key alone is not always useful; the public part of the
key is often needed. Adjust ecc_populate_ltc_private_key() accordingly.

core: ltc: ecc_populate_ltc_private_key(): copy public part

A private key alone is not always useful; the public part of the
key is often needed. Adjust ecc_populate_ltc_private_key() accordingly.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: SM2 DSA: fix bignum conversions

All integers used in the SM2 algorithms are encoded as 32 byte buffers
in big endian format. The current code does not properly pad the buffer
with zeros w

core: ltc: SM2 DSA: fix bignum conversions

All integers used in the SM2 algorithms are encoded as 32 byte buffers
in big endian format. The current code does not properly pad the buffer
with zeros when a value does not need the whole 32 bytes. Fix that.

Fixes: 76c7ba4b9ff7 ("core: ltc: add support for SM2 DSA")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...