core: enable rollback protection for REE-FS TAs

Add check for TA version while loading TA from REE-FS and compare
against secure storage based TA version database to prevent against
any TA version d

core: enable rollback protection for REE-FS TAs

Add check for TA version while loading TA from REE-FS and compare
against secure storage based TA version database to prevent against
any TA version downgrades.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: fix speculative execution past ERET vulnerability

Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
inst

core: arm64: fix speculative execution past ERET vulnerability

Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).

It was fixed by Linux [1], FreeBSD [2] and OpenBSD [3]. The misbehavior
is demonstrated in [4] and [5].

Link: [1] https://github.com/torvalds/linux/commit/679db70801da9fda91d26caf13bf5b5ccc74e8e8
Link: [2] https://github.com/freebsd/freebsd/commit/29fb48ace4186a41c409fde52bcf4216e9e50b61
Link: [3] https://github.com/openbsd/src/commit/3a08873ece1cb28ace89fd65e8f3c1375cc98de2
Link: [4] https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
Link: [5] https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_map_contiguous_pages()

Adds core_mmu_map_contiguous_pages() which maps a range of physical
addresses.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wik

core: add core_mmu_map_contiguous_pages()

Adds core_mmu_map_contiguous_pages() which maps a range of physical
addresses.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to mobj_{inc,dec}_map()

Renames mobj_reg_shm_inc_map() and mobj_reg_shm_dec_map() to
mobj_inc_map() and mobj_dec_map() respectively. This makes room for
other implementations of registe

core: rename to mobj_{inc,dec}_map()

Renames mobj_reg_shm_inc_map() and mobj_reg_shm_dec_map() to
mobj_inc_map() and mobj_dec_map() respectively. This makes room for
other implementations of registered shared memory.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: sm3: remove unused header

Removed unused mbedtls/md.h header file to fix error:

core/crypto/sm3-hmac.c:12:10: fatal error: mbedtls/md.h: No such file or directory

when building with

core: crypto: sm3: remove unused header

Removed unused mbedtls/md.h header file to fix error:

core/crypto/sm3-hmac.c:12:10: fatal error: mbedtls/md.h: No such file or directory

when building with CFG_CORE_MBEDTLS_MPI=n. To prevent future similar
regression, also add a test case to Shippable.

Fixes: https://github.com/OP-TEE/optee_os/issues/3487
Fixes: 47645577c806 ("core: crypto: add support for SM3")
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-ti: Switch to using SMCCC compatible calls

Previously on our TI evil vendor Linux tree we would use a sentinel value
in r12 to signal if a call was meant for OP-TEE or the legacy ROM. A path
to

plat-ti: Switch to using SMCCC compatible calls

Previously on our TI evil vendor Linux tree we would use a sentinel value
in r12 to signal if a call was meant for OP-TEE or the legacy ROM. A path
to using SMCCC compatible calls from Linux is being implemented.
Switch the OP-TEE side over.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Enable ASLR by default

With this patch both CFG_TA_ASLR and CFG_CORE_ASLR are set to 'y' by
default.

Removes CFG_TA_ASLR?=y for plat-hikey and plat-vexpress (qemu_virt).

If the current platform do

Enable ASLR by default

With this patch both CFG_TA_ASLR and CFG_CORE_ASLR are set to 'y' by
default.

Removes CFG_TA_ASLR?=y for plat-hikey and plat-vexpress (qemu_virt).

If the current platform doesn't use CFG_DT=y and hasn't overridden
get_aslr_seed() a warning message will be printed on the secure uart and
execution will resume with the default load address.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link.mk: Make sure to link without relro

Passes -z norelro to linker to make sure that the relro option isn't
enabled. With relro enabled all relro sections has to be contiguous
with each oth

core: link.mk: Make sure to link without relro

Passes -z norelro to linker to make sure that the relro option isn't
enabled. With relro enabled all relro sections has to be contiguous
with each other. This would prevent us from removing .dynamic from the
binary created with scripts/gen_tee_bin.py. Regardless of the relro
option OP-TEE itself uses the equivalent of relro when mapping its
memory.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support ASLR and paging

Adds support for CFG_WITH_PAGER=y and CFG_CORE_ASLR=y.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: fix tee_pager_release_one_phys() assert

Prior to this patch it was assumed in tee_pager_release_one_phys() that
a locked fobj would not span multiple page directories. This is not
correct sinc

core: fix tee_pager_release_one_phys() assert

Prior to this patch it was assumed in tee_pager_release_one_phys() that
a locked fobj would not span multiple page directories. This is not
correct since it depends on the base address and size of the locked
fobj. If the base address is close to the end of a page directory it can
very well happen. With CFG_CORE_ASLR=y this is bound to happen sooner or
later even if everything seems to work with CFG_CORE_ASLR=n. This patch
fixes this by instead counting the number of areas which uses the pmem
to be released. The number should be exactly one.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix pager vaspace start in assign_mem_va()

Makes sure that MEM_AREA_PAGER_VASPACE follows directly after the static
mappings of the OP-TEE ELF. This fixes the case where OP-TEE is mapped
at hi

core: fix pager vaspace start in assign_mem_va()

Makes sure that MEM_AREA_PAGER_VASPACE follows directly after the static
mappings of the OP-TEE ELF. This fixes the case where OP-TEE is mapped
at higher addresses and thus tries to locate everything else at lower
addresses. Without a fixed address for MEM_AREA_PAGER_VASPACE the
reserved pager vaspace could end up at the wrong address.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: allocate pager_tables dynamically

With ASLR the number of pager_tables needed can differ from the number
of pager_tables needed in an non-relocated configuration. Depending on
the value

core: pager: allocate pager_tables dynamically

With ASLR the number of pager_tables needed can differ from the number
of pager_tables needed in an non-relocated configuration. Depending on
the value of VCORE_START_VA the range VCORE_START_VA..+TEE_RAM_VA_SIZE
may cover an extra table compared to VCORE_START_VA being aligned to the
start of a table. To avoid multiple configurations always calculate the
number of tables needed and allocate pager_tables accordingly.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fobj_ro_reloc_paged_alloc()

Adds a new type of fobj, struct fobj_ro_reloc_paged, which is created
with fobj_ro_reloc_paged_alloc(). It's like struct fobj_rop but with
support for relocatio

core: add fobj_ro_reloc_paged_alloc()

Adds a new type of fobj, struct fobj_ro_reloc_paged, which is created
with fobj_ro_reloc_paged_alloc(). It's like struct fobj_rop but with
support for relocation too.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move VFP state into struct user_ta_ctx

Moves the VFP state from struct user_ta_ctx to struct user_mode_ctx to make
user mode handling a bit more generic.

Acked-by: Pipat Methavanitpong <pipat

core: move VFP state into struct user_ta_ctx

Moves the VFP state from struct user_ta_ctx to struct user_mode_ctx to make
user mode handling a bit more generic.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_set_prot() and friends works across VM regions

Updates vm_set_prot() and friends to work on memory ranges which doesn't
necessarily align with the underlying VM regions. VM regions are spli

core: vm_set_prot() and friends works across VM regions

Updates vm_set_prot() and friends to work on memory ranges which doesn't
necessarily align with the underlying VM regions. VM regions are split
as needed to perform the operations, with operations completed VM
regions in the supplied memory range are merged if possible. The only
restriction on a supplied memory range is that the already present
mapping is compatible with the change.

Note that this also affect pager which also splits and merges pager
areas as needed.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: system_pta: refuse changing kernel mappings

Adds checks in system_unmap(), system_set_prot() and system_remap() to
refuse making changes to kernel mappings.

Acked-by: Pipat Methavanitpong <pi

core: system_pta: refuse changing kernel mappings

Adds checks in system_unmap(), system_set_prot() and system_remap() to
refuse making changes to kernel mappings.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optio

core: get svc handler from the context of current session

Instead of a single global syscalls definition, get the syscall handler
function from the context of current active session.

An extra optional (mandatory for user mode TAs) function pointer is
added to struct tee_ta_ops, handle_svc, which handles the syscall.

tee_svc_handler() is split into a generic thread_svc_handler() which is
put in kernel/thread.c. The user TA specific part is put in
user_ta_handle_svc() which is kept in tee/arch_svc.c but made available
via the new .handle_svc function pointer of struct tee_ta_ops.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add common user_mode_ctx_print_mappings()

Adds a common user_mode_ctx_print_mappings() which prints the current
user mode mappings.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro

core: add common user_mode_ctx_print_mappings()

Adds a common user_mode_ctx_print_mappings() which prints the current
user mode mappings.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move struct thread_ctx_regs to thread.h

Moves definition of struct thread_ctx_regs from thread_private.h to
<kernel/thread.h>.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>

core: move struct thread_ctx_regs to thread.h

Moves definition of struct thread_ctx_regs from thread_private.h to
<kernel/thread.h>.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by:

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some re

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some registers
used by Core. With this patch all general purpose registers available in
user mode are either cleared or assigned a value.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to

core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to build this image and do not mark it a deprecated. The tee-pager.bin
and tee-pageable.bin are not used by these platforms and are properly
deprecated by the v2 versions, leave these images deprecated.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This value is
stored on OP-TEE entry in r5, previously we saved this value by moving
r5 to r3 then r3 to r4 basically just dodging getting overwritten by
functions we call. This can be simplified now as nothing clobbers r5,
so we can use it directly as the source for the non-secure context
pointer feed into init_sec_mon().

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...