hikey: Move console_data to __nex_bss

Move console data into __nex_bss section for hikey platform
to work properly when virtualization is enabled.

Signed-off-by: Renê de Souza Pinto <Rene.deSouzaPi

hikey: Move console_data to __nex_bss

Move console data into __nex_bss section for hikey platform
to work properly when virtualization is enabled.

Signed-off-by: Renê de Souza Pinto <Rene.deSouzaPinto@opensynergy.com>
Acked-by: Michalis Pappas <mpp@opensynergy.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Fix value of OPTEE_SMC_SEC_CAP_VIRTUALIZATION

Update the value of OPTEE_SEC_CAP_VIRTUALIZATION as it currently conflicts
with OPTEE_SEC_CAP_DYNAMIC_SHM

Signed-off-by: Michalis Pappas <mpp@ope

core: Fix value of OPTEE_SMC_SEC_CAP_VIRTUALIZATION

Update the value of OPTEE_SEC_CAP_VIRTUALIZATION as it currently conflicts
with OPTEE_SEC_CAP_DYNAMIC_SHM

Signed-off-by: Michalis Pappas <mpp@opensynergy.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

core: core.mk: add generated conf.cmake file to $(cleanfiles)

Commit b924c494920f ("Generate conf.cmake for TA dev kit") omitted to
add the generated file $(O)/conf.cmake to $(cleanfiles) and theref

core: core.mk: add generated conf.cmake file to $(cleanfiles)

Commit b924c494920f ("Generate conf.cmake for TA dev kit") omitted to
add the generated file $(O)/conf.cmake to $(cleanfiles) and therefore
'make clean' leaves it intact. Fix that.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: gensrc: add generated file to $(cleanfiles) automatically

The gensrc mechanism should not require the user to update the
cleanfiles variable since it can do it by itself. This commit updates
the

mk: gensrc: add generated file to $(cleanfiles) automatically

The gensrc mechanism should not require the user to update the
cleanfiles variable since it can do it by itself. This commit updates
the implementation and simplifies the call sites.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is n

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is necessary to make OP-TEE to be able to run on multi-threaded
systems. The number of threads/core can be modified by the
CFG_CORE_THREAD_SHIFT makefile parameter. The default value is the
existing single threaded mode.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add suppor

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add support for runtime loading of shared libraries")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: edit subject line]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number cor

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number corresponding to the number of AES rounds to perform. In
_rijndael_ecb_encrypt the skey->rijndael.Nr is subtracted by two, which
can result in an integer underflow if the structure hasn't been
initialized correctly.

By clamping the value for skey->rijndael.Nr into the valid rounds for
AES we can return an error instead of ending up reading outside the
boundaries (of skey->rijndael.eK).

Patch manually picked from [1].

Link: [1] https://github.com/libtom/libtomcrypt/commit/7b4a5c1dcf2803e9c6cbcbc2458db9317e6fb8ca
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

Fixes #507 in LTC - vulnerability in der_decode_utf8_string()

Fix a vulnerability in der_decode_utf8_string as specified here:
https://github.com/libtom/libtomcrypt/issues/507

Patch manually picked

Fixes #507 in LTC - vulnerability in der_decode_utf8_string()

Fix a vulnerability in der_decode_utf8_string as specified here:
https://github.com/libtom/libtomcrypt/issues/507

Patch manually picked from:
https://github.com/libtom/libtomcrypt/commit/25c26a3b7a9ad8192ccc923e15cf62bf0108ef94

Signed-off-by: Luigi Coniglio <werew@ret2libc.com>
[Joakim Bech: Extended commit message]
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: early_ta: fix tag hash calculation

Previously correct output due to the order of execution (tag is
calculated before any reads) and crypto_hash_final taking the minimum
of digest length and bu

core: early_ta: fix tag hash calculation

Previously correct output due to the order of execution (tag is
calculated before any reads) and crypto_hash_final taking the minimum
of digest length and buffer length, but this will be more reliable.

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: prevent direct calls to update and final functions

With inconsistent or malformed data it has been possible to call
"update" and "final" crypto functions directly. Using a fuzzer tool [1]
we h

cryp: prevent direct calls to update and final functions

With inconsistent or malformed data it has been possible to call
"update" and "final" crypto functions directly. Using a fuzzer tool [1]
we have seen that this results in asserts, i.e., a crash that
potentially could leak sensitive information.

By setting the state (initialized) in the crypto context (i.e., the
tee_cryp_state) at the end of all syscall_*_init functions and then add
a check of the state at the beginning of all update and final functions,
we prevent direct entrance to the "update" and "final" functions.

[1] https://github.com/MartijnB/optee_fuzzer

Fixes: OP-TEE-2019-0021

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: ensure that mode is cipher in syscall_cipher_init

When calling syscall_cipher_init there is no check being done that the
state coming from the TA has been initialized to a valid cipher state.

cryp: ensure that mode is cipher in syscall_cipher_init

When calling syscall_cipher_init there is no check being done that the
state coming from the TA has been initialized to a valid cipher state.
By checking the class we prevent an assert in cipher_ops.

Fixes: OP-TEE-2019-0020

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: ensure that mode is AE in syscall_authenc_ functions

When doing calls to syscall_authenc_xyz functions (all of them except
syscall_authenc_init) there is no check being done that the state com

cryp: ensure that mode is AE in syscall_authenc_ functions

When doing calls to syscall_authenc_xyz functions (all of them except
syscall_authenc_init) there is no check being done that the state coming
from the TA has been initialized to a valid authenticated encryption
state. As a consequence of that it's possible to redirect execution to
other functions. Doing like that will make TEE core end up with a data
abort.

Fixes: OP-TEE-2019-0019

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey, hikey960: set CFG_TEE_RAM_VA_SIZE to 2 MiB

Commit 8fd4d26f6e22 ("plat-hikey: support generic RAM layout") has
inadvertently removed the platform-specific definition of
TEE_RAM_VA_SIZE for HiK

hikey, hikey960: set CFG_TEE_RAM_VA_SIZE to 2 MiB

Commit 8fd4d26f6e22 ("plat-hikey: support generic RAM layout") has
inadvertently removed the platform-specific definition of
TEE_RAM_VA_SIZE for HiKey platforms. It was 2 MiB before, and became
1 MiB (the default). This commit restores the proper value.

Fixes the following panic on boot (HiKey960, 32-bit TEE core with pager
enabled):

I/TC: Pager is enabled. Hashes: 1824 bytes
I/TC: Pager pool size: 252kB
I/TC: OP-TEE version: 3.6.0-182-g2d7a8964df-dev (gcc version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #5 Mon 07 Oct 2019 08:22:21 AM UTC arm
E/TC:0 0 Panic at core/lib/libtomcrypt/mpi_desc.c:39 <get_mp_scratch_memory_pool>
E/TC:0 0 Call stack:
E/TC:0 0 0x3f003a4d

Fixes: 8fd4d26f6e22 ("plat-hikey: support generic RAM layout")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Ca

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: add imx7ulp CRM registers

Add imx7ulp CRM registers in a header file.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic reference counter (struct refcount) and a mutex, only the mutex
is used and taken unconditionally. The reference count becomes a global
integer protected by the same mutex.

Using a struct refcount was apparently an optimization to avoid taking
the lock unless actual creation or deletion of the tadb_db was needed.
Unfortunately this implementation was causing occasional crashes of the
TEE core (easily reproducible on HiKey running 'xtest 1013' in a loop).
The new implementation is simpler and appears to be rock solid with no
measurable difference in performance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the n

core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the needed
information to troubleshoot the issue. But when the crash occurs on a
remote host (CI for instance), it is sometimes inconvenient or even
impossible to retrieve files other than the console logs. As a result,
it is equally inconvenient or impossible to obtain a symbolized crash
dump (scripts/symbolize.py needs the dump message but also tee.elf).
If the exact build configuration is known, then it is possible to
reproduce the build locally (assuming the same toolchain is also used
which is not a problem in practice) and proceed with debugging.
Unfortunately the values of the CFG_ flags are not always shown in the
logs and omitting only one flag can significantly change the TEE
binary.

This commit introduces CFG_SHOW_CONF_ON_BOOT (default n). When enabled,
the contents of the build configuration file $O/conf.mk is printed
to the secure console during initialization with TRACE_INFO severity.
The file is compressed to reduce memory usage and space used in the
logs, and it is encoded into printable text.

To obtain the conf.mk file, one needs to copy and paste the encoded
text into 'base64 -d | xz -d'. These two commands are also required at
build time when CFG_SHOW_CONF_ON_BOOT is y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerom

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-ar, llvm-nm, llvm-objcopy and
llvm-readelf).

Tested with Clang built from the master branch of [1] (development
version for 9.0):

mkdir build; cd build
cmake -G Ninja -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=~/llvm-install \
-DLLVM_ENABLE_PROJECTS="clang;lld" \
-DLLVM_TARGETS_TO_BUILD="AArch64;ARM" \
~/llvm-project/llvm
ninja && ninja install

Limitations:

- CFG_CORE_SANITIZE_KADDRESS=y is not supported.
- CFG_WITH_PAGER is supported, but requires that the TEE core be
linked with the GNU linker. The reason is documented in
mk/clang.mk.

Bug:

- ldelf assertion failure in xtest 1019 when CFG_ULIBS_SHARED=y (QEMU)
E/LD: assertion 'maps[map_idx].sz == sz' failed at ldelf/ta_elf.c:1114 in ta_elf_print_mappings()
Prevents ldelf from displaying the TA mappings on abort or panic, but
does not seem to cause any other problem.

Link: [1] https://github.com/llvm/llvm-project/commits/8351c327647
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, 32/64, GP)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat/rcar: fix core numbering for M3 flavor

R-car Gen3 SoCs have consistent core numbering across all
variations: CA57 cluster have core numbers 0-3 and CA53 have
numbers 4-7.

M3 flavor have 6 core

plat/rcar: fix core numbering for M3 flavor

R-car Gen3 SoCs have consistent core numbering across all
variations: CA57 cluster have core numbers 0-3 and CA53 have
numbers 4-7.

M3 flavor have 6 cores: two CA57s and four CA53s. Taking
into account consistent numbering, M3 will have the following
core ids: 0, 1, 3, 5, 6, 7. To fix this, we need to set
CFG_CORE_CLUSTER_SHIFT to 1.

This somewhat abuses implementation of get_core_pos_mpidr(),
but it is not expected, that it will change in the future.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissie

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Revert "hikey: increase core heap size to 192 kB"

This reverts commit 28c75dbebc49 ("hikey: increase core heap size to
192 kB") which increased the core heap size in order to pass the AOSP
VTS. Unfo

Revert "hikey: increase core heap size to 192 kB"

This reverts commit 28c75dbebc49 ("hikey: increase core heap size to
192 kB") which increased the core heap size in order to pass the AOSP
VTS. Unfortunately, this bigger value does not work well when the pager
is enabled: it causes lots of page faults and a massive slowdown (for
instance, 'xtest 1013' on HiKey620 completes in ~ 1.7 s with the
default heap size of 64 kB but takes ~ 53 s with 192 kB).

Therefore, revert to the previous configuration. A bigger value can
always be set on the command line or by other means when building for
AOSP.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix configuration check for CFG_PAGED_USER_TA

The cfg-depends-all function from mk/checkconf.mk has to be enclosed
in a $(eval ...) statement. Fix core/core.mk accordingly.

Signed-off-by: Jer

core: fix configuration check for CFG_PAGED_USER_TA

The cfg-depends-all function from mk/checkconf.mk has to be enclosed
in a $(eval ...) statement. Fix core/core.mk accordingly.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey: increase core heap size to 192 kB

To pass VTS in AOSP builds.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>