core: imx: fix CFG_DRAM_BASE for i.MX7ulp

Change CFG_DRAM_BASE to 0x60000000 for i.MX7ulp

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.c

core: imx: fix CFG_DRAM_BASE for i.MX7ulp

Change CFG_DRAM_BASE to 0x60000000 for i.MX7ulp

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: disable CAAM driver for i.MX6SL

CAAM is not available on i.MX6SL.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by:

core: imx: disable CAAM driver for i.MX6SL

CAAM is not available on i.MX6SL.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: imx: rename register files

Remove _regs from register header files. It is redundant since header
files are already in /registers folder.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
A

core: imx: rename register files

Remove _regs from register header files. It is redundant since header
files are already in /registers folder.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

imx: change imx8 prefixe to mx8

For consistency, change all imx8 prefixe to mx8.
This change affects:
* CFG_IMX8*
* platform flavors

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by:

imx: change imx8 prefixe to mx8

For consistency, change all imx8 prefixe to mx8.
This change affects:
* CFG_IMX8*
* platform flavors

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix check_mem_map() vs MEM_AREA_IDENTITY_MAP_RX

This patch updates check_mem_map() to recognize MEM_AREA_IDENTITY_MAP_RX
as part of secure only memory.

This fix is only needed with CFG_CORE_A

core: fix check_mem_map() vs MEM_AREA_IDENTITY_MAP_RX

This patch updates check_mem_map() to recognize MEM_AREA_IDENTITY_MAP_RX
as part of secure only memory.

This fix is only needed with CFG_CORE_ASLR=y and prevents an error like:
E/TC:0 0 check_mem_map:1166 Uhandled memtype 8
E/TC:0 0 Panic at core/arch/arm/mm/core_mmu.c:1167 <check_mem_map>

Fixes: 1385854b72c9 ("core: Add core memory type MEM_AREA_IDENTITY_MAP_RX")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for CFG_CORE_ASLR

Adds support for CFG_CORE_ASLR to load TEE Core at a random address.
ASLR makes the exploitation of memory corruption vulnerabilities more
difficult.

Paging is c

core: add support for CFG_CORE_ASLR

Adds support for CFG_CORE_ASLR to load TEE Core at a random address.
ASLR makes the exploitation of memory corruption vulnerabilities more
difficult.

Paging is currently not supported with CFG_CORE_ASLR=y.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm grow MAX_XLAT_TABLES with ASLR

If CFG_CORE_ASLR=y increase MAX_XLAT_TABLES to cater for the added
identity region and also less optimal alignment of mappings.

Acked-by: Jerome Forissier <

core: arm grow MAX_XLAT_TABLES with ASLR

If CFG_CORE_ASLR=y increase MAX_XLAT_TABLES to cater for the added
identity region and also less optimal alignment of mappings.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: make ctors/dtors contiguous with other relro sections

Fixes error when linking with clang:
ld.lld: error: section: .ctors is not contiguous with other relro sections
ld.lld: error:

core: kern.ld.S: make ctors/dtors contiguous with other relro sections

Fixes error when linking with clang:
ld.lld: error: section: .ctors is not contiguous with other relro sections
ld.lld: error: section: .dtors is not contiguous with other relro sections

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: make .got RO after relocation

Moves .got section to after .rodata section.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro

core: kern.ld.S: make .got RO after relocation

Moves .got section to after .rodata section.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kern.ld.S: provide start/end of relocations

- Adds __rel_start and __rel_end for Rel type of relocations used by
ARM32.
- Adds __rela_end and __rela_start for Rela type of relocations used b

core: kern.ld.S: provide start/end of relocations

- Adds __rel_start and __rel_end for Rel type of relocations used by
ARM32.
- Adds __rela_end and __rela_start for Rela type of relocations used by
ARM64.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add core memory type MEM_AREA_IDENTITY_MAP_RX

Adds another memory type, MEM_AREA_IDENTITY_MAP_RX, to enum
teecore_memtypes. MEM_AREA_IDENTITY_MAP_RX is used to represent memory
which is addit

core: Add core memory type MEM_AREA_IDENTITY_MAP_RX

Adds another memory type, MEM_AREA_IDENTITY_MAP_RX, to enum
teecore_memtypes. MEM_AREA_IDENTITY_MAP_RX is used to represent memory
which is additionally identity mapped while OP-TEE is mapped at a
non-identity mapped location. This is needed to support CFG_CORE_ASLR=y.

The link script is updated to collect functions and read-only data in
between __identity_map_init_start and __identity_map_init_end.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: add enable_mmu()

Adds the assembly function enable_mmu() which as the name suggests enables
MMU. The function writes configuration which has previously been prepared
by core_ini

core: generic_entry: add enable_mmu()

Adds the assembly function enable_mmu() which as the name suggests enables
MMU. The function writes configuration which has previously been prepared
by core_init_mmu_regs().

The now obsolete assembly functions cpu_mmu_enable(),
cpu_mmu_enable_icache() and cpu_mmu_enable_dcache() are removed since
they are fully covered by enable_mmu().

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add relocatable VCORE_START_VA

Adds VCORE_START_VA which is relocated to the new virtual address of the
start of the OP-TEE memory in case ASLR is configured. This define
should be used instea

core: add relocatable VCORE_START_VA

Adds VCORE_START_VA which is relocated to the new virtual address of the
start of the OP-TEE memory in case ASLR is configured. This define
should be used instead of TEE_RAM_START after the initial translation
tables has been created.

thread_get_user_kcode() and thread_get_user_kdata() are updated
accordingly.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add get_aslr_seed()

Adds get_aslr_seed() which reads "kaslr-seed" from "/secure-chosen" in
FDT. The seed is intended to use as input to ASLR, also known as,
randomized address space layout.

O

core: add get_aslr_seed()

Adds get_aslr_seed() which reads "kaslr-seed" from "/secure-chosen" in
FDT. The seed is intended to use as input to ASLR, also known as,
randomized address space layout.

Once successfully read the seed is zeroed out in the FDT to minimize the
risk of leaking the seed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: refactor core_init_mmu_map() and helpers

Breaks up core_init_mmu_map() and some of its helper functions in
multiple smaller functions to make it easier to follow and later extend
the code.

Th

core: refactor core_init_mmu_map() and helpers

Breaks up core_init_mmu_map() and some of its helper functions in
multiple smaller functions to make it easier to follow and later extend
the code.

There are no changes in behaviour with the exception of how the memory
map is sorted at different stages.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu.h: make page size and friends unsigned

Redefines mask and size for small pages (SMALL_PAGE_*),
CORE_MMU_USER_CODE_* and CORE_MMU_USER_PARAM_* to be of an unsigned
type in order to be

core: core_mmu.h: make page size and friends unsigned

Redefines mask and size for small pages (SMALL_PAGE_*),
CORE_MMU_USER_CODE_* and CORE_MMU_USER_PARAM_* to be of an unsigned
type in order to be compatible with vaddr_t and paddr_t.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix v7 core_mmu_entry_to_finer_grained()

The short descriptor table implementation of
core_mmu_entry_to_finer_grained() incorrectly assumes that allocated
translation tables are identity ma

core: bugfix v7 core_mmu_entry_to_finer_grained()

The short descriptor table implementation of
core_mmu_entry_to_finer_grained() incorrectly assumes that allocated
translation tables are identity mapped. That is fixed with this patch by
adding a missing virt_to_phys() on a newly allocated translation table.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reference count struct mobj

The mobj interface is changed to use reference counting of mobjs, the
direct mobj_free() call is replaced by mobj_put(). As expected a
mobj_get() is also added to h

core: reference count struct mobj

The mobj interface is changed to use reference counting of mobjs, the
direct mobj_free() call is replaced by mobj_put(). As expected a
mobj_get() is also added to handle multiple references to the same mobj.

This also changes already present reference counting in struct
mobj_reg_shm to use the reference counting mechanism now available in
struct mobj.

The VM_FLAG_EXCLUSIVE_MOBJ flag is removed since the referenced mobj is
put instead when a struct vm_region is removed.

Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

gprof: fix TEE core crash by allocating sample buffer dynamically

The gprof sample buffer is in user space memory but is also accessed by
the TEE core. Currently, space is reserved by the TA linker

gprof: fix TEE core crash by allocating sample buffer dynamically

The gprof sample buffer is in user space memory but is also accessed by
the TEE core. Currently, space is reserved by the TA linker script. The
address and size of the buffer is passed to the TEE core via a call to
the gprof PTA. After this call, the TEE core accesses the buffer
periodically, such as when the TA is interrupted by a timer interrupt.

Commit ef305e54eac8 ("libutee: allocate temp secmem for invoke")
modified the way that private TA memory is mapped in TA to TA
invocations, so that memory is mapped only for the duration of the
call. After this point, the memory is unmapped so the gprof sample
buffer becomes inaccessible, resulting in a crash:

E/TC:0 0 Core data-abort at address 0x121356 (translation fault)
E/TC:0 0 fsr 0x00000007 ttbr0 0x0e19206a ttbr1 0x0e18806a cidr 0x2
E/TC:0 0 cpu #0 cpsr 0x800001f2
E/TC:0 0 r0 0x00000000 r4 0x00000000 r8 0x00000000 r12 0x0017bb4b
E/TC:0 0 r1 0x000021ab r5 0x00000000 r9 0x00000000 sp 0x0e1928f0
E/TC:0 0 r2 0x0011d000 r6 0x00000000 r10 0x00000000 lr 0x0e112763
E/TC:0 0 r3 0x00121356 r7 0x0e1928f0 r11 0x00000000 pc 0x0e12958e
E/TC:0 0 Core data-abort at address 0x121356 .debug_info+1184598 (translation fault)
E/TC:0 0 Call stack:
E/TC:0 0 0x0e12958e tee_ta_gprof_sample_pc at optee_os/core/kernel/tee_ta_manager.c:897

The solution is to allocate and map the sample buffer explicitly in
user space when profiling is initialized, and at the same time get rid
of the reserved area in the TA linker script. The TEE core also needs
to check that the sample buffer is valid before writing to it,
otherwise a malicious TA could crash the core by unmapping that memory.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

drivers: gic: Add GIC_SPI/SGI/PPI helper macros

Add GIC_SPI/SGI/PPI helper macros

Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tiga

drivers: gic: Add GIC_SPI/SGI/PPI helper macros

Add GIC_SPI/SGI/PPI helper macros

Signed-off-by: Rayagonda Kokatanur <rayagonda.kokatanur@broadcom.com>
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Sandeep Tripathy <sandeep.tripathy@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add invoke_tests.pta to enumerated TAs

For testing purposes Add invoke_tests.pta to enumerated TAs. This gives
optee_enumerate_devices() in the OP-TEE kernel driver something to
iterate over i

core: add invoke_tests.pta to enumerated TAs

For testing purposes Add invoke_tests.pta to enumerated TAs. This gives
optee_enumerate_devices() in the OP-TEE kernel driver something to
iterate over in case there's no other TAs to enumerate.

Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: disable interrupt in thread_excp_vect_workaround

thread_excp_vect_workaround isn't interrupt safe because it use
the tpidr as a temporary register to save value of r0.
That means if a f

core: arm32: disable interrupt in thread_excp_vect_workaround

thread_excp_vect_workaround isn't interrupt safe because it use
the tpidr as a temporary register to save value of r0.
That means if a fiq happened when optee is processing a syscall,
the syscall argument r0 will be changed to unexpected value.

Move `write_tpidrprw r0` out of `vector_prologue_spectre` and add
`cpsid aif` before it to fix this issue.

Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com>
Reviewed-by: Alix Wu <alix.wu@mediatek.com>
Reviewed-by: YJ Chiang <yj.chiang@mediatek.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix style issues in cbc_cts_update()

Adds default initialization of local variables, one indentation error
and removes a pair of redundant parentheses.

Reviewed-by: Jerome Forissier <jerome@f

core: fix style issues in cbc_cts_update()

Adds default initialization of local variables, one indentation error
and removes a pair of redundant parentheses.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro

core: remove algo from crypto_authenc_*()

Removes the algo parameters from all crypto_authenc_*() functions except
crypto_authenc_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-

core: remove algo from crypto_mac_*()

Removes the algo parameters from all crypto_mac_*() functions except
crypto_mac_alloc_ctx().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...