core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when th

core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when the context of the TA is freed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: set TA_FLAG_CONCURRENT

The system pseudo TA is used instead of adding new syscalls. To ensure
concurrent execution and more importantly avoid dead-lock due to
interference with the

core: pta_system: set TA_FLAG_CONCURRENT

The system pseudo TA is used instead of adding new syscalls. To ensure
concurrent execution and more importantly avoid dead-lock due to
interference with the single instance lock and for instance waiting for
page tables when adding new mappings.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix access flags in system_derive_ta_unique_key()

Updates the access flags used to test that the supplied TA buffer is
indeed secure.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.or

core: fix access flags in system_derive_ta_unique_key()

Updates the access flags used to test that the supplied TA buffer is
indeed secure.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add user_ta_set_prot()

Adds user_ta_set_prot() which allows changing protection bits read,
write and execute as long as they don't conflict with page sharing.

Acked-by: Jerome Forissier <jero

core: add user_ta_set_prot()

Adds user_ta_set_prot() which allows changing protection bits read,
write and execute as long as they don't conflict with page sharing.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add user_ta_map() and user_ta_unmap()

Adds user_ta_map() and user_ta_unmap() to create/remove new maps from
user space.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by:

core: add user_ta_map() and user_ta_unmap()

Adds user_ta_map() and user_ta_unmap() to create/remove new maps from
user space.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add TEE_MATTR_SHAREABLE

Adds TEE_MATTR_SHAREABLE to tag mappings that may be shared by other TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <je

core: add TEE_MATTR_SHAREABLE

Adds TEE_MATTR_SHAREABLE to tag mappings that may be shared by other TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_ta: keep load segs in linked list

Keeps the load segments of an ELF in a singly linked list instead of an
array.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by

core: user_ta: keep load segs in linked list

Keeps the load segments of an ELF in a singly linked list instead of an
array.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add vm_map_pad()

Adds vm_map_pad() which allows specifying how much free memory should be
available before and after the map.

This allows mapping the first part of for instance an ELF file wh

core: add vm_map_pad()

Adds vm_map_pad() which allows specifying how much free memory should be
available before and after the map.

This allows mapping the first part of for instance an ELF file while
knowing that the next part which has to be of a certain offset from the
first part also will succeed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_map changes, only on active context

For easier cache maintenance vm_set_prot() and vm_unmap() requires the
supplied context to be active.

Calls to tee_mmu_set_ctx() is added in vm_set_prot

core: vm_map changes, only on active context

For easier cache maintenance vm_set_prot() and vm_unmap() requires the
supplied context to be active.

Calls to tee_mmu_set_ctx() is added in vm_set_prot() and vm_unmap() as
needed for the changes in mappings to take effect.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wi

core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag(

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag() which will return an empty newly allocated file if
none can be found.

file_add_slice() is added to add slices to a file, one by one.

With this can multiple threads try to load a TA at once, the first one
taking the lock will add all the slices to the file.

The code in user_ta.c and elf_load.c using the <file.h> interface can
be optimized to allow more operations in parallel.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex i

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex is destroyed with mutex_destroy(). From
mutex_destroy_check() the corresponding lockdep node and all edges
referring to it are removed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_SMC_VM_DESTROYED which is not reliable.

New capability flag OPTEE_SMC_SEC_CAP_VIRTUALIZATION solves this issue.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much more quickly. For instance, with QEMU and CFG_ULIBS_SHARED=y, the
average time for the relocation loop in tee_ta_init_user_ta_session()
is reduced from 60-70 ms to 2-3 ms (tested with xtest).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

user_ta: fix spelling mistake in debug message

Fixes a spelling mistake.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: fix enum restart with syscall_storage_start_enum()

According to the GlobalPlatform specification it should be possible to
call TEE_StartPersistentObjectEnumerator(..) on an enumerator that
alr

core: fix enum restart with syscall_storage_start_enum()

According to the GlobalPlatform specification it should be possible to
call TEE_StartPersistentObjectEnumerator(..) on an enumerator that
already has been started. When doing that we trigged an assert and ended
up with a panic. This patch fixes that issue by ensuring that we are
closing the currently open directory before re-opening or opening
another directory in those cases where
TEE_StartPersistentObjectEnumerator(..) are called again and again with
no reset done in-between.

Fixes: https://github.com/OP-TEE/optee_os/issues/3093

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Daniel McIlvaney <damcilva@microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)

show more ...

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused
confusion during kernel boot by users. It is only needed for
debug purposes.

Reduce this message to only debug verbosity.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)
^~~~~~~~~~~~~~~~~~~

Fixes: aea0999e2360 ("core: explicit return value for sm_platform_handler()")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

hikey960: add support for 6G boards (CFG_DRAM_SIZE_GB=6)

Adds support for CFG_DRAM_SIZE_GB=6 and declares the non-secure
physical memory range 4~7G which may be used as shared memory by Linux
[1].

hikey960: add support for 6G boards (CFG_DRAM_SIZE_GB=6)

Adds support for CFG_DRAM_SIZE_GB=6 and declares the non-secure
physical memory range 4~7G which may be used as shared memory by Linux
[1].

Link: [1] https://github.com/96boards-hikey/OpenPlatformPkg/blob/50c813d0b9b3/Platforms/Hisilicon/HiKey960/Library/HiKey960Lib/HiKey960Mem.c#L40-L42
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey960: fix memory mapping for 4G boards (CFG_DRAM_SIZE_GB=4)

HiKey960 boards equipped with 4G of RAM may use physical addresses in
the range 8G~8.5G [1]. This range is currently not declared in O

hikey960: fix memory mapping for 4G boards (CFG_DRAM_SIZE_GB=4)

HiKey960 boards equipped with 4G of RAM may use physical addresses in
the range 8G~8.5G [1]. This range is currently not declared in OP-TEE,
so if Linux happens to be using it for shared memory, it will cause
problems. This can happen when:
1. Dynamic shared memory is enabled in OP-TEE (CFG_CORE_DYN_SHM=y) and
used by the kernel driver ("optee: dynamic shared memory is enabled" in
the boot log), and
2. The UEFI firmware is recent enough to report the whole physical
address range to the kernel (introduced in edk2's OpenPlatformPkg
commit 50c813d0b9b3 ("Platforms/HiKey960: Support 4G or more memory
space for RAM") [2].

The typical error is (the address could be any value >4G):

E/TC:6 0 tee_entry_std:551 Bad arg address 0x217e9a000

This commit fixes the issue by adding the missing memory range.
Obviously, dealing with PAs greater than 4G requires a 64-bit TEE core
or CFG_CORE_LARGE_PHYSICAL_ADDR=y, so a compile-time check is added.

Link: [1] https://github.com/96boards-hikey/OpenPlatformPkg/blob/50c813d0b9b3/Platforms/Hisilicon/HiKey960/Library/HiKey960Lib/HiKey960Mem.c#L34-L38
Link: [2] https://github.com/96boards-hikey/OpenPlatformPkg/commit/50c813d0b9b3
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Sungjin Park <sungjinp@gmail.com>

show more ...

core: imx: Fix compilation warnings leading to build breakage

The following two commits slipped through warnings that weren't caught by
Shippable:

Commit 4cb61ae7d98e ("core: imx: Add simple CAAM p

core: imx: Fix compilation warnings leading to build breakage

The following two commits slipped through warnings that weren't caught by
Shippable:

Commit 4cb61ae7d98e ("core: imx: Add simple CAAM permissions set routine")
Commit f142f6f224fe ("core: imx: Add in calls to set CAAM job-ring
permissions")

This patch fixes both warnings.

Signed-off-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Reported-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

PTA: change method for checking memory in derive TA key

The tee_vbuf_is_sec() which ends up as core_vbuf_is() doesn't work with
paged user space memory, so instead use tee_mmu_check_access_rights().

PTA: change method for checking memory in derive TA key

The tee_vbuf_is_sec() which ends up as core_vbuf_is() doesn't work with
paged user space memory, so instead use tee_mmu_check_access_rights().

Fixes: a30ddda9e488 ("PTA: add support for deriving device and TA unique keys")

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use
case could be when you need to encrypt some data in a Trusted App and
then give it back to normal world.

By default device unique properties (HUK and TA UUID) will be used when
deriving a key. However, the one calling the PTA derive key function
also have the ability to provide some extra data that will be mixed in
together with existing device unique properties. That gives the ability
to derive keys that are not only device and Trusted Application unique,
but also tied to some additional data, it could for example be a
password or something similar.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

HUK: Add enum for TA unique key derivation

Add an additional enum that will be used when deriving device and TA
unique keys.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wi

HUK: Add enum for TA unique key derivation

Add an additional enum that will be used when deriving device and TA
unique keys.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...