core: arm32: add support for dynamically linked TAs

This commit adds support for 32-bit dynamically linked Trusted
Applications. The config flag for this feature is CFG_TA_DYNLINK,
default enabled.

core: arm32: add support for dynamically linked TAs

This commit adds support for 32-bit dynamically linked Trusted
Applications. The config flag for this feature is CFG_TA_DYNLINK,
default enabled.

Why do this? Several reasons:

1. Save space in the TA storage area. The OP-TEE core libraries
(libutee, libutils, libmpa) could very well be provided as shared
objects (.so) rather than archive files (.a). They would be installed
only once in the TA storage, instead of being duplicated inside each TA.
2. Allow upgrade of some libraries without re-linking the TAs.
3. Pave the way to sharing code pages between TAs, thus potentially
reducing the memory footprint of the TEE.

The ELF loader is updated as follows:

- Locate the dynamic section in the program headers (PT_DYNAMIC entry).
- Find the required external libraries by looking for DT_NEEDED entries
in the dynamic section. Libraries are .so files signed like TAs and
identified by a UUID so that the TA stores can be re-used. Using a UUID
is also more flexible, because a new versions of a library may keep the
same UUID or use another one.
- Load all the libraries.
- Process the dynamic relocations of type R_ARM_GLOB_DAT and
R_ARM_JUMP_SLOT by resolving symbols by name, in breadth first order.
- Map the library code and data into the user VA space.

The stack unwinding code will be updated in a later commit. As a result
only the main executable may be unwound ; stack dumps will stop if the
call stack goes inside a shared library.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960 32/64)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: syscall_open_ta_session(): make sure user context is set

There is no guarantee that the current user context is preserved
after tee_ta_open_session(). Therefore, set it again before copying
da

core: syscall_open_ta_session(): make sure user context is set

There is no guarantee that the current user context is preserved
after tee_ta_open_session(). Therefore, set it again before copying
data to user space.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: arm32: do not unwind TA stack if .ARM.exidx is not present

If a TA has no exception index table (.ARM.exidx section), it is not
rejected by the loader but it cannot be unwound. Therefore, the

core: arm32: do not unwind TA stack if .ARM.exidx is not present

If a TA has no exception index table (.ARM.exidx section), it is not
rejected by the loader but it cannot be unwound. Therefore, the unwind
code should detect this condition to avoid crashing a bit further down.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-rockchip: move some CFG_'s from platform_config.h to conf.mk

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

core: move CFG_TEE_CORE_NB_CORE to conf.mk for various platforms

Update platforms d02, rcar, sam, hikey, mediatek, poplar, rpi3, sprd,
zynqmp and marvell.

These platforms no more defines CFG_ confi

core: move CFG_TEE_CORE_NB_CORE to conf.mk for various platforms

Update platforms d02, rcar, sam, hikey, mediatek, poplar, rpi3, sprd,
zynqmp and marvell.

These platforms no more defines CFG_ configuration directives as
NB_CORE was the last remaining one.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk

Aggregate juno config.
Use same platform ordering in conf.mk and platform_config.h.

Signed-off-by: Etienne Carriere <etienne.carriere@li

plat-vexpress: move CFG_TEE_CORE_NB_CORE to platform conf.mk

Aggregate juno config.
Use same platform ordering in conf.mk and platform_config.h.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Fix crash when bumping qemu to 2.12.0

The implementation of a memory access error handler in qemu/qemu@c79c0a3
is the cause of this crash. OP-TEE's PASSTHRU_READER driver had been
accessing invalid

Fix crash when bumping qemu to 2.12.0

The implementation of a memory access error handler in qemu/qemu@c79c0a3
is the cause of this crash. OP-TEE's PASSTHRU_READER driver had been
accessing invalid memory addresses, which were ignored till the handler
was added to qemu.

Fixes: https://github.com/OP-TEE/optee_os/issues/2291
Signed-off-by: Harikrishnan R <rharikrishnan95@gmail.com>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

plat-zynq7k: move some CFG_'s from platform_config.h to conf.mk

Legacy zyn7k does not allow reconfiguring the memory layout, hence
internal labels used are local: discard CFG_DDR_TEETZ_RESERVED_STAR

plat-zynq7k: move some CFG_'s from platform_config.h to conf.mk

Legacy zyn7k does not allow reconfiguring the memory layout, hence
internal labels used are local: discard CFG_DDR_TEETZ_RESERVED_START
CFG_DDR_TEETZ_RESERVED_SIZE, CFG_CORE_TZSRAM_EMUL_START in favor
of hardcoded addresses.

Discard local CFG_PUB_RAM_SIZE in favor to TEE_SHMEM_START/SIZE.

Remove useless DRAM0_BASE/_SIZE, DDR_PHYS_START, DDR_SIZE and
CFG_DDR_START/_SIZE.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Yan Yan <yan.yan@windriver.com>

show more ...

plat-stm: move some CFG_'s from platform_config.h to conf.mk

STM platform can be configured from CFG_DDR_START/_SIZE,
CFG_CORE_TZSRAM_EMUL_START and CFG_DDR_TEETZ_RESERVED_START/_SIZE.

Signed-off-b

plat-stm: move some CFG_'s from platform_config.h to conf.mk

STM platform can be configured from CFG_DDR_START/_SIZE,
CFG_CORE_TZSRAM_EMUL_START and CFG_DDR_TEETZ_RESERVED_START/_SIZE.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-ti: move some CFG_'s from platform_config.h to conf.mk

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Andrew F. Davis <afd@ti.com>

plat-ls: move some CFG_'s from platform_config.h to conf.mk

Remove CFG_DDR_TEETZ_RESERVED_START/_SIZE: internal to platform.
Remove CFG_PUB_RAM_SIZE, use TEE_SHMEM_SIZE instead.
Remove useless defin

plat-ls: move some CFG_'s from platform_config.h to conf.mk

Remove CFG_DDR_TEETZ_RESERVED_START/_SIZE: internal to platform.
Remove CFG_PUB_RAM_SIZE, use TEE_SHMEM_SIZE instead.
Remove useless definition of DDR_PHYS_START, DDR_SIZE, DRAM0_BASE/_SIZE,
CFG_DDR_START/_SIZE.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
Reviewed-by: Pankaj Gupta <pankaj.gupta@nxp.com>

show more ...

core: remove CFG_ prefix from CFG_TEE_LOAD_ADDR

TEE_LOAD_ADDR is now local to source files. It is set to CFG_TEE_LOAD_ADDR
value if defined only for the platforms that previously allowed build
to ov

core: remove CFG_ prefix from CFG_TEE_LOAD_ADDR

TEE_LOAD_ADDR is now local to source files. It is set to CFG_TEE_LOAD_ADDR
value if defined only for the platforms that previously allowed build
to override the value. Few platform did hardcod CFG_TEE_LOAD_ADDR, this
change preserve these configurations.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove CFG_ prefix from CFG_SHMEM_START/_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configura

core: remove CFG_ prefix from CFG_SHMEM_START/_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configuration directive with the CFG_ prefix.

This change renames the CFG_SHMEM_xxx into TEE_SHMEM_xxx so that they
do not mess with the platform configuration directives. Yet, the old
CFG_SHMEM_START/SIZE directives can still be used by platform_config.h
to set TEE_SHMEM_START/SIZE if the platform supports it (i.e plat-stm).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove CFG_ prefix from TA_RAM_START/TA_RAM_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be config

core: remove CFG_ prefix from TA_RAM_START/TA_RAM_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configuration directive with the CFG_ prefix.

This change renames these macros so that they do not mess with the
platform configuration directives.

Old macro label New macro label
CFG_TA_RAM_START TA_RAM_START
CFG_TA_RAM_SIZE TA_RAM_SIZE

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove CFG_ prefix from TEE_RAM_START/VA_SIZE/PH_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be c

core: remove CFG_ prefix from TEE_RAM_START/VA_SIZE/PH_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configuration directive with the CFG_ prefix.

This change renames these macros so that they do not mess with the
platform configuration directives.

Old macro label New macro label
CFG_TEE_RAM_START TEE_RAM_START
CFG_TEE_RAM_VA_SIZE TEE_RAM_VA_SIZE
CFG_TEE_RAM_PH_SIZE TEE_RAM_PH_SIZE

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-poplar: fix comments layout that hurts checkpatch

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: split SDP memory CFG_ and non-CFG_ configuration directives

This change aim at removing definition of CFG_ directive (here related
to SDP) from the platform_config.h files.

CFG_TEE_SDP_MEM_BA

core: split SDP memory CFG_ and non-CFG_ configuration directives

This change aim at removing definition of CFG_ directive (here related
to SDP) from the platform_config.h files.

CFG_TEE_SDP_MEM_BASE/_SIZE is a generic configuration directive to
register a SDP memory.

Some platforms define a SDP test memory when SDP is enable. This SDP
memory is located at the end of the TA_RAM. Introduce platform settings
TEE_SDP_TEST_MEM_BASE/_SIZE to register a SDP test buffer, independently
from the generic CFG_TEE_SDP_MEM_BASE/_SIZE.

Platforms marvel, stm, ti and vexpress updated.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: lpae: copy table of actual primary core

SOC has configurable core settings (e.g., Juno) does not
take core-0 as primary core. Copying mapping table of core-0
to other cores causes boot fa

core: mmu: lpae: copy table of actual primary core

SOC has configurable core settings (e.g., Juno) does not
take core-0 as primary core. Copying mapping table of core-0
to other cores causes boot failure on such configured SOC.
Fix this problem by taking mapping table of actual primary
core as copy source.

Signed-off-by: Ken Liu <ken.liu@arm.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: DSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: DSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, TEE_ERROR_SIGNATURE_INVALID will never
happen with the DSA algorithms. Fix that by properly checking the
return code and signature status of the LibTomCrypt function.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: ECC signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: ECC signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, TEE_ERROR_SIGNATURE_INVALID will never
happen with the ECC algorithms. Fix that by properly checking the
return code and signature status of the LibTomCrypt function.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: RSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: RSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, all errors returned by the LibTomCrypt
RSA signature verification function are translated to
TEE_ERROR_SIGNATURE_INVALID. It is incorrect. Fix that by introducing
a helper function to properly handle both the return code and the
signature verification status.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu: discard legacy bios mailbox and support arm-tf boot scheme

Replace the unused bios_qemu_tz_arm mailbox for waking secondary boot
cores with the mailbox used by the Arm trusted firmware.

Signe

qemu: discard legacy bios mailbox and support arm-tf boot scheme

Replace the unused bios_qemu_tz_arm mailbox for waking secondary boot
cores with the mailbox used by the Arm trusted firmware.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_virt: move core location to match qemu_armv8

Moving qemu_virt core to the same location as the core for qemu_armv8
allows to use the same arm-trusted-firmware configuration for ARMv7
and ARMv8

qemu_virt: move core location to match qemu_armv8

Moving qemu_virt core to the same location as the core for qemu_armv8
allows to use the same arm-trusted-firmware configuration for ARMv7
and ARMv8 Qemu support.

Qemu_virt Kasan offset is updated since new memory layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: 32bit generic entry executes in cpu Supervisor mode.

This change aims at supporting some bootloaders as the Aarch32
Arm trusted firmware that may boot cores in Monitor mode.

Signed-off-by: Et

core: 32bit generic entry executes in cpu Supervisor mode.

This change aims at supporting some bootloaders as the Aarch32
Arm trusted firmware that may boot cores in Monitor mode.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: Make name and path of crypto library configurable

Allows for platform dependent implementations of exported crypto API

Signed-off-by: Darren Roche <darren.broche@gmail.com>
Reviewed-by: Jen

crypto: Make name and path of crypto library configurable

Allows for platform dependent implementations of exported crypto API

Signed-off-by: Darren Roche <darren.broche@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...