core: trivial large paddr_t fixes

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Add CFG_CORE_LARGE_PHYS_ADDR for 64bit paddr_t

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: fix gic_init() prototype

Prior to this patch gic_init() incorrectly had paddr_t as type for the
GIC base addresses while the implementation used vaddr_t. The correct
type is vaddr_t which we'r

core: fix gic_init() prototype

Prior to this patch gic_init() incorrectly had paddr_t as type for the
GIC base addresses while the implementation used vaddr_t. The correct
type is vaddr_t which we're changing to here.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: take nsec DDR ranges into account

Takes nsec DDR ranges into account when setting TCR.PS field.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander

core: lpae: take nsec DDR ranges into account

Takes nsec DDR ranges into account when setting TCR.PS field.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core.mk: make platform specific link.mk optional

Most platform do not need any special linker targets and so most
just link back to the default. Lets just have core.mk use the default
when a p

core: core.mk: make platform specific link.mk optional

Most platform do not need any special linker targets and so most
just link back to the default. Lets just have core.mk use the default
when a platform does not have this file. Also remove this from the
porting guidelines as it is now optional and only needed for advanced
use.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: link.mk: make platform specific kern.ld.S optional

Most platform do not need any special linker scripting and so most
just link back to the default. Lets just have link.mk use the default
when

core: link.mk: make platform specific kern.ld.S optional

Most platform do not need any special linker scripting and so most
just link back to the default. Lets just have link.mk use the default
when a platform does not have this file. Also remove this from the
porting guidelines as it is now optional and only needed for advanced
use.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pager: ltc: prng: add entropy to the AE key for paged TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
pla

core: pager: ltc: prng: add entropy to the AE key for paged TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still
vulnerable, unless they provide an implementation of
plat_prng_add_jitter_entropy_norpc().

Adds some entropy to the PRNG used to generate the AE key for paged
user TAs.

Link: https://op-tee.org/security-advisories/
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: ltc: prng: make sure some entropy is used immediately

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platfor

core: ltc: prng: make sure some entropy is used immediately

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still
vulnerable, unless they provide an implementation of
plat_prng_add_jitter_entropy_norpc().

The LibTomCrypt API is not used properly in the current PRNG
initialization code (tee_ltc_prng_init()). We have:

prng->start();
prng->ready();
plat_prng_add_jitter_entropy_norpc();

...and at this point, the PRNG is assumed to be ready to provide random
data through rng->read().

That is broken, because there is no guarantee that the added entropy
will have an immediate effect on the output of rng->read(). In fact, it
usually will NOT. For instance, the default software PRNG used in
OP-TEE (Fortuna) re-seeds its PRNG generator from the entropy pools
only once every ten reads. So we're effectively using an un-seeded
generator for the first ten calls to prng->read(). Practically it means
that the same byte sequences are generated after each boot and, for the
Fortuna PRNG, until the 11th call to the PRNG read function. At the
Internal Core API level, this affects TEE_GenerateRandom() and
TEE_GenerateKey().

The fix is simple: prng->ready() seeds the generator from the pools, so
by moving plat_prng_add_jitter_entropy_norpc() before prng->ready(), we
can ensure that some amount of entropy is used immediately.

Fixes: https://github.com/OP-TEE/optee_os/issues/1730
Link: https://op-tee.org/security-advisories
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testi

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testing and debugging to emulate system, where dynamic SHM is not
supported.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

entry_std.c: comment fixes in assign_mobj_to_param_mem()

- removed spaces before "?" in comments
- Capitalized first letter in first words

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com

entry_std.c: comment fixes in assign_mobj_to_param_mem()

- removed spaces before "?" in comments
- Capitalized first letter in first words

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: enable non-contiguous temporary reference parameters

Now, when we can pass list of pages between REE and TEE it is possible
to use temporary memory references that are not located in a preallo

core: enable non-contiguous temporary reference parameters

Now, when we can pass list of pages between REE and TEE it is possible
to use temporary memory references that are not located in a preallocated
shared memory area. By employing OPTEE_MSG_ATTR_NONCONTIG parameter
attribute, REE can provide own buffer as a temporary memory reference.

Actually, such parameters are indistinguishable from registered shared
memory references. So, when OP-TEE spots temporary memory reference with
OPTEE_MSG_ATTR_NONCONTIG attribute, it will create `mobj_reg_shm` for it.
After call was handled, it will free that mobj.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP, QEMU v7/v8)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno with and without pager)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (Rcar M3)

show more ...

core: add registered shared memory support

Normal world now can call OPTEE_MSG_CMD_REGISTER_SHM and
OPTEE_MSG_CMD_UNREGISTER_SHM functions to register/unregister
shared memory.

After that, it can u

core: add registered shared memory support

Normal world now can call OPTEE_MSG_CMD_REGISTER_SHM and
OPTEE_MSG_CMD_UNREGISTER_SHM functions to register/unregister
shared memory.

After that, it can use OPTEE_MSG_ATTR_TYPE_RMEM_* to reference
to that registered shared buffers.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

entry_std: save parameters attributes into local memory

Normal World can change contents of shared memory at any time.
Right now it does not pose any threat. But next patches
will rely on attribute

entry_std: save parameters attributes into local memory

Normal World can change contents of shared memory at any time.
Right now it does not pose any threat. But next patches
will rely on attribute values. Thus, we need to read
parameter attributes only once and then use this saved value.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pl011: prevent putc() and flush() function from blocking indefinitely

It may happen that trace functions are called by OP-TEE when the UART
or its clock is disabled by the non-secure OS. In such a c

pl011: prevent putc() and flush() function from blocking indefinitely

It may happen that trace functions are called by OP-TEE when the UART
or its clock is disabled by the non-secure OS. In such a case, flush()
is likely to loop indefinitely, because the UART status register may
never contain the expected value. Make the code more robust by checking
if the UART is enabled in the wait loop. If it is not, or if the status
bit remains zero due to the clock being turned off, return immediately.
By doing so, we allow to drop some output rather than hang the whole
system.

Fixes: https://github.com/OP-TEE/optee_os/issues/1863
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Revert "core: core_mmu_v7: core_mmu_get_user_pgdir: remove duplicated code"

This reverts commit 3eb2ba74961b. core_mmu_set_info_table() sets
tbl_info->num_entries to NUM_L1_ENTRIES, not NUM_UL1_ENTR

Revert "core: core_mmu_v7: core_mmu_get_user_pgdir: remove duplicated code"

This reverts commit 3eb2ba74961b. core_mmu_set_info_table() sets
tbl_info->num_entries to NUM_L1_ENTRIES, not NUM_UL1_ENTRIES. So the
removed code was actually not duplicate.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: implement psci reset

Implement psci reset support.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm: imx set CFG_MMAP_REGIONS

Set CFG_MMAP_REGIONS to 24.

Signed-off-by: Peng Fan <peng.fan@nxp.com>

core: drivers: add imx wdog support

Introducing the wdog support is for psci reset usage.
To i.MX6/7, when `reboot`, need wdog to trigger soc reset
or send out signal to pmic through wdog pin to tri

core: drivers: add imx wdog support

Introducing the wdog support is for psci reset usage.
To i.MX6/7, when `reboot`, need wdog to trigger soc reset
or send out signal to pmic through wdog pin to trigger pmic reset.

In linux device tree, there is a "fsl,ext-reset-output" property, this
driver is to check whether the wdog node contains the property or not,
then decide how to trigger reset.

We still rely on normal world to initialize wdog and configure pinmux
when need to trigger pmic reset.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: introduce CFG_MMAP_REGIONS

Introduce CFG_MMAP_REGIONS to replace MAX_MMAP_REGIONS to allow
platform specific value.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander

core: mmu: introduce CFG_MMAP_REGIONS

Introduce CFG_MMAP_REGIONS to replace MAX_MMAP_REGIONS to allow
platform specific value.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: introduce get_dt_blob

Introduce get_dt_blob. This could allow drivers to use device tree.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.or

core: arm: introduce get_dt_blob

Introduce get_dt_blob. This could allow drivers to use device tree.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: fix getting address and size

According to ePAPR spec.

"
The #address-cells and #size-cells properties may be used in any device
node that has children in the device tree hierarchy and des

core: dt: fix getting address and size

According to ePAPR spec.

"
The #address-cells and #size-cells properties may be used in any device
node that has children in the device tree hierarchy and describes how
child device nodes should be addressed. The #address-cells property
defines the number of <u32> cells used to encode the address field in
a child node’s reg property. The #size-cells property defines the number
of <u32> cells used to encode the size field in a child node’s reg
property.

The #address-cells and #size-cells properties are not inherited from
ancestors in the device tree. They shall be explicitly defined.

An ePAPR-compliant boot program shall supply #address-cells and #size-cells
on all nodes that have children.

If missing, a client program should assume a default value of 2 for

An ePAPR-compliant boot program shall supply #address-cells and #size-cells
on all nodes that have children.
"

So need to use the parent's address-cells and size-cells property.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: introduce dt_have_prop

Introudce dt_have_prop

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: dt: typo fix

1. According to ePAPR spec, status should be okay/disabled/fail/fail-sss.
To Linux device tree, "okay" and "ok" are both used. Function is_okay
also use "okay" and "ok". But

core: dt: typo fix

1. According to ePAPR spec, status should be okay/disabled/fail/fail-sss.
To Linux device tree, "okay" and "ok" are both used. Function is_okay
also use "okay" and "ok". But "ok" is not defined in spec. Here only
correct comments

2. size -> sz

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: typo fix

Typo fix: inseart -> insert

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm: generic_boot: use TEE_MM_POOL_NO_FLAGS

Use TEE_MM_POOL_NO_FLAGS to replace magic number 0.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.o

core: arm: generic_boot: use TEE_MM_POOL_NO_FLAGS

Use TEE_MM_POOL_NO_FLAGS to replace magic number 0.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...