core: arm32_macros.S: add cache related macros

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm32_macros.S: sort macros

Sorts macros and fixes the macro write_bpial

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm.h: add cache related defines

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: fix incorrect IRQ mask for CFG_ARM_GICV3

For GICV3 situation, IRQ is used as native interrupt. This patch
also suppressed assert in thread_user_save_vfp().

Signed-off-by: Zhizhou Zhang <zhizh

core: fix incorrect IRQ mask for CFG_ARM_GICV3

For GICV3 situation, IRQ is used as native interrupt. This patch
also suppressed assert in thread_user_save_vfp().

Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: bugfix invalidate touched init memory

The entire range of memory touched during init need to be invalidated in
the caches before enabling the caches.

Prior to this patch with CFG_WITH_

core: arm64: bugfix invalidate touched init memory

The entire range of memory touched during init need to be invalidated in
the caches before enabling the caches.

Prior to this patch with CFG_WITH_PAGER=y the caches where only
invalidated until __init_end which isn't enough, memory up to
__tmp_hashes_end is actually touched. With this patch the range is
increased to __tmp_hashes_end which is the same as is used in the arm32
code.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey 64-bit pager)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reduce init size

Dramatically reduces init size by excluding __wq_rpc() from the init
graph. Without __wq_rpc() in the init grapth, the entire LibTomCrypt is
removed for the init graph.

Teste

core: reduce init size

Dramatically reduces init size by excluding __wq_rpc() from the init
graph. Without __wq_rpc() in the init grapth, the entire LibTomCrypt is
removed for the init graph.

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v8 pager)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reduce unpaged size

Reduces unpaged size by excluding __thread_std_smc_entry() from the
unpaged graph.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklande

core: reduce unpaged size

Reduces unpaged size by excluding __thread_std_smc_entry() from the
unpaged graph.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: use weak symbols to reduce dependency graphs

Makes functions that need to be excluded from unpaged and init parts of
the TEE binary weak. When building the dependency graph for init and
u

core: arm: use weak symbols to reduce dependency graphs

Makes functions that need to be excluded from unpaged and init parts of
the TEE binary weak. When building the dependency graph for init and
unpaged parts an empty version of those functions (from
core/arch/arm/kernel/link_dummies.c) are used instead.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix undefined behavior in expand_prel31()

Fixes undefined behavior in expand_prel31() detected with
CFG_CORE_SANITIZE_UNDEFINED=y

ERROR: [0x0] TEE-CORE: Undefined behavior shift_out_of_b

core: bugfix undefined behavior in expand_prel31()

Fixes undefined behavior in expand_prel31() detected with
CFG_CORE_SANITIZE_UNDEFINED=y

ERROR: [0x0] TEE-CORE: Undefined behavior shift_out_of_bounds at core/arch/arm/kernel/unwind_arm32.c:102 col 42
ERROR: [0x0] TEE-CORE: Panic at core/kernel/ubsan.c:189 <__ubsan_handle_shift_out_of_bounds>

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ubsan: fix __ubsan_handle_nonnull_arg()

Fixes error:
core/kernel/ubsan.c:114:6: error: conflicting types for built-in function '__ubsan_handle_nonnull_arg' [-Werror]
void __ubsan_handle_nonnu

core: ubsan: fix __ubsan_handle_nonnull_arg()

Fixes error:
core/kernel/ubsan.c:114:6: error: conflicting types for built-in function '__ubsan_handle_nonnull_arg' [-Werror]
void __ubsan_handle_nonnull_arg(struct nonnull_arg_data *data, size_t arg_no);
^~~~~~~~~~~~~~~~~~~~~~~~~~
core/kernel/ubsan.c:229:6: error: conflicting types for built-in function '__ubsan_handle_nonnull_arg' [-Werror]
void __ubsan_handle_nonnull_arg(struct nonnull_arg_data *data,
^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

When compiling with gcc 6.2.1

For the record: with GCC 6.0.0 __ubsan_handle_nonnull_arg() was changed to
take only one argument.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ltc: Enable RSA_CRT_HARDENING and RSA_CRT_BLINDING

Enable the hardening flags by default. This should make it robust to the
Bellcore attack when using RSA with CRT.

Fixes: OP-TEE-2016-0003 which wa

ltc: Enable RSA_CRT_HARDENING and RSA_CRT_BLINDING

Enable the hardening flags by default. This should make it robust to the
Bellcore attack when using RSA with CRT.

Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand()
function, which isn't implemented for the mpa_desc descriptor. Implement
it as rand() in mpa_d

ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand()
function, which isn't implemented for the mpa_desc descriptor. Implement
it as rand() in mpa_desc and mpa_get_random_digits() in libmpa.

Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: fix formatting related to exptmod

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

ltc: fix formatting related to exptmod

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: remove LTC_LINARO_FIX_RSAWITHOUTCRT

LTC_LINARO_FIX_RSAWITHOUTCRT is used to handle the case where the CRT
optimized algorithm cannot be used because the optimized parameters are
missing. In the

ltc: remove LTC_LINARO_FIX_RSAWITHOUTCRT

LTC_LINARO_FIX_RSAWITHOUTCRT is used to handle the case where the CRT
optimized algorithm cannot be used because the optimized parameters are
missing. In the official LibTomCrypt tree, there is an official fix for
this.

Please see commits (official LibTomCrypt tree):
01f184540232 ("harden RSA CRT by implementing the proposed
countermeasure from ch. 1.3 of [1]")
a6e89d58d4fb ("RSA in CRT optimization parameters are empty")
2bb3f0246f65 ("RSA in case CRT optimization parameters are not
populated")

Those patches were brought into OP-TEE with this patch
a50cb361d9e5 ("ltc: sync from official develop branch")

And therefore there is no need to keep the LTC_LINARO_FIX_RSAWITHOUTCRT
any longer, hence this patch removes the flag and the code related to
that particular flag.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

core: fix listing of init resources in linker file

Fix the missing space character to separate entries at generation of
init_entries.txt file. This file content is used as an argument list
string fo

core: fix listing of init resources in linker file

Fix the missing space character to separate entries at generation of
init_entries.txt file. This file content is used as an argument list
string for the linker tool.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

msg_param.h: add `const` qualifier for read-only functions

msg_param_get_buf_size() and msg_param_attr_is_tmem() only read
from their parameter, so that parameter can be declared as `const`

Signed

msg_param.h: add `const` qualifier for read-only functions

msg_param_get_buf_size() and msg_param_attr_is_tmem() only read
from their parameter, so that parameter can be declared as `const`

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mobj: mobj_reg_shm: fix bug in offset calculation

Wrong variable was used to calculate offset.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@

mobj: mobj_reg_shm: fix bug in offset calculation

Wrong variable was used to calculate offset.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clarify end of static mapping table

Move remaining code relying on null size value for detecting end
of static mapping table with a test on type value. This is made
consistent between lpae and

core: clarify end of static mapping table

Move remaining code relying on null size value for detecting end
of static mapping table with a test on type value. This is made
consistent between lpae and non-lpae implementations.

Rename MEM_AREA_NOTYPE into MEM_AREA_END as it is dedicated to this
specific purpose.

Faulty core_mmu_get_type_by_pa() can return MEM_AREA_MAXTYPE on invalid
cases.

Add a comment highlighting null sized entry are not filled in the static
mapping directives table.

Forgive the trick on level_index_m'sk to fit in the 80 chars/line.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sunxi: provide .bss section initialization before usage

BSS initialization is executed AFTER the initialization of the
MMU table (global variable array "static_memory_map[]"), so
the table is o

plat-sunxi: provide .bss section initialization before usage

BSS initialization is executed AFTER the initialization of the
MMU table (global variable array "static_memory_map[]"), so
the table is overwritten.
Change this so that BSS initialization executes BEFORE
static_memory_map[] is initialized by core_init_mmu_map().

Signed-off-by: Victor Signaevskyi <piligrim2007@meta.ua>
Fixes: https://github.com/OP-TEE/optee_os/issues/1607
Fixes: 236601217f7e ("core: remove __early_bss")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: minor edits to the commit message, add Fixes:]
Signed-off-by: Jerome Forissier <jeorme.forissier@linaro.org>

show more ...

plat-ti: Reserve first page of SRAM for secure boot software

The first 4KB of SRAM is used by the initial secure software and
OP-TEE should not be loaded to this address. Adjust the TEE_LOAD_ADDR
to

plat-ti: Reserve first page of SRAM for secure boot software

The first 4KB of SRAM is used by the initial secure software and
OP-TEE should not be loaded to this address. Adjust the TEE_LOAD_ADDR
to reflect this.

Signed-off-by: Andrew F. Davis <afd@ti.com>

show more ...

core: fix core_init_mmu_tables() loop

Fixes the terminating condition of the for loop in
core_init_mmu_tables() to rely on mm[n].type instead of mm[n].size.

Fixes: https://github.com/OP-TEE/issue/1

core: fix core_init_mmu_tables() loop

Fixes the terminating condition of the for loop in
core_init_mmu_tables() to rely on mm[n].type instead of mm[n].size.

Fixes: https://github.com/OP-TEE/issue/1602
Signed-off-by: Victor Signaevskyi <piligrim2007@meta.ua>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: wrap commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: use mobjs for all shared buffers

To ease usage of REE-originated shared memory, all code that uses shared
buffer is moved to mobjs. That means that TA loader, fs_rpc, sockets, etc
all use mobj

core: use mobjs for all shared buffers

To ease usage of REE-originated shared memory, all code that uses shared
buffer is moved to mobjs. That means that TA loader, fs_rpc, sockets, etc
all use mobjs to represent shared buffers instead of simple paddr_t.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

mobj: added new mobj type: mobj_shm

mobj_shm represents buffer in predefined SHM region.
It can be used to pass allocated shm regions instead of [paddr,size] pair.

Signed-off-by: Volodymyr Babchuk

mobj: added new mobj type: mobj_shm

mobj_shm represents buffer in predefined SHM region.
It can be used to pass allocated shm regions instead of [paddr,size] pair.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

msg_param: add msg_param.c with helper functions

This patch adds various helper functions to manipulate with parameters
passed to/from normal world.

Also it introduces new optee_param type which is

msg_param: add msg_param.c with helper functions

This patch adds various helper functions to manipulate with parameters
passed to/from normal world.

Also it introduces new optee_param type which is used to pass long
lists of parameters.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

plat-d02: Use LPAE, increase pager TZSRAM size to 512K and TEE_RAM to 2M

Fixes a boot error when CFG_WITH_PAGER=y:

INFO: TEE-CORE:
INFO: TEE-CORE: Pager is enabled. Hashes: 512 bytes
INFO:

plat-d02: Use LPAE, increase pager TZSRAM size to 512K and TEE_RAM to 2M

Fixes a boot error when CFG_WITH_PAGER=y:

INFO: TEE-CORE:
INFO: TEE-CORE: Pager is enabled. Hashes: 512 bytes
INFO: TEE-CORE: OP-TEE version: 2.4.0-136-g4ec2358 #25 Tue Jun 13 13:32:21 UTC 2017 arm
INFO: TEE-CORE: Shared memory address range: 50500000, 50f00000
ERROR: TEE-CORE: Panic at core/lib/libtomcrypt/src/tee_ltc_provider.c:500 <get_mpa_scratch_memory_pool>

Panic occurs because tee_pager_alloc() fails to allocate memory from
tee_mm_vcore. Fix this by increasing CFG_TEE_RAM_VA_SIZE from 1 to
2 MiB. This implies to enable LPAE, otherwise the TEE core panics with:

ERROR: TEE-CORE: Panic 'Unsupported page size in translation table' at core/arch/arm/mm/tee_pager.c:219 <set_alias_area>

Finally, CFG_CORE_TZSRAM_EMUL_SIZE has to be increased to at least
416 KiB to avoid:

LD out/arm-plat-d02/core/tee.elf
/usr/bin/arm-linux-gnueabihf-ld: OP-TEE can't fit init part into available physical memory

We choose 512 KiB because smaller values cause horrible performance.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...