core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __asse

core: review assert and panic traces

Replace few "{ EMSG(...); panic(); }" with "panic(...);".

Disable file/line/func debug traces in panic() logs when
CFG_TEE_CORE_DEBUG is disable.

Change __assert_log() uses EMSG_RAW() to no pollute trace with
__assert_log() internals (duplicated file/line/func traces).

Change assert() to use a low/high verbosity mode upon
CFG_TEE_CORE_DEBUG as panic() does.

Change assert() to also trace the C function where assertion failed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

core: panic() macro accepts zero or one string argument.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Etienne Car

core: panic() macro accepts zero or one string argument.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

core: remove TEE_ASSERT()

TEE_ASSERT() can be confusing regarding assert() as assert() can
be disabled through NDEBUG while TEE_ASSERT() can't.
Instead one should explicitly implement "if (cond) { p

core: remove TEE_ASSERT()

TEE_ASSERT() can be confusing regarding assert() as assert() can
be disabled through NDEBUG while TEE_ASSERT() can't.
Instead one should explicitly implement "if (cond) { panic(); }"

This patch removes several inclusions on tee_common_unpg.h as it
used to define TEE_ASSERT() that has been removed.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jen.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

assert/panic: fix misuse of assert/panic

Currently implementation of macro assert() does not expand to a
no-op when NDEBUG is defined. This will be done in a later change.
Before that, fix misuses o

assert/panic: fix misuse of assert/panic

Currently implementation of macro assert() does not expand to a
no-op when NDEBUG is defined. This will be done in a later change.
Before that, fix misuses of assert() and TEE_ASSERT():
- Correct misplaced assert() that should panic() whatever NDEBUG.
- Correct misplaced TEE_ASSERT() that should simply assert().

Also cleanup many inclusions of "assert.h" and few calls of assert().

Signed-off-by: Jens Wiklander <jen.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMU)

show more ...

Simplify platform testing macros

Update the main Makefile so that PLATFORM_$(PLATFORM) and
PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) are set to 'y', and add these
variables to the export list for the gener

Simplify platform testing macros

Update the main Makefile so that PLATFORM_$(PLATFORM) and
PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) are set to 'y', and add these
variables to the export list for the generation of conf.h.

As a result, the definition of numerical flavor identifiers in the
multiple platform_config.h files is not needed anymore, and we can also
get rid of the PLATFORM_FLAVOR_IS() test macro. Instead, replace all
occurrences of '#if PLATFORM_FLAVOR_IS(foo)' with
'#if defined(PLATFORM_FLAVOR_foo)'.

This makes it possible to test the platform and not only the flavor in
any source file, so drop the manual definition of PLATFORM_hikey.

Finally, remove the definitions of platform_$(PLATFORM) and
platform_flavor_$(PLATFORM_FLAVOR) from core/core.mk since they are not
used.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

Fix reversed order of carriage return and line feed..

..in console_putc() function.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

Add support for Hisilicon D02 (PLATFORM=d02)

D02 is a server-class development board equipped with a Hisilicon
Phosphor V660 processor (also called PV660, P660 or hip05).
The chip has 16 Cortex-A57

Add support for Hisilicon D02 (PLATFORM=d02)

D02 is a server-class development board equipped with a Hisilicon
Phosphor V660 processor (also called PV660, P660 or hip05).
The chip has 16 Cortex-A57 cores @ 2.1 GHz.

Note: '-mcpu=cortex-a57' causes the following warning, which doesn't
seem to have any adverse effect on OP-TEE and is registered as a
compiler bug [1]:

CC out/arm-plat-d02/core/lib/libtomcrypt/src/encauth/ccm/ccm_add_nonce.o
{standard input}: Assembler messages:
{standard input}:634: IT blocks containing 32-bit Thumb instructions are deprecated in ARMv8

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=67591

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

Add UART driver for Hisilicon Hi16xx

Applies to SoCs in the Hi16xx family, and to Phosphor V660 a.k.a. hip05
(the CPU on the Hisilicon D02 development board).

Signed-off-by: Jerome Forissier <jerom

Add UART driver for Hisilicon Hi16xx

Applies to SoCs in the Hi16xx family, and to Phosphor V660 a.k.a. hip05
(the CPU on the Hisilicon D02 development board).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

storage: rpmb: call tee_fs_generate_fek() to generate FEK

The File Encryption Key is generated randomly but not encrypted by the
key manager before being written to the RPMB FAT. In other words, we

storage: rpmb: call tee_fs_generate_fek() to generate FEK

The File Encryption Key is generated randomly but not encrypted by the
key manager before being written to the RPMB FAT. In other words, we
consider that the RNG outputs an already encrypted key.
For consistency, call tee_fs_generate_fek() instead.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

storage: encrypt the FEK with a TA-specific key

The File Encryption Key is now encrypted with a Trusted application
Storage Key (TSK) rather than directly with the Secure Storage Key.
The TSK is der

storage: encrypt the FEK with a TA-specific key

The File Encryption Key is now encrypted with a Trusted application
Storage Key (TSK) rather than directly with the Secure Storage Key.
The TSK is derived from the SSK and the TA UUID. This improves
isolation between TAs, and makes it impossible to read the data of a
TA from another TA after manually moving files in the REE filesystem
for instance.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

Allow `_end` to be more than 1MB away from code

The PC relative load (`adr`) requires the destination label to be
within 1MB of the instruction itself. If for example, the HEAP_SIZE
is increased to

Allow `_end` to be more than 1MB away from code

The PC relative load (`adr`) requires the destination label to be
within 1MB of the instruction itself. If for example, the HEAP_SIZE
is increased too much, this can push the `_end` pass this limit.

Replace the single `adr` instruction with a pair (`adrp`, `add`) to
allow the symbol to load from any address.

Note that the increasing the heap size too much causes other failures.

Fixes #942.

Signed-off-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...

gpio/pl061: add get/set interrupt and mode control functions

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <je

gpio/pl061: add get/set interrupt and mode control functions

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

gpio: support multiple instances

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

storage: return TEE_ERROR_ITEM_NOT_FOUND when storage ID is unknown

As per the GP specification for functions TEE_OpenPersistentObject(),
TEE_CreatePersistentObject() and TEE_StartPersitetntObjectEn

storage: return TEE_ERROR_ITEM_NOT_FOUND when storage ID is unknown

As per the GP specification for functions TEE_OpenPersistentObject(),
TEE_CreatePersistentObject() and TEE_StartPersitetntObjectEnumerator(),
return TEE_ERROR_ITEM_NOT_FOUND when the storage ID is invalid instead
of TEE_ERROR_STORAGE_NOT_AVAILABLE.

Note:
The code modified in this commit cannot currently be reached because
libutee rejects invalid storage IDs with TEE_ERROR_ITEM_NOT_FOUND
already. But a patch is on the way [1] that will remove this user-mode
test, so fix the bug before it can happen.

[1] https://github.com/OP-TEE/optee_os/pull/938

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: add spi framework and pl022 driver

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklan

drivers: add spi framework and pl022 driver

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: rpc alloc check memory is valid

thread_rpc_alloc_arg() and thread_rpc_alloc_payload() only succeeds if
the allocated shared memory is valid shared memory.

Reviewed-by: etienne carriere <etien

core: rpc alloc check memory is valid

thread_rpc_alloc_arg() and thread_rpc_alloc_payload() only succeeds if
the allocated shared memory is valid shared memory.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Support CFG_TEE_CORE_NB_CORE > 8

Remove the stack_tmp_top[] array. Instead, compute the stack top for
each CPU in the assembly code:

sp = stack_tmp + (cpu_id + 1) * stack_tmp_stride

stack_tmp an

Support CFG_TEE_CORE_NB_CORE > 8

Remove the stack_tmp_top[] array. Instead, compute the stack top for
each CPU in the assembly code:

sp = stack_tmp + (cpu_id + 1) * stack_tmp_stride

stack_tmp and stack_tmp_stride are exported by thread.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: initialize tee_pager_tbl_info early

Initialize tee_pager_tbl_info early to support early address lookups in
MEM_AREA_TEE_RAM.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Teste

core: initialize tee_pager_tbl_info early

Initialize tee_pager_tbl_info early to support early address lookups in
MEM_AREA_TEE_RAM.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: use helper for tee_pager_tbl_info

Adds local helper variable for tee_pager_tbl_info to make the code
tidier.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by:

core: pager: use helper for tee_pager_tbl_info

Adds local helper variable for tee_pager_tbl_info to make the code
tidier.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_linear_map_end

Adds core_mmu_linear_map_end to short circuit some
phys_to_virt/virt_to_phys lookups.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by: Je

core: add core_mmu_linear_map_end

Adds core_mmu_linear_map_end to short circuit some
phys_to_virt/virt_to_phys lookups.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager replace TEE_PAGER_AREA_* with TEE_MATTR_*

Replaces TEE_PAGER_AREA_* attributes with corresponding
TEE_MATTR_* attributes.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Sig

core: pager replace TEE_PAGER_AREA_* with TEE_MATTR_*

Replaces TEE_PAGER_AREA_* attributes with corresponding
TEE_MATTR_* attributes.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pager_handle_fault() returns true if OK

Change tee_pager_handle_fault() to return true if a fault has been
dealt with successfully or false if execution has to be aborted.

Reviewed-by: et

core: tee_pager_handle_fault() returns true if OK

Change tee_pager_handle_fault() to return true if a fault has been
dealt with successfully or false if execution has to be aborted.

Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

io.h: add io_mask{8,16,32} functions

When writing peripheral drivers, there's very often a need to read a
register value, set/clear some bits and then write the new value
back. Instead of having to

io.h: add io_mask{8,16,32} functions

When writing peripheral drivers, there's very often a need to read a
register value, set/clear some bits and then write the new value
back. Instead of having to 'manually' call read, do bit manipulations
and write every single time, add this helper function for convenience.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: core_mmu_populate_user_map() arguments

Replaces the struct tee_mmu_info *mmu argument for
core_mmu_populate_user_map() with struct user_ta_ctx *utc instead. This
affects a few other mmu functi

core: core_mmu_populate_user_map() arguments

Replaces the struct tee_mmu_info *mmu argument for
core_mmu_populate_user_map() with struct user_ta_ctx *utc instead. This
affects a few other mmu functions too.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core_mmu_{set,get}_entry_primitive()

Adds core_mmu_set_entry_primitive() and core_mmu_get_entry_primitive()
and moves core_mmu_set_entry() and core_mmu_get_entry() to generic
translation t

core: add core_mmu_{set,get}_entry_primitive()

Adds core_mmu_set_entry_primitive() and core_mmu_get_entry_primitive()
and moves core_mmu_set_entry() and core_mmu_get_entry() to generic
translation table code.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...