core: add .early_bss section

Adds .early_bss to be used for variables that would normally land in
.bss, but must not since they are updated before .bss is cleared. This
section replaces earlier work

core: add .early_bss section

Adds .early_bss to be used for variables that would normally land in
.bss, but must not since they are updated before .bss is cleared. This
section replaces earlier workarounds using __data for such variables.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: rename _end symbol to __end

Renames the _end symbol to __end for consistency with other linker
symbols.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wi

core: arm: rename _end symbol to __end

Renames the _end symbol to __end for consistency with other linker
symbols.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ltc: sync from official develop branch

All source files under src directory and header files under include
directory have been synced, but have not added all macros newly added
in official develop b

ltc: sync from official develop branch

All source files under src directory and header files under include
directory have been synced, but have not added all macros newly added
in official develop branch and the last synced SHA1 in official
develop branch is 6ad52252688bb34f90b5e79da4830a927e87b81f

Signed-off-by: Matt Ma <matt.ma@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: David Brown <david.brown@linaro.org>

show more ...

trace.h: add macros to unwind and print the call stack (kernel only)

Adds [EIDF]PRINT_STACK() for debugging purposes. Depends on
CFG_CORE_UNWIND=y.
As a side-effect, also adds a few things that may

trace.h: add macros to unwind and print the call stack (kernel only)

Adds [EIDF]PRINT_STACK() for debugging purposes. Depends on
CFG_CORE_UNWIND=y.
As a side-effect, also adds a few things that may be useful on their
own: __always_inline, read_pc(), read_fp(), read_lr().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: SMC handler: initialize frame pointer to 0

init_regs() should set the frame pointer (x29) to zero to indicate the
end of the frame record chain, as required by the Aarch64 AAPCS.
Withou

core: arm64: SMC handler: initialize frame pointer to 0

init_regs() should set the frame pointer (x29) to zero to indicate the
end of the frame record chain, as required by the Aarch64 AAPCS.
Without this, there is no guarantee that unwind_stack() will terminate.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: sqlfs: save memory when sql_fs_ftruncate() extends a file

There is no need to actually allocate a buffer filled with zeroes in
sql_fs_ftruncate(). Instead, update write_block_partial() so t

storage: sqlfs: save memory when sql_fs_ftruncate() extends a file

There is no need to actually allocate a buffer filled with zeroes in
sql_fs_ftruncate(). Instead, update write_block_partial() so that a
NULL data pointer means all null bytes. This eliminates a large (4K)
temporary allocation.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

rpmb: move rpmb_mutex to fs layer

In rpmb_fs_write(), if other session write RPMB between read_fat() and
tee_rpmb_write(), it may write to the same address. So move rpmb_mutex
to fs layer for concur

rpmb: move rpmb_mutex to fs layer

In rpmb_fs_write(), if other session write RPMB between read_fat() and
tee_rpmb_write(), it may write to the same address. So move rpmb_mutex
to fs layer for concurrency scenarios.

Signed-off-by: Lijianhui (Airbak) <airbak.li@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add memory type MEM_AREA_RAM_SEC, MEM_AREA_RAM_NSEC

replace memory type MEM_AREA_KEYVAULT with MEM_AREA_RAM_SEC
MEM_AREA_RAM_SEC: for cached, secure memory
MEM_AREA_RAM_NSEC: for cached, nonse

core: add memory type MEM_AREA_RAM_SEC, MEM_AREA_RAM_NSEC

replace memory type MEM_AREA_KEYVAULT with MEM_AREA_RAM_SEC
MEM_AREA_RAM_SEC: for cached, secure memory
MEM_AREA_RAM_NSEC: for cached, nonsecure memory

Signed-off-by: Pengguang Zhu <zpghao@163.com>
Reviewed-by: etienne carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

rsa_verify_hash: fix possible bleichenbacher signature attack

Fixes CVE-2016-6129

cherry-picked from:
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09

Acked-by

rsa_verify_hash: fix possible bleichenbacher signature attack

Fixes CVE-2016-6129

cherry-picked from:
https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add RCAR H3 platform support

Added support for Renesas RCAR devices. Initially RCAR H3 is supported.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander

Add RCAR H3 platform support

Added support for Renesas RCAR devices. Initially RCAR H3 is supported.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: add SCIF driver

SCIF stands for "Serial Communication Interface with FIFO".
It is an UART device used on different Renesas SoCs.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globall

drivers: add SCIF driver

SCIF stands for "Serial Communication Interface with FIFO".
It is an UART device used on different Renesas SoCs.

Signed-off-by: Volodymyr Babchuk <volodymyr.babchuk@globallogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libfdt: undef sanitizer fix fdt_setprop()

Fixes undefined sanitizer problem in fdt_setprop().

The compiler (gcc 5.3) issues some runtime checks with
-fsanitize=undefined which is triggered if for i

libfdt: undef sanitizer fix fdt_setprop()

Fixes undefined sanitizer problem in fdt_setprop().

The compiler (gcc 5.3) issues some runtime checks with
-fsanitize=undefined which is triggered if for instance any of the
pointers supplied to memcpy() is NULL as val can be in fdt_setprop() if
there's no value.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMUv7)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix invalid default value of $(PLATFORM_FLAVOR)

Fixes the following error:

$ make -s PLATFORM=stm
core/arch/arm/plat-stm/system_config.mk:20:
*** PLATFORM_FLAVOR=qemu_virt is not supporte

Fix invalid default value of $(PLATFORM_FLAVOR)

Fixes the following error:

$ make -s PLATFORM=stm
core/arch/arm/plat-stm/system_config.mk:20:
*** PLATFORM_FLAVOR=qemu_virt is not supported. Stop.

(one would expect PLATFORM_FLAVOR to default to 'orly2').
This patch does the following:

- Do not set "PLATFORM_FLAVOR ?= qemu_virt" in the main Makefile. The
default value for PLATFORM_FLAVOR has to be defined by each platform in
plat-*/conf.mk.
- Consistent with the above, "PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y"
is moved to core/core.mk, after $(platform-dir)/conf.mk has been
included, i.e., where $(PLATFORM_FLAVOR) can be relied upon.
- All definitions of "PLATFORM_FLAVOR_$(PLATFORM_FLAVOR) := y"
are removed from platform files, since it is already taken care of in
core/core.mk.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix static TA memory leak

The static TA context allocated in tee_ta_init_static_ta_session() is
never freed. Do it in static_ta_destroy().

Test case:
while [ true ]; do \
xtest 1001 >/dev/nul

Fix static TA memory leak

The static TA context allocated in tee_ta_init_static_ta_session() is
never freed. Do it in static_ta_destroy().

Test case:
while [ true ]; do \
xtest 1001 >/dev/null 2>&1 || break; \
i=$(($i+1)); \
if [ $(($i % 10)) -eq 0 ]; then echo $i; fi; \
done

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: JunLin Quan <junlin.quan@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

[Review] Oops, stc might still be used after free

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm64: fix masking exceptions on normal exit

Before this patch debug and asynchronous abort wasn't masked
when doing a normal return from call. This patch fixes that.

Reviewed-by: Etienne Car

core: arm64: fix masking exceptions on normal exit

Before this patch debug and asynchronous abort wasn't masked
when doing a normal return from call. This patch fixes that.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMUv8)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@lin

core: init FS key manager late

Switches to service_init_late() to initialize FS key manager as it
depends on the tee_cryp_init service init call.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add late service_init and driver_init

Adds service_init_late() for init calls that depends on other services.
Adds driver_init_late() for init calls that depends on other drivers.

Reviewed-by

core: add late service_init and driver_init

Adds service_init_late() for init calls that depends on other services.
Adds driver_init_late() for init calls that depends on other drivers.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core debug: no CFG_TEE_CORE_DEBUG enables NDEBUG

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <e

core debug: no CFG_TEE_CORE_DEBUG enables NDEBUG

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_v7/v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing DEBUG directive.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_v7/v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Enable static TA and core self tests..

..for all platforms by setting

CFG_TEE_CORE_EMBED_INTERNAL_TESTS ?= y

in mk/config.mk.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Suggested-by: J

Enable static TA and core self tests..

..for all platforms by setting

CFG_TEE_CORE_EMBED_INTERNAL_TESTS ?= y

in mk/config.mk.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

secure storage: move common RPC code to its own file

The REE and SQL filesystems use similar RPC calls to tee-supplicant,
only with a different command ID. Move the code to a common file.

Signed-of

secure storage: move common RPC code to its own file

The REE and SQL filesystems use similar RPC calls to tee-supplicant,
only with a different command ID. Move the code to a common file.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS w

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS which manipulates several files for
each secure object, this implementation needs only one container in a
SQLite database per secure object. We rely on the transaction-based
nature of the database to provide atomicity.

A storage identifier is added to the TA API: TEE_STORAGE_PRIVATE_SQL.
Trusted applications can use it to select this filesystem. The value
TEE_STORAGE_PRIVATE defined by GlobalPlatform will also select the
SQL FS if all other implementations are disabled.

This feature is enabled with CFG_SQL_FS=y. It depends on SQL support
in tee-supplicant [1].

[1] https://github.com/OP-TEE/optee_client/pull/50

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

secure storage: make sure we don't try to delete a NULL file

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown

secure storage: make sure we don't try to delete a NULL file

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

secure storage: add flag TEE_FS_S_IXUSR and use it

This flag should logically be set on directories so that they can be
traversed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Revi

secure storage: add flag TEE_FS_S_IXUSR and use it

This flag should logically be set on directories so that they can be
traversed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

secure storage: use absolute paths

Update the functions that create file and directory paths so that they
always output a leading slash, meaning an absolute path in the
underlying filesystem. In add

secure storage: use absolute paths

Update the functions that create file and directory paths so that they
always output a leading slash, meaning an absolute path in the
underlying filesystem. In addition to being cleaner, this can avoid
path manipulations in the lower-level code. For instance, code using
libsqlfs in tee-supplicant can use the path as-is. It does not make a
difference with code that would prepend a more complex path anyway.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...