core: avoid deadlocks caused by single-instance TA

Protect against deadlocks caused by single-instance TAs calling another
single-instance TAs directly or indirectly. When a TA is invoked but
alread

core: avoid deadlocks caused by single-instance TA

Protect against deadlocks caused by single-instance TAs calling another
single-instance TAs directly or indirectly. When a TA is invoked but
already is busy with another operation the calling thread is suspended
using condvar_wait() until the TA is available again. This is
effectively a lock which can cause a deadlock if several such locks are
used at the same time but in different order.

This patch avoids this problem by only allowing one thread at a time to
set a single-instance TA context busy. If the thread with a
single-instance TA busy in the call stack tries to set an already busy
TA context busy it will return TEE_ERROR_BUSY instead as there is a
recursive loop in how the different TAs has invoked each other.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU - full test suite)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey - full test suite)

show more ...

libtomcrypt: ECC code depends on ASN1 routines

Fixes:
$ make -j8 -s CFG_CRYPTO_{DSA,RSA}=n
[...]libtomcrypt.a(ecc_sign_hash.o): In function `ecc_sign_hash':
[...]ecc_sign_hash.c:166: undefined re

libtomcrypt: ECC code depends on ASN1 routines

Fixes:
$ make -j8 -s CFG_CRYPTO_{DSA,RSA}=n
[...]libtomcrypt.a(ecc_sign_hash.o): In function `ecc_sign_hash':
[...]ecc_sign_hash.c:166: undefined reference to
`der_encode_sequence_multi'

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

libtomcrypt: build prngs folder when CFG_WITH_SOFTWARE_PRNG is set

sub.mk is now consistent with the definition of struct tee_ltc_prng in
tee_ltc_provider.c.

Signed-off-by: Jerome Forissier <jerome

libtomcrypt: build prngs folder when CFG_WITH_SOFTWARE_PRNG is set

sub.mk is now consistent with the definition of struct tee_ltc_prng in
tee_ltc_provider.c.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

core: add big thread lock

Adds a big thread lock to only return busy when a kernel thread can't be
allocated. This is compatible with current locking scheme in the Linux
kernel driver, but also open

core: add big thread lock

Adds a big thread lock to only return busy when a kernel thread can't be
allocated. This is compatible with current locking scheme in the Linux
kernel driver, but also opens up for an easier and more flexible locking
scheme in the driver.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU and FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use condvar when serializing TA execution

struct tee_ta_ctx::busy is used to serialize TA execution. Before this
patch the operation would fail if busy is true. This patch waits for
busy to be

core: use condvar when serializing TA execution

struct tee_ta_ctx::busy is used to serialize TA execution. Before this
patch the operation would fail if busy is true. This patch waits for
busy to become false if needed with help of wait_queue. Also uses the
busy flag for open session to avoid races on multi-session
single-instance TAs.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add condvar synchronization primitive

Adds condvar synchronization primitive which is similar to
pthread_condvar.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Foris

core: add condvar synchronization primitive

Adds condvar synchronization primitive which is similar to
pthread_condvar.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: reimplement mutex with wait_queue

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@

core: reimplement mutex with wait_queue

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add wait_queue primitive for synchronization

Adds a new primitive for synchronization, wait_queue.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.fo

core: add wait_queue primitive for synchronization

Adds a new primitive for synchronization, wait_queue.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can

Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can seek to a position larger than file size and write data
from the position.

The file hole implementation actually is not an efficient solution,
because we always fill zero in these holes.

Signed-off-by: James Kung <james.kung@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter to the trace_printf() and trace_ext_puts() function
is removed because there seems to be no sensible use case mandating
sync == false.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents hard-coding the structure in xtest.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c for consistent naming and error checking.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.o

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (p

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (part of ELF spec, pointing out segments to load)
<Sections>

A struct ta_head is placed in the first section of the first segment
to carry flags and other properties of the TA.

elf32.h, elf64.h and elf_common.h are imported from FreeBSD.

In addition to the R_ARM_RELATIVE relocation type, adds support for
R_ARM_ABS32 relocations. Since a symbol table is needed to process this
relocation type a separate program header is added in the TA ELF
containing the sections .dynamic, .dynsym, .dynstr and .hash. These
sections are only needed during relocation and could be released once
the TA is relocated.

A default signing key has been generated with
openssl genrsa -out key.pem
and added as keys/default_ta.pem

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...

libtomcrypt: sync ccm code

https://github.com/libtom/libtomcrypt/issues/73 highlighted NIST specifications
are not met in previous implementation. Here is the description of this issue:
Accordin

libtomcrypt: sync ccm code

https://github.com/libtom/libtomcrypt/issues/73 highlighted NIST specifications
are not met in previous implementation. Here is the description of this issue:
According to the NIST specification of CCM, the authentication tag is
part of the ciphertext. In order to decrypt, this full ciphertext must
be decrypted, resulting in a "plaintext" tag. The tag must then be
recomputed upon the plaintext and compared with the decrypted value.
However, upon decryption in the libtom implementation, the ciphertext
is decrypted, and a tag is computed upon the header and (decrypted)
plaintext. This is then re-encrypted, so that the caller of the function
must compare the resulting (encryped) tag with the received (encrypted) tag.

The NIST specification specifies that "only the error message INVALID is
returned" when the decryption-verification fails. In that case "the payload
P and the MAC T shall not be revealed" and that "the implementation shall
ensure that an unauthorized party cannot distinguish whether the error
message results from [invalid message format] or from [authentication
failure], for example, from the timing of the error message."

Current patch:
- sync CCM libtomcrypt code with the ones in optee_os
- NIST specifications are now met.
Note that ccm_memory() API has been modified.
- check of non-null pointers
- remove spurious space
- remove compilation of ccm_memory which is not used in optee_os

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world needs to restore full
NS context for this platform.

Signed-off-by: Harinarayan Bhatta <harinarayan.bhatta@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro.org>
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be use

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be used as basis to support atomic
operation and enhance encrypt fs performance.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU platform)

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

Signed-off-by: Paul Swan <paswan@microsoft.com>

show more ...

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated functions
tee_get_l2cc_mutex(), tee_set_l2cc_mutex(), tee_enable_l2cc_mutex()
and tee_disable_l2cc_mutex()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wik

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Removing the malloc to handle the temporary copy

Removing the malloc to handle the temporary copy
of the params in the tee_dispatch_open_session() function.
They are now allocated in the stack to be

Removing the malloc to handle the temporary copy

Removing the malloc to handle the temporary copy
of the params in the tee_dispatch_open_session() function.
They are now allocated in the stack to be coherent with
the tee_dispatch_invoke_command case.

Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

No output in case of failing OpenSession

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

No output in case of failing OpenSession

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Remove unused struct tee_core_status_out

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

Remove unused struct tee_core_status_out

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...