Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can

Secure Storage: Support extending file size and file hole

With this patch, user can extend file size by truncate operation.

Also the file hole feature is supported in this patch, that is,
user can seek to a position larger than file size and write data
from the position.

The file hole implementation actually is not an efficient solution,
because we always fill zero in these holes.

Signed-off-by: James Kung <james.kung@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter

Flush traces synchronously

Avoids random mixing of secure world traces with ones from the normal
world (assuming the normal world also flushes its debug traces
synchronously).

The 'sync' parameter to the trace_printf() and trace_ext_puts() function
is removed because there seems to be no sensible use case mandating
sync == false.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents

Secure Storage: export TEE file header structure for xtest

Export 'struct meta_header' and 'struct block_header' to
$TA_DEV_KIT_DIR/host_include, those structures can be used
by xtest. This prevents hard-coding the structure in xtest.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c

Secure Storage: fix data abort issue

- Tmpfile is NULL before checking whether file exists, if this check failed
we will unlink(tmpfile). This caused data abort.

- Minor fixes in tee_fs_common.c for consistent naming and error checking.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.o

GP11 : DSA-SHA224 and DSA-SHA256 algo

Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board)

show more ...

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (p

TA as ELF + signature

Changes format of TA to use the ELF format instead. This patch also adds
signature checking of the TA. The format of the TA is:
<Signed header>
<ELF header>
<Program header> (part of ELF spec, pointing out segments to load)
<Sections>

A struct ta_head is placed in the first section of the first segment
to carry flags and other properties of the TA.

elf32.h, elf64.h and elf_common.h are imported from FreeBSD.

In addition to the R_ARM_RELATIVE relocation type, adds support for
R_ARM_ABS32 relocations. Since a symbol table is needed to process this
relocation type a separate program header is added in the TA ELF
containing the sections .dynamic, .dynsym, .dynstr and .hash. These
sections are only needed during relocation and could be released once
the TA is relocated.

A default signing key has been generated with
openssl genrsa -out key.pem
and added as keys/default_ta.pem

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, FVP)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)

show more ...

libtomcrypt: sync ccm code

https://github.com/libtom/libtomcrypt/issues/73 highlighted NIST specifications
are not met in previous implementation. Here is the description of this issue:
Accordin

libtomcrypt: sync ccm code

https://github.com/libtom/libtomcrypt/issues/73 highlighted NIST specifications
are not met in previous implementation. Here is the description of this issue:
According to the NIST specification of CCM, the authentication tag is
part of the ciphertext. In order to decrypt, this full ciphertext must
be decrypted, resulting in a "plaintext" tag. The tag must then be
recomputed upon the plaintext and compared with the decrypted value.
However, upon decryption in the libtom implementation, the ciphertext
is decrypted, and a tag is computed upon the header and (decrypted)
plaintext. This is then re-encrypted, so that the caller of the function
must compare the resulting (encryped) tag with the received (encrypted) tag.

The NIST specification specifies that "only the error message INVALID is
returned" when the decryption-verification fails. In that case "the payload
P and the MAC T shall not be revealed" and that "the implementation shall
ensure that an unauthorized party cannot distinguish whether the error
message results from [invalid message format] or from [authentication
failure], for example, from the timing of the error message."

Current patch:
- sync CCM libtomcrypt code with the ones in optee_os
- NIST specifications are now met.
Note that ccm_memory() API has been modified.
- check of non-null pointers
- remove spurious space
- remove compilation of ccm_memory which is not used in optee_os

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world

Add TI dra7xx platform support

Added plat-ti, with initial support for TI dra7xx platform.

Changed generic init_sec_mon to be overriden by platform/main.c
because initial return to non-secure world needs to restore full
NS context for this platform.

Signed-off-by: Harinarayan Bhatta <harinarayan.bhatta@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro

Secure Storage: Implement block-based encrypted file system

- Meta file encryption/decryption is enforced
- Block file encryption/decryption is optional

Signed-off-by: James Kung <james.kung@linaro.org>
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: James Kung <james.kung@linaro.org> (QEMU, MT8173 EVB)
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu

Secure Storage: Implemented atomic operations

The following operations should be atomic:

- Write
- Rename
- Create/Delete
- Truncate

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be use

Secure Storage: Implemented block-based file operations

This patch represent a TEE file by many small REE files
and single meta file, which is used to describe the TEE
file. This approach can be used as basis to support atomic
operation and enhance encrypt fs performance.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: correct TA virtual address mapping calculation

Correct the TA virtual address mapping calculation to properly support TA's more than 1Mb in size.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU platform)

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

Signed-off-by: Paul Swan <paswan@microsoft.com>

show more ...

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated

Remove core_serviceid.h file

This file contains many legacy defines, which are not used anymore.
The only used services are linked to l2cc configuration. These
services are now replaced by dedicated functions
tee_get_l2cc_mutex(), tee_set_l2cc_mutex(), tee_enable_l2cc_mutex()
and tee_disable_l2cc_mutex()

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)

show more ...

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wik

Update types in some functions

- tee_mmu_user_pa2va_helper(): padd_t instead of void *
- tee_mmu_check_access_rights(): const context
- check tee_time_get_sys_time() succeeded

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Removing the malloc to handle the temporary copy

Removing the malloc to handle the temporary copy
of the params in the tee_dispatch_open_session() function.
They are now allocated in the stack to be

Removing the malloc to handle the temporary copy

Removing the malloc to handle the temporary copy
of the params in the tee_dispatch_open_session() function.
They are now allocated in the stack to be coherent with
the tee_dispatch_invoke_command case.

Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

No output in case of failing OpenSession

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

No output in case of failing OpenSession

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Remove unused struct tee_core_status_out

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

Remove unused struct tee_core_status_out

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

arm32: Keep CPSR.E bit value

Fix the problem which CPSR's status bit may be overwritten when
resume from normal world. This problem was caused by
function init_regs which called by thread scheduler.

arm32: Keep CPSR.E bit value

Fix the problem which CPSR's status bit may be overwritten when
resume from normal world. This problem was caused by
function init_regs which called by thread scheduler.

Change-Id: I04cea2f107df25fbeab7c33f54e6557ecf9d5033
Signed-off-by: duxiaoqiang <xiaoqiang.du@linaro.org>

show more ...

Fix leaking information from mem_neq

This fix comes from https://github.com/libtom/libtomcrypt/issues/74
mem_neq is a constant time comparison function, but it leaks information
on the secre

Fix leaking information from mem_neq

This fix comes from https://github.com/libtom/libtomcrypt/issues/74
mem_neq is a constant time comparison function, but it leaks information
on the secret data that is being compared in the value that is returned.

Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)

show more ...

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() fun

Align Session handle for generic ta interface entry

TEE session handle is now used by all tee_dispatch_xx
function. uint32_t type ID parameter has be removed for
the tee_dispatch_close_session() function.

Signed-off-by: Jean-Michel Delorme <jean-michel.delorme@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>
Reviewed-by: Etienne CARRIERE <etienne.carriere@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

arm: Fix SHA-1 with cryptographic extensions

Commit 23900b599a98 ("arm: update SHA-1 32-bit CE implementation to
process multiple blocks") has introduced a regression on 32-bit
platforms when CFG_CR

arm: Fix SHA-1 with cryptographic extensions

Commit 23900b599a98 ("arm: update SHA-1 32-bit CE implementation to
process multiple blocks") has introduced a regression on 32-bit
platforms when CFG_CRYPTO_SHA1_ARM32_CE=y. Test case: xtest 4006.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Remove unused macro set/get ta_trace_level

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

Hmac key is made static, as in other macs

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <p

Hmac key is made static, as in other macs

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

libtomcrypt: fix memory leak in test

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

libmpa: remove DEBUG flag

Traces in libmpa comes from legacy code. They are not used in
current code, nor can they be activated. Moreover, they look
obsolete and look hard to be useful in current st

libmpa: remove DEBUG flag

Traces in libmpa comes from legacy code. They are not used in
current code, nor can they be activated. Moreover, they look
obsolete and look hard to be useful in current state.

This patch removes traces in libmpa. This includes
- DEBUG and DEBUG_ME flags
- macros MEMPOOL_MARKER and MEMPOOL_SANITY_CHECK
- __mpa_dbg_xxx functions
- macro ASSERT
- files mpa_debug.h and mpa_assert.h

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...