Generic secure time layer

Provided a time source api in order to let soc vendors implement their
own secure counter

- Moved platform-dependent code out of tee_time.c to make it a generic
time lay

Generic secure time layer

Provided a time source api in order to let soc vendors implement their
own secure counter

- Moved platform-dependent code out of tee_time.c to make it a generic
time layer.
- Added an abstract layer for platforms to implement their own secure
time source.
- Implemented arm cntpct as one of secure time source.
- Moved rtt0 related time operation from tee_time.c to tee_time_rtt.c,
act as another secure time source.
- Added tee_time_ree.c for the plaform that doesn't have secure time
source. In this case, using ree time as secure time source.

show more ...

Fix #6323: A failing RSA decode leads to panic

Change-Id: Ia4762f076922338f280d431f104b653e731bf64f
Reviewed-on: https://gerrit.st.com/11598
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.

Fix #6323: A failing RSA decode leads to panic

Change-Id: Ia4762f076922338f280d431f104b653e731bf64f
Reviewed-on: https://gerrit.st.com/11598
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Tested-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Tested-by: Jocelyn RICARD <jocelyn.ricard@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>

Update wrt comments from review

Fix returned error when the mode is not ok

show more ...

Fix #6294: Full HW Random Generator

Change-Id: I9babada92991c646d844a25af175150d530a8ddb
Reviewed-on: https://gerrit.st.com/11597
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Tested

Fix #6294: Full HW Random Generator

Change-Id: I9babada92991c646d844a25af175150d530a8ddb
Reviewed-on: https://gerrit.st.com/11597
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Tested-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Reviewed-by: Jocelyn RICARD <jocelyn.ricard@st.com>
Reviewed-by: Pascal BRAND <pascal.brand@st.com>

Conflicts:
core/arch/st231/plat-stm/rng_support.c

show more ...

Makefile variables $(*-dir) should not have a trailing slash

As a general rule, Makefile variables that are directories should not have
a trailing slash, and should be used as: $(some-dir)/some-file

Makefile variables $(*-dir) should not have a trailing slash

As a general rule, Makefile variables that are directories should not have
a trailing slash, and should be used as: $(some-dir)/some-file rather than
$(some-dir)some-file. This is more readable.

show more ...

MMU: Simplify tee_mmu_switch function

Replaced direct CP15 instructions with macros instead and removed some
unnecessary code.

Updates for ARM Trusted Firmware tag v1.0

* New load address for plat-vexpress,fvp
* Entry vector extended with system_off and system_reset
entries

Cosmetic fixes for build output

By default, the OP-TEE build shows abbreviated output similar to the Linux
kernel. This commit fixes a number of deviations/inconsistencies.

- Always print a command

Cosmetic fixes for build output

By default, the OP-TEE build shows abbreviated output similar to the Linux
kernel. This commit fixes a number of deviations/inconsistencies.

- Always print a command in uppercase, followed by the target file.
- Make sure commands and file paths are nicely aligned, with two leading spaces
to make command output/errors better stand out.
- Remove some duplicate slashes in file paths. We use the following rule:
variables that hold directory names such as $(arch-dir) or $(platform-dir)
always have a trailing slash. The 'subdirs' and 'incdirs' variables used in
sub-makefiles are an exception because doing otherwise would needlessly
clutter the sub-makefiles.

show more ...

plat-orly2 and plat-cannes merged in plat-stm

PLATFORM_FLAVOR is used to distinguish orly2 and cannes

Change-Id: Iaed89451f704120e29b0b0adb83627f11bf9df48

Reentrancy fixes

Before this patch: The normal world was only allowed to enter
secure world with one thread at a time.

After this patch: The normal world may try to enter secure world
with as many

Reentrancy fixes

Before this patch: The normal world was only allowed to enter
secure world with one thread at a time.

After this patch: The normal world may try to enter secure world
with as many threads as it likes, secure world will return busy
when no more threads can be allowed. Secure world still only allows
one active thread at a time, but during RPC another thread may enter
and do some work. This is needed for cancellation to work.

* Adds a mutex that waits in normal world if busy
* Adds a new RPC service to wait in normal world
* Imports bitstring.h from FreeBSD to aid mutex implementation
* Adds a critical section in tee_ta_init_session
* Unmaps TA before RPC exit and maps it again on return to handle
rescheduling of threads during RPC
* Doesn't clear a1-a3 when returning busy
* Bugfixes vector_std_smc_entry

This patch depends on the "Allow parallel entries to secure world"
patch in optee_linuxdriver.

show more ...

Make more common implementation of orly2 and cannes platforms

This will prepare PLAT_FLAVOR of orly2 / cannes

TEE_ROUNDxxx renamed in ROUNDxxx in libutee

This change is to have the same macro names in core
part and libutee part

tee_acipher_rsadorep: fix handling of zero-padding in output

- Always remove leading null bytes in output buffer (previously this was done
only for PK_PRIVATE keys)
- Leave one null byte when rsa_ex

tee_acipher_rsadorep: fix handling of zero-padding in output

- Always remove leading null bytes in output buffer (previously this was done
only for PK_PRIVATE keys)
- Leave one null byte when rsa_exptmod() output is all zeroes (do not return
an empty buffer)
- Fix output buffer length check (take padding into account)

show more ...

Create util.h to rearrange define macro

Cannes / H410 support

Support STMicroelectronics chip H410 "cannes".
Is compiled using
PLATFORM=cannes make

Cleanup

Get value of gpd.tee.arith.maxBigIntSize from libutee

The property gpd.tee.arith.maxBigIntSize was implemented in TEE core by
tee_svc_sys_get_property() which was returning a constant taken from the

Get value of gpd.tee.arith.maxBigIntSize from libutee

The property gpd.tee.arith.maxBigIntSize was implemented in TEE core by
tee_svc_sys_get_property() which was returning a constant taken from the
crypto module (LTC_MAX_BITS_PER_VARIABLE / 2).
The correct value is TEE_MAX_NUMBER_OF_SUPPORTED_BITS from libutee.
This commit makes libutee return the appropriate value directly (without
calling the TEE core) and deletes the property from the syscall.
Additionally, this removes the unjustified dependency of tee_svc.c on
<tee_ltc_wrapper.h>.

show more ...

enable_mmu functions renamed in cpu_enable_mmu

Add a flag to turn on/off PSCI debug msg

Add GIC status dump utility

- fixed fvp gic cpu interface and distrubtor offset
- added new mapping for distrubtor
- add utility to dump gic status

Cleanup loading/unloading of a TA

* A TA is only loaded via tee-supplicant, directly supplying a
pointer to the TA binary is not supported any longer.
This requires and update to the client lib

Cleanup loading/unloading of a TA

* A TA is only loaded via tee-supplicant, directly supplying a
pointer to the TA binary is not supported any longer.
This requires and update to the client lib to avoid leaking
shared memory.
* The shared memory used to load the TA is freed as soon as the
TA have been loaded into secure memory
* Divides tee_ta_init_session() into sevaral functions
* Divides tee_ta_close_session() into two functions
* Divides tee_ta_load() into several functions with one
separate function for signature verification
* Removes some unused code for kernel TAs
* Removes the option to lock/unlock a TA is only used by kernel
TAs which we don't support any longer.
* Removes the static global tee_rs. Switch to use Thread Local
Storage pointer provided by the thread handler.
* Adds TA_FLAG_USER_MODE by default to TA header since
all TAs are user mode TAs now.
* Reformats user_ta_header.c to make checkpatch less unhappy with it.

show more ...

fvp: fix compiler warning

Fixes compiler warning when compiling with default
CFG_TEE_CORE_LOG_LEVEL.

Remove core dependencies from generic part

This concerns:
- Communication Non-Secure <--> Secure
- sys/types.h contains some types not defined on all compilers

Signed-off-by: Pascal Brand <pascal.b

Remove core dependencies from generic part

This concerns:
- Communication Non-Secure <--> Secure
- sys/types.h contains some types not defined on all compilers

Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Add plat-vexpress

* Initial support for Versatile Express of FVP with ARM Trusted
Firmware (ATF below)

* Use entry vector for entering TEE

Align interface between TEE and secure monitor with t

Add plat-vexpress

* Initial support for Versatile Express of FVP with ARM Trusted
Firmware (ATF below)

* Use entry vector for entering TEE

Align interface between TEE and secure monitor with the interface
between OPTEED in ATF and TEE.

Uses an ATF compatible entry vector for entering TEE from internal
secure monitor.

Internal secure monitor saves entry reason to be able to tell when
switching back to nonsecure world if r0-r3 should be preserved (FIQ case)
or returned as is (normal call case).

* Many small fixes of generic problems that could affect other platforms
too.

* Disable unaligned data accesses by adding compiler flag
-mno-unaligned-access

* Adds support for Versatile Express of QEMU with 8 MiB of secure DRAM

show more ...

Fix compilation issue when there is no traces

Cleanup Libtomcrypt

- Do not compile libtomcrypt tests anymore
- Define LTC_NO_FILE to remove all file operations in libtomcrypt
- Minor fix in argument description of malloc

Signed-off-by: Pascal

Cleanup Libtomcrypt

- Do not compile libtomcrypt tests anymore
- Define LTC_NO_FILE to remove all file operations in libtomcrypt
- Minor fix in argument description of malloc

Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...