libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugi

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugin()' to send any commands
to a plugin. The commands are predefined by the plugin developer.

See the https://github.com/linaro-swg/optee_examples
repo for an example of using plugins.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to e

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to extend the measurements.

CFG_CORE_TPM_EVENT_LOG enables this feature.
CFG_TPM_LOG_BASE_ADDR hardcodes the phys address of the event log
in case CFG_DT is not set.
CFG_TPM_MAX_LOG_SIZE harcodes the size of the event log in case
CFG_DT is not set.

When this feature is enabled, the PTA_SYSTEM_GET_TPM_EVENT_LOG
command is available to any TA.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,

core, ldelf: add support for runtime loading of shared libraries

This commit prepares the introduction of libdl, a dynamic linking
library which will allow TAs to load shared libraries at run time,
and resolve symbols on demand. It adds the following function to the
system PTA, inspired from the POSIX dlopen() and dlsym():

- system_dlopen(): takes a UUID and flags. Performs an upcall into
ldelf which then uses the usual system PTA functions to load an map the
requested library into the address space of the calling TA.
- system_dlsym(): takes a UUID and a symbol name. The symbol is
looked up in the library specified by UUID by calling into ldelf. If
UUID is all zeros, all the mapped binaries are searched.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta_system: support memory remap

Adds PTA_SYSTEM_REMAP to support changing virtual address of an already
established mapping in a TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.or

core: pta_system: support memory remap

Adds PTA_SYSTEM_REMAP to support changing virtual address of an already
established mapping in a TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: add PTA_SYSTEM_SET_PROT

Adds PTA_SYSTEM_SET_PROT to support changing protection of already
established memory mappings.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

core: pta_system: add PTA_SYSTEM_SET_PROT

Adds PTA_SYSTEM_SET_PROT to support changing protection of already
established memory mappings.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: ta binary handling

Adds support to open, close and map a TA binary from a user TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wik

core: pta_system: ta binary handling

Adds support to open, close and map a TA binary from a user TA.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when th

core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when the context of the TA is freed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use

PTA: add support for deriving device and TA unique keys

Enable derivation of device and Trusted Application unique keys that can
be used by different Trusted Applications directly. An example of use
case could be when you need to encrypt some data in a Trusted App and
then give it back to normal world.

By default device unique properties (HUK and TA UUID) will be used when
deriving a key. However, the one calling the PTA derive key function
also have the ability to provide some extra data that will be mixed in
together with existing device unique properties. That gives the ability
to derive keys that are not only device and Trusted Application unique,
but also tied to some additional data, it could for example be a
password or something similar.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: add system pTA

Add system pTA, which provides misc. auxiliary services, extending
existing GlobalPlatform Core API.
Add a call for seeding entropy to the default RNG pool.

Reviewed-by: Jens Wi

pta: add system pTA

Add system pTA, which provides misc. auxiliary services, extending
existing GlobalPlatform Core API.
Add a call for seeding entropy to the default RNG pool.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...