Move base64.{c,h} from libutee to libutils

Make the base64 routines publicly available by moving them from libutee
to libutils. The _ prefix is removed from the public functions since
they aren't in

Move base64.{c,h} from libutee to libutils

Make the base64 routines publicly available by moving them from libutee
to libutils. The _ prefix is removed from the public functions since
they aren't internal to libutee any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5"

Squashed commit upgrading to mbedtls-3.4.0

Squash merging branch import/mbedtls-3.4.0

8225713449d3 ("libmbedtls: fix unrecognized compiler option")
f03730842d7b ("core: ltc: configure internal MD5")
2b0d0c50127c ("core: ltc: configure internal SHA-1 and SHA-224")
0e48a6e17630 ("libmedtls: core: update to mbedTLS 3.4.0 API")
049882b143af ("libutee: update to mbedTLS 3.4.0 API")
982307bf6169 ("core: LTC mpi_desc.c: update to mbedTLS 3.4.0 API")
33218e9eff7b ("ta: pkcs11: update to mbedTLS 3.4.0 API")
6956420cc064 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode")
ad67ef0b43fd ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly")
7300f4d97bbf ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()")
cec89b62a86d ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()")
e7e048796c44 ("libmbedtls: add SM2 curve")
096beff2cd31 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
7108668efd3f ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
0ba4eb8d0572 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
3fd6ecf00382 ("libmbedtls: fix no CRT issue")
d5ea7e9e9aa7 ("libmbedtls: add interfaces in mbedtls for context memory operation")
2b0fb3f1fa3d ("libmedtls: mpi_miller_rabin: increase count limit")
2c3301ab99bb ("libmbedtls: add mbedtls_mpi_init_mempool()")
9a111f0da04b ("libmbedtls: make mbedtls_mpi_mont*() available")
804fe3a374f5 ("mbedtls: configure mbedtls to reach for config")
b28a41531427 ("mbedtls: remove default include/mbedtls/config.h")
dfafe507bbef ("Import mbedtls-3.4.0")

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a)

show more ...

build: ta: add RISC-V linker script

Sort out the common code compiled by TA,
abstract RISCV and ARM compile the common part of TA.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-b

build: ta: add RISC-V linker script

Sort out the common code compiled by TA,
abstract RISCV and ARM compile the common part of TA.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: chenchaokai <chenchaokai@eswincomputing.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add tee_uuid_from_str()

Moves internal function parse_uuid() from ldelf/ta_elf.c to libutee so
that it may be used by TAs or other user-space libraries such as the
upcoming libdl. The funct

libutee: add tee_uuid_from_str()

Moves internal function parse_uuid() from ldelf/ta_elf.c to libutee so
that it may be used by TAs or other user-space libraries such as the
upcoming libdl. The function is renamed to tee_uuid_from_str() and
declared in tee_internal_api_extensions.h.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add user mode ELF loader

Adds ldelf which loads user mode TAs while in user mode. The TA ELF file is
loaded and relocated by ldelf before the TA can be executed.

Reviewed-by: Jerome Forissier <jero

Add user mode ELF loader

Adds ldelf which loads user mode TAs while in user mode. The TA ELF file is
loaded and relocated by ldelf before the TA can be executed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: support compiling for ldelf

Adds support for compiling for ldelf by excluding files not needed in or
conflicting with the ldelf environment.

Reviewed-by: Jerome Forissier <jerome.forissier

libutee: support compiling for ldelf

Adds support for compiling for ldelf by excluding files not needed in or
conflicting with the ldelf environment.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: support dynamic memory mapping

Adds tee_map_zi() and tee_unmap() as wrappers for PTA_SYSTEM_MAP_ZI and
PTA_SYSTEM_UNMAP respectively.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro

libutee: support dynamic memory mapping

Adds tee_map_zi() and tee_unmap() as wrappers for PTA_SYSTEM_MAP_ZI and
PTA_SYSTEM_UNMAP respectively.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: switch to to mbedtls for bignum

Adds tee_api_arith_mpi.c wrapper providing the TEE Arithmetical API around
the big (mpi) routines from mbedtls.

CFG_TA_MBEDTLS_MPI=y (default y) enables the usag

ta: switch to to mbedtls for bignum

Adds tee_api_arith_mpi.c wrapper providing the TEE Arithmetical API around
the big (mpi) routines from mbedtls.

CFG_TA_MBEDTLS_MPI=y (default y) enables the usage of the bignum routines
in libutee.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: rename to tee_api_arith_mpa.c

Renames tee_api_arith.c to tee_api_arith_mpa.c to make room for using
other bignum implementations.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
S

libutee: rename to tee_api_arith_mpa.c

Renames tee_api_arith.c to tee_api_arith_mpa.c to make room for using
other bignum implementations.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even wo

Remove Secure Element API support

There is probably no-one using the Secure Element API. We have never heard
anyone asking questions about it, have no way to test it and we believe
it is not even working right now. Therefore, remove it.

- The reserved syscalls are still present, but return
TEE_ERROR_NOT_SUPPORTED
- The TEE_SE* functions (GlobalPlatform TEE Secure Element API,
GPD_SPE_024) are removed from libutee.a and the header file
tee_internal_se_api.h is removed as well

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

lib.mk: centralize profiling flag (-pg)

Code cleanup, no functional change. This commit avoids the duplication of
the -pg flag in the library makefiles.

Signed-off-by: Jerome Forissier <jerome.fori

lib.mk: centralize profiling flag (-pg)

Code cleanup, no functional change. This commit avoids the duplication of
the -pg flag in the library makefiles.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: remove redundant malloc() layers

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.

libutee: remove redundant malloc() layers

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: remove Trusted UI code

Removes all the TUI-related code from libutee (lib/libutee/tui), as
well as its dependencies: lib/libpng and lib/libzlib. Two reasons for
this:
1. This is far from b

libutee: remove Trusted UI code

Removes all the TUI-related code from libutee (lib/libutee/tui), as
well as its dependencies: lib/libpng and lib/libzlib. Two reasons for
this:
1. This is far from being a complete and testable TUI implementation.
In other words, it is dead code, more or less.
2. lib/libzlib (version 1.2.8) contains several CVE vulnerabilities.
Even if the code is not used, it may trigger some code analysis tools
and is a problem for some projects.

Reported-by: Jianhui Li <airbak.li@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: add TEE iSocket interface and implementation

Adds TEE iSocket interface and corresponding user space implementation
for TCP and UDP. A pseudo TA is defined for interaction with OP-TEE
Core.

libutee: add TEE iSocket interface and implementation

Adds TEE iSocket interface and corresponding user space implementation
for TCP and UDP. A pseudo TA is defined for interaction with OP-TEE
Core.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG_TA_GPROF_SUPPORT=y.

Profiling support in itself adds no significant performance overhead.
Instrumented applications however may run 1.3x - 2x slower, and have a
larger .bss section (+1.36 times .text size for 32-bit TAs, +1.77 times
.text size for 64-bit ones).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This featu

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This feature depends on TA profiling support in OP-TEE core which will
be introduced in a later commit.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: move tui related files to tui directory

Moves all trusted UI related file to a separate tui subdirectory.

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Joakim B

libutee: move tui related files to tui directory

Moves all trusted UI related file to a separate tui subdirectory.

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add text rendering routines

* Adds routines to render text from raw bitmap fonts
* Adds script to render raw bitmap fonts from True Type Fonts
* Adds rendered raw bitmaps of the Amble TTF

libutee: add text rendering routines

* Adds routines to render text from raw bitmap fonts
* Adds script to render raw bitmap fonts from True Type Fonts
* Adds rendered raw bitmaps of the Amble TTF

Needed by Trusted UI.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add raw image routines

Adds routines to manipulate raw bitmap images needed by Trusted UI.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier

libutee: add raw image routines

Adds routines to manipulate raw bitmap images needed by Trusted UI.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add utf-8 decoder

Adds a simple UTF-8 decoder, advanced enough to support Trusted UI.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@lina

libutee: add utf-8 decoder

Adds a simple UTF-8 decoder, advanced enough to support Trusted UI.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: Optionally replace TEE_Panic() with macro

Help debugging by replacing TEE_Panic() with a macro that does an EMSG()
and then calls panic function (__TEE_Panic()).

Signed-off-by: Jens Wiklan

libutee: Optionally replace TEE_Panic() with macro

Help debugging by replacing TEE_Panic() with a macro that does an EMSG()
and then calls panic function (__TEE_Panic()).

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h)

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h) in libutee
- Implemented svc handler for SE API
- rename protocol.[ch] to iso7816.[ch]
- prefix aid_* with "tee_se_"
- add an option to enable/disable se_api_self_tests

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

Merge tee_{core,uta}_trace.h into libutil

Merges tee_core_trace.h and tee_uta_trace.h into a common trace.h
in libutil. Since the trace functions now resides libutil they have
to rely on core and li

Merge tee_{core,uta}_trace.h into libutil

Merges tee_core_trace.h and tee_uta_trace.h into a common trace.h
in libutil. Since the trace functions now resides libutil they have
to rely on core and libutee to provide functions to print to the
log device.

* Keeps compatible interface from tee_kta_trace.h
* Adds TAMSG() and TAMSG_RAW() to log TA related events
* Removes the TRACE_ALWAYS level

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU virt platform)
Reviewed-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Reenable warnings for all non-3rd party code

* Reenables warnings for all non-3rd party code
* Renames dprintf macro to dprintf_level