core: pta: imx: fix typo DEK blob command

The PTA command had the manufacturing protection prefix instead of the
DEK blob prefix.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jero

core: pta: imx: fix typo DEK blob command

The PTA command had the manufacturing protection prefix instead of the
DEK blob prefix.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: support fault mitigations in non-threaded code

Fault mitigation won't work in non-threaded code due to the following
error:
assertion 'ct >= 0 && ct < CFG_NUM_THREADS' failed at core/arch/arm/

core: support fault mitigations in non-threaded code

Fault mitigation won't work in non-threaded code due to the following
error:
assertion 'ct >= 0 && ct < CFG_NUM_THREADS' failed at core/arch/arm/kernel
/thread.c:799 <thread_get_id>

The problem is in __ftmn_get_tsd_func_arg_pp which calls thread_get_tsd
which thread_get_id. The reason is that the interrupt handler is not
associated with any thread, so the ct (current_thread_id) value is -1 which
would cause an assert problem.

The fix is to add ftmn_arg to thread_core_local and the new variable would
be used when the current thread is < 0.

Signed-off-by: Sichun Qin <sichun.qin@amlogic.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add runtime_assert()

Adds runtime_assert() as a version of assert() that can be used instead
of assert() when evaluating constant expressions to avoid the warning:
error: function might be

libutils: add runtime_assert()

Adds runtime_assert() as a version of assert() that can be used instead
of assert() when evaluating constant expressions to avoid the warning:
error: function might be candidate for attribute ‘noreturn’

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Leisen <leisen1@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: imx: add DEK blob

Add DEK blob PTA to generate CAAM DEK blobs.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

libutils: mempool: fix unbalanced put_pool()

Prior to this patch mempool_free() unconditionally called put_pool(),
but if the "ptr" argument is NULL it means that there hasn't been a
corresponding c

libutils: mempool: fix unbalanced put_pool()

Prior to this patch mempool_free() unconditionally called put_pool(),
but if the "ptr" argument is NULL it means that there hasn't been a
corresponding call to get_pool(). Fix this only calling put_pool() for
non-NULL pointers.

Fixes: a51d45b52503 ("libutils: mempool based raw malloc functions")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: change TEE_MAIN_ALGO_X448 value to 0x49

Change the value of TEE_MAIN_ALGO_X448 to 0x49 so that
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, true) == TEE_TYPE_X448_KEYPAIR and
TEE_ALG_GET_KEY_TYPE(TEE_

crypto: change TEE_MAIN_ALGO_X448 value to 0x49

Change the value of TEE_MAIN_ALGO_X448 to 0x49 so that
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, true) == TEE_TYPE_X448_KEYPAIR and
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, false) == TEE_TYPE_X448_PUBLIC_KEY.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard l

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard library calls (typically: memcpy() and memset()).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked ver

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked versions of
these functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.fa

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: add drvcrypt_register_x25519() and drvcrypt_register_x448()

Add X25519 and X448 drvcrypt.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linar

crypto: add drvcrypt_register_x25519() and drvcrypt_register_x448()

Add X25519 and X448 drvcrypt.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.o

crypto: add X448 support

Refer to the X25519 algorithm, add the X448 algorithm framework code.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add {high,low}32_from_64() helper

Adds two helper functions high32_from_64() and low32_from_64() used for
retrieving the upper and lower halves of a uint64_t.

Signed-off-by: Jens Wiklande

libutils: add {high,low}32_from_64() helper

Adds two helper functions high32_from_64() and low32_from_64() used for
retrieving the upper and lower halves of a uint64_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: J

core: crypto_bignum_free(): add indirection and set pointer to NULL

To prevent human mistake, crypto_bignum_free() sets the location of the
bignum pointer to NULL after freeing it.

Signed-off-by: Jihwan Park <jihwp@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ftrace: change implementation to use binary circular buffer

The current implementation of function tracing (CFG_FTRACE_SUPPORT)
produces human-readable text into the output buffer that is passed to

ftrace: change implementation to use binary circular buffer

The current implementation of function tracing (CFG_FTRACE_SUPPORT)
produces human-readable text into the output buffer that is passed to
tee-supplicant and ultimately saved to the Linux filesystem. Two main
issues with that:

1. The string formatting code is somewhat complex. It introduces
significant overhead in the execution time of the instrumented
functions.
2. The various policies about how to handle a buffer full condition
(CFG_FTRACE_BUF_WHEN_FULL) are not very convenient. In particular,
"shift" is typically the most desirable option because it always
keeps the most recent entries, but it is very inefficient to the
point of not being usable in practice.

This commit addresses the above concerns by making the ftrace buffer
circular one, each entry being 64-bit value. The formatting code is
offloaded to a new Python script: scripts/ftrace_format.py. The
output is unchanged except for an added field showing the current
depth in the call stack.

Typical usage (captured on QEMUv8):

build$ mkdir -p ../tmp
build$ chmod a+w ../tmp
build$ make CFG_FTRACE_SUPPORT=y CFG_FTRACE_BUF_SIZE=15000 \
CFG_TA_MCOUNT=y CFG_ULIBS_MCOUNT=y CFG_SYSCALL_FTRACE=y \
QEMU_VIRTFS_AUTOMOUNT=y run
$ xtest regression_1004
...
$ cp /tmp/ftrace-cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.out /mnt/host/tmp
build$ cd ..
optee$ optee_os/scripts/ftrace_format.py \
tmp/ftrace-cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.out |
optee_os/scripts/symbolize.py \
-d optee_os/out/arm/core \
-d out-br/build/optee_test_ext-1.0/ta/*/out | less
TEE load address @ 0x5ab04000
Function graph for TA: cb3e5ba0-adf1-11e0-998b-0002a5d5c51b @ 80085000
| 1 | __ta_entry() {
| 2 | __utee_entry() {
43.840 us | 3 | ta_header_get_session()
7.216 us | 3 | tahead_get_trace_level()
14.480 us | 3 | trace_set_level()
| 3 | malloc_add_pool() {
| 4 | raw_malloc_add_pool() {
46.032 us | 5 | bpool()
| 5 | raw_realloc() {
166.256 us | 6 | bget()
23.056 us | 6 | raw_malloc_return_hook()
267.952 us | 5 | }
398.720 us | 4 | }
426.992 us | 3 | }
| 3 | TEE_GetPropertyAsU32() {
23.600 us | 4 | is_propset_pseudo_handle()
| 4 | __utee_check_instring_annotation() {
26.416 us | 5 | strlen()
| 5 | check_access() {
| 6 | TEE_CheckMemoryAccessRights() {
| 7 | _utee_check_access_rights() {
| 8 | syscall_check_access_rights() {
| 9 | ts_get_current_session() {
4.304 us | 10 | ts_get_current_session_may_fail()
10.976 us | 9 | }
| 9 | to_user_ta_ctx() {
2.496 us | 10 | is_user_ta_ctx()
8.096 us | 9 | }
| 9 | vm_check_access_rights() {
| 10 | vm_buf_is_inside_um_private() {
| 11 | core_is_buffer_inside() {
...

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: ftrace: Add definitions for separating architectural headers

Add definitions for separating architectural headers. In kernel mode,
risc-v may include riscv.h to have the timer related func

libutils: ftrace: Add definitions for separating architectural headers

Add definitions for separating architectural headers. In kernel mode,
risc-v may include riscv.h to have the timer related functions. In TA
libraries, risc-v may include riscv_user_sysreg.h to have those
functions.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libutee: Implement RISC-V helper functions for TA libraries

To enable ftrace support in TA libraries, the timer related functions
should be implemented. Add riscv_user_sysreg.h which implements thes

libutee: Implement RISC-V helper functions for TA libraries

To enable ftrace support in TA libraries, the timer related functions
should be implemented. Add riscv_user_sysreg.h which implements these
functions for TA libraries. The code is referenced from core header and
the M-mode related code is removed.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libutils: riscv: Update setjmp() and longjmp() for ftrace support

Fix the registers saving/restoring conventions. The length of jump
buffer is increased with one more slot to restore ftrace return s

libutils: riscv: Update setjmp() and longjmp() for ftrace support

Fix the registers saving/restoring conventions. The length of jump
buffer is increased with one more slot to restore ftrace return stack.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libutils: riscv: Implement _mount() and __ftrace_return()

When the core and TA are compiled with the -pg option, the compiler
inserts a call to _mcount() into every function prologue. It can be used

libutils: riscv: Implement _mount() and __ftrace_return()

When the core and TA are compiled with the -pg option, the compiler
inserts a call to _mcount() into every function prologue. It can be used
to trace the function calls such as ftrace.

Implement the _mount() to prepare the necessary parameters for ftrace.
The __ftrace_return() is also implemented for returning from ftrace.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libutils: Add riscv.S to make it available for core and TA libs

Some assembly macros are necessary for both OP-TEE core and TA
libraries. Therefore, we add riscv specific assembly file into libutils

libutils: Add riscv.S to make it available for core and TA libs

Some assembly macros are necessary for both OP-TEE core and TA
libraries. Therefore, we add riscv specific assembly file into libutils
and move some assembly related macros from riscv.h to riscv.S.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libutils: malloc: fix raw_malloc_buffer_overlaps_heap()

When checking if there's an overlap between allocated buffer and
heap, raw_malloc_buffer_overlaps_heap() considers two cases: when
buffer come

libutils: malloc: fix raw_malloc_buffer_overlaps_heap()

When checking if there's an overlap between allocated buffer and
heap, raw_malloc_buffer_overlaps_heap() considers two cases: when
buffer comes before the pool and the opposite. On the first case,
overlap will happen if the buffer end after the loop start.
Since buf_end is computed as buf_start + len, it will point to
the address of the first byte after the memory region allocated to
the buffer.

Fix raw_malloc_buffer_overlaps_heap() by considering overlap only
when buffer end is bigger than the pool start.

Fixes: 12d739bd5028 ("libutils: use raw_malloc_*() as more primitive bget wrappers")
Signed-off-by: Vitor Sato Eschholz <vsatoes@baylibre.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutee: riscv: Fix the arguments of __utee_panic() for unwinding

To unwind stack from synchronous panic, the ra and s0(fp) registers
should be saved onto stack, and the a1 should be assigned as sp.

libutee: riscv: Fix the arguments of __utee_panic() for unwinding

To unwind stack from synchronous panic, the ra and s0(fp) registers
should be saved onto stack, and the a1 should be assigned as sp.
The save_panic_regs_rv_ta() can handle these registers for abort usage.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>

show more ...

libunw: Implement RISC-V stack unwinding

This patch implements stack unwinding for RISC-V architecture into
libunw. In RISC-V, the caller stores its frame pointer into register
s0 before calling the

libunw: Implement RISC-V stack unwinding

This patch implements stack unwinding for RISC-V architecture into
libunw. In RISC-V, the caller stores its frame pointer into register
s0 before calling the function. In the prologue of callee function,
the return address and the caller's frame pointer are saved into the
bottom of the callee's stack frame, and the callee's frame pointer is
also calculated and stored into s0 within the process of callee
function. Therefore, the caller's stack frame can be traced back from
the callee's stack frame.

The following steps describe the stack unwinding on RV64 system:
1. When an exception occurs, we get the current frame pointer from
trapped register s0/fp.
2. Get the ra from the memory address (fp-0x8).
3. Get the caller's frame pointer from the memory address (fp-0x10).
4. Update the caller's pc as (ra-0x4), this is information we want from
stack unwinding.
5. Repeat the step 2 to step 4, until we exceed the stack frame of the
thread.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

arm64: memtag: strip tag from crash dumps

The MTE tag is not really useful when displaying a crash dump. In fact
it makes it more complicated for tools like script/symbolize.py to
retrieve the actua

arm64: memtag: strip tag from crash dumps

The MTE tag is not really useful when displaying a crash dump. In fact
it makes it more complicated for tools like script/symbolize.py to
retrieve the actual (untagged) virtual address, especially as we now
support non-Arm architectures and therefore blindly stripping the MTE
bits is not possible.

This commit strips the tag in call stacks displayed by
print_stack_arm64(). It also removes it from the virtual address shown
on abort (__print_abort_info()) since symbolize.py does try to resolve
the address as symbol + offset ; but in this case the tagged address is
printed as well, because it can be helpful to diagnose tag check faults.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...