arm64: memtag: strip tag from crash dumps

The MTE tag is not really useful when displaying a crash dump. In fact
it makes it more complicated for tools like script/symbolize.py to
retrieve the actua

arm64: memtag: strip tag from crash dumps

The MTE tag is not really useful when displaying a crash dump. In fact
it makes it more complicated for tools like script/symbolize.py to
retrieve the actual (untagged) virtual address, especially as we now
support non-Arm architectures and therefore blindly stripping the MTE
bits is not possible.

This commit strips the tag in call stacks displayed by
print_stack_arm64(). It also removes it from the virtual address shown
on abort (__print_abort_info()) since symbolize.py does try to resolve
the address as symbol + offset ; but in this case the tagged address is
printed as well, because it can be helpful to diagnose tag check faults.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutee: riscv: Fix relocation type of function call into __utee_panic()

In RISC-V, "j" instruction has R_RISCV_JAL relocation that can represent
an even signed 21-bit offset (+-1MiB). However, this

libutee: riscv: Fix relocation type of function call into __utee_panic()

In RISC-V, "j" instruction has R_RISCV_JAL relocation that can represent
an even signed 21-bit offset (+-1MiB). However, this range is not enough
to be position independent code, and the linker generates linking error.
Fix it by using "tail" instruction which has R_RISCV_CALL_PLT relocation
that the execution can jump to +-2GB location.

Note that we won't return from _utee_panic(), that's why we use "tail"
instead of "call" instruction so that we won't generate redundant return
instruction.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: liushiwei <liushiwei@eswincomputing.com>

show more ...

libutils: Disable stack protector for __aeabi_uidivmod/__aeabi_idivmod

Some toolchain build optee_os with "-fstack-protector-strong",
But the generated codes add "check stack" operations after the
"

libutils: Disable stack protector for __aeabi_uidivmod/__aeabi_idivmod

Some toolchain build optee_os with "-fstack-protector-strong",
But the generated codes add "check stack" operations after the
"ret_idivmod_values", which overwrite the r1 value.

So __aeabi_uidivmod/__aeabi_idivmod will got error value,

Link: https://github.com/OP-TEE/optee_os/issues/6007
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Yuegui He <yuegui.he@amlogic.com>

show more ...

Add missing conditional compilation for RISC-V

RV64 also uses kern_sp. The elf.h is also used by RV32 and RV64.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome

Add missing conditional compilation for RISC-V

RV64 also uses kern_sp. The elf.h is also used by RV32 and RV64.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add bit_ffs_from()

Adds bitstring function bit_ffs_from() that mimics bit_ffs() but looks
from a start bit position given as argument, and defines bit_ffs()
based on bit_ffs_from().

Revie

libutils: add bit_ffs_from()

Adds bitstring function bit_ffs_from() that mimics bit_ffs() but looks
from a start bit position given as argument, and defines bit_ffs()
based on bit_ffs_from().

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: ta: add RISC-V linker script

Sort out the common code compiled by TA,
abstract RISCV and ARM compile the common part of TA.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-b

build: ta: add RISC-V linker script

Sort out the common code compiled by TA,
abstract RISCV and ARM compile the common part of TA.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: chenchaokai <chenchaokai@eswincomputing.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: increase MPI_MEMPOOL_SIZE to 14Kb

With the Widevine v17/v18 OPKs using their new Provisioning 4.0
technique, this pool size needs to be increased to 14Kb from 12Kb.

The sequence that is be

libutee: increase MPI_MEMPOOL_SIZE to 14Kb

With the Widevine v17/v18 OPKs using their new Provisioning 4.0
technique, this pool size needs to be increased to 14Kb from 12Kb.

The sequence that is being executed that requires this is as follows:
1. TEE_GenerateKey(key_handle, 2048, NULL, 0)
2. TEE_GetObjectBufferAttribute(key, TEE_ATTR_RSA_MODULUS,
modulus_data, &modulus_len),
same for TEE_ATTR_RSA_PUBLIC_EXPONENT and
TEE_ATTR_RSA_PRIVATE_EXPONENT.
3. mbedtls_rsa_complete() on a pk object created from the extracted
modulus, public exp and private exp.

Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: add TEE_ALG_ECDSA_SHA* to TEE_ALG_GET_DIGEST_SIZE()

The TEE_ALG_GET_DIGEST_SIZE() macro lacks the ECDSA algorithms. Add
them.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

libutee: add TEE_ALG_ECDSA_SHA* to TEE_ALG_GET_DIGEST_SIZE()

The TEE_ALG_GET_DIGEST_SIZE() macro lacks the ECDSA algorithms. Add
them.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mbedtls: ecc_get_keysize(): do not check algorithm against curve

Since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"), the algorithm and curve valu

core: mbedtls: ecc_get_keysize(): do not check algorithm against curve

Since commit fe2fd3ff46c0 ("GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET
and TEE_ALG_ECDSA_SHA*"), the algorithm and curve values are not tied
as closely as before. The GP TEE Internal Core API specification v1.3.1
mentions "ECDSA algorithm identifiers should be tied to the size of the
digest, not the key. The key size information is provided with the key
material." (Table B-2). In other words, a number of algorithm values
are valid for use with any given ECC curve. Therefore remove the
algorithm checks in ecc_get_keysize(). This function is not the proper
place anyways.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: imx: add manufacturing protection

Add the i.MX PTA to expose CAAM manufacturing protection features:
* Get manufacturing protection public key.
* Get manufacturing protection message.

core: pta: imx: add manufacturing protection

Add the i.MX PTA to expose CAAM manufacturing protection features:
* Get manufacturing protection public key.
* Get manufacturing protection message.
* Message signature with manufacturing protection private key.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support MD5 hashes in RSA sign/verify/cipher

Introduce support of using MD5 hashes in RSA sign/verify/cipher
operations, which is required by AOSP Keymaster.

This is verified in

core: crypto: add support MD5 hashes in RSA sign/verify/cipher

Introduce support of using MD5 hashes in RSA sign/verify/cipher
operations, which is required by AOSP Keymaster.

This is verified in VerificationOperationsTest.RsaSuccess VTS Test [1],
which checks usage of such digests: NONE, MD5, SHA1, SHA_2_224, SHA_2_256,
SHA_2_384, SHA_2_512.

This patch has been inspired by commit[2]:

Link: [1] https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp
Link: [2] https://github.com/OP-TEE/optee_os/commit/199d0b7310d1705661a106358f1f0b46e4c5c587 ("core: crypto: add support MD5 hashes in RSA sign/verify")
Signed-off-by: Julien Masson <jmasson@baylibre.com>
Signed-off-by: Safae Ouajih <souajih@baylibre.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add stubs for pthread functions

When building with GCC 11.3.1 [1], the linker reports undefined symbols
in the C++ test TA:

$ make 2>&1 | grep -E "(in function|undefined reference)" | se

libutils: add stubs for pthread functions

When building with GCC 11.3.1 [1], the linker reports undefined symbols
in the C++ test TA:

$ make 2>&1 | grep -E "(in function|undefined reference)" | sed 's@.*/@@'
libstdc++.a(eh_alloc.o): in function `(anonymous namespace)::pool::free(void*) [clone .constprop.0]':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
libstdc++.a(eh_alloc.o): in function `(anonymous namespace)::pool::allocate(unsigned long) [clone .constprop.0]':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
libgcc_eh.a(unwind-dw2-fde-dip.o): in function `__gthread_mutex_lock':
gthr-default.h:749: undefined reference to `pthread_mutex_lock'
libgcc_eh.a(unwind-dw2-fde-dip.o): in function `__gthread_mutex_unlock':
gthr-default.h:779: undefined reference to `pthread_mutex_unlock'
[more of the same follow]

To fix that issue, introduce no-op stubs as weak symbols in libutils.
Doing so is valid because TAs are single threaded and non-reentrant.

Link: [1] https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel/arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

libutee: add CNTVCT to user system registers

Adds CNTVCT to user system registers. Needed when compiling with
CFG_CORE_SEL2_SPMC=y and CFG_MEMTAG=y.

Reviewed-by: Jerome Forissier <jerome.forissier@

libutee: add CNTVCT to user system registers

Adds CNTVCT to user system registers. Needed when compiling with
CFG_CORE_SEL2_SPMC=y and CFG_MEMTAG=y.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add TEE_MAIN_ALGO_SHAKE values

The CAAM driver relies on TEE_ALG_GET_MAIN_ALG() macro to retrieve the
main algorithm ID from the TEE_ALG_* value.

With the addition of TEE_ALG_SHAKE128 and

libutee: add TEE_MAIN_ALGO_SHAKE values

The CAAM driver relies on TEE_ALG_GET_MAIN_ALG() macro to retrieve the
main algorithm ID from the TEE_ALG_* value.

With the addition of TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256,
TEE_ALG_GET_MAIN_ALG() would return 0x01 (TEE_MAIN_ALGO_MD5) and 0x02
(TEE_MAIN_ALGO_SHA1). These returned values are wrong.

Add TEE_MAIN_ALGO_SHAKE128 and TEE_MAIN_ALGO_SHAKE256 values for
respectively TEE_ALG_SHAKE128 and TEE_ALG_SHAKE256.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: Add K3 specific PTA for writing into extended OTP

Writing into the extended OTP has been a vendor specific thing and no
generic drivers exists for it in the OP-TEE framework.

Add a PTA t

core: pta: Add K3 specific PTA for writing into extended OTP

Writing into the extended OTP has been a vendor specific thing and no
generic drivers exists for it in the OP-TEE framework.

Add a PTA to write into the custom extended OTP bits in K3 architecture.

This header should be exported out of optee-os to be used by the host
binary for interacting with the PTA.

Includes OTP keywriting PTA header file in libutee

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to

virt: rename CFG_VIRTUALIZATION to CFG_NS_VIRTUALIZATION

With the advent of virtualization support at S-EL2 in the Armv8.4-A
architecture, CFG_VIRTUALIZATION has become ambiguous. Let's rename
it to CFG_NS_VIRTUALIZATION to indicate more clearly that it is about
supporting virtualization on the non-secure side.

This commit is the result of the following command:

$ for f in $(git grep -l -w CFG_VIRTUALIZATION); do \
sed -i -e 's/CFG_VIRTUALIZATION/CFG_NS_VIRTUALIZATION/g' $f; \
done

...plus the compatibility line in mk/config.mk:

CFG_NS_VIRTUALIZATION ?= $(CFG_VIRTUALIZATION)

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>

show more ...

GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to b

GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to be compatible with v1.3.1 so update the value to match
that version of the GlobalPlatform specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject

Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject.

All syscalls operating on an object handle and can return
TEE_ERROR_CO

GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject

Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject.

All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also do special treatment when
TEE_ERROR_CORRUPT_OBJECT is returned. Prior to
gpd.ta.doesNotCloseHandleOnCorruptObject this meant removing the object
and closing the object handle. With the
gpd.ta.doesNotCloseHandleOnCorruptObject property the object handle
shouldn't be close if this the current TA has the property set to true.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: TEE_Asymmetric{En,De}crypt() add return codes

Adds TEE_ERROR_CIPHERTEXT_INVALID and TEE_ERROR_NOT_SUPPORTED to the
list of supported return code for TEE_AsymmetricEncrypt() and
TEE_Asymmetric

GP131: TEE_Asymmetric{En,De}crypt() add return codes

Adds TEE_ERROR_CIPHERTEXT_INVALID and TEE_ERROR_NOT_SUPPORTED to the
list of supported return code for TEE_AsymmetricEncrypt() and
TEE_AsymmetricDecrypt().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntExpMod()

Adds the function TEE_BigIntExpMod() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntExpMod()

Adds the function TEE_BigIntExpMod() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntAbs()

Adds the function TEE_BigIntAbs() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jen

GP131: add TEE_BigIntAbs()

Adds the function TEE_BigIntAbs() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntSetBit()

Adds the function TEE_BigIntSetBit() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntSetBit()

Adds the function TEE_BigIntSetBit() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_BigIntAssign()

Adds the function TEE_BigIntAssign() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklande

GP131: add TEE_BigIntAssign()

Adds the function TEE_BigIntAssign() introduced in TEE Internal Core API
v1.2.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_SetOperationKey*()

Update TEE_SetOperationKey() and TEE_SetOperationKey2() according to TEE
Internal Core API version 1.3.1.

Compatibility functions for v1.1 are added due an inco

GP131: Update TEE_SetOperationKey*()

Update TEE_SetOperationKey() and TEE_SetOperationKey2() according to TEE
Internal Core API version 1.3.1.

Compatibility functions for v1.1 are added due an incompatible change
highlighted by the GP compliance test suite. Prior to 1.3 the functions
where should panic if operation state isn't "initial", in 1.3 they are
instead required to always reset the operation state to "initial".

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...