GP131: Update TEE_Param

Updates TEE_Param according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. The two API funct

GP131: Update TEE_Param

Updates TEE_Param according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. The two API functions TEE_InvokeTACommand() and
TEE_OpenTASession() are updated in a similar manner.

For the two TA entry functions TA_InvokeCommandEntryPoint() and
TA_OpenSessionEntryPoint() we are implementing those in directly in
user_ta_header.c since it's compiled with the TA and can used
conditionals based on __OPTEE_CORE_API_COMPAT_1_1.

These TA entry points calls __ta_open_sess() and __ta_invoke_cmd() to
convert TEE_Param to the compatibility __GP11_TEE_Param and in then call
the compatibility entry points __GP11_TA_OpenSessionEntryPoint() and
__GP11_TA_InvokeCommandEntryPoint().

Supplying __GP11_TA_OpenSessionEntryPoint() and
__GP11_TA_InvokeCommandEntryPoint() as function pointers ensures that
libutee doesn't try to look up the compatibility entry points when not
needed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_Attribute

Updates TEE_Attribute according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. The follo

GP131: Update TEE_Attribute

Updates TEE_Attribute according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. The following API functions:
- TEE_AsymmetricDecrypt()
- TEE_AsymmetricEncrypt()
- TEE_AsymmetricSignDigest()
- TEE_AsymmetricVerifyDigest()
- TEE_DeriveKey()
- TEE_GenerateKey()
- TEE_InitRefAttribute()
- TEE_InitValueAttribute()
- TEE_PopulateTransientObject()
are updated in a similar manner

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update TEE_ObjectInfo

Updates TEE_ObjectInfo according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. A few A

GP131: Update TEE_ObjectInfo

Updates TEE_ObjectInfo according to TEE Internal Core API version 1.3.1.

A compatibility type with a __GP11_ prefix is added for compatibility
with version 1.1. A few API functions (TEE_GetObjectInfo(),
TEE_GetObjectInfo1, and TEE_GetNextPersistentObject()) are updated in a
similar manner.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Update HKDF defines

OP-TEE provides an HKDF implementation as an extension to the TEE
Internal Core API which predates version 1.3 of the specification where
HKDF was officially introduced.

GP131: Update HKDF defines

OP-TEE provides an HKDF implementation as an extension to the TEE
Internal Core API which predates version 1.3 of the specification where
HKDF was officially introduced.

Update with the official defines and resolve name clashes. With this
OP-TEE supports both the old extension and the new official API.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TEE_ATTR_X448_* defines

Adds TEE_ATTR_X448_PUBLIC_VALUE and TEE_ATTR_X448_PRIVATE_VALUE
according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@

GP131: Add TEE_ATTR_X448_* defines

Adds TEE_ATTR_X448_PUBLIC_VALUE and TEE_ATTR_X448_PRIVATE_VALUE
according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add two new API error codes

Adds the two new API error codes, TEE_ERROR_UNSUPPORTED_VERSION and
TEE_ERROR_TIMEOUT, according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Foris

GP131: add two new API error codes

Adds the two new API error codes, TEE_ERROR_UNSUPPORTED_VERSION and
TEE_ERROR_TIMEOUT, according to TEE Internal Core API version 1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: add TEE_ALG_SHA3_* and TEE_ALG_SHAKE* defines

Adds defines for the SHA3 algorithms from the GlobalPlatform TEE
Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.f

GP131: add TEE_ALG_SHA3_* and TEE_ALG_SHAKE* defines

Adds defines for the SHA3 algorithms from the GlobalPlatform TEE
Internal Core API v1.3.1 specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA*

Adds the defines
- TEE_ALG_ECDH_DERIVE_SHARED_SECRET
- TEE_ALG_ECDSA_SHA1
- TEE_ALG_ECDSA_SHA224
- TEE_ALG_ECDSA_SHA256
- TEE_ALG_

GP131: Add TEE_ALG_ECDH_DERIVE_SHARED_SECRET and TEE_ALG_ECDSA_SHA*

Adds the defines
- TEE_ALG_ECDH_DERIVE_SHARED_SECRET
- TEE_ALG_ECDSA_SHA1
- TEE_ALG_ECDSA_SHA224
- TEE_ALG_ECDSA_SHA256
- TEE_ALG_ECDSA_SHA386
- TEE_ALG_ECDSA_SHA512
from TEE Internal Core API version 1.3.1 to replace the previous now
deprecated defines:
- TEE_ALG_ECDSA_P192
- TEE_ALG_ECDSA_P224
- TEE_ALG_ECDSA_P256
- TEE_ALG_ECDSA_P384
- TEE_ALG_ECDSA_P521
- TEE_ALG_ECDH_P192
- TEE_ALG_ECDH_P224
- TEE_ALG_ECDH_P256
- TEE_ALG_ECDH_P384
- TEE_ALG_ECDH_P521

The new defines have new values and the values from the old defines are
not reused.

The syscall ABI maintains compatibility by handling both the old and new
values in parallel from now on.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update reported version to GP TEE Core Internal API v1.3.1

The UUID assigned to libutee when compiled as a shared library is update
to let old TAs use the ABI of the old libutee before it's upgraded

Update reported version to GP TEE Core Internal API v1.3.1

The UUID assigned to libutee when compiled as a shared library is update
to let old TAs use the ABI of the old libutee before it's upgraded to
support Internal API v1.3.1.

This commit is followed by a number of commits which finally brings
OP-TEE up to date with v1.3.1.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: mte: add missing calls to strip_tag()

Add missing calls to strip_tag() in raw_malloc_buffer_overlaps_heap()
and raw_malloc_buffer_is_within_alloced(). Without them pointer
arithmetic canno

libutils: mte: add missing calls to strip_tag()

Add missing calls to strip_tag() in raw_malloc_buffer_overlaps_heap()
and raw_malloc_buffer_is_within_alloced(). Without them pointer
arithmetic cannot work. Fixes xtest 1001.1 (make check MEMTAG=y).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: imx: add OCOTP PTA

Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.

Signed-off-by: Clement Faure <clem

pta: imx: add OCOTP PTA

Add a OCOTP PTA for i.MX platforms. This PTA exposes two commands:
- the read of OCOTP shadow registers.
- the read of the platform UID.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.fau

pta: imx: add DIGPROG PTA

Add an i.MX PTA to get the platform digprog value.
This 32 bits value holds the SOC type and the minor and major revision
number.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutils: riscv: provide atomic_rv.S

Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add add

libutils: riscv: provide atomic_rv.S

Implement atomic_inc32() and atomic_dec32() in atomic_rv.S.
The implementation is based on atomic addition instruction
with acquire and release suffix to add additional memory
order constraints.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

pta: stm32mp: mention access denied error code in BSEC PTA API

Fixes BSEC PTA API header file that did not mention possible error code
TEE_ERROR_ACCESS_DENIED for command PTA_BSEC_CMD_READ_OTP.

Fix

pta: stm32mp: mention access denied error code in BSEC PTA API

Fixes BSEC PTA API header file that did not mention possible error code
TEE_ERROR_ACCESS_DENIED for command PTA_BSEC_CMD_READ_OTP.

Fixes: 4583de067b5d ("pta: stm32mp: add BSEC PTA")
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: malloc: fix MDBG combined with MEMTAG

Fixes problems with MDBG when combined with memory tagging. MDBG uses an
extra header which wasn't taken into account when tagging the allocated
memor

libutils: malloc: fix MDBG combined with MEMTAG

Fixes problems with MDBG when combined with memory tagging. MDBG uses an
extra header which wasn't taken into account when tagging the allocated
memory. This leads to tag check fault. So fix it by adding the size of
the extra header when tagging the allocated memory.

Fixes: 08a5c4f9ae42 ("libutils: add MTE support in malloc() and friends")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: riscv: provide setjmp_rv.S

Implement setjmp() and longjmp() in setjmp_rv.S

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

libutils: setjmp.h: add defines for RISC-V

Add jmp buffer size and type for RISC-V.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

core: pta: scmi: internal switches for supported transports

Adds internal configuration switch _CFG_SMCI_PTA_SMT_HEADER
and _CFG_SCMI_PTA_MSG_HEADER to specify which are supported.
This change will

core: pta: scmi: internal switches for supported transports

Adds internal configuration switch _CFG_SMCI_PTA_SMT_HEADER
and _CFG_SCMI_PTA_MSG_HEADER to specify which are supported.
This change will ease integration of the alternate SCMI server
build from SCP-firmware.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: IS_ENABLED2() for _CFG_* switches

Adds macro IS_ENABLED2() to be used for OP-TEE OS internal _CFG_*
configuration switches to not conflict with IS_ENABLED() coding style
rules inherited fr

libutils: IS_ENABLED2() for _CFG_* switches

Adds macro IS_ENABLED2() to be used for OP-TEE OS internal _CFG_*
configuration switches to not conflict with IS_ENABLED() coding style
rules inherited from Linux kernel coding style.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: change assert() to conform with stdlib implementation

Changes assert() definition to return a (dummy) value when expression
to true. This change allows to integrate external libraries whic

libutils: change assert() to conform with stdlib implementation

Changes assert() definition to return a (dummy) value when expression
to true. This change allows to integrate external libraries which
assume assert() conforms to such implementation, as found in GCC
or LLVM toolchains.

Removes inline description comment that could be confusing.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: use SHA-512 crypto accelerated routines

Uses the recently provided accelerated SHA-512 routine.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklan

core: mbedtls: use SHA-512 crypto accelerated routines

Uses the recently provided accelerated SHA-512 routine.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: riscv: modify the UTEE_SYSCALL assembly

Use li instead of mv in UTEE_SYSCALL, store the num_args
in the t1 register. This works on RV32 and RV64,
so change the compile control and rename th

libutee: riscv: modify the UTEE_SYSCALL assembly

Use li instead of mv in UTEE_SYSCALL, store the num_args
in the t1 register. This works on RV32 and RV64,
so change the compile control and rename the file.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pta: stm32mp: add BSEC PTA

Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.

This interface allows non-secure world clients to get the state of
th

pta: stm32mp: add BSEC PTA

Add BSEC PTA to offer an interface with One Time Programmed resources
(OTPs) of stm32mp1x platforms.

This interface allows non-secure world clients to get the state of
the BSEC, and read and write the OTPs. The REE has restricted
access on OTPs, the policy is defined in the embedded DT.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mbedtls: fix use of SHA-256 crypto accelerated routines

The wrong name of a configuration was used to test in mbedtls if the
accelerated SHA-256 routines should be used. Fix this by using the

core: mbedtls: fix use of SHA-256 crypto accelerated routines

The wrong name of a configuration was used to test in mbedtls if the
accelerated SHA-256 routines should be used. Fix this by using the
correct name CFG_CORE_CRYPTO_SHA256_ACCEL instead.

Fixes: 2fc5dc95a949 ("core: mbedtls: use SHA-256 crypto accelerated routines")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: use raw_malloc_*() as more primitive bget wrappers

The malloc implementation is layered on top of BGET, where the
raw_malloc_*() layer is the most primitive layer on top of BGET. This
lay

libutils: use raw_malloc_*() as more primitive bget wrappers

The malloc implementation is layered on top of BGET, where the
raw_malloc_*() layer is the most primitive layer on top of BGET. This
layer is unlocked so it's up to the caller to handle eventual
synchronization.

Until now this rule hasn't been followed completely by letting
raw_malloc_get_stats() call gen_malloc_get_stats() and not the other way
around. So fix this and also provide raw_malloc_buffer_overlaps_heap()
and raw_malloc_buffer_is_within_alloced().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...