libutils: fix gen_malloc_buffer_overlaps_heap()

Fixes invalid range check in gen_malloc_buffer_overlaps_heap().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

libutils: fix gen_malloc_buffer_overlaps_heap()

Fixes invalid range check in gen_malloc_buffer_overlaps_heap().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: clarify that the used version is still 1.1

Clarifies that the used version in TEE Internal Core API is still v1.1.
Changes the version defines back to v1.1.0.

Acked-by: Etienne Carriere <e

libutee: clarify that the used version is still 1.1

Clarifies that the used version in TEE Internal Core API is still v1.1.
Changes the version defines back to v1.1.0.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: support RISC-V syscall

Add 64-bit RISC-V TA system call function.
Modify the utee_syscalls_asm.S file to be generic.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: ch

libutee: support RISC-V syscall

Add 64-bit RISC-V TA system call function.
Modify the utee_syscalls_asm.S file to be generic.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: chenchaokai <chenchaokai@eswincomputing.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: Enable nist_kw

Enable the AES KW mechanisms to be able to use them
from a trusted application.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Serg

libmbedtls: Enable nist_kw

Enable the AES KW mechanisms to be able to use them
from a trusted application.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libmbedtls: Fix cipher_wrap.c for nist_kw

The *_ctx_clone() function is missing and therefore
the wrong function pointers are assigned to
.ctx_free_func when MBEDTLS_NIST_KW_C is enabled.

lib/libmb

libmbedtls: Fix cipher_wrap.c for nist_kw

The *_ctx_clone() function is missing and therefore
the wrong function pointers are assigned to
.ctx_free_func when MBEDTLS_NIST_KW_C is enabled.

lib/libmbedtls/mbedtls/library/cipher_wrap.c:2248:5: warning:
initialization of ‘void (*)(void *, const void *)’ from incompatible
pointer type ‘void (*)(void *)’ [-Wincompatible-pointer-types]
2248 | kw_ctx_free,
^~~~~~~~~~~

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: remove _utee_se_*() prototypes

Removes the obsolete _utee_se_*() prototypes in utee_syscalls.h.

Fixes: e147a447ccc0 ("Remove Secure Element API support")
Reviewed-by: Etienne Carriere <eti

libutee: remove _utee_se_*() prototypes

Removes the obsolete _utee_se_*() prototypes in utee_syscalls.h.

Fixes: e147a447ccc0 ("Remove Secure Element API support")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix TEE_MemFill() return type

TEE_MemFill() has until this patch returned a void *, but the standard
says it should return void. So fix this.

Reviewed-by: Etienne Carriere <etienne.carrier

libutee: fix TEE_MemFill() return type

TEE_MemFill() has until this patch returned a void *, but the standard
says it should return void. So fix this.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alt

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alternative IDs which OP-TEE will recognize in addition to the
correct official values when deriving a key using the TEE_ALG_SM2_KEP
algorithm.

TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and
TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters
so there is no need to translate back to the old invalid values.

Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_COR

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_CORE_API_REQUIRED_MAINTENANCE_VERSION
are added by the standard as a way for the TA to specify required
version of the API. OP-TEE only supports downgrading to version 1.1.

A simplified OP-TEE specific method is also provided:
Adds the configuration option CFG_TA_OPTEE_CORE_API_COMPAT_1_1 which
enables TEE Internal Core API v1.1 compatibility for in-tree TAs.

The TA dev kit is also updated to recognize
CFG_TA_OPTEE_CORE_API_COMPAT_1_1 and set define
__OPTEE_CORE_API_COMPAT_1_1 to 1 if set.

These new defines does not do anything yet, but in following commits
functions and types will be updated gradually until all functions and
types changed in version 1.3.1 compared to the ones in v1.1 have been
updated.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add support for compiler stack protector

This change add support for CFG_CORE_STACK_PROTECTOR{,_STRONG,_ALL}
and CFG_TA_STACK_PROTECTOR{,_STRONG,_ALL}. This flag enable the
compiler stack overflow p

Add support for compiler stack protector

This change add support for CFG_CORE_STACK_PROTECTOR{,_STRONG,_ALL}
and CFG_TA_STACK_PROTECTOR{,_STRONG,_ALL}. This flag enable the
compiler stack overflow protection feature -fstack-protector* and
also generate random stack canary value on kernel boot and TA entry.

Weak function plat_get_random_stack_canary() can be override by
platform to provide random stack canary value for the core kernel.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

lib: mbedtls: ecc: support the crypto driver

Provide an interface that can be used by drivers using the Crypto API
so that they can fallback to MBEDTLS software operations.

Signed-off-by: Jorge Ram

lib: mbedtls: ecc: support the crypto driver

Provide an interface that can be used by drivers using the Crypto API
so that they can fallback to MBEDTLS software operations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: support RISC-V

Add 64-bit RISC-V ldelf startup assembly and
parsing 64-bit ELF files.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Tested-by: liushiwei <liushiwei@eswincomputing.c

ldelf: support RISC-V

Add 64-bit RISC-V ldelf startup assembly and
parsing 64-bit ELF files.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Tested-by: liushiwei <liushiwei@eswincomputing.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: confine_array_index: add support for RISC-V

Add a naive C implementation for RISC-V.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: liushiwei <liushiwei@eswincomputin

libutils: confine_array_index: add support for RISC-V

Add a naive C implementation for RISC-V.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: chenchaokai <chenchaokai@eswincomputing.com>

show more ...

Use struct utee_object_info in TA syscall abi

TEE_ObjectInfo was until now used in the syscall ABI provided to TAs.
TEE_ObjectInfo changes in later versions of the TEE Internal Core API so
add an in

Use struct utee_object_info in TA syscall abi

TEE_ObjectInfo was until now used in the syscall ABI provided to TAs.
TEE_ObjectInfo changes in later versions of the TEE Internal Core API so
add an independent definition with struct utee_object_info in order to
preserve a stable ABI.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move tee_api.h and tee_ta_api.h into tee_internal_api.h

The Global Platform TEE Internal Core specifications only mentions
tee_internal_api.h, the other .h files are part of the OP-TEE specific
impl

Move tee_api.h and tee_ta_api.h into tee_internal_api.h

The Global Platform TEE Internal Core specifications only mentions
tee_internal_api.h, the other .h files are part of the OP-TEE specific
implementation. Having a separate tee_api_defines.h for defines and a
tee_api_types.h for types is useful in OP-TEE core, but tee_api.h and
tee_ta_api.h adds nothing of value. Quite the opposite as it will make
it harder than necessary to implement the macro tricks needed for
backwards compatibility when updating to a more recent standard.

So to simplify things, move function declarations in tee_api.h and
tee_ta_api.h into tee_internal_api.h. tee_api.h and tee_ta_api.h are
kept for compatibility, but they are only including
<tee_internal_api.h>.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the ha

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the hash in the RSA
signature was called and was successful.

The internal call to memcmp() records the result of the comparison if
successful. This is double checked against the normal return value from
the called pk_info->verify_func().

If the normal return value is OK then the recorded return value must
match or we're likely subject to a fault injection attack and we're
triggering a panic.

If the normal return value isn't OK we don't care about the recorded
value, it's overridden by a new error code. In this case we don't know
if we're subject to a fault injection attack or not, the important thing
to make sure that the calling function doesn't miss the error.

This fault mitigation is only enabled with the calling function enabled
fault mitigations and CFG_CORE_FAULT_MITIGATION is 'y'.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just
mbedtls_safer_memcmp() when checking that the hash in the RSA signature
is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp()

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking
that the hash in the RSA signature is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at leas

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at least improve the situation.

These routines focus on verifying that a function has been called and
that the returned value matches the result from the function. This is
done by having a handshake between the caller and the callee where also
the return value is transmitted in a separate channel.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. Thi

libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. This
change prevents conflicts with external component as faced with
SCP-firmware [1] that implements wrapper headers with #include_next for
assert.h and stdlib.h using ASSERT_H [2] and STDLIB_H [3] as header
guards as in libutils.

Prior this change did stdint.h both define STDINT_H and _STDINT_H but
guards only upon STDINT_H. This change removes STDINT_H.

Link: [1] https://github.com/ARM-software/SCP-firmware.git
Link: [2] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/assert.h#L8-L9
Link: [3] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/stdlib.h#L8-L9
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBU

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBUG is enabled.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libmbedtls: mbedtls_config_uta.h: enable chacha20 and chachapoly support

Extend the mbedtls UTA configuration to support the ciphers chacha20 and
chachapoly for usage in custom TAs, as they are supp

libmbedtls: mbedtls_config_uta.h: enable chacha20 and chachapoly support

Extend the mbedtls UTA configuration to support the ciphers chacha20 and
chachapoly for usage in custom TAs, as they are supported by common
protocols, such as TLS1.3, IPsec or WireGuard

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...