libmbedtls: fix typo: CFG_TA_MEBDTLS_UNSAFE_MODEXP

CFG_TA_"MEBDTLS"_UNSAFE_MODEXP is typo. This commit fixes it.

Fixes: cb03400251f9 ("Squashed commit upgrading to mbedtls-3.6.2")
Signed-off-by: Al

libmbedtls: fix typo: CFG_TA_MEBDTLS_UNSAFE_MODEXP

CFG_TA_"MEBDTLS"_UNSAFE_MODEXP is typo. This commit fixes it.

Fixes: cb03400251f9 ("Squashed commit upgrading to mbedtls-3.6.2")
Signed-off-by: Alvin Chang <alvinga@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: mm: add virt_page_alloc()

Add virt_page_alloc() to allocate memory from physical pool and map it
in a virtual address pool.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-

core: mm: add virt_page_alloc()

Add virt_page_alloc() to allocate memory from physical pool and map it
in a virtual address pool.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: mm: add phys_mem_alloc_flags()

Add phys_mem_alloc_flags() taking MAF_* flags to control memory
allocation. The new flag MAF_CORE_MEM behaves like
{nex_,}phys_mem_core_alloc(), if the flag is

core: mm: add phys_mem_alloc_flags()

Add phys_mem_alloc_flags() taking MAF_* flags to control memory
allocation. The new flag MAF_CORE_MEM behaves like
{nex_,}phys_mem_core_alloc(), if the flag is absent it becomes
{nex_,}phys_mem_ta_alloc().

The MAF_NEX flag selects Nexus memory.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

Use malloc flags MAF_* in tee_mm.h

Switch to use the malloc flags MAF_* in tee_mm.h replacing the previous
TEE_MM_POOL_* flags. TEE_MM_POOL_* flags are kept defined using MAF_*
flags to for easier t

Use malloc flags MAF_* in tee_mm.h

Switch to use the malloc flags MAF_* in tee_mm.h replacing the previous
TEE_MM_POOL_* flags. TEE_MM_POOL_* flags are kept defined using MAF_*
flags to for easier transition. The TEE_MM_POOL_* flags can be moved
gradually after this commit.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: asm.S: fix BTI() macro

The BTI() macro conditionally emits assembly instructions or directives
depending on CFG_CORE_BTI and CFG_TA_BTI configuration, but it doesn't
take ldelf into consid

libutils: asm.S: fix BTI() macro

The BTI() macro conditionally emits assembly instructions or directives
depending on CFG_CORE_BTI and CFG_TA_BTI configuration, but it doesn't
take ldelf into consideration. ldelf depends on CFG_CORE_BTI just as
OP-TEE core. Fix this by adding __LDELF__ to the mix.

Fixes: af432c48741c ("libutils: asm.S : Introduce BTI in macros for functions")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libmbedtls: config: disable long long divisions

Currently on Aarch64, mbedtls uses long long divisions which result in
calls to __udivti3() in libgcc. This is at the moment the only
dependency on li

libmbedtls: config: disable long long divisions

Currently on Aarch64, mbedtls uses long long divisions which result in
calls to __udivti3() in libgcc. This is at the moment the only
dependency on libgcc in mbedtls, so disable the long long divisions by
defining MBEDTLS_NO_UDBL_DIVISION to remove the dependency.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libmbedtls: fix compilation warning with GCC14

GCC 14.2 outputs the following compilation warning:

CC out/arm-plat-imx/ta_arm64-lib/libmbedtls/mbedtls/library/ecp.o
In file included from lib/li

libmbedtls: fix compilation warning with GCC14

GCC 14.2 outputs the following compilation warning:

CC out/arm-plat-imx/ta_arm64-lib/libmbedtls/mbedtls/library/ecp.o
In file included from lib/libmbedtls/mbedtls/library/ctr_drbg.c:13:
In function ‘mbedtls_xor’,
inlined from ‘ctr_drbg_update_internal’ at lib/libmbedtls/mbedtls/library/ctr_drbg.c:372:5:
lib/libmbedtls/mbedtls/library/common.h:245:17: warning: array subscript 48 is outside array bounds of ‘unsigned char[48]’ [-Warray-bounds=]
245 | r[i] = a[i] ^ b[i];
| ~^~~
lib/libmbedtls/mbedtls/library/ctr_drbg.c: In function ‘ctr_drbg_update_internal’:
lib/libmbedtls/mbedtls/library/ctr_drbg.c:335:19: note: at offset 48 into object ‘tmp’ of size 48
335 | unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
| ^~~

Fix it by returning early in mbedtls_xor() if the compiler is GCC.
This fix is not in MBed TLS upstream yet but the issue and the fix have
been reported [1].

Link: https://github.com/Mbed-TLS/mbedtls/issues/9003#issuecomment-2108239255 [1]
Reported-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Closes: https://github.com/OP-TEE/optee_os/issues/7295
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com>

show more ...

core: pta: stats: get RPMB secure storage allocation stats

Retrieve RPMB secure storage space allocation statistics from
PTA stats STATS_CMD_ALLOC_STATS command.

STATS_NB_POOLS is intentionally not

core: pta: stats: get RPMB secure storage allocation stats

Retrieve RPMB secure storage space allocation statistics from
PTA stats STATS_CMD_ALLOC_STATS command.

STATS_NB_POOLS is intentionally not incremented since it is
expected to give the number of pools which IDs start from 1
(ALLOC_ID_HEAP), not from 0 (ALLOC_ID_ALL) that is a magic
ID.

Ensure the stats are all 0 for when RPMB_FS is not supported or we
failed to get the stats info. For this, let's zero initialize the
shared buffer so that these default stats also apply on other stats
that may not be reachable (deprecate public DDR pool, Nexus heap).

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add malloc_flags() and free_flags()

Add malloc_flags() and free_flags() for generic and flexible memory
allocations based on a passed flags field.

Signed-off-by: Jens Wiklander <jens.wikl

libutils: add malloc_flags() and free_flags()

Add malloc_flags() and free_flags() for generic and flexible memory
allocations based on a passed flags field.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: refactor the MDBG malloc functions

Replace the MDBG malloc functions and macros with a new function
__mdbg_alloc() handling all the memory allocations similar to
mem_alloc(). The old MDBG

libutils: refactor the MDBG malloc functions

Replace the MDBG malloc functions and macros with a new function
__mdbg_alloc() handling all the memory allocations similar to
mem_alloc(). The old MDBG macros are replace by new macros calling
__mdbg_alloc().

mem_alloc(), mem_alloc_unlocked(), and mem_free() are updated to handle
configuration with and without MDBG, removing the all the ENABLE_MDBG
ifdefs in the C file.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: refactor the nexus malloc functions

Refactor the malloc functions operating on the nexus heap as simple
wrappers around the recently added internal function mem_alloc().

Signed-off-by: Je

libutils: refactor the nexus malloc functions

Refactor the malloc functions operating on the nexus heap as simple
wrappers around the recently added internal function mem_alloc().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: refactor the default malloc functions

Refactor the malloc functions operating on the default heap as simple
wrappers around the new internal function mem_alloc() similar to the
recently ad

libutils: refactor the default malloc functions

Refactor the malloc functions operating on the default heap as simple
wrappers around the new internal function mem_alloc() similar to the
recently added raw_mem_alloc().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: refactor raw malloc functions

Refactor the raw malloc functions as simple wrappers around the new
internal function raw_mem_alloc(). raw_mem_alloc() takes a flags field
to control whether

libutils: refactor raw malloc functions

Refactor the raw malloc functions as simple wrappers around the new
internal function raw_mem_alloc(). raw_mem_alloc() takes a flags field
to control whether the allocated buffer should be cleared before it's
returned.

The flags are defined in <malloc.h> since they will be needed there in
later patches.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: add malloc_flags.h

Add malloc_flags.h defining flags to control how buffers are allocated.
The flags will be used in later patches.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.or

libutils: add malloc_flags.h

Add malloc_flags.h defining flags to control how buffers are allocated.
The flags will be used in later patches.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libtuee: allow NULL output coefficients in TEE_BigIntComputeExtendedGcd()

Fix TEE_BigIntComputeExtendedGcd() for when only one of u and v output
coefficients reference is NULL as allowed by the GP T

libtuee: allow NULL output coefficients in TEE_BigIntComputeExtendedGcd()

Fix TEE_BigIntComputeExtendedGcd() for when only one of u and v output
coefficients reference is NULL as allowed by the GP TEE Internal Core API
specification.

Reported-by: Stefan Schmidt <snst@meek.de>
Closes: https://github.com/OP-TEE/optee_os/issues/7217
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: add usage description to {get,set}_field_u{32,64}()

Add inline description comments to get_bitfield_u32(),
get_bitfield_u64(), set_bitfield_u32() and set_bitfield_u64() to improve

libutils: util.h: add usage description to {get,set}_field_u{32,64}()

Add inline description comments to get_bitfield_u32(),
get_bitfield_u64(), set_bitfield_u32() and set_bitfield_u64() to improve
understanding and reduce errors.

Signed-off-by: Maxime Méré <maxime.mere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: util.h: fix indentation of ROUNDDOWN() macro

Fix indentation of the value defined for ROUNDDOWN() macro
and add inline comment to better highlight the surrounded
macros are defined for ass

libutils: util.h: fix indentation of ROUNDDOWN() macro

Fix indentation of the value defined for ROUNDDOWN() macro
and add inline comment to better highlight the surrounded
macros are defined for assembler and like source files.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: fix DIV_ROUND_UP() inline description

Remove trailing space char in inline description comment of
DIV_ROUND_UP() macro.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.c

libutils: util.h: fix DIV_ROUND_UP() inline description

Remove trailing space char in inline description comment of
DIV_ROUND_UP() macro.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

tree-wide: use power-of-2 rounding macros where applicable

Use ROUNDUP2(), ROUNDUP2_OVERFLOW(), ROUNDUP2_DIV() and ROUNDDOWN2() at
places where the rounding argument is a variable value and we want

tree-wide: use power-of-2 rounding macros where applicable

Use ROUNDUP2(), ROUNDUP2_OVERFLOW(), ROUNDUP2_DIV() and ROUNDDOWN2() at
places where the rounding argument is a variable value and we want to
leverage the implementation of these routines optimized for a
power-of-2 rounding argument.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: Relax ROUNDDOWN() and add ROUNDDOWN2()

Remove constraint on ROUNDDOWN() to have its size argument being a power
of 2 and add new ROUNDDOWN2() macro with that constraint.

The previ

libutils: util.h: Relax ROUNDDOWN() and add ROUNDDOWN2()

Remove constraint on ROUNDDOWN() to have its size argument being a power
of 2 and add new ROUNDDOWN2() macro with that constraint.

The previous implementation of ROUNDDOWN(), optimized for when size
argument is a power of 2, is now used for ROUNDDOWN2() but this latter
also asserts (in debug build mode) that the size argument conforms to
this condition.

The new implementation of ROUNDDOWN() is less optimal but modern
compilers produce the same optimized assembly code with this macro when
the size argument is a constant value known from the compiler so all
use of ROUNDDOWN() with a known constant value do not need move to
ROUNDDOWN2().

Performance sensitive routines should now on use ROUNDDOWN2() to
leverage the power-of-2 rounding optimization.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: Relax ROUNDUP() and add ROUNDUP2()

Remove constraint on ROUNDUP() to have its size argument being a power
of 2 and add new ROUNDUP2() macro with that constraint.

The previous impl

libutils: util.h: Relax ROUNDUP() and add ROUNDUP2()

Remove constraint on ROUNDUP() to have its size argument being a power
of 2 and add new ROUNDUP2() macro with that constraint.

The previous implementation of ROUNDUP(), optimized for when size
argument is a power of 2, is now used for ROUNDUP2() but this latter
also asserts (in debug build mode) that the size argument conforms to
this condition.

The new implementation of ROUNDUP() is less optimal but modern
compilers produce the same optimized assembly code with this macro
when the size argument is a constant value known from the compiler
so all use of ROUNDUP() with a known constant value do not need
move to ROUNDUP2().

Performance sensitive routines should now on use ROUNDUP2() to
leverage the power-of-2 rounding optimization.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: Relax ROUNDUP_OVERFLOW() and add ROUNDUP2_OVERFLOW()

Remove constraint on ROUNDUP_OVERFLOW() to have its size argument being
a power of 2 and add new ROUNDUP2_OVERFLOW() macro with

libutils: util.h: Relax ROUNDUP_OVERFLOW() and add ROUNDUP2_OVERFLOW()

Remove constraint on ROUNDUP_OVERFLOW() to have its size argument being
a power of 2 and add new ROUNDUP2_OVERFLOW() macro with that constraint.

The previous implementation of ROUNDUP_OVERFLOW(), optimized for when
size argument is a power of 2, is now used for ROUNDUP2_OVERFLOW() but
this latter also asserts (in debug build mode) that the size argument
conforms to this condition.

Performance sensitive routines should now on use ROUNDUP2_OVERFLOW() to
leverage the power-of-2 rounding optimization.

The new implementation of ROUNDUP_OVERFLOW() is less optimal but modern
compilers produce the same optimized assembly code with this macro
when the size argument is a constant value known from the compiler
so all use of ROUNDUP_OVERFLOW() with a known constant value do not need
move to ROUNDUP2_OVERFLOW().

By the way, fix the indentation in the macro implementation for
consistency of the header file implementation and extend the inline
description comment.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: Relax ROUNDUP_DIV() and add ROUNDUP2_DIV()

Remove constraint on ROUNDUP_DIV() to have its size argument being a
power of 2 and add new ROUNDUP2_DIV() macro with that constraint.

T

libutils: util.h: Relax ROUNDUP_DIV() and add ROUNDUP2_DIV()

Remove constraint on ROUNDUP_DIV() to have its size argument being a
power of 2 and add new ROUNDUP2_DIV() macro with that constraint.

The previous implementation of ROUNDUP_DIV(), optimized for when size
argument is a power of 2, is now used for ROUNDUP2_DIV() but this latter
also asserts (in debug build mode) that the size argument conforms to
this condition.

Performance sensitive routines should now on use ROUNDUP2_DIV() to
leverage the power-of-2 rounding optimization.

The new implementation of ROUNDUP_DIV() is less optimal but modern
compilers produce the same optimized assembly code with this macro
when the size argument is a constant value known from the compiler
so all use of ROUNDUP_DIV() with a known constant value do not need
move to ROUNDUP2_DIV().

By the way, fix the indentation in the macro implementation for
consistency of the header file implementation.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: util.h: fix ROUND*() macros description argument constraint

Correct inline description comment for ROUNDUP(), ROUNDUP_OVERFLOW(),
ROUNDDOWN() where the second argument is expected to be a

libutils: util.h: fix ROUND*() macros description argument constraint

Correct inline description comment for ROUNDUP(), ROUNDUP_OVERFLOW(),
ROUNDDOWN() where the second argument is expected to be a power of 2,
not a multiple of 2.

Add an inline description comment to ROUNDUP_OVERFLOW() to state
this requirement.

Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: use mempool_calloc() for temporary memory

mbedtls_mpi_exp_mod_optionally_safe() needs a large chunk of temporary
memory for the mbedtls_mpi_core_exp_mod() function. The amount of memory

libmbedtls: use mempool_calloc() for temporary memory

mbedtls_mpi_exp_mod_optionally_safe() needs a large chunk of temporary
memory for the mbedtls_mpi_core_exp_mod() function. The amount of memory
is too much to reliably allocate from the heap. So use mempool_calloc()
instead of mbedtls_calloc(), similar to using mbedtls_mpi_init_mempool()
instead of mbedtls_mpi_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...