ftrace: introduce CFG_FTRACE_BUF_WHEN_FULL

Function tracing can become extremely slow in case a big buffer size is
used (say, CFG_FTRACE_BUF_SIZE=6000000 instead of the default 2048
bytes). This is

ftrace: introduce CFG_FTRACE_BUF_WHEN_FULL

Function tracing can become extremely slow in case a big buffer size is
used (say, CFG_FTRACE_BUF_SIZE=6000000 instead of the default 2048
bytes). This is because of the "shifting" algorithm used when the buffer
is full, which copies almost the full buffer before inserting a new
line.

In order to mitigate this problem, this patch introduces two new
methods to handle the buffer full condition:

1. Discard existing data and write new lines to the beginning of the
buffer.
2. Stop adding new lines.

The method can be selected at build time with CFG_FTRACE_BUF_WHEN_FULL.
Supported values are "shift", "wrap" and "stop".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public
key generated and returned.

Fixes: 34789f62982f ("libmbedtls: support mbedtls DH function")

Signed-off-by: Cao, Vincent T <vincent.t.cao@intel.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissie

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a cou

Remove TEE_OPERATION_EXTENSION

Commit 6a2e0a9fe2b9 ("utee: support prehashed RSA sign/ver without
ASN.1") has introduced TEE_OPERATION_EXTENSION in tee_api_defines.h with
value 0xF. This poses a couple of minor issues:

1. Values 0x00000009-0x7FFFFFFF are "Reserved for future use" according
to the TEE Internal Core API specification v1.2.1 (Table 5-6),

2. The meaning of this #define is not clear: "extension" is not a
kind of operation like "cipher", "MAC", "asymmetric signature" etc.
The algorithm added by the above commit is TEE_ALG_RSASSA_PKCS1_V1_5
which is an asymmetric signature and should therefore be associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

I suppose the operation value was added in a attempt to keep the
structure of algorithm identifiers as defined in the GP v1.1
specification, where some particular bits indicate some attributes of
the algorithm. This scheme has since been abandoned by GlobalPlatform so
there is no reason to keep it.

Therefore, this commit removes the TEE_OPERATION_EXTENSION macro and
makes a special case in the TEE_GET_CLASS() macro so that algorithm
TEE_ALG_RSASSA_PKCS1_V1_5 is associated with
TEE_OPERATION_ASYMMETRIC_SIGNATURE.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Gabor Szekely <szvgabor@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled w

core: crypto: add support for SM2 KEP

Adds SM2 Key Exchange Protocol [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 KEP is enabled with CFG_CRYPTO_SM2_KEP=y (default y) wich currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enab

core: crypto add support for SM2 DSA

Adds SM2 Digital Signature Algorithm [1] using LibTomCrypt. The TA
interface complies with the GlobalPlatform TEE Internal Core API
version 1.2.

SM2 DSA is enabled with CFG_CRYPTO_SM2_DSA=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with

core: crypto: add support for SM2 PKE

Adds SM2 Public Key Encryption [1] using LibTomCrypt. The TA interface
complies with the GlobalPlatform TEE Internal Core API version 1.2.

SM2 is enabled with CFG_CRYPTO_SM2_PKE=y (default y) which currently
requires that CFG_CRYPTOLIB_NAME=tomcrypt. An Mbed TLS implementation
could be added later if needed.

[1] http://www.gmbz.org.cn/main/postDetail.html?id=20180724110812

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stdint.h: add U() ULL() L() LL() macros

Adds U() ULL() L() and LL() macros with a separate implementation for
assembly. Brushes up {,U}INT{8,16,32,64}_C() macros to use the new
primitive macros inst

stdint.h: add U() ULL() L() LL() macros

Adds U() ULL() L() and LL() macros with a separate implementation for
assembly. Brushes up {,U}INT{8,16,32,64}_C() macros to use the new
primitive macros instead.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this h

core: crypto: add support for SM3

Adds support for the SM3 cryptographic hash function [1] using the API
defined in the GlobalPlatform TEE Internal Core API v1.2, as well as the
HMAC based on this hash.

This implementation is based on code published on Gitlab [2]. See commit
ade6f848e084 ("core: crypto: add support for SM4") for details.

[1] https://tools.ietf.org/html/draft-sca-cfrg-sm3-02
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are

core: crypto: add support for SM4

Adds support for the SM4 cipher [1] using the API defined in the
GlobalPlatform TEE Internal Core API v1.2.

ECB, CBC and CTR modes are implemented. Other modes are valid but are
not included in the GP specification, so they are not considered here.

This implementation is based on code published on Gitlab [2]. The
project contains no licensing terms, so I contacted the author
(goldboar@163.com), asking for permission to re-use the code in OP-TEE
under a BSD-2-Clause license. I received the following reply:

"[...] If you like you can use it [...]"

I have reworked the source to better fit the OP-TEE coding style. I
have also added the CTR mode of operation.

I do not think we will need to merge any change from upstream in the
future.

[1] https://tools.ietf.org/html/draft-ribose-cfrg-sm4-10
[2] https://gitlab.com/otpfree/sm234

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

trace: Add weak platform tracer function

Add weak platform tracer function
This would allow each platform to carry out
plat specific logging, possibly to some media
for post-mortem analysis

Signed-

trace: Add weak platform tracer function

Add weak platform tracer function
This would allow each platform to carry out
plat specific logging, possibly to some media
for post-mortem analysis

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

stdint.h: add UL macro

This macro helps to define unsigned values such as addresses for C
compilers and ld.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wikla

stdint.h: add UL macro

This macro helps to define unsigned values such as addresses for C
compilers and ld.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

mbedtls: Add MBEDTLS_X509_CSR_WRITE_C define

Enable the mbedtls_x509write_csr_* functions that can be used
to create certificate signing requests by generating and
updating the structure mbedtls_x50

mbedtls: Add MBEDTLS_X509_CSR_WRITE_C define

Enable the mbedtls_x509write_csr_* functions that can be used
to create certificate signing requests by generating and
updating the structure mbedtls_x509write_csr.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Florian Depraz <florian.depraz@alumni.epfl.ch>

show more ...

Assembly FUNC macros take optional section

Adds an optional section parameter to the macros FUNC() and LOCAL_FUNC()

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklande

Assembly FUNC macros take optional section

Adds an optional section parameter to the macros FUNC() and LOCAL_FUNC()

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix warning in fallback SUB_OVERFLOW() macro

Fixes two warnings for 'comparison of integers of different signs' in
the __INTOF_SUB() helper macro used by the fallback SUB_OVERFLOW()
macro.

Fixes: e

Fix warning in fallback SUB_OVERFLOW() macro

Fixes two warnings for 'comparison of integers of different signs' in
the __INTOF_SUB() helper macro used by the fallback SUB_OVERFLOW()
macro.

Fixes: ecdedc94e720 ("util: update fallback SUB_OVERFLOW() macro")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

gprof: fix TEE core crash by allocating sample buffer dynamically

The gprof sample buffer is in user space memory but is also accessed by
the TEE core. Currently, space is reserved by the TA linker

gprof: fix TEE core crash by allocating sample buffer dynamically

The gprof sample buffer is in user space memory but is also accessed by
the TEE core. Currently, space is reserved by the TA linker script. The
address and size of the buffer is passed to the TEE core via a call to
the gprof PTA. After this call, the TEE core accesses the buffer
periodically, such as when the TA is interrupted by a timer interrupt.

Commit ef305e54eac8 ("libutee: allocate temp secmem for invoke")
modified the way that private TA memory is mapped in TA to TA
invocations, so that memory is mapped only for the duration of the
call. After this point, the memory is unmapped so the gprof sample
buffer becomes inaccessible, resulting in a crash:

E/TC:0 0 Core data-abort at address 0x121356 (translation fault)
E/TC:0 0 fsr 0x00000007 ttbr0 0x0e19206a ttbr1 0x0e18806a cidr 0x2
E/TC:0 0 cpu #0 cpsr 0x800001f2
E/TC:0 0 r0 0x00000000 r4 0x00000000 r8 0x00000000 r12 0x0017bb4b
E/TC:0 0 r1 0x000021ab r5 0x00000000 r9 0x00000000 sp 0x0e1928f0
E/TC:0 0 r2 0x0011d000 r6 0x00000000 r10 0x00000000 lr 0x0e112763
E/TC:0 0 r3 0x00121356 r7 0x0e1928f0 r11 0x00000000 pc 0x0e12958e
E/TC:0 0 Core data-abort at address 0x121356 .debug_info+1184598 (translation fault)
E/TC:0 0 Call stack:
E/TC:0 0 0x0e12958e tee_ta_gprof_sample_pc at optee_os/core/kernel/tee_ta_manager.c:897

The solution is to allocate and map the sample buffer explicitly in
user space when profiling is initialized, and at the same time get rid
of the reserved area in the TA linker script. The TEE core also needs
to check that the sample buffer is valid before writing to it,
otherwise a malicious TA could crash the core by unmapping that memory.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: core: prepare support for syscall ftrace

Enable compilation of ftrace library code for TEE core.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@fori

ftrace: core: prepare support for syscall ftrace

Enable compilation of ftrace library code for TEE core.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: move ftrace code from libutee to libutils

Since TEE core and TA can share most of ftrace library code, so move
ftrace code from libutee to libutils library which is shared among TEE
core and

ftrace: move ftrace code from libutee to libutils

Since TEE core and TA can share most of ftrace library code, so move
ftrace code from libutee to libutils library which is shared among TEE
core and TA.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-ar, llvm-nm, llvm-objcopy and
llvm-readelf).

Tested with Clang built from the master branch of [1] (development
version for 9.0):

mkdir build; cd build
cmake -G Ninja -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=~/llvm-install \
-DLLVM_ENABLE_PROJECTS="clang;lld" \
-DLLVM_TARGETS_TO_BUILD="AArch64;ARM" \
~/llvm-project/llvm
ninja && ninja install

Limitations:

- CFG_CORE_SANITIZE_KADDRESS=y is not supported.
- CFG_WITH_PAGER is supported, but requires that the TEE core be
linked with the GNU linker. The reason is documented in
mk/clang.mk.

Bug:

- ldelf assertion failure in xtest 1019 when CFG_ULIBS_SHARED=y (QEMU)
E/LD: assertion 'maps[map_idx].sz == sz' failed at ldelf/ta_elf.c:1114 in ta_elf_print_mappings()
Prevents ldelf from displaying the TA mappings on abort or panic, but
does not seem to cause any other problem.

Link: [1] https://github.com/llvm/llvm-project/commits/8351c327647
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, 32/64, GP)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: relax noreturn label

Replaces attribute label identifier noreturn with __noreturn__ to
prevent conflicts when importing code which defines label noreturn
itself as a macro. This change app

libutils: relax noreturn label

Replaces attribute label identifier noreturn with __noreturn__ to
prevent conflicts when importing code which defines label noreturn
itself as a macro. This change applies suggestion from the GCC
documentation [1], applicable even prio GCC 4.x.x, cited below.

> You may optionally specify attribute names with ‘__’ preceding
> and following the name. This allows you to use them in header
> files without being concerned about a possible macro of the same
> name. For example, you may use the attribute name __noreturn__
> instead of noreturn.

Link: [1] https://gcc.gnu.org/onlinedocs/gcc-8.3.0/gcc/Attribute-Syntax.html#Attribute-Syntax
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee,libdl: remove 0ms timeouts in TA invocations

TEE_OpenTASession(), TEE_InvokeTACommand() calls using 0ms timeout
are replaced with TEE_INFINITE_TIMEOUT to avoid risk of being cancelled.

Sign

libutee,libdl: remove 0ms timeouts in TA invocations

TEE_OpenTASession(), TEE_InvokeTACommand() calls using 0ms timeout
are replaced with TEE_INFINITE_TIMEOUT to avoid risk of being cancelled.

Signed-off-by: Cedric Auger <cauger@provenrun.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: panic on null pointer on object opening

Change TEE_CreatePersistentObject() and TEE_OpenPersistentObject()
to panic when passed an null reference pointer.

According to the TEE Internal Cor

libutee: panic on null pointer on object opening

Change TEE_CreatePersistentObject() and TEE_OpenPersistentObject()
to panic when passed an null reference pointer.

According to the TEE Internal Core API Specification 1.1 and 1.2,
sections 5.7.1 and 5.7.2, passing NULL for object pointer should panic,
and not return an error.

Some harmonization has also been done in these two functions to use
the same conventions as surrounding code.

Signed-off-by: Cedric Auger <cauger@provenrun.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...