Update revision for release tag 3.1.0-rc1

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: minor cleanup related to pseudo TAs

tee_kta_trace.h is unused and useless.
Reword "static TA" into "pseudo TA" in comments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Revie

core: minor cleanup related to pseudo TAs

tee_kta_trace.h is unused and useless.
Reword "static TA" into "pseudo TA" in comments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: crypto: ltc: introduce CFG_CORE_BIGNUM_MAX_BITS

Make the size of big numbers in the TEE core configurable. The default
(4096 bits) may be reduced if such a large key size is not needed, to
sav

core: crypto: ltc: introduce CFG_CORE_BIGNUM_MAX_BITS

Make the size of big numbers in the TEE core configurable. The default
(4096 bits) may be reduced if such a large key size is not needed, to
save core memory.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: introduce CFG_TA_BIGNUM_MAX_BITS

Make the size of big numbers in libutee configurable. This controls
the size of the big numbers that can be manipulated through the TEE
Internal Core API (A

libutee: introduce CFG_TA_BIGNUM_MAX_BITS

Make the size of big numbers in libutee configurable. This controls
the size of the big numbers that can be manipulated through the TEE
Internal Core API (Arithmetical functions).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta_dev_kit.mk: define ENABLE_MDBG when CFG_TEE_TA_MALLOC_DEBUG is set

In order to use the memory leak detection code, a user-mode TA needs
two things:
- A version of libutils.a that was built with m

ta_dev_kit.mk: define ENABLE_MDBG when CFG_TEE_TA_MALLOC_DEBUG is set

In order to use the memory leak detection code, a user-mode TA needs
two things:
- A version of libutils.a that was built with malloc debug code. This
is taken care of by ta/ta.mk which sets ENABLE_MDBG=1 when
CFG_TEE_TA_MALLOC_DEBUG is 'y'.
- The proper declarations for mdbg_malloc(), mdbg_free(), mdbg_check()
etc. as well as the macro redefinitions for malloc(), free() etc. in
the header files when the TA is built. This patch adds the
missing definition of ENABLE_MDBG in ta/mk/ta_dev_kit.mk when
CFG_TEE_TA_MALLOC_DEBUG is 'y'.

In addition, the usage of CFG_TEE_TA_MALLOC_DEBUG and
CFG_TEE_CORE_MALLOC_DEBUG is better documented in mk/conf.mk.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>

show more ...

Update revision for release tag 3.0.0-rc1

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

mk/config.mk: remove obsolete text and clarify usage of log levels

The configuration variable CFG_TEE_DRV_DEBUGFS was used by an older
version of the older OP-TEE linux driver, before commit 724298b

mk/config.mk: remove obsolete text and clarify usage of log levels

The configuration variable CFG_TEE_DRV_DEBUGFS was used by an older
version of the older OP-TEE linux driver, before commit 724298b6e425
("Linux driver refactoring") [1]. It is now obsolete, so remove it.

The text explaining how to set log levels is also reworded slightly.

Link: [1] https://github.com/OP-TEE/optee_linuxdriver/commit/724298b6e425
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: add management pseudo TA for secstor TAs

Adds a pseudo TA for management of Trusted Applications and Security
Domains. The pseudo TA only provides a minimal interface, a more
advanced interfac

core: add management pseudo TA for secstor TAs

Adds a pseudo TA for management of Trusted Applications and Security
Domains. The pseudo TA only provides a minimal interface, a more
advanced interface is supposed to be provided by a user TA using this
pseudo TA. Such a TA could for instance implement Global Platforms TEE
Management Framework or OTrP.

The management TA currently only supports installing bootstrap packaged
TAs in secure storage.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add ta storage based on tadb

Adds ta storage based on tadb. The TAs has to be installed in tadb
before they can be loaded.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by:

core: add ta storage based on tadb

Adds ta storage based on tadb. The TAs has to be installed in tadb
before they can be loaded.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: GET_OS_REVISION: return SHA1 of current Git commit

When processing an OPTEE_SMC_CALL_GET_OS_REVISION request, return the
abbreviated SHA1 of the current Git commit as the third parameter (a2).

core: GET_OS_REVISION: return SHA1 of current Git commit

When processing an OPTEE_SMC_CALL_GET_OS_REVISION request, return the
abbreviated SHA1 of the current Git commit as the third parameter (a2).

If the SHA1 cannot be determined or CFG_OS_REV_REPORTS_GIT_SHA1 is
disabled, set a2 to zero meaning "not specified".

This allows the TEE driver to report more precise information about the
TEE at probe time.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update minor revision to 6 for release tag 2.6.0-rc1

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

Add comment about CFG_UNWIND

Update the comment in the main configuration file to state that
CFG_UNWIND should be disabled in production builds.

Signed-off-by: Jerome Forissier <jerome.forissier@li

Add comment about CFG_UNWIND

Update the comment in the main configuration file to state that
CFG_UNWIND should be disabled in production builds.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add CFG_CORE_LARGE_PHYS_ADDR for 64bit paddr_t

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testi

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testing and debugging to emulate system, where dynamic SHM is not
supported.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Dump call stack on TA panic

Adds support for dumping the call stack of a user-mode TA when it
panics. Stack unwinding happens in kernel mode by re-using
abort_print_error() in core/arch/arm/kernel/a

Dump call stack on TA panic

Adds support for dumping the call stack of a user-mode TA when it
panics. Stack unwinding happens in kernel mode by re-using
abort_print_error() in core/arch/arm/kernel/abort.c. Like for abort
dumps, the helper script scripts/symbolize.py may be used to obtain
source-level information.

This feature is enabled by default. Set CFG_UNWIND=n to disable it
(or CFG_TEE_CORE_DEBUG=n).

In libutee, the utee_panic() syscall wrapper is renamed __utee_panic()
and now takes an additional parameters: a stack pointer, in addition to
the panic code. utee_panic() is written in assembly and pushes some
registers onto the stack before calling __utee_panic(). When it is time
to return from syscall_panic(), tee_svc_sys_return_helper() uses the
stack pointer to get the information needed to unwind the TA stack.
A struct abort_info is created and abort_print_error() is called.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMUv8)

show more ...

core: Make core_pos more generic

The function core_pos() assumes 4 cores per cluster, this may not
be true for all platforms. Define CFG_CORE_CLUSTER_SHIFT to be
=log2(cores/cluster) and allow setti

core: Make core_pos more generic

The function core_pos() assumes 4 cores per cluster, this may not
be true for all platforms. Define CFG_CORE_CLUSTER_SHIFT to be
=log2(cores/cluster) and allow setting this from platform config.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Add support for compressed early TAs

Add decompression code to the early TA loader and update the Python
script accordingly. The compression algorithm is "deflate", which is
used by zlib and gzip in

Add support for compressed early TAs

Add decompression code to the early TA loader and update the Python
script accordingly. The compression algorithm is "deflate", which is
used by zlib and gzip in particular. It allows for compression ratios
comprised between 3 (for bigger TAs) and 4.7 (for smaller ones). Those
numbers were observed with 32-bit TAs (QEMU).

On QEMU (armv7), the code size overhead when CFG_EARLY_TA=y, including
the decompressor, is 12K when DEBUG=0 or 20K when DEBUG=1. The
decompressor allocates about 39K of heap.

Another library compatible with zlib was tried for comparison [1].
The code size overhead with miniz was 8K (DEBUG=0) or 16K (DEBUG=1).
On the other hand, the dynamic allocation was about 43K, so the total
memory required was about same. Speed was not compared. In the end,
zlib was preferred for licensing reasons and because it is widely used.

Link: [1] https://github.com/richgel999/miniz
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMUv8, pager)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 32/64 bits)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 32/64 bits, pager)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add support for early Trusted Applications

Early TAs are user-mode Trusted Applications that are embedded at link
time in the TEE binary. A special read-only data section is used to
store them (.rod

Add support for early Trusted Applications

Early TAs are user-mode Trusted Applications that are embedded at link
time in the TEE binary. A special read-only data section is used to
store them (.rodata.early_ta). A Python script takes care of converting
the TAs into a C source file with the proper linker section attribute.

The feature is disabled by default. To enable it, the paths to the TA
binaries have to be given in $(EARLY_TA_PATHS). They should be ELF
files. Typical build steps:
$ make ... CFG_EARLY_TA=y ta_dev_kit # (1)
$ # ... build the TAs ... # (2)
$ make ... EARLY_TA_PATHS=path/to/<uuid>.stripped.elf # (3)
Notes:
- Setting CFG_EARLY_TA=y during the first step (1) is not necessary,
but it will avoid rebuilding libraries during the third step (3)
- CFG_EARLY_TA is automatically enabled when EARLY_TA_PATHS is non-empty
in step (3)
- Several TAs may be given in $(EARLY_TA_PATHS) (3)

Early TAs are given a higher load priority than REE FS TAs, since they
should be available even before tee-supplicant is ready.

Suggested-by: Zeng Tao <prime.zeng@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Update minor revision to 5 for release tag 2.5.0-rc1

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

trace.c: show file/line info for flow, debug and error messages

Since commit f4aa5b11f9a3 ("Update trace format to be less verbose in
INFO and ERROR levels"), INFO and ERROR messages don't show sour

trace.c: show file/line info for flow, debug and error messages

Since commit f4aa5b11f9a3 ("Update trace format to be less verbose in
INFO and ERROR levels"), INFO and ERROR messages don't show source file
and line information by default, while message with lower severity
(DEBUG and FLOW) do contain such information. While it is OK for INFO,
it turns out to be inconvenient for ERRORs during development, because
one typically wants to be able to quickly locate the source of errors.
This patch fixes the problem by introducing a mask rather than a level
to control the long output format. This allows individual selection of
which level should use a long vs. short format.
The compile-time setting CFG_MSG_LONG_PREFIX_THRESHOLD is replaced by
CFG_MSG_LONG_PREFIX_MASK with default value 0x1a (= BIT(TRACE_ERROR) |
BIT(TRACE_DEBUG) | BIT(TRACE_FLOW)).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: enable debug mode by default

Assume the default build environment is meant for development, so set
CFG_TEE_CORE_DEBUG=y by default.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.or

core: enable debug mode by default

Assume the default build environment is meant for development, so set
CFG_TEE_CORE_DEBUG=y by default.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove CFG_SMALL_PAGE_USER_TA=n

Removes CFG_SMALL_PAGE_USER_TA and keep the code that was activated by
CFG_SMALL_PAGE_USER_TA=y. This means that CFG_SMALL_PAGE_USER_TA=n which
resulted in TA being m

Remove CFG_SMALL_PAGE_USER_TA=n

Removes CFG_SMALL_PAGE_USER_TA and keep the code that was activated by
CFG_SMALL_PAGE_USER_TA=y. This means that CFG_SMALL_PAGE_USER_TA=n which
resulted in TA being mapped using 1 MiB or 2 MiB granularity is removed.

Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dump call stack of user TAs on abort

Update the abort handling code in the TEE core to support unwinding
the user mode stack in addition to the kernel stack. unwind_arm32.c is
modified slightl

core: dump call stack of user TAs on abort

Update the abort handling code in the TEE core to support unwinding
the user mode stack in addition to the kernel stack. unwind_arm32.c is
modified slightly so that it can be built for AArch64. This allows a
64-bit TEE core to dump both 32- and 64-bit TAs.

Paged TAs (CFG_PAGED_USER_TA=y) cannot currently be unwound, because
the code is not ready to handle the page faults that might occur as
the unwinding tables are accessed.

CFG_CORE_UNWIND is renamed to CFG_UNWIND since it enables both the
kernel and user TA stack dumps. It is still set automatically when
CFG_TEE_CORE_DEBUG=y.

32-bit user TAs have to be compiled with `-funwind-tables`, otherwise
the call stack can't be unwound and the abort reports will not show a
call stack .The TA dev kit takes care of adding this flag automatically
when CFG_UNWIND=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add interface to load user TAs

Some use cases may require custom load and verification methods for
user-mode Trusted Applications. Introduce struct user_ta_store_ops with
open(), get_size(), r

core: add interface to load user TAs

Some use cases may require custom load and verification methods for
user-mode Trusted Applications. Introduce struct user_ta_store_ops with
open(), get_size(), read() and close() functions to abstract these
tasks from the ELF loader code. Do the communication with
tee-supplicant as well as the hashing and signature verification of the
TA binary in core/arch/arm/kernel/ree_fs_ta.c, which may be disabled
and replaced by a different implementation if need be.

CC: Zeng Tao <prime.zeng@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Remove SQL-FS

With recent developments in REE-FS SQL-FS has become redundant. This
patch removes SQL-FS.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissi

Remove SQL-FS

With recent developments in REE-FS SQL-FS has become redundant. This
patch removes SQL-FS.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...