Update CHANGELOG.md for 2.4.0

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Peng Fan <peng.fan@nxp.com> (imx6ulevk)
Tested-by

Update CHANGELOG.md for 2.4.0

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Peng Fan <peng.fan@nxp.com> (imx6ulevk)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (MTK8173)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v8)
Tested-by: Sumit Garg <sumit.garg@nxp.com> (ls1021atwr - Single core)
Tested-by: Sören Brinkmann <soren.brinkmann@xilinx.com> (zynqmp)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR H3)
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> (RPi3)
Tested-by: Andrew F. Davis <afd@ti.com> (TI-DRA7xx)

show more ...

core: allow SDP buffers as memory reference parameters

Before this change, at OP-TEE entry (from non secure), memory
reference parameters needed to match the 'shm_mobj': the nonsecure
shared memory.

core: allow SDP buffers as memory reference parameters

Before this change, at OP-TEE entry (from non secure), memory
reference parameters needed to match the 'shm_mobj': the nonsecure
shared memory.

This change allows memory reference parameters to match the
registered SDP memories and be used when invoking TA that
claimed the SDP support through TA_FLAG_SECURE_DATA_PATH.

As SDP memory is not default mapped in OP-TEE core, nonsecure cannot
invoke a pseudo/static TA with a SDP memref parameter. only a user TA
can invoke a pseudo/static TA with a SDP memref parameter.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Remove unused CFG_REE_FS_BLOCK_CACHE

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wikla

Remove unused CFG_REE_FS_BLOCK_CACHE

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (

core: add pseudo TA for socket

Adds a pseudo TA sockets using tee-supplicant.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260 pager=y/n)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG_TA_GPROF_SUPPORT=y.

Profiling support in itself adds no significant performance overhead.
Instrumented applications however may run 1.3x - 2x slower, and have a
larger .bss section (+1.36 times .text size for 32-bit TAs, +1.77 times
.text size for 64-bit ones).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This featu

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This feature depends on TA profiling support in OP-TEE core which will
be introduced in a later commit.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: RPMB: don't try to program the RPMB key by default

Prevent leakage of the RPMB security key by never programming it,
unless a special build option is set (CFG_RPMB_WRITE_KEY=y).

Signed-off

storage: RPMB: don't try to program the RPMB key by default

Prevent leakage of the RPMB security key by never programming it,
unless a special build option is set (CFG_RPMB_WRITE_KEY=y).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: step up OP-TEE revision to 2.3.0

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

core/armv7: cleanup bootargs

In non-A-TF boot modes, OP-TEE core expects some boot arguments:
- nonsecure entry point, default expected from core register LR.
- pagestore address, when pager is enab

core/armv7: cleanup bootargs

In non-A-TF boot modes, OP-TEE core expects some boot arguments:
- nonsecure entry point, default expected from core register LR.
- pagestore address, when pager is enable, from core register R0.
- devicetree address, when DT is enable, from core register R2.

Some non-A-TF booted platform rely on u-boot has bootloader, and
expect u-boot to boot both linux and op-tee. armv7/linux expects the
following boot arguments:
- machine ID, expected from core register R1.
- devicetree address from core register R2.

Before this patch, some platform used CFG_TEE_GDB_BOOT together with
CFG_BUILT_IN_ARGS to both provide op-tee core boot arguments, and
relay linux argument from op-tee entry to linux kernel entry
(nonsecure entry).

This change proposes to rationalize a bit. Both linux and optee expect
device tree from register R2. op-tee could relay machine ID (R1).

This change removes CFG_TEE_GDB_BOOT and CFG_BUILT_IN_ARGS that are now
deprecated.

This change still supports CFG_PAGEABLE_ADDR, CFG_DT_ADDR and
CFG_NS_ENTRY_ADDR to statically define the pagestore, device tree
and nonsecure entry. These can be defined independently.

Since this change, if CFG_WITH_ARM_TRUSTED_FW is not enable, the
standard boot arguments (registers R1 and R2 at optee entry) are
propagated to the non secure entry.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: remove CFG_ENC_FS

Removes CFG_ENC_FS, encryption is always enabled in the file systems from
now on.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64 GP)
Tested-by: Etien

core: remove CFG_ENC_FS

Removes CFG_ENC_FS, encryption is always enabled in the file systems from
now on.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64 GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_v8/b2260, reefs/sqlfs, gp testsuite)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for paging of user TAs

Enables support for paging of user TAs if CFG_PAGED_USER_TA is y

Acked-by: David Brown <david.brown@linaro.org>
Tested-by: Jerome Forissier <jerome.forissie

core: add support for paging of user TAs

Enables support for paging of user TAs if CFG_PAGED_USER_TA is y

Acked-by: David Brown <david.brown@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU 7)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add default CFG_CORE_HEAP_SIZE

Adds a CFG_CORE_HEAP_SIZE replacing the defined HEAP_SIZE in each
platform_config.h. Default value is defined in mk/config.mk as 64 kB.
This is larger than most

core: Add default CFG_CORE_HEAP_SIZE

Adds a CFG_CORE_HEAP_SIZE replacing the defined HEAP_SIZE in each
platform_config.h. Default value is defined in mk/config.mk as 64 kB.
This is larger than most of the previous values at 24 kB or just above.

Platforms with a previous heap size defined larger than 64 kB overrides
the mk/config.mk setting with a $(platform-dir)/conf.mk setting using the
previous value.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (Hikey pager)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7 pager)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP Aarch32 pager)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add the i.MX6 Quad SABRE board support (PLATFORM=imx)

Signed-off-by: Yan Yan <yan.yan@windriver.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.for

Add the i.MX6 Quad SABRE board support (PLATFORM=imx)

Signed-off-by: Yan Yan <yan.yan@windriver.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Peng Fan <peng.fan@nxp.com>

show more ...

core: add support for kernel address sanitizer

Adds support for kernel address sanitizer.
Currently only for plat-vexpress-qemu_virt.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tes

core: add support for kernel address sanitizer

Adds support for kernel address sanitizer.
Currently only for plat-vexpress-qemu_virt.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing

core debug: cleanup CFG_TEE_CORE_DEBUG

Fix inconsistencies in CFG_TEE_CORE_DEBUG. This change proposes to
define CFG_TEE_CORE_DEBUG as a y/n directive.

This change also fixes the comment describing DEBUG directive.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (qemu_v7/v8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Enable static TA and core self tests..

..for all platforms by setting

CFG_TEE_CORE_EMBED_INTERNAL_TESTS ?= y

in mk/config.mk.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Suggested-by: J

Enable static TA and core self tests..

..for all platforms by setting

CFG_TEE_CORE_EMBED_INTERNAL_TESTS ?= y

in mk/config.mk.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS w

secure storage: add SQL filesystem

This commit adds a new container type for trusted storage: SQL FS.
Data are stored in the non-secure world, just like the REE FS
(CFG_REE_FS). But, unlike REE FS which manipulates several files for
each secure object, this implementation needs only one container in a
SQLite database per secure object. We rely on the transaction-based
nature of the database to provide atomicity.

A storage identifier is added to the TA API: TEE_STORAGE_PRIVATE_SQL.
Trusted applications can use it to select this filesystem. The value
TEE_STORAGE_PRIVATE defined by GlobalPlatform will also select the
SQL FS if all other implementations are disabled.

This feature is enabled with CFG_SQL_FS=y. It depends on SQL support
in tee-supplicant [1].

[1] https://github.com/OP-TEE/optee_client/pull/50

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Release Notes of 2.1.0

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

core: arm: generic boot: edit device tree

If configured with CFG_DT configures supplied device tree to add a node
for OP-TEE and reservation of shared memory.

Reviewed-by: Jerome Forissier <jerome.

core: arm: generic boot: edit device tree

If configured with CFG_DT configures supplied device tree to add a node
for OP-TEE and reservation of shared memory.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Import libfdt v1.4.1

Imports libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git
tag "v1.4.1" commit 302fca9f4c283e1994cf0a5a9ce1cf43ca15e6d2.

API header files are moved to libfdt/includ

Import libfdt v1.4.1

Imports libfdt code from https://git.kernel.org/cgit/utils/dtc/dtc.git
tag "v1.4.1" commit 302fca9f4c283e1994cf0a5a9ce1cf43ca15e6d2.

API header files are moved to libfdt/include.

Small changes to make fdt.h and libfdt.h c99 compiant.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CORE_SANITIZE_UNDEFINED

Adds CFG_CORE_SANITIZE_UNDEFINED to enabled undefined behavior
santizer with -fsanitize=undefined as option to compiler with
supporting routines in core/kernel/

core: add CFG_CORE_SANITIZE_UNDEFINED

Adds CFG_CORE_SANITIZE_UNDEFINED to enabled undefined behavior
santizer with -fsanitize=undefined as option to compiler with
supporting routines in core/kernel/ubsan.c.

This option consumes a lot of memory, expect link problems unless pager
and debug is disabled.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: secure storage: dual filesystems support

Adds support for multiple filesystems by keeping a pointer to
tee_file_operations in the tee_pobj and tee_storage_enum structures.

Two identifiers are

core: secure storage: dual filesystems support

Adds support for multiple filesystems by keeping a pointer to
tee_file_operations in the tee_pobj and tee_storage_enum structures.

Two identifiers are added to the API to be used as the storage_id
parameter, so that TAs may dynamically choose the filesystem:
- TEE_STORAGE_PRIVATE_REE (requires CFG_REE_FS=y)
- TEE_STORAGE_PRIVATE_RPMB (requires CFG_RPMB_FS=y)
The value TEE_STORAGE_PRIVATE will select the REE FS if available,
otherwise RPMB. At least one FS has to be enabled at build time. Only
the REE filesystem is enabled by default.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Update trace format to be less verbose in INFO and ERROR levels

- By default, traces of severity TRACE_INFO or lower will not print
the thread ID, function name or line number. Can be controlled by

Update trace format to be less verbose in INFO and ERROR levels

- By default, traces of severity TRACE_INFO or lower will not print
the thread ID, function name or line number. Can be controlled by
CFG_MSG_LONG_PREFIX_THRESHOLD (see mk/config.mk).
- The trace level string is updated ("DEBUG", "INFO" etc. instead of
"DBG", "INF" etc.) for consistency with ARM Trusted Firmware.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support mapping user TAs with 4k pages

Maps user TAs with small pages (aka 4k pages) if
CFG_SMALL_PAGE_USER_TA = y
If pager is active the translation tables are allocated using
tee_pager_reque

core: support mapping user TAs with 4k pages

Maps user TAs with small pages (aka 4k pages) if
CFG_SMALL_PAGE_USER_TA = y
If pager is active the translation tables are allocated using
tee_pager_request_zi() to only use the physical page when needed.

Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Release Notes 2.0.0

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>