symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with sha

symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with shared libraries typically), the command may fail to return
the expected output and print "symbolic link to <some path>" instead.

This behavior of the "file" command depends on the environment variable
POSIXLY_CORRECT. In order to not depend on this, this commit adds the
-L option (follow symlinks).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) en

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) entries are shown.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

symbolize.py: fix analysis of mixed 32/64 bit ftrace dumps

When an ftrace file that contains both user space and kernel space
calls is analyzed by symbolize.py, any address can be 32 or 64 bits.
For

symbolize.py: fix analysis of mixed 32/64 bit ftrace dumps

When an ftrace file that contains both user space and kernel space
calls is analyzed by symbolize.py, any address can be 32 or 64 bits.
For each address, the resolve() function first obtains the path to the
proper ELF file, then calls spawn_addr2line() to make sure we have a
process that is capable of resolving the address (i.e., either
arm-linux-gnueabihf-addr2line or aarch64-linux-gnu-addr2line).
spawn_addr2line() then calls arch_prefix() to obtain the tool's prefix.
Unfortunately, the ELF file is not supplied, so arch_prefix() assumes
that the first entry in the global list of files is suitable. While this
is true when symbolizing homogeneous dumps (i.e., kernel stacks or
TA + multiple libraries), it does not work for mixed ftrace logs.

This patch addresses the issue by adding the ELF file as an argument to
spawn_addr2line().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: add line removed by mistake

Commit c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with
pager") has mistakenly removed a line which caches the name of the ELF
file for which ad

symbolize.py: add line removed by mistake

Commit c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with
pager") has mistakenly removed a line which caches the name of the ELF
file for which addr2line was last spawned. As a result, processes keep
being killed and re-started, resulting in a much slower execution.

This commit restores the missing line.

Fixes: c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with pager")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text parameter, as a more
understandable alias of universal_newlines.

In order to avoid a runtime error with versions of Python prior to 3.7,
replace the 'text' parameter with 'universal_newlines'.

Link: [1] https://docs.python.org/3/library/subprocess.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

gen_tee_bin: include .nex_data section

.nex_data section were missing in the resulting binary, which lead to
broken OP-TEE image that was unable to boot.

Signed-off-by: Volodymyr Babchuk <volodymyr

gen_tee_bin: include .nex_data section

.nex_data section were missing in the resulting binary, which lead to
broken OP-TEE image that was unable to boot.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: fix spelling mistake in subject]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

gen_tee_bin: generate tee-raw.bin

Some platforms (like Rcar Gen3) still does not support OP-TEE images
wrapped into any type of container. In the past we were able to
generate raw binary straight fr

gen_tee_bin: generate tee-raw.bin

Some platforms (like Rcar Gen3) still does not support OP-TEE images
wrapped into any type of container. In the past we were able to
generate raw binary straight from the resulting elf file. But with
recent changes, OP-TEE expects some additional data past the __end, so
wee need to use gen_tee_bin.py to generate header-less OP-TEE binary.

This patch adds `--out_tee_raw_bin` option, which generates needed
file.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: fix stack dump of TEE core with pager

Commit 105e09c24479 ("symbolize.py: add support for TEE core ASLR") has
introduced support for ASLR by using addresses relative to the .text
secti

symbolize.py: fix stack dump of TEE core with pager

Commit 105e09c24479 ("symbolize.py: add support for TEE core ASLR") has
introduced support for ASLR by using addresses relative to the .text
section. To this end, the '-j.text' option is passed to addr2line.
Unfortunately, it happens that addr2line does not like to be given
addresses that are outside the specified section. This can happen when
CFG_WITH_PAGER=y as shown in the following example:

D/TC:4 0 TEE load address @ 0x3f000000
D/TC:4 0 Call stack:
D/TC:4 0 0x000000003f0080ac read_pc at optee_os/core/arch/arm/include/arm64.h:237
D/TC:4 0 0x000000003f062984 ?? ??:0
D/TC:4 0 0x000000003f007be4 wq_wait_final at optee_os/core/arch/arm/kernel/wait_queue.c:88
D/TC:4 0 0x000000003f007698 __mutex_lock at optee_os/core/arch/arm/kernel/mutex.c:57
D/TC:4 0 0x000000003f06c204 ?? ??:0
D/TC:4 0 0x000000003f067160 ?? ??:0
D/TC:4 0 0x000000003f06221c ?? ??:0
D/TC:4 0 0x000000003f006298 thread_std_smc_entry at optee_os/core/arch/arm/kernel/thread_optee_smc_a64.S:162

The addresses that cannot be resolved happen to be inside section
.text_pageable, not .text (excerpt from readelf -e tee.elf):

[Nr] Name Type Address Offset
[ 1] .text PROGBITS 000000003f000000 00010000
[11] .text_pageable PROGBITS 000000003f05f388 0006f388

This commit choses a different approch. Instead of using relative
addresses, we keep absolute ones but correct them with the load address
in the ELF file:

corrected address = supplied address - runtime start address
+ link time load address

Fixes: 105e09c24479 ("symbolize.py: add support for TEE core ASLR")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: add --input argument to tee_bin_parser.py

Adds an optional --input argument to tee_bin_parser.py to select a
different file to parse than the default "../out/arm/core/tee.bin".

Reviewed-by

scripts: add --input argument to tee_bin_parser.py

Adds an optional --input argument to tee_bin_parser.py to select a
different file to parse than the default "../out/arm/core/tee.bin".

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: fix tee_bin_parser.py string formatting

Fixes string formatting errors like:
File "./scripts/tee_bin_parser.py", line 24, in main
print("Magic: \t\t0x{:08x}".format(magic))
TypeError:

scripts: fix tee_bin_parser.py string formatting

Fixes string formatting errors like:
File "./scripts/tee_bin_parser.py", line 24, in main
print("Magic: \t\t0x{:08x}".format(magic))
TypeError: unsupported format string passed to tuple.__format__

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: re

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: recipe for target 'out/core/tee.bin' failed

Introduce a special __get_tee_init_end to fix this and also avoid
confusion with __init_end used in the code for the pager case.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of
tee.elf for use by gen_tee_bin.py which then discards them. As a
result, they are not present in the final binary and should not be
reported by the memory usage script.

By ignoring any section past the _end_of_ram symbol, we avoid reporting
those discarded sections as well as a hole before them.

Before:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E301E04 size 00201E04 2056 KiB 514 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB
*hole* 0E176B80 - 0E300000 size 00189480 1573 KiB
.dynamic 0E300000 - 0E300098 size 00000098 0 KiB
.hash 0E300098 - 0E3000B0 size 00000018 0 KiB
.dynsym 0E3000B0 - 0E3000E0 size 00000030 0 KiB
.dynstr 0E3000E0 - 0E3000E1 size 00000001 0 KiB
*hole* 0E3000E1 - 0E3000E4 size 00000003 0 KiB
.rel 0E3000E4 - 0E301E04 size 00001D20 7 KiB

After:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E176B80 size 00076B80 475 KiB 119 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissie

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulne

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulnerabilities in PCKS#1 RSASSA V1.5 at this date there
has been issues in the past (for instance Bleichenbacher).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.ga

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: s/Load address @/TEE load address @/]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

[1] $ make CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y \
CFLAGS_ta_arm32=-pg
[run test and copy content of /tmp/ftrace*]
$ optee_os/scripts/symbolize.py -d optee_os/out/arm/core \
-d out-br/build/optee_test-1.0/ta/*/out
[paste ftrace log here]

Fixes: 105e09c24479 ("symbolize.py: add support for TEE core ASLR")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not found:

$ make
...
GEN out/arm/core/tee-header_v2.bin
Cannot find symbol _start
core/arch/arm/kernel/link.mk:191: recipe for target 'out/arm/core/tee-header_v2.bin' failed
make[1]: *** [out/arm/core/tee-header_v2.bin] Error 1

(This error was observed when building on Ubuntu 16.04.)

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to produce the final TEE binaries from tee.elf or
cause errors when building them. However, since commit 1a9edabc0ed4
("core: link.mk: use gen_tee_bin.py"), objcopy is not used for this
purpose anymore. Thus we can safely use llvm-objcopy.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The defa

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The default value of TA_ENC_KEY is derived from 16 zero
bytes default hardware unique key.

Also rename scripts/sign.py to scripts/sign_encrypt.py to reflect
optional encryption support along with signing of TAs.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix gen_tee_bin.py to handle STB_LOCAL symbols

Prior to this patch scripts/gen_tee_bin.py only looked for global
symbols (STB_GLOBAL). The linker in some older versions of the gcc
toolchain ma

core: fix gen_tee_bin.py to handle STB_LOCAL symbols

Prior to this patch scripts/gen_tee_bin.py only looked for global
symbols (STB_GLOBAL). The linker in some older versions of the gcc
toolchain makes some of the symbols local (STB_LOCAL) instead. This
patch fixes that by falling back to a local symbol in case a global
cannot be found.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Victor Chong <victor.chong@linaro.org>
Fixes: 3c51966baa03 ("core: add scripts/gen_tee_bin.py for boot binaries")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted b

core: move relocation to embedded data region

The relocation sections are placed last in the linker script to be kept
out of the way for the other sections. The relocation sections are
interpreted by gen_tee_bin.py and converted into a more compact data
structure which is stored in the embedded data region.

For each relocation, only one 32-bit offset is kept. Compared to the
standard ELF format, the size of the relocation table is either halved
(Rel32 type: two 32-bit words per entry) or divided by 6 (Rel64 type:
three 64-bit words per entry).

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is ini

core: add embedded data region

Until this patch hashes has been supplied as a single blob following the
init part when configured for paging. To facilitate storing additional
data when OP-TEE is initializing a struct boot_embdata is added. This
struct is populated gen_tee_bin.py and later interpreted by
assembly boot code and init_runtime().

Previous memory allocation for hashes in the linker script is replaced
by this new mechanism.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove unused scripts/gen_hashed_bin.py

Removes the now unused scripts/gen_hashed_bin.py which was
replaced by scripts/gen_tee_bin.py.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-of

Remove unused scripts/gen_hashed_bin.py

Removes the now unused scripts/gen_hashed_bin.py which was
replaced by scripts/gen_tee_bin.py.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add scripts/gen_tee_bin.py for boot binaries

Adds scripts/gen_tee_bin.py which can produce the boot binaries instead
of objdump and scripts/gen_hashed_bin.py.

Reviewed-by: Jerome Forissier <j

core: add scripts/gen_tee_bin.py for boot binaries

Adds scripts/gen_tee_bin.py which can produce the boot binaries instead
of objdump and scripts/gen_hashed_bin.py.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/gen_ldelf_hex.py: remove unused imports

Removes a few import lines that are not needed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

scripts/gen_ldelf_hex.py: remove unused imports

Removes a few import lines that are not needed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...