ta - OpenGrok history log for /optee_os/ta

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e68e414d	04-Feb-2026	Christian Zoia <czoia@amazon.com>	ta: pkcs11: fix eddsa key reusage EdDsa key weren't enabled to be re-used in the same session in the load_tee_key function, forcing the client to close the session and open it again whenever the sam ta: pkcs11: fix eddsa key reusage EdDsa key weren't enabled to be re-used in the same session in the load_tee_key function, forcing the client to close the session and open it again whenever the same operation should have been done multiple times. Closes: https://github.com/OP-TEE/optee_os/issues/7686 Fixes: 03e07432b68f ("ta: pkcs11: Add Ed25519 support") Signed-off-by: Christian Zoia <czoia@amazon.com> Reviewed-by: Etienne Carriere <etienne.carriere@st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/plat-qcom/conf.mk /optee_os/core/arch/arm/plat-qcom/platform_config.h pkcs11/src/processing_asymm.c
1e3f36b0	20-Feb-2026	Georges Savoundararadj <savoundg@amazon.com>	ta: pkcs11: fix memory leak in close_persistent_db() close_persistent_db() is a no-op stub that never frees the db_main and db_objs structures allocated by init_persistent_db(). In normal TA operati ta: pkcs11: fix memory leak in close_persistent_db() close_persistent_db() is a no-op stub that never frees the db_main and db_objs structures allocated by init_persistent_db(). In normal TA operation this is harmless since the TEE framework reclaims all TA memory on unload, which is likely why it was left unimplemented. However, the leak becomes visible when running the TA in a host-based test environment (e.g. with AddressSanitizer) where the TEE memory reclamation does not occur. ASan reports 264 leaked allocations totalling ~24 KiB per TA lifecycle. Implement close_persistent_db() to free token->db_main and token->db_objs and NULL the pointers. Add a NULL check on the token argument for robustness. Fixes: c84ccd0a805e ("ta: pkcs11: persistent database for the pkcs11 tokens") Signed-off-by: Georges Savoundararadj <savoundg@amazon.com> Reviewed-by: Jerome Forissier <jerome.forissier@arm.com> show more ... /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/main.c /optee_os/core/drivers/imx_ocotp.c /optee_os/core/include/drivers/imx_ocotp.h /optee_os/lib/libutee/include/pta_rtc.h /optee_os/lib/libutee/include/pta_scmi_client.h /optee_os/lib/libutee/include/pta_stm32mp_bsec.h pkcs11/src/persistent_token.c
5597ed38	03-Feb-2026	Jens Wiklander <jens.wiklander@linaro.org>	ta: remoteproc: fix ELF parser Add stricter range checks for section headers in when parsing an ELF in e32_parser_find_rsc_table(). Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested- ta: remoteproc: fix ELF parser Add stricter range checks for section headers in when parsing an ELF in e32_parser_find_rsc_table(). Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@st.com> show more ... /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/cpu/cortex-a320.mk /optee_os/core/arch/arm/include/arm32.h /optee_os/core/arch/arm/include/arm32_macros.S /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/plat-corstone1000/main.c /optee_os/core/arch/arm/plat-corstone1000/platform_config.h /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/hisilicon/hisi_qm.c /optee_os/core/drivers/crypto/hisilicon/sec_cipher.h /optee_os/core/drivers/gic.c /optee_os/core/include/drivers/gic.h /optee_os/lib/libutee/tee_api_arith_mpi.c remoteproc/src/elf_parser.c
b1c2e659	03-Feb-2026	Jens Wiklander <jens.wiklander@linaro.org>	ta: avb: fix memory copied in read_persist_value() read_persist_value() allocates a temporary buffer and reads persistent value from secure storage into that buffer. Next it copies the content of th ta: avb: fix memory copied in read_persist_value() read_persist_value() allocates a temporary buffer and reads persistent value from secure storage into that buffer. Next it copies the content of the buffer into an out memref, but it copies the number of allocated bytes instead of the size of the persistent value. No unintended information leaks though, since Temporary buffer was zero-initialized by TEE_Malloc(). To avoid unnecessary copying, copy only the number of read bytes from secure storage. Fixes: ddcd07a27aa6 ("ta: avb: copy data to temporary buffers") Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@arm.com> Reviewed-by: Etienne Carriere <etienne.carriere@st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.github/workflows/notify.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/cpu/cortex-a320.mk /optee_os/core/arch/arm/cpu/cortex-a35.mk /optee_os/core/arch/arm/cpu/cortex-armv8-0.mk /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp231.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/plat-corstone1000/main.c /optee_os/core/arch/arm/plat-corstone1000/platform_config.h /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/imx-common.c /optee_os/core/arch/arm/plat-imx/imx-regs.h /optee_os/core/arch/arm/plat-imx/imx.h /optee_os/core/arch/arm/plat-imx/registers/imx943.h /optee_os/core/arch/arm/plat-imx/registers/imx95.h /optee_os/core/arch/arm/plat-k3/drivers/dthev2.c /optee_os/core/arch/arm/plat-k3/drivers/mailbox.c /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/sec_proxy.c /optee_os/core/arch/arm/plat-k3/drivers/sub.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_crypto.c /optee_os/core/arch/arm/plat-k3/drivers/ti_crypto.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_transport.h /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/main.c /optee_os/core/arch/arm/plat-qcom/conf.mk /optee_os/core/arch/arm/plat-qcom/main.c /optee_os/core/arch/arm/plat-qcom/platform_config.h /optee_os/core/arch/arm/plat-qcom/sub.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-rpi5/conf.mk /optee_os/core/arch/arm/plat-rpi5/main.c /optee_os/core/arch/arm/plat-rpi5/platform_config.h /optee_os/core/arch/arm/plat-rpi5/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-telechips/scripts/tcmktool.py /optee_os/core/arch/arm/plat-ti/main.c /optee_os/core/arch/arm/plat-zynqmp/conf.mk /optee_os/core/arch/arm/plat-zynqmp/main.c /optee_os/core/arch/arm/plat-zynqmp/platform_config.h /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/sbi_mpxy.c /optee_os/core/arch/riscv/kernel/spinlock.S /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/drivers/crypto/caam/ae/caam_ae.c /optee_os/core/drivers/crypto/ele/ele.c /optee_os/core/drivers/imx/mu/imx_mu_8ulp_9x.c /optee_os/core/drivers/imx/mu/sub.mk /optee_os/core/drivers/qcom/prng/prng.c /optee_os/core/drivers/qcom/ramblur/ramblur_pimem_v3.c /optee_os/core/drivers/qcom/sub.mk /optee_os/core/drivers/qcom_geni_uart.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/imx_mu.h /optee_os/core/include/drivers/qcom/ramblur/v3/ramblur_pimem_hwio.h /optee_os/core/include/drivers/qcom_geni_uart.h /optee_os/core/include/drivers/stm32_bsec.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/mm/mobj.h /optee_os/core/include/optee_msg.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/ldelf_loader.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/ts_manager.c /optee_os/core/kernel/user_mode_ctx.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libtomcrypt/src/pk/rsa/rsa_verify_hash.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/mobj.c /optee_os/core/mm/mobj_dyn_shm.c /optee_os/core/pta/device.c /optee_os/core/pta/rockchip/rk_secure_boot.c /optee_os/core/pta/rockchip/sub.mk /optee_os/core/pta/stm32mp/debug_access_pta.c /optee_os/core/pta/stm32mp/sub.mk /optee_os/core/pta/sub.mk /optee_os/core/tee/entry_std.c /optee_os/core/tee/fs_htree.c /optee_os/core/tee/tee_ree_fs.c /optee_os/ldelf/ftrace.c /optee_os/ldelf/ftrace.h /optee_os/ldelf/main.c /optee_os/lib/libutee/include/pta_rk_secure_boot.h /optee_os/lib/libutee/include/pta_stm32mp_debug_access.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/compiler-rt/lib/builtins/int_mulo_impl.inc /optee_os/lib/libutils/compiler-rt/lib/builtins/mulodi4.c /optee_os/lib/libutils/compiler-rt/lib/builtins/sub.mk /optee_os/lib/libutils/ext/include/compiler.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/mk/macros.mk /optee_os/scripts/ci-host-cleanup.sh /optee_os/scripts/gen_ldelf_hex.py /optee_os/scripts/notify_maintainers.py avb/entry.c
c2c23cd4	14-Oct-2025	Etienne Carriere <etienne.carriere@st.com>	ta: pkcs11: be flexible on RSA private key optional attributes Allow RSA private key to partially store the RSA private key optional attributes without facing complaints from the GP TEE API. On one ta: pkcs11: be flexible on RSA private key optional attributes Allow RSA private key to partially store the RSA private key optional attributes without facing complaints from the GP TEE API. On one hand, in the PKCS#11 specification, RSA private key attributes CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2 and CKA_COEFFICIENT are optional and the spec does not add much constraints on their presence. On the other hand, the GP TEE Internal Core API requests that these 5 optional attributes are all present or none is present at all. As a trade-off, allow PKCS#11 client to partially provide them but do not load them into the TEE object unless they are all present. Fixes: 3dc4089afde2 ("ta: pkcs11: correct RSA keys extended attributes sanitation") Closes: https://github.com/OP-TEE/optee_os/issues/5418 Closes: https://github.com/OP-TEE/optee_os/issues/7520 Signed-off-by: Etienne Carriere <etienne.carriere@st.com> show more ... pkcs11/src/processing_rsa.c
14a1a72b	15-Oct-2025	Etienne Carriere <etienne.carriere@st.com>	ta: remoteproc: clarify remoteproc_get_tlv() behavior Add an inline comment to explicitly state that TA remoteproc local function remoteproc_get_tlv() loads specific values in its output arguments w ta: remoteproc: clarify remoteproc_get_tlv() behavior Add an inline comment to explicitly state that TA remoteproc local function remoteproc_get_tlv() loads specific values in its output arguments when it returns with error code TEE_ERROR_NO_DATA. This way it is clearer that caller expect such values on such error cases. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> show more ... remoteproc/src/remoteproc_core.c
68dc1d62	17-Sep-2025	Etienne Carriere <etienne.carriere@st.com>	ta: remoteproc: clarify case empty key info is last TLV cell Clarify case when remote processor firmware key info TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed last in the TLV ta: remoteproc: clarify case empty key info is last TLV cell Clarify case when remote processor firmware key info TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed last in the TLVs memory area hence its value cell start address matches the TLV area end address. The previous implementation was fine but it looked odd the main loop does not address the case. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.github/workflows/stales.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/crypto/aes-gcm-ce.c /optee_os/core/arch/arm/dts/stm32mp21-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp23-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp231.dtsi /optee_os/core/arch/arm/dts/stm32mp233.dtsi /optee_os/core/arch/arm/dts/stm32mp235.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk.dts /optee_os/core/arch/arm/dts/stm32mp23xc.dtsi /optee_os/core/arch/arm/dts/stm32mp23xf.dtsi /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk.dts /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/plat-automotive_rd/conf.mk /optee_os/core/arch/arm/plat-automotive_rd/main.c /optee_os/core/arch/arm/plat-automotive_rd/platform_config.h /optee_os/core/arch/arm/plat-automotive_rd/rd1ae_core_pos.S /optee_os/core/arch/arm/plat-automotive_rd/sub.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/riscv/include/rpmi.h /optee_os/core/arch/riscv/include/sbi_mpxy_rpmi.h /optee_os/core/arch/riscv/kernel/sbi_mpxy_rpmi.c /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/crypto/aes-gcm.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/gpio/gpio.c /optee_os/core/drivers/regulator/regulator.c /optee_os/core/drivers/regulator/regulator_dt.c /optee_os/core/drivers/regulator/regulator_fixed.c /optee_os/core/drivers/regulator/regulator_gpio.c /optee_os/core/drivers/rockchip_otp.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/gpio.h /optee_os/core/include/drivers/regulator.h /optee_os/core/include/drivers/rockchip_otp.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/kernel/console.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/transfer_list.c /optee_os/core/mm/vm.c /optee_os/core/pta/tests/dt_driver_test.c /optee_os/core/tee/fs_htree.c /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/dhm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecjpake.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/lms.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cookie.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ticket.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crt.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_csr.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/asn1write.c /optee_os/lib/libmbedtls/mbedtls/library/base64.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/lmots.c /optee_os/lib/libmbedtls/mbedtls/library/lms.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_mac.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.h /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509_create.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/lib/libutee/user_ta_entry.c /optee_os/mk/config.mk remoteproc/src/remoteproc_core.c
07917406	05-Aug-2025	Alexandre Gonzalo <alexandre.gonzalo@arm.com>	remoteproc: fix potential overflows in TLV parsing This commit is fixing two issues: - Verify that the end of the buffer is not reached before reading the tag and value. - Verify that the entire TLV remoteproc: fix potential overflows in TLV parsing This commit is fixing two issues: - Verify that the end of the buffer is not reached before reading the tag and value. - Verify that the entire TLV fits into the TLV chunk Signed-off-by: Alexandre Gonzalo <alexandre.gonzalo@arm.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.gitignore /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk.dts /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk.dts /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/dthev2.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.h /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/sub.mk /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/include/sbi_mpxy.h /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/sbi_mpxy.c /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/drivers/clk/clk-stm32mp21.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/ffa_console.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/include/drivers/rtc.h /optee_os/core/include/kernel/asan.h /optee_os/core/kernel/asan.c /optee_os/core/kernel/boot.c /optee_os/core/kernel/panic.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/tpm.c /optee_os/core/pta/rtc.c /optee_os/core/pta/tests/misc.c /optee_os/lib/libutee/include/pta_rtc.h /optee_os/lib/libutils/isoc/arch/arm/setjmp_a32.S /optee_os/lib/libutils/isoc/arch/arm/setjmp_a64.S /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/lib/libutils/isoc/newlib/strchr.c /optee_os/lib/libutils/isoc/newlib/strcmp.c /optee_os/lib/libutils/isoc/newlib/strcpy.c /optee_os/lib/libutils/isoc/newlib/strlen.c /optee_os/mk/config.mk remoteproc/src/remoteproc_core.c
f03a2aca	09-Jul-2025	Jerome Forissier <jerome.forissier@linaro.org>	ta/link.mk: update the default TA encryption key When the TA signing key for OP-TEE was changed [1], the TA encryption key (which is a derived key) was not updated. As a result, CFG_ENCRYPT_TA=y is ta/link.mk: update the default TA encryption key When the TA signing key for OP-TEE was changed [1], the TA encryption key (which is a derived key) was not updated. As a result, CFG_ENCRYPT_TA=y is broken. Fix that by updating TA_ENC_KEY to reflect the output of tee_otp_get_ta_enc_key(). The key value is obtained by adding 'DHEXDUMP(buffer, len);' to tee_otp_get_ta_enc_key() then running any test involving loading an encrypted TA. For example: build$ make check CFG_ENCRYPT_TA=y CHECK_TESTS=xtest XTEST_ARGS=4002 build$ vi ../out/bin/serial0.log Fixes: 5d5d7d0b1c03 ("keys: increase default RSA key size to 4096 bits") [1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h link.mk
941a58d7	04-Apr-2025	Jens Wiklander <jens.wiklander@linaro.org>	Add optee.ta.instanceKeepCrashed property Add the optee.ta.instanceKeepCrashed property to prevent a TA with gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected resetting of the Add optee.ta.instanceKeepCrashed property Add the optee.ta.instanceKeepCrashed property to prevent a TA with gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected resetting of the state of the TA. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Alex Lewontin <alex.lewontin@canonical.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/dts/stm32mp21-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp213.dtsi /optee_os/core/arch/arm/dts/stm32mp215.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk.dts /optee_os/core/arch/arm/dts/stm32mp21xc.dtsi /optee_os/core/arch/arm/dts/stm32mp21xf.dtsi /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/generic_timer.c /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/drivers/stm32mp25_syscfg.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-ti/a9_plat_init.S /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/arm/sm/pm_a32.S /optee_os/core/arch/arm/tests/ffa_lsp.c /optee_os/core/arch/arm/tests/sub.mk /optee_os/core/arch/riscv/include/kernel/riscv_elf.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/core.mk /optee_os/core/crypto/signed_hdr.c /optee_os/core/drivers/amd/gpio_common.c /optee_os/core/drivers/amd/gpio_private.h /optee_os/core/drivers/amd/ps_gpio_driver.c /optee_os/core/drivers/amd/sub.mk /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/clk/clk-stm32mp21.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_ae.h /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/crypto/stm32/stm32_saes.c /optee_os/core/drivers/ffa_console.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/rstctrl/stm32mp21_rstctrl.c /optee_os/core/drivers/rstctrl/stm32mp25_rstctrl.c /optee_os/core/drivers/rstctrl/sub.mk /optee_os/core/drivers/stm32_exti.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_hpdma.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_omm.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/wdt/watchdog_sm.c /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/drivers/stm32_rtc.h /optee_os/core/include/drivers/stm32mp21_rcc.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/include/drivers/wdt.h /optee_os/core/include/dt-bindings/clock/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/clock/stm32mp21-clksrc.h /optee_os/core/include/dt-bindings/firewall/stm32mp21-rifsc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/dt-bindings/reset/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/scmi/scmi-clock.h /optee_os/core/include/dt-bindings/tamper/st,stm32-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp13-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp21-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp25-tamp.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/thread_private.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/boot.c /optee_os/core/kernel/dt.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/transfer_list.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libefi/hob.c /optee_os/core/lib/libefi/include/efi/efi_types.h /optee_os/core/lib/libefi/include/efi/hob.h /optee_os/core/lib/libefi/include/efi/hob_guid.h /optee_os/core/lib/libefi/include/efi/mmram.h /optee_os/core/lib/libefi/include/efi/mpinfo.h /optee_os/core/lib/libefi/sub.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp2.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/scmi_agent_configuration.h /optee_os/core/lib/scmi-server/include/scmi_clock_consumer.h /optee_os/core/lib/scmi-server/include/scmi_reset_consumer.h /optee_os/core/lib/scmi-server/scmi_clock_consumer.c /optee_os/core/lib/scmi-server/scmi_reset_consumer.c /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/scmi_server_scpfw.c /optee_os/core/lib/scmi-server/sub.mk /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/pta/tests/invoke.c /optee_os/core/pta/tests/misc.c /optee_os/core/pta/tests/misc.h /optee_os/core/pta/tests/sub.mk /optee_os/core/pta/tests/transfer_list.c /optee_os/core/tee/fs_htree.c /optee_os/keys/default.pem /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/SECURITY.md /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/debug.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/error.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/gcm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net_sockets.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/psa_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/threading.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_config.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_sizes.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.h /optee_os/lib/libmbedtls/mbedtls/library/bignum_core_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/ccm.c /optee_os/lib/libmbedtls/mbedtls/library/constant_time_impl.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_core.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_ecp.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_storage.h /optee_os/lib/libmbedtls/mbedtls/library/psa_util.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_server.c /optee_os/lib/libmbedtls/mbedtls/library/threading.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutee/include/pta_stats.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutils/compiler-rt/LICENSE.TXT /optee_os/lib/libutils/compiler-rt/README.txt /optee_os/lib/libutils/compiler-rt/lib/builtins/ashlti3.c /optee_os/lib/libutils/compiler-rt/lib/builtins/int_div_impl.inc /optee_os/lib/libutils/compiler-rt/lib/builtins/int_endianness.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_lib.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_types.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_util.h /optee_os/lib/libutils/compiler-rt/lib/builtins/sub.mk /optee_os/lib/libutils/compiler-rt/lib/builtins/udivmodti4.c /optee_os/lib/libutils/compiler-rt/lib/builtins/udivti3.c /optee_os/lib/libutils/compiler-rt/lib/sub.mk /optee_os/lib/libutils/compiler-rt/sub.mk /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/sub.mk /optee_os/mk/clang.mk /optee_os/mk/config.mk user_ta_header.c
0ae5ef34	03-Apr-2025	Thomas Bourgoin <thomas.bourgoin@foss.st.com>	tree wide: fix header files dependencies in linker files When linking with a generated linker script like kern.ld.S, dependencies with header file are not regenerated. Same issue as commit acdc32afe tree wide: fix header files dependencies in linker files When linking with a generated linker script like kern.ld.S, dependencies with header file are not regenerated. Same issue as commit acdc32afe18f ("mk/compile.mk: fix header dependency in .d file") Add option -MP used to fix error generated when removing header files. Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-sifive/main.c /optee_os/core/arch/riscv/plat-sifive/platform_config.h /optee_os/core/arch/riscv/plat-sifive/sub.mk /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/imx_csu.c /optee_os/core/drivers/sifive_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/sifive_uart.h /optee_os/core/include/kernel/boot.h /optee_os/ldelf/link.mk /optee_os/lib/libutee/tcb.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk link.mk
228cf40e	28-Mar-2025	Rouven Czerwinski <r.czerwinski@pengutronix.de>	tree-wide: use /usr/bin/env bash in bash scripts Some distributions don't provide bash inside of /bin, increase compatibility by using env to resolve the correct path at runtime. Fixes running the s tree-wide: use /usr/bin/env bash in bash scripts Some distributions don't provide bash inside of /bin, increase compatibility by using env to resolve the correct path at runtime. Fixes running the scripts on my NixOS systems. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/scripts/checkpatch.sh /optee_os/scripts/checkpatch_inc.sh pkcs11/scripts/dump_ec_curve_params.sh pkcs11/scripts/verify-helpers.sh
f84dc262	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Compile TA with "-fno-stack-protector" if TA stack protector is off Depends on compiler version and OS distributions, the stack protector may be enabled by default. This means TA is always compi ta: Compile TA with "-fno-stack-protector" if TA stack protector is off Depends on compiler version and OS distributions, the stack protector may be enabled by default. This means TA is always compiled with "-fstack-protector", even if _CFG_TA_STACK_PROTECTOR is not 'y'. To solve this issue, we explicitly provide "-fno-stack-protector" compile option when _CFG_TA_STACK_PROTECTOR is not 'y'. Thus, the TA stack protector is definitely disabled. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... ta.mk
ab03d590	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Export _CFG_TA_STACK_PROTECTOR _CFG_TA_STACK_PROTECTOR is config variable referenced in __ta_entry() to generate random stack canary. Thus, it needs to be exported to TA makefile. Signed-off-by ta: Export _CFG_TA_STACK_PROTECTOR _CFG_TA_STACK_PROTECTOR is config variable referenced in __ta_entry() to generate random stack canary. Thus, it needs to be exported to TA makefile. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... ta.mk
1283e108	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Pass config variables prefixed as _CFG_ from conf.mk to build flags In addition to config variables prefixed as CFG_, some other config variables are prefixed as _CFG_ and also referenced during ta: Pass config variables prefixed as _CFG_ from conf.mk to build flags In addition to config variables prefixed as CFG_, some other config variables are prefixed as _CFG_ and also referenced during TA compilation. Add _CFG_ config variables to be compiler flags. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/pta/tests/misc.c mk/ta_dev_kit.mk
886b8adb	20-Mar-2025	Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>	build: always link in-tree TAs with the -static flag Shared libraries may remain in the output directory as artifacts from previous builds, causing unintended behavior. To prevent this, in-tree TAs build: always link in-tree TAs with the -static flag Shared libraries may remain in the output directory as artifacts from previous builds, causing unintended behavior. To prevent this, in-tree TAs are now always linked using the -static flag, regardless of whether shared libraries are enabled. Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/lib/libutils/ext/ubsan.c mk/build-user-ta.mk
949b0c0c	15-Jan-2025	Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>	ta: enable ubsan support for TAs Introduce CFG_TA_SANITIZE_UNDEFINED config to sanitize trusted applications. If CFG_TA_SANITIZE_UNDEFINED is set sanitize flags are propagated to internal TAs (avb, ta: enable ubsan support for TAs Introduce CFG_TA_SANITIZE_UNDEFINED config to sanitize trusted applications. If CFG_TA_SANITIZE_UNDEFINED is set sanitize flags are propagated to internal TAs (avb, pkcs11, remoteproc, trusted_keys) and external TAs, which are built with the devkit. Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtsi /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/perf_domain.c /optee_os/core/drivers/scmi-msg/perf_domain.h /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/stm32_cpu_opp.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_cpu_opp.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/mm/page_alloc.h /optee_os/core/include/mm/phys_mem.h /optee_os/core/include/mm/tee_mm.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/page_alloc.c /optee_os/core/mm/phys_mem.c /optee_os/core/mm/sub.mk /optee_os/core/mm/tee_mm.c /optee_os/ldelf/ldelf.mk /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/ext/ubsan.c /optee_os/lib/libutils/isoc/include/malloc_flags.h /optee_os/mk/config.mk /optee_os/scripts/sign_rproc_fw.py mk/ta_dev_kit.mk ta.mk
6b1c1858	06-Mar-2025	Jens Wiklander <jens.wiklander@linaro.org>	Deprecate libgcc for TAs By default keep linking with libgcc for TAs, but add CFG_TA_LIBGCC to easily turn off linking with libgcc in configurations where it isn't needed. Signed-off-by: Jens Wikla Deprecate libgcc for TAs By default keep linking with libgcc for TAs, but add CFG_TA_LIBGCC to easily turn off linking with libgcc in configurations where it isn't needed. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp13xc.dtsi /optee_os/core/arch/arm/dts/stm32mp13xf.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcom-som.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-som.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx93.h /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/aplic_direct.c /optee_os/core/drivers/aplic_msi.c /optee_os/core/drivers/aplic_priv.c /optee_os/core/drivers/atmel_rtc.c /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/clk/sam/at91_clk.h /optee_os/core/drivers/clk/sam/clk-sam9x60-pll.c /optee_os/core/drivers/clk/sam/sama7g5_clk.c /optee_os/core/drivers/counter/stm32_stgen.c /optee_os/core/drivers/counter/sub.mk /optee_os/core/drivers/crypto/ele/crypto.mk /optee_os/core/drivers/crypto/ele/ele.c /optee_os/core/drivers/crypto/ele/include/ele.h /optee_os/core/drivers/crypto/ele/include/memutils.h /optee_os/core/drivers/crypto/ele/memutils.c /optee_os/core/drivers/crypto/ele/sub.mk /optee_os/core/drivers/crypto/stm32/common.h /optee_os/core/drivers/crypto/stm32/crypto.mk /optee_os/core/drivers/crypto/stm32/ecc.c /optee_os/core/drivers/crypto/stm32/hash.c /optee_os/core/drivers/crypto/stm32/hmac.c /optee_os/core/drivers/crypto/stm32/stm32_hash.c /optee_os/core/drivers/crypto/stm32/stm32_hash.h /optee_os/core/drivers/crypto/stm32/stm32_pka.c /optee_os/core/drivers/crypto/stm32/stm32_pka.h /optee_os/core/drivers/crypto/stm32/sub.mk /optee_os/core/drivers/crypto/sub.mk /optee_os/core/drivers/dra7_rng.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/firewall/stm32_risaf.c /optee_os/core/drivers/firewall/stm32_serc.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/imsic.c /optee_os/core/drivers/imx/mu/imx_mu.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/plic.c /optee_os/core/drivers/remoteproc/stm32_remoteproc.c /optee_os/core/drivers/rtc/rtc.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/aplic.h /optee_os/core/include/drivers/aplic_priv.h /optee_os/core/include/drivers/imsic.h /optee_os/core/include/drivers/rtc.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_serc.h /optee_os/core/include/drivers/stm32_stgen.h /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/dt-bindings/clock/stm32mp13-clksrc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/initcall.h /optee_os/core/include/kernel/abort.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/initcall.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/otp_stubs.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/transfer_list.c /optee_os/core/lib/libtomcrypt/src/modes/ctr/ctr_encrypt.c /optee_os/core/lib/scmi-server/conf-optee-fvp.mk /optee_os/core/mm/core_mmu.c /optee_os/core/mm/sub.mk /optee_os/core/pta/stats.c /optee_os/core/pta/tests/misc.c /optee_os/core/tee/tee_cryp_utl.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/ldelf/link.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libutee/include/pta_stats.h /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py link.mk link_shlib.mk ta.mk
695be9d6	20-Jan-2025	Jens Wiklander <jens.wiklander@linaro.org>	libutils: refactor the MDBG malloc functions Replace the MDBG malloc functions and macros with a new function __mdbg_alloc() handling all the memory allocations similar to mem_alloc(). The old MDBG libutils: refactor the MDBG malloc functions Replace the MDBG malloc functions and macros with a new function __mdbg_alloc() handling all the memory allocations similar to mem_alloc(). The old MDBG macros are replace by new macros calling __mdbg_alloc(). mem_alloc(), mem_alloc_unlocked(), and mem_free() are updated to handle configuration with and without MDBG, removing the all the ENABLE_MDBG ifdefs in the C file. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/sam/sama7g5_clk.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/microchip_pit.c /optee_os/core/include/drivers/atmel_rstc.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/kernel/boot.h /optee_os/core/kernel/notif_default.c /optee_os/core/kernel/ubsan.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/tee_mm.c /optee_os/core/pta/device.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutils/ext/include/util.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/include/malloc_flags.h /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py ta.mk
c385a722	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: trusted_keys: Add TA version and description property values Add meaningful values for Trusted Keys TA version and description properties to replace previously embedded default respective values ta: trusted_keys: Add TA version and description property values Add meaningful values for Trusted Keys TA version and description properties to replace previously embedded default respective values "Undefined version" and "Undefined description". Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... trusted_keys/user_ta_header_defines.h
1ed12b2e	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: avb: Add TA version and description property values Add meaningful values for AVB TA version and description properties to replace previously embedded default respective values "Undefined versio ta: avb: Add TA version and description property values Add meaningful values for AVB TA version and description properties to replace previously embedded default respective values "Undefined version" and "Undefined description". Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... avb/user_ta_header_defines.h
04e46975	16-Dec-2024	Etienne Carriere <etienne.carriere@foss.st.com>	tree-wide: use ROUNDUP_DIV() where applicable Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Je tree-wide: use ROUNDUP_DIV() where applicable Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/sp_mem.c /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-telechips/conf.mk /optee_os/core/arch/arm/plat-telechips/drivers/include/drivers/tcc_otp.h /optee_os/core/arch/arm/plat-telechips/drivers/sub.mk /optee_os/core/arch/arm/plat-telechips/drivers/tcc_otp.c /optee_os/core/arch/arm/plat-telechips/link.mk /optee_os/core/arch/arm/plat-telechips/main.c /optee_os/core/arch/arm/plat-telechips/plat_tzc.c /optee_os/core/arch/arm/plat-telechips/scripts/tcmktool.py /optee_os/core/arch/arm/plat-telechips/sub.mk /optee_os/core/arch/arm/plat-telechips/tcc805x/otprom.h /optee_os/core/arch/arm/plat-telechips/tcc805x/platform_config.h /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/crypto/hisilicon/crypto.mk /optee_os/core/drivers/crypto/hisilicon/sec_pbkdf2.c /optee_os/core/drivers/crypto/hisilicon/sec_pbkdf2.h /optee_os/core/drivers/crypto/hisilicon/sub.mk /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/openedges_omc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/openedges_omc.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/mm/fobj.c /optee_os/core/tee/tee_ree_fs.c /optee_os/core/tee/tee_rpmb_fs.c pkcs11/src/pkcs11_attributes.c pkcs11/src/processing_aes.c pkcs11/src/processing_rsa.c pkcs11/src/token_capabilities.c
5395f036	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: set TA version ID to 1.0.0 PKCS#11 TA version ID is 0.1.0 since its early integration. Let's set it 1.0.0 since it now mature enough to deserve a non-zero major version number. Signed-o ta: pkcs11: set TA version ID to 1.0.0 PKCS#11 TA version ID is 0.1.0 since its early integration. Let's set it 1.0.0 since it now mature enough to deserve a non-zero major version number. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-versal2/platform_config.h /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/sam/clk-sam9x60-pll.c /optee_os/core/drivers/crypto/caam/ae/caam_ae.c /optee_os/core/drivers/crypto/caam/ae/caam_ae_ccm.c /optee_os/core/drivers/crypto/caam/ae/caam_ae_gcm.c /optee_os/core/drivers/crypto/caam/ae/local.h /optee_os/core/drivers/crypto/caam/ae/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/caam_desc.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/include/caam_ae.h /optee_os/core/drivers/crypto/caam/include/caam_desc_ccb_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/include/caam_utils_mem.h /optee_os/core/drivers/crypto/caam/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/hisilicon/crypto.mk /optee_os/core/drivers/crypto/hisilicon/hpre_rsa.c /optee_os/core/drivers/crypto/hisilicon/hpre_rsa.h /optee_os/core/drivers/crypto/hisilicon/sub.mk /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/microchip_pit.c /optee_os/core/drivers/regulator/stm32mp13_regulator_iod.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/stm32_uart.h /optee_os/core/kernel/tee_misc.c /optee_os/core/kernel/transfer_list.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/tee_mm.c /optee_os/core/mm/vm.c /optee_os/core/pta/secstor_ta_mgmt.c /optee_os/ldelf/ta_elf.c /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/util.h pkcs11/include/pkcs11_ta.h
8cf8403b	11-Dec-2024	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509 Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration since raw RSA signature (CKM_RSA_X_509) computation and verification can be uns ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509 Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration since raw RSA signature (CKM_RSA_X_509) computation and verification can be unsafe. Target systems willing to embed its support (e.g. for some TSL v1.2 support) will need to enable it explicitly. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.devcontainer/Dockerfile.vscode /optee_os/.devcontainer/devcontainer.json /optee_os/.github/workflows/ci.yml /optee_os/.gitignore /optee_os/.vscode/extensions.json /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp15-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtsi /optee_os/core/arch/arm/dts/stm32mp25-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-rockchip/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-versal2/main.c /optee_os/core/arch/arm/plat-versal2/platform_config.h /optee_os/core/arch/arm/plat-versal2/sub.mk /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/crypto/caam/caam_rng.c /optee_os/core/drivers/crypto/caam/caam_sm.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/hal/common/hal_sm.c /optee_os/core/drivers/scmi-msg/clock_generic.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/dt-bindings/gpio/stm32mp_gpio.h /optee_os/core/include/dt-bindings/pinctrl/stm32-pinfunc.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/linker.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_memprot.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/lib/libtomcrypt/ed25519.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/pgt_cache.c /optee_os/core/mm/phys_mem.c /optee_os/core/mm/sub.mk /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ctr_drbg.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_auto_enabled.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_dependencies.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_synonyms.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_struct.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_types.h /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.h /optee_os/lib/libmbedtls/mbedtls/library/bignum_internal.h /optee_os/lib/libmbedtls/mbedtls/library/block_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/ctr_drbg.c /optee_os/lib/libmbedtls/mbedtls/library/entropy.c /optee_os/lib/libmbedtls/mbedtls/library/entropy_poll.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/lmots.c /optee_os/lib/libmbedtls/mbedtls/library/lms.c /optee_os/lib/libmbedtls/mbedtls/library/md.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/nist_kw.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/pkwrite.c /optee_os/lib/libmbedtls/mbedtls/library/platform_util.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_core.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_random_impl.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_rsa.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_rsa.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.h /optee_os/lib/libmbedtls/mbedtls/library/psa_util.c /optee_os/lib/libmbedtls/mbedtls/library/rsa.c /optee_os/lib/libmbedtls/mbedtls/library/sha256.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_cookie.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_ticket.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_generic.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_server.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/mk/clang.mk /optee_os/mk/config.mk pkcs11/sub.mk
b7abff72	06-Sep-2024	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... pkcs11/src/processing_asymm.c pkcs11/src/token_capabilities.c
12 3 4 5 6 7 8 9 10 >>...20