ta - OpenGrok history log for /optee_os/ta

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
c2c23cd4	14-Oct-2025	Etienne Carriere <etienne.carriere@st.com>	ta: pkcs11: be flexible on RSA private key optional attributes Allow RSA private key to partially store the RSA private key optional attributes without facing complaints from the GP TEE API. On one ta: pkcs11: be flexible on RSA private key optional attributes Allow RSA private key to partially store the RSA private key optional attributes without facing complaints from the GP TEE API. On one hand, in the PKCS#11 specification, RSA private key attributes CKA_PRIME_1, CKA_PRIME_2, CKA_EXPONENT_1, CKA_EXPONENT_2 and CKA_COEFFICIENT are optional and the spec does not add much constraints on their presence. On the other hand, the GP TEE Internal Core API requests that these 5 optional attributes are all present or none is present at all. As a trade-off, allow PKCS#11 client to partially provide them but do not load them into the TEE object unless they are all present. Fixes: 3dc4089afde2 ("ta: pkcs11: correct RSA keys extended attributes sanitation") Closes: https://github.com/OP-TEE/optee_os/issues/5418 Closes: https://github.com/OP-TEE/optee_os/issues/7520 Signed-off-by: Etienne Carriere <etienne.carriere@st.com> show more ... pkcs11/src/processing_rsa.c
14a1a72b	15-Oct-2025	Etienne Carriere <etienne.carriere@st.com>	ta: remoteproc: clarify remoteproc_get_tlv() behavior Add an inline comment to explicitly state that TA remoteproc local function remoteproc_get_tlv() loads specific values in its output arguments w ta: remoteproc: clarify remoteproc_get_tlv() behavior Add an inline comment to explicitly state that TA remoteproc local function remoteproc_get_tlv() loads specific values in its output arguments when it returns with error code TEE_ERROR_NO_DATA. This way it is clearer that caller expect such values on such error cases. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> show more ... remoteproc/src/remoteproc_core.c
68dc1d62	17-Sep-2025	Etienne Carriere <etienne.carriere@st.com>	ta: remoteproc: clarify case empty key info is last TLV cell Clarify case when remote processor firmware key info TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed last in the TLV ta: remoteproc: clarify case empty key info is last TLV cell Clarify case when remote processor firmware key info TLV RPROC_TLV_PKEYINFO is present but empty (size = 0) and is placed last in the TLVs memory area hence its value cell start address matches the TLV area end address. The previous implementation was fine but it looked odd the main loop does not address the case. Signed-off-by: Etienne Carriere <etienne.carriere@st.com> Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.github/workflows/stales.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/crypto/aes-gcm-ce.c /optee_os/core/arch/arm/dts/stm32mp21-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp23-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp231.dtsi /optee_os/core/arch/arm/dts/stm32mp233.dtsi /optee_os/core/arch/arm/dts/stm32mp235.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp235f-dk.dts /optee_os/core/arch/arm/dts/stm32mp23xc.dtsi /optee_os/core/arch/arm/dts/stm32mp23xf.dtsi /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk.dts /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/plat-automotive_rd/conf.mk /optee_os/core/arch/arm/plat-automotive_rd/main.c /optee_os/core/arch/arm/plat-automotive_rd/platform_config.h /optee_os/core/arch/arm/plat-automotive_rd/rd1ae_core_pos.S /optee_os/core/arch/arm/plat-automotive_rd/sub.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/riscv/include/rpmi.h /optee_os/core/arch/riscv/include/sbi_mpxy_rpmi.h /optee_os/core/arch/riscv/kernel/sbi_mpxy_rpmi.c /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/crypto/aes-gcm.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/gpio/gpio.c /optee_os/core/drivers/regulator/regulator.c /optee_os/core/drivers/regulator/regulator_dt.c /optee_os/core/drivers/regulator/regulator_fixed.c /optee_os/core/drivers/regulator/regulator_gpio.c /optee_os/core/drivers/rockchip_otp.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/gpio.h /optee_os/core/include/drivers/regulator.h /optee_os/core/include/drivers/rockchip_otp.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/kernel/console.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/transfer_list.c /optee_os/core/mm/vm.c /optee_os/core/pta/tests/dt_driver_test.c /optee_os/core/tee/fs_htree.c /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/dhm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecjpake.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/lms.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/platform_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/rsa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_cookie.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl_ticket.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_crt.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/x509_csr.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/asn1write.c /optee_os/lib/libmbedtls/mbedtls/library/base64.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.c /optee_os/lib/libmbedtls/mbedtls/library/cipher_wrap.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/lmots.c /optee_os/lib/libmbedtls/mbedtls/library/lms.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_mac.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_keys.h /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509_create.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/lib/libutee/user_ta_entry.c /optee_os/mk/config.mk remoteproc/src/remoteproc_core.c
07917406	05-Aug-2025	Alexandre Gonzalo <alexandre.gonzalo@arm.com>	remoteproc: fix potential overflows in TLV parsing This commit is fixing two issues: - Verify that the end of the buffer is not reached before reading the tag and value. - Verify that the entire TLV remoteproc: fix potential overflows in TLV parsing This commit is fixing two issues: - Verify that the end of the buffer is not reached before reading the tag and value. - Verify that the entire TLV fits into the TLV chunk Signed-off-by: Alexandre Gonzalo <alexandre.gonzalo@arm.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/.gitignore /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk.dts /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-dk.dts /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/dthev2.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.c /optee_os/core/arch/arm/plat-k3/drivers/eip76d_trng.h /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/sub.mk /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-marvell/conf.mk /optee_os/core/arch/arm/plat-marvell/platform_config.h /optee_os/core/arch/arm/plat-marvell/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/include/sbi_mpxy.h /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/sbi_mpxy.c /optee_os/core/arch/riscv/kernel/sub.mk /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/drivers/clk/clk-stm32mp21.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/ffa_console.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/include/drivers/rtc.h /optee_os/core/include/kernel/asan.h /optee_os/core/kernel/asan.c /optee_os/core/kernel/boot.c /optee_os/core/kernel/panic.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/tpm.c /optee_os/core/pta/rtc.c /optee_os/core/pta/tests/misc.c /optee_os/lib/libutee/include/pta_rtc.h /optee_os/lib/libutils/isoc/arch/arm/setjmp_a32.S /optee_os/lib/libutils/isoc/arch/arm/setjmp_a64.S /optee_os/lib/libutils/isoc/arch/riscv/setjmp_rv.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/setjmp.h /optee_os/lib/libutils/isoc/newlib/strchr.c /optee_os/lib/libutils/isoc/newlib/strcmp.c /optee_os/lib/libutils/isoc/newlib/strcpy.c /optee_os/lib/libutils/isoc/newlib/strlen.c /optee_os/mk/config.mk remoteproc/src/remoteproc_core.c
f03a2aca	09-Jul-2025	Jerome Forissier <jerome.forissier@linaro.org>	ta/link.mk: update the default TA encryption key When the TA signing key for OP-TEE was changed [1], the TA encryption key (which is a derived key) was not updated. As a result, CFG_ENCRYPT_TA=y is ta/link.mk: update the default TA encryption key When the TA signing key for OP-TEE was changed [1], the TA encryption key (which is a derived key) was not updated. As a result, CFG_ENCRYPT_TA=y is broken. Fix that by updating TA_ENC_KEY to reflect the output of tee_otp_get_ta_enc_key(). The key value is obtained by adding 'DHEXDUMP(buffer, len);' to tee_otp_get_ta_enc_key() then running any test involving loading an encrypted TA. For example: build$ make check CFG_ENCRYPT_TA=y CHECK_TESTS=xtest XTEST_ARGS=4002 build$ vi ../out/bin/serial0.log Fixes: 5d5d7d0b1c03 ("keys: increase default RSA key size to 4096 bits") [1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h link.mk
941a58d7	04-Apr-2025	Jens Wiklander <jens.wiklander@linaro.org>	Add optee.ta.instanceKeepCrashed property Add the optee.ta.instanceKeepCrashed property to prevent a TA with gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected resetting of the Add optee.ta.instanceKeepCrashed property Add the optee.ta.instanceKeepCrashed property to prevent a TA with gpd.ta.instanceKeepAlive=true to be restarted. This prevents unexpected resetting of the state of the TA. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Alex Lewontin <alex.lewontin@canonical.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/MAINTAINERS /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/dts/stm32mp21-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp211.dtsi /optee_os/core/arch/arm/dts/stm32mp213.dtsi /optee_os/core/arch/arm/dts/stm32mp215.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp215f-dk.dts /optee_os/core/arch/arm/dts/stm32mp21xc.dtsi /optee_os/core/arch/arm/dts/stm32mp21xf.dtsi /optee_os/core/arch/arm/dts/stm32mp25-st-scmi-cfg.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/generic_timer.c /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/sa2ul.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.h /optee_os/core/arch/arm/plat-k3/drivers/ti_sci_protocol.h /optee_os/core/arch/arm/plat-k3/platform_config.h /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/drivers/stm32mp25_syscfg.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-ti/a9_plat_init.S /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-vexpress/main.c /optee_os/core/arch/arm/plat-vexpress/platform_config.h /optee_os/core/arch/arm/sm/pm_a32.S /optee_os/core/arch/arm/tests/ffa_lsp.c /optee_os/core/arch/arm/tests/sub.mk /optee_os/core/arch/riscv/include/kernel/riscv_elf.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/core.mk /optee_os/core/crypto/signed_hdr.c /optee_os/core/drivers/amd/gpio_common.c /optee_os/core/drivers/amd/gpio_private.h /optee_os/core/drivers/amd/ps_gpio_driver.c /optee_os/core/drivers/amd/sub.mk /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/clk/clk-stm32mp21.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_ae.h /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/crypto/stm32/stm32_saes.c /optee_os/core/drivers/ffa_console.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/rstctrl/stm32mp21_rstctrl.c /optee_os/core/drivers/rstctrl/stm32mp25_rstctrl.c /optee_os/core/drivers/rstctrl/sub.mk /optee_os/core/drivers/stm32_exti.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_hpdma.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_omm.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/sub.mk /optee_os/core/drivers/wdt/watchdog_sm.c /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/drivers/stm32_rtc.h /optee_os/core/include/drivers/stm32mp21_rcc.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/include/drivers/wdt.h /optee_os/core/include/dt-bindings/clock/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/clock/stm32mp21-clksrc.h /optee_os/core/include/dt-bindings/firewall/stm32mp21-rifsc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/dt-bindings/reset/st,stm32mp21-rcc.h /optee_os/core/include/dt-bindings/scmi/scmi-clock.h /optee_os/core/include/dt-bindings/tamper/st,stm32-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp13-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp21-tamp.h /optee_os/core/include/dt-bindings/tamper/st,stm32mp25-tamp.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/dt_driver.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/kernel/thread_private.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/boot.c /optee_os/core/kernel/dt.c /optee_os/core/kernel/dt_driver.c /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/tee_ta_manager.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/transfer_list.c /optee_os/core/kernel/user_ta.c /optee_os/core/lib/libefi/hob.c /optee_os/core/lib/libefi/include/efi/efi_types.h /optee_os/core/lib/libefi/include/efi/hob.h /optee_os/core/lib/libefi/include/efi/hob_guid.h /optee_os/core/lib/libefi/include/efi/mmram.h /optee_os/core/lib/libefi/include/efi/mpinfo.h /optee_os/core/lib/libefi/sub.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp1.mk /optee_os/core/lib/scmi-server/conf-optee-stm32mp2.mk /optee_os/core/lib/scmi-server/conf.mk /optee_os/core/lib/scmi-server/include/scmi_agent_configuration.h /optee_os/core/lib/scmi-server/include/scmi_clock_consumer.h /optee_os/core/lib/scmi-server/include/scmi_reset_consumer.h /optee_os/core/lib/scmi-server/scmi_clock_consumer.c /optee_os/core/lib/scmi-server/scmi_reset_consumer.c /optee_os/core/lib/scmi-server/scmi_server.c /optee_os/core/lib/scmi-server/scmi_server_scpfw.c /optee_os/core/lib/scmi-server/sub.mk /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/pta/tests/invoke.c /optee_os/core/pta/tests/misc.c /optee_os/core/pta/tests/misc.h /optee_os/core/pta/tests/sub.mk /optee_os/core/pta/tests/transfer_list.c /optee_os/core/tee/fs_htree.c /optee_os/keys/default.pem /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/SECURITY.md /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/debug.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/entropy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/error.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/gcm.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/net_sockets.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/psa_util.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/threading.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_config.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_sizes.h /optee_os/lib/libmbedtls/mbedtls/library/aesni.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.h /optee_os/lib/libmbedtls/mbedtls/library/bignum_core_invasive.h /optee_os/lib/libmbedtls/mbedtls/library/ccm.c /optee_os/lib/libmbedtls/mbedtls/library/constant_time_impl.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_core.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_ecp.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_storage.h /optee_os/lib/libmbedtls/mbedtls/library/psa_util.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_server.c /optee_os/lib/libmbedtls/mbedtls/library/threading.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libutee/include/pta_invoke_tests.h /optee_os/lib/libutee/include/pta_stats.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutils/compiler-rt/LICENSE.TXT /optee_os/lib/libutils/compiler-rt/README.txt /optee_os/lib/libutils/compiler-rt/lib/builtins/ashlti3.c /optee_os/lib/libutils/compiler-rt/lib/builtins/int_div_impl.inc /optee_os/lib/libutils/compiler-rt/lib/builtins/int_endianness.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_lib.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_types.h /optee_os/lib/libutils/compiler-rt/lib/builtins/int_util.h /optee_os/lib/libutils/compiler-rt/lib/builtins/sub.mk /optee_os/lib/libutils/compiler-rt/lib/builtins/udivmodti4.c /optee_os/lib/libutils/compiler-rt/lib/builtins/udivti3.c /optee_os/lib/libutils/compiler-rt/lib/sub.mk /optee_os/lib/libutils/compiler-rt/sub.mk /optee_os/lib/libutils/ext/ftrace/ftrace.c /optee_os/lib/libutils/isoc/bget.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/sub.mk /optee_os/mk/clang.mk /optee_os/mk/config.mk user_ta_header.c
0ae5ef34	03-Apr-2025	Thomas Bourgoin <thomas.bourgoin@foss.st.com>	tree wide: fix header files dependencies in linker files When linking with a generated linker script like kern.ld.S, dependencies with header file are not regenerated. Same issue as commit acdc32afe tree wide: fix header files dependencies in linker files When linking with a generated linker script like kern.ld.S, dependencies with header file are not regenerated. Same issue as commit acdc32afe18f ("mk/compile.mk: fix header dependency in .d file") Add option -MP used to fix error generated when removing header files. Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/riscv/include/kernel/misc_arch.h /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/include/sbi.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/kernel/link.mk /optee_os/core/arch/riscv/kernel/sbi.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-sifive/conf.mk /optee_os/core/arch/riscv/plat-sifive/main.c /optee_os/core/arch/riscv/plat-sifive/platform_config.h /optee_os/core/arch/riscv/plat-sifive/sub.mk /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/imx_csu.c /optee_os/core/drivers/sifive_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/sifive_uart.h /optee_os/core/include/kernel/boot.h /optee_os/ldelf/link.mk /optee_os/lib/libutee/tcb.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk link.mk
228cf40e	28-Mar-2025	Rouven Czerwinski <r.czerwinski@pengutronix.de>	tree-wide: use /usr/bin/env bash in bash scripts Some distributions don't provide bash inside of /bin, increase compatibility by using env to resolve the correct path at runtime. Fixes running the s tree-wide: use /usr/bin/env bash in bash scripts Some distributions don't provide bash inside of /bin, increase compatibility by using env to resolve the correct path at runtime. Fixes running the scripts on my NixOS systems. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/scripts/checkpatch.sh /optee_os/scripts/checkpatch_inc.sh pkcs11/scripts/dump_ec_curve_params.sh pkcs11/scripts/verify-helpers.sh
f84dc262	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Compile TA with "-fno-stack-protector" if TA stack protector is off Depends on compiler version and OS distributions, the stack protector may be enabled by default. This means TA is always compi ta: Compile TA with "-fno-stack-protector" if TA stack protector is off Depends on compiler version and OS distributions, the stack protector may be enabled by default. This means TA is always compiled with "-fstack-protector", even if _CFG_TA_STACK_PROTECTOR is not 'y'. To solve this issue, we explicitly provide "-fno-stack-protector" compile option when _CFG_TA_STACK_PROTECTOR is not 'y'. Thus, the TA stack protector is definitely disabled. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... ta.mk
ab03d590	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Export _CFG_TA_STACK_PROTECTOR _CFG_TA_STACK_PROTECTOR is config variable referenced in __ta_entry() to generate random stack canary. Thus, it needs to be exported to TA makefile. Signed-off-by ta: Export _CFG_TA_STACK_PROTECTOR _CFG_TA_STACK_PROTECTOR is config variable referenced in __ta_entry() to generate random stack canary. Thus, it needs to be exported to TA makefile. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... ta.mk
1283e108	27-Mar-2025	Alvin Chang <alvinga@andestech.com>	ta: Pass config variables prefixed as _CFG_ from conf.mk to build flags In addition to config variables prefixed as CFG_, some other config variables are prefixed as _CFG_ and also referenced during ta: Pass config variables prefixed as _CFG_ from conf.mk to build flags In addition to config variables prefixed as CFG_, some other config variables are prefixed as _CFG_ and also referenced during TA compilation. Add _CFG_ config variables to be compiler flags. Signed-off-by: Alvin Chang <alvinga@andestech.com> Reviewed-by: Yu-Chien Peter Lin <peter.lin@sifive.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/pta/tests/misc.c mk/ta_dev_kit.mk
886b8adb	20-Mar-2025	Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>	build: always link in-tree TAs with the -static flag Shared libraries may remain in the output directory as artifacts from previous builds, causing unintended behavior. To prevent this, in-tree TAs build: always link in-tree TAs with the -static flag Shared libraries may remain in the output directory as artifacts from previous builds, causing unintended behavior. To prevent this, in-tree TAs are now always linked using the -static flag, regardless of whether shared libraries are enabled. Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/lib/libutils/ext/ubsan.c mk/build-user-ta.mk
949b0c0c	15-Jan-2025	Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de>	ta: enable ubsan support for TAs Introduce CFG_TA_SANITIZE_UNDEFINED config to sanitize trusted applications. If CFG_TA_SANITIZE_UNDEFINED is set sanitize flags are propagated to internal TAs (avb, ta: enable ubsan support for TAs Introduce CFG_TA_SANITIZE_UNDEFINED config to sanitize trusted applications. If CFG_TA_SANITIZE_UNDEFINED is set sanitize flags are propagated to internal TAs (avb, pkcs11, remoteproc, trusted_keys) and external TAs, which are built with the devkit. Signed-off-by: Aleksandr Iashchenko <aleksandr.iashchenko@linutronix.de> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/arm.mk /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtsi /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pwr.h /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_syscfg.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/riscv/plat-spike/conf.mk /optee_os/core/arch/riscv/riscv.mk /optee_os/core/drivers/scmi-msg/entry.c /optee_os/core/drivers/scmi-msg/perf_domain.c /optee_os/core/drivers/scmi-msg/perf_domain.h /optee_os/core/drivers/scmi-msg/sub.mk /optee_os/core/drivers/stm32_cpu_opp.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/scmi-msg.h /optee_os/core/include/drivers/stm32_cpu_opp.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/mm/page_alloc.h /optee_os/core/include/mm/phys_mem.h /optee_os/core/include/mm/tee_mm.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/thread.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/page_alloc.c /optee_os/core/mm/phys_mem.c /optee_os/core/mm/sub.mk /optee_os/core/mm/tee_mm.c /optee_os/ldelf/ldelf.mk /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutils/ext/sub.mk /optee_os/lib/libutils/ext/ubsan.c /optee_os/lib/libutils/isoc/include/malloc_flags.h /optee_os/mk/config.mk /optee_os/scripts/sign_rproc_fw.py mk/ta_dev_kit.mk ta.mk
6b1c1858	06-Mar-2025	Jens Wiklander <jens.wiklander@linaro.org>	Deprecate libgcc for TAs By default keep linking with libgcc for TAs, but add CFG_TA_LIBGCC to easily turn off linking with libgcc in configurations where it isn't needed. Signed-off-by: Jens Wikla Deprecate libgcc for TAs By default keep linking with libgcc for TAs, but add CFG_TA_LIBGCC to easily turn off linking with libgcc in configurations where it isn't needed. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp13xc.dtsi /optee_os/core/arch/arm/dts/stm32mp13xf.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcom-som.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-som.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/link.mk /optee_os/core/arch/arm/kernel/link_dummies_paged.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_a64.S /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx93.h /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-k3/main.c /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/entry.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/arch/riscv/plat-virt/main.c /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/aplic_direct.c /optee_os/core/drivers/aplic_msi.c /optee_os/core/drivers/aplic_priv.c /optee_os/core/drivers/atmel_rtc.c /optee_os/core/drivers/atmel_saic.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/clk/sam/at91_clk.h /optee_os/core/drivers/clk/sam/clk-sam9x60-pll.c /optee_os/core/drivers/clk/sam/sama7g5_clk.c /optee_os/core/drivers/counter/stm32_stgen.c /optee_os/core/drivers/counter/sub.mk /optee_os/core/drivers/crypto/ele/crypto.mk /optee_os/core/drivers/crypto/ele/ele.c /optee_os/core/drivers/crypto/ele/include/ele.h /optee_os/core/drivers/crypto/ele/include/memutils.h /optee_os/core/drivers/crypto/ele/memutils.c /optee_os/core/drivers/crypto/ele/sub.mk /optee_os/core/drivers/crypto/stm32/common.h /optee_os/core/drivers/crypto/stm32/crypto.mk /optee_os/core/drivers/crypto/stm32/ecc.c /optee_os/core/drivers/crypto/stm32/hash.c /optee_os/core/drivers/crypto/stm32/hmac.c /optee_os/core/drivers/crypto/stm32/stm32_hash.c /optee_os/core/drivers/crypto/stm32/stm32_hash.h /optee_os/core/drivers/crypto/stm32/stm32_pka.c /optee_os/core/drivers/crypto/stm32/stm32_pka.h /optee_os/core/drivers/crypto/stm32/sub.mk /optee_os/core/drivers/crypto/sub.mk /optee_os/core/drivers/dra7_rng.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/firewall/stm32_risaf.c /optee_os/core/drivers/firewall/stm32_serc.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/hfic.c /optee_os/core/drivers/imsic.c /optee_os/core/drivers/imx/mu/imx_mu.c /optee_os/core/drivers/imx_rngb.c /optee_os/core/drivers/plic.c /optee_os/core/drivers/remoteproc/stm32_remoteproc.c /optee_os/core/drivers/rtc/rtc.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_rtc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/aplic.h /optee_os/core/include/drivers/aplic_priv.h /optee_os/core/include/drivers/imsic.h /optee_os/core/include/drivers/rtc.h /optee_os/core/include/drivers/stm32_i2c.h /optee_os/core/include/drivers/stm32_serc.h /optee_os/core/include/drivers/stm32_stgen.h /optee_os/core/include/dt-bindings/clock/at91.h /optee_os/core/include/dt-bindings/clock/stm32mp13-clksrc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/initcall.h /optee_os/core/include/kernel/abort.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/interrupt.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/kernel/dt.c /optee_os/core/kernel/initcall.c /optee_os/core/kernel/interrupt.c /optee_os/core/kernel/otp_stubs.c /optee_os/core/kernel/thread.c /optee_os/core/kernel/transfer_list.c /optee_os/core/lib/libtomcrypt/src/modes/ctr/ctr_encrypt.c /optee_os/core/lib/scmi-server/conf-optee-fvp.mk /optee_os/core/mm/core_mmu.c /optee_os/core/mm/sub.mk /optee_os/core/pta/stats.c /optee_os/core/pta/tests/misc.c /optee_os/core/tee/tee_cryp_utl.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/ldelf/link.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libutee/include/pta_stats.h /optee_os/lib/libutils/ext/include/asm.S /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py link.mk link_shlib.mk ta.mk
695be9d6	20-Jan-2025	Jens Wiklander <jens.wiklander@linaro.org>	libutils: refactor the MDBG malloc functions Replace the MDBG malloc functions and macros with a new function __mdbg_alloc() handling all the memory allocations similar to mem_alloc(). The old MDBG libutils: refactor the MDBG malloc functions Replace the MDBG malloc functions and macros with a new function __mdbg_alloc() handling all the memory allocations similar to mem_alloc(). The old MDBG macros are replace by new macros calling __mdbg_alloc(). mem_alloc(), mem_alloc_unlocked(), and mem_free() are updated to handle configuration with and without MDBG, removing the all the ENABLE_MDBG ifdefs in the C file. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread_arch.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/kernel/asm-defines.c /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_lpae.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-sam/scmi_server.c /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/drivers/atmel_rstc.c /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/sam/sama7g5_clk.c /optee_os/core/drivers/gic.c /optee_os/core/drivers/microchip_pit.c /optee_os/core/include/drivers/atmel_rstc.h /optee_os/core/include/drivers/gic.h /optee_os/core/include/kernel/boot.h /optee_os/core/kernel/notif_default.c /optee_os/core/kernel/ubsan.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/tee_mm.c /optee_os/core/pta/device.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutils/ext/include/util.h /optee_os/lib/libutils/isoc/bget_malloc.c /optee_os/lib/libutils/isoc/include/malloc.h /optee_os/lib/libutils/isoc/include/malloc_flags.h /optee_os/mk/config.mk /optee_os/scripts/sign_encrypt.py ta.mk
c385a722	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: trusted_keys: Add TA version and description property values Add meaningful values for Trusted Keys TA version and description properties to replace previously embedded default respective values ta: trusted_keys: Add TA version and description property values Add meaningful values for Trusted Keys TA version and description properties to replace previously embedded default respective values "Undefined version" and "Undefined description". Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... trusted_keys/user_ta_header_defines.h
1ed12b2e	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: avb: Add TA version and description property values Add meaningful values for AVB TA version and description properties to replace previously embedded default respective values "Undefined versio ta: avb: Add TA version and description property values Add meaningful values for AVB TA version and description properties to replace previously embedded default respective values "Undefined version" and "Undefined description". Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... avb/user_ta_header_defines.h
04e46975	16-Dec-2024	Etienne Carriere <etienne.carriere@foss.st.com>	tree-wide: use ROUNDUP_DIV() where applicable Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Je tree-wide: use ROUNDUP_DIV() where applicable Use ROUNDUP_DIV() instead of ROUNDUP(..., size) / size where applicable. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/mm/mobj_ffa.c /optee_os/core/arch/arm/mm/sp_mem.c /optee_os/core/arch/arm/plat-d06/conf.mk /optee_os/core/arch/arm/plat-telechips/conf.mk /optee_os/core/arch/arm/plat-telechips/drivers/include/drivers/tcc_otp.h /optee_os/core/arch/arm/plat-telechips/drivers/sub.mk /optee_os/core/arch/arm/plat-telechips/drivers/tcc_otp.c /optee_os/core/arch/arm/plat-telechips/link.mk /optee_os/core/arch/arm/plat-telechips/main.c /optee_os/core/arch/arm/plat-telechips/plat_tzc.c /optee_os/core/arch/arm/plat-telechips/scripts/tcmktool.py /optee_os/core/arch/arm/plat-telechips/sub.mk /optee_os/core/arch/arm/plat-telechips/tcc805x/otprom.h /optee_os/core/arch/arm/plat-telechips/tcc805x/platform_config.h /optee_os/core/drivers/crypto/crypto_api/acipher/rsassa.c /optee_os/core/drivers/crypto/hisilicon/crypto.mk /optee_os/core/drivers/crypto/hisilicon/sec_pbkdf2.c /optee_os/core/drivers/crypto/hisilicon/sec_pbkdf2.h /optee_os/core/drivers/crypto/hisilicon/sub.mk /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/openedges_omc.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/openedges_omc.h /optee_os/core/kernel/ldelf_loader.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/mm/fobj.c /optee_os/core/tee/tee_ree_fs.c /optee_os/core/tee/tee_rpmb_fs.c pkcs11/src/pkcs11_attributes.c pkcs11/src/processing_aes.c pkcs11/src/processing_rsa.c pkcs11/src/token_capabilities.c
5395f036	06-Jan-2025	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: set TA version ID to 1.0.0 PKCS#11 TA version ID is 0.1.0 since its early integration. Let's set it 1.0.0 since it now mature enough to deserve a non-zero major version number. Signed-o ta: pkcs11: set TA version ID to 1.0.0 PKCS#11 TA version ID is 0.1.0 since its early integration. Let's set it 1.0.0 since it now mature enough to deserve a non-zero major version number. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/plat-sam/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp1/sub.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-versal2/platform_config.h /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/sam/clk-sam9x60-pll.c /optee_os/core/drivers/crypto/caam/ae/caam_ae.c /optee_os/core/drivers/crypto/caam/ae/caam_ae_ccm.c /optee_os/core/drivers/crypto/caam/ae/caam_ae_gcm.c /optee_os/core/drivers/crypto/caam/ae/local.h /optee_os/core/drivers/crypto/caam/ae/sub.mk /optee_os/core/drivers/crypto/caam/caam_ctrl.c /optee_os/core/drivers/crypto/caam/caam_desc.c /optee_os/core/drivers/crypto/caam/cipher/caam_cipher.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/include/caam_ae.h /optee_os/core/drivers/crypto/caam/include/caam_desc_ccb_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_desc_helper.h /optee_os/core/drivers/crypto/caam/include/caam_trace.h /optee_os/core/drivers/crypto/caam/include/caam_utils_mem.h /optee_os/core/drivers/crypto/caam/sub.mk /optee_os/core/drivers/crypto/caam/utils/utils_dmaobj.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/hisilicon/crypto.mk /optee_os/core/drivers/crypto/hisilicon/hpre_rsa.c /optee_os/core/drivers/crypto/hisilicon/hpre_rsa.h /optee_os/core/drivers/crypto/hisilicon/sub.mk /optee_os/core/drivers/crypto/stm32/stm32_cryp.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/microchip_pit.c /optee_os/core/drivers/regulator/stm32mp13_regulator_iod.c /optee_os/core/drivers/stm32_iwdg.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/stm32_uart.h /optee_os/core/kernel/tee_misc.c /optee_os/core/kernel/transfer_list.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/tee_mm.c /optee_os/core/mm/vm.c /optee_os/core/pta/secstor_ta_mgmt.c /optee_os/ldelf/ta_elf.c /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutils/ext/include/util.h pkcs11/include/pkcs11_ta.h
8cf8403b	11-Dec-2024	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509 Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration since raw RSA signature (CKM_RSA_X_509) computation and verification can be uns ta: pkcs11: default disable CFG_PKCS11_TA_RSA_X_509 Disable CFG_PKCS11_TA_RSA_X_509 in pkcs11 TA default configuration since raw RSA signature (CKM_RSA_X_509) computation and verification can be unsafe. Target systems willing to embed its support (e.g. for some TSL v1.2 support) will need to enable it explicitly. Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.devcontainer/Dockerfile.vscode /optee_os/.devcontainer/devcontainer.json /optee_os/.github/workflows/ci.yml /optee_os/.gitignore /optee_os/.vscode/extensions.json /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/stm32mp13-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp15-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-avenger96.dtsi /optee_os/core/arch/arm/dts/stm32mp25-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/include/kernel/thread_private_arch.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/entry_a32.S /optee_os/core/arch/arm/kernel/entry_a64.S /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-k3/drivers/ti_sci.c /optee_os/core/arch/arm/plat-rockchip/conf.mk /optee_os/core/arch/arm/plat-rockchip/main.c /optee_os/core/arch/arm/plat-rockchip/platform_config.h /optee_os/core/arch/arm/plat-rockchip/platform_rk3588.c /optee_os/core/arch/arm/plat-rockchip/sub.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-versal2/conf.mk /optee_os/core/arch/arm/plat-versal2/main.c /optee_os/core/arch/arm/plat-versal2/platform_config.h /optee_os/core/arch/arm/plat-versal2/sub.mk /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/kern.ld.S /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/crypto/caam/caam_rng.c /optee_os/core/drivers/crypto/caam/caam_sm.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/hal/common/hal_sm.c /optee_os/core/drivers/scmi-msg/clock_generic.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_i2c.c /optee_os/core/drivers/stm32_tamp.c /optee_os/core/drivers/stm32_uart.c /optee_os/core/include/drivers/stm32_gpio.h /optee_os/core/include/dt-bindings/gpio/stm32mp_gpio.h /optee_os/core/include/dt-bindings/pinctrl/stm32-pinfunc.h /optee_os/core/include/kernel/boot.h /optee_os/core/include/kernel/linker.h /optee_os/core/include/kernel/virtualization.h /optee_os/core/include/mm/core_memprot.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/lib/libtomcrypt/ed25519.c /optee_os/core/mm/boot_mem.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/fobj.c /optee_os/core/mm/mobj.c /optee_os/core/mm/pgt_cache.c /optee_os/core/mm/phys_mem.c /optee_os/core/mm/sub.mk /optee_os/lib/libmbedtls/mbedtls/ChangeLog /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/bignum.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/build_info.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/check_config.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_ssl.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_x509.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/config_psa.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ctr_drbg.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/pk.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ssl.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_auto_enabled.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_dependencies.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_synonyms.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_extra.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_struct.h /optee_os/lib/libmbedtls/mbedtls/include/psa/crypto_types.h /optee_os/lib/libmbedtls/mbedtls/library/bignum.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.c /optee_os/lib/libmbedtls/mbedtls/library/bignum_core.h /optee_os/lib/libmbedtls/mbedtls/library/bignum_internal.h /optee_os/lib/libmbedtls/mbedtls/library/block_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/cipher.c /optee_os/lib/libmbedtls/mbedtls/library/common.h /optee_os/lib/libmbedtls/mbedtls/library/ctr_drbg.c /optee_os/lib/libmbedtls/mbedtls/library/entropy.c /optee_os/lib/libmbedtls/mbedtls/library/entropy_poll.c /optee_os/lib/libmbedtls/mbedtls/library/error.c /optee_os/lib/libmbedtls/mbedtls/library/lmots.c /optee_os/lib/libmbedtls/mbedtls/library/lms.c /optee_os/lib/libmbedtls/mbedtls/library/md.c /optee_os/lib/libmbedtls/mbedtls/library/net_sockets.c /optee_os/lib/libmbedtls/mbedtls/library/nist_kw.c /optee_os/lib/libmbedtls/mbedtls/library/pem.c /optee_os/lib/libmbedtls/mbedtls/library/pk.c /optee_os/lib/libmbedtls/mbedtls/library/pkwrite.c /optee_os/lib/libmbedtls/mbedtls/library/platform_util.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_core.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_random_impl.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_rsa.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_rsa.h /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c /optee_os/lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.h /optee_os/lib/libmbedtls/mbedtls/library/psa_util.c /optee_os/lib/libmbedtls/mbedtls/library/rsa.c /optee_os/lib/libmbedtls/mbedtls/library/sha256.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_cookie.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_misc.h /optee_os/lib/libmbedtls/mbedtls/library/ssl_msg.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_ticket.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls12_server.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_client.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_generic.c /optee_os/lib/libmbedtls/mbedtls/library/ssl_tls13_server.c /optee_os/lib/libmbedtls/mbedtls/library/version_features.c /optee_os/lib/libmbedtls/mbedtls/library/x509_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_crt.c /optee_os/lib/libmbedtls/mbedtls/library/x509write_csr.c /optee_os/mk/clang.mk /optee_os/mk/config.mk pkcs11/sub.mk
b7abff72	06-Sep-2024	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... pkcs11/src/processing_asymm.c pkcs11/src/token_capabilities.c
e02f17f3	24-Jul-2024	Alexandre Marechal <alexandre.marechal@st.com>	ta: pkcs11: add CKM_RSA_X_509 authentication Add support for CKM_RSA_X_509 mechanism for sing/verify operations. Sign and verify operations are processed using TEE decrypt/encrypt operation since G ta: pkcs11: add CKM_RSA_X_509 authentication Add support for CKM_RSA_X_509 mechanism for sing/verify operations. Sign and verify operations are processed using TEE decrypt/encrypt operation since GP TEE Internal Core API specification only allows these modes for TEE_ALG_RSA_NOPAD algorithm. The pkcs11 TA only support sign operation when the provided payload is exactly of the same size as the RSA key used and checks the generate signature is of right size. This mechanism can be needed to support CKM_RSA_X_509 for TLSv1.2 connections. Add CFG_PKCS11_TA_RSA_X_509 to allow configuring the pkcs11 TA with or without raw RSA crypto support. The config switch is default enabled. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/dts/stm32mp131.dtsi /optee_os/core/arch/arm/dts/stm32mp135.dtsi /optee_os/core/arch/arm/dts/stm32mp135f-dk.dts /optee_os/core/arch/arm/dts/stm32mp13xc.dtsi /optee_os/core/arch/arm/dts/stm32mp13xf.dtsi /optee_os/core/arch/arm/dts/stm32mp151.dtsi /optee_os/core/arch/arm/dts/stm32mp153.dtsi /optee_os/core/arch/arm/dts/stm32mp157a-dk1-scmi.dts /optee_os/core/arch/arm/dts/stm32mp157a-dk1.dts /optee_os/core/arch/arm/dts/stm32mp157c-dk2-scmi.dts /optee_os/core/arch/arm/dts/stm32mp157c-dk2.dts /optee_os/core/arch/arm/dts/stm32mp157c-ed1-scmi.dts /optee_os/core/arch/arm/dts/stm32mp157c-ed1.dts /optee_os/core/arch/arm/dts/stm32mp15xc.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcom-som.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dhcor-som.dtsi /optee_os/core/arch/arm/dts/stm32mp15xx-dkx.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rcc.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/include/arm.h /optee_os/core/arch/arm/kernel/misc_a64.S /optee_os/core/arch/arm/plat-k3/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-stm32mp1/conf.mk /optee_os/core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c /optee_os/core/arch/arm/plat-stm32mp1/main.c /optee_os/core/arch/arm/plat-stm32mp1/plat_tzc400.c /optee_os/core/arch/arm/plat-stm32mp1/platform_config.h /optee_os/core/arch/arm/plat-stm32mp1/scmi_server.c /optee_os/core/arch/arm/plat-stm32mp1/shared_resources.c /optee_os/core/arch/arm/plat-stm32mp1/stm32_util.h /optee_os/core/arch/riscv/kernel/thread_optee_abi_rv.S /optee_os/core/core.mk /optee_os/core/drivers/cbmem_console.c /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/clk/clk-stm32mp25.c /optee_os/core/drivers/clk/clk.c /optee_os/core/drivers/crypto/caam/acipher/caam_ecc.c /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/caam/caam_key.c /optee_os/core/drivers/crypto/caam/crypto.mk /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg.c /optee_os/core/drivers/crypto/caam/hal/common/hal_cfg_dt.c /optee_os/core/drivers/crypto/caam/hal/common/hal_sm_dt.c /optee_os/core/drivers/crypto/caam/hal/common/sub.mk /optee_os/core/drivers/crypto/caam/hal/imx_8m/hal_cfg.c /optee_os/core/drivers/crypto/caam/hal/imx_8m/sub.mk /optee_os/core/drivers/crypto/caam/include/caam_desc_defines.h /optee_os/core/drivers/crypto/caam/include/caam_hal_cfg.h /optee_os/core/drivers/crypto/se050/core/storage.c /optee_os/core/drivers/crypto/stm32/stm32_saes.c /optee_os/core/drivers/firewall/firewall.c /optee_os/core/drivers/firewall/stm32_etzpc.c /optee_os/core/drivers/firewall/stm32_rif.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risaf.c /optee_os/core/drivers/firewall/sub.mk /optee_os/core/drivers/imx_csu.c /optee_os/core/drivers/nvmem/nvmem.c /optee_os/core/drivers/regulator/regulator.c /optee_os/core/drivers/regulator/stm32_vrefbuf.c /optee_os/core/drivers/remoteproc/stm32_remoteproc.c /optee_os/core/drivers/stm32_bsec.c /optee_os/core/drivers/stm32_fmc.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_hpdma.c /optee_os/core/drivers/stm32_hsem.c /optee_os/core/drivers/stm32_ipcc.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/clk.h /optee_os/core/include/drivers/firewall.h /optee_os/core/include/drivers/firewall_device.h /optee_os/core/include/drivers/regulator.h /optee_os/core/include/drivers/stm32_etzpc.h /optee_os/core/include/drivers/stm32_remoteproc.h /optee_os/core/include/drivers/stm32_rif.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/include/dt-bindings/firewall/stm32mp13-etzpc.h /optee_os/core/include/dt-bindings/firewall/stm32mp13-tzc400.h /optee_os/core/include/dt-bindings/firewall/stm32mp15-etzpc.h /optee_os/core/include/dt-bindings/firewall/stm32mp15-tzc400.h /optee_os/core/include/dt-bindings/firewall/tzc400.h /optee_os/core/include/kernel/dt.h /optee_os/core/include/kernel/thread.h /optee_os/core/kernel/dt.c /optee_os/core/lib/libfdt/fdt_ro.c /optee_os/core/lib/qcbor/LICENSE /optee_os/core/lib/qcbor/README.md /optee_os/core/lib/qcbor/inc/UsefulBuf.h /optee_os/core/lib/qcbor/inc/qcbor.h /optee_os/core/lib/qcbor/inc/qcbor/UsefulBuf.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor_common.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor_decode.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor_encode.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor_private.h /optee_os/core/lib/qcbor/inc/qcbor/qcbor_spiffy_decode.h /optee_os/core/lib/qcbor/src/UsefulBuf.c /optee_os/core/lib/qcbor/src/ieee754.c /optee_os/core/lib/qcbor/src/ieee754.h /optee_os/core/lib/qcbor/src/qcbor_decode.c /optee_os/core/lib/qcbor/src/qcbor_encode.c /optee_os/core/lib/qcbor/src/qcbor_err_to_str.c /optee_os/core/lib/qcbor/sub.mk /optee_os/core/mm/core_mmu.c /optee_os/core/mm/mobj.c /optee_os/core/mm/mobj_dyn_shm.c /optee_os/core/pta/sub.mk /optee_os/core/pta/veraison_attestation/README.md /optee_os/core/pta/veraison_attestation/cbor.c /optee_os/core/pta/veraison_attestation/cbor.h /optee_os/core/pta/veraison_attestation/hash.c /optee_os/core/pta/veraison_attestation/hash.h /optee_os/core/pta/veraison_attestation/sign.c /optee_os/core/pta/veraison_attestation/sign.h /optee_os/core/pta/veraison_attestation/sub.mk /optee_os/core/pta/veraison_attestation/veraison_attestation.c /optee_os/lib/libutee/include/pta_veraison_attestation.h /optee_os/lib/libutee/include/tee_internal_api.h /optee_os/lib/libutee/tee_api.c /optee_os/lib/libutils/ext/include/compiler.h /optee_os/mk/compile.mk /optee_os/mk/config.mk /optee_os/mk/subdir.mk /optee_os/scripts/checkpatch_inc.sh /optee_os/scripts/sign_encrypt.py pkcs11/include/pkcs11_ta.h pkcs11/src/pkcs11_attributes.c pkcs11/src/pkcs11_helpers.c pkcs11/src/processing.h pkcs11/src/processing_asymm.c pkcs11/src/processing_rsa.c pkcs11/src/token_capabilities.c pkcs11/sub.mk
fc9ea0db	19-Sep-2024	Jens Wiklander <jens.wiklander@linaro.org>	ta_dev_kit.mk: use spec-srcs and spec-out-dir The commit cfa34d9afb5c ("Add support for compiling in-tree TAs") added spec-srcs and spec-out-dir for special handling of user_ta_header.c when compili ta_dev_kit.mk: use spec-srcs and spec-out-dir The commit cfa34d9afb5c ("Add support for compiling in-tree TAs") added spec-srcs and spec-out-dir for special handling of user_ta_header.c when compiling in-tree TAs. However, these variables are just as relevant for out-of-tree TAs compiled via ta/mk/ta_dev_kit.mk. So as a simplification switch to use spec-srcs and spec-out-dir in that file too. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... /optee_os/.github/workflows/ci.yml /optee_os/CHANGELOG.md /optee_os/core/arch/arm/cpu/cortex-armv9.mk /optee_os/core/arch/arm/cpu/neoverse-v2.mk /optee_os/core/arch/arm/dts/stm32mp25-pinctrl.dtsi /optee_os/core/arch/arm/dts/stm32mp251.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-resmem.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi /optee_os/core/arch/arm/dts/stm32mp257f-ev1.dts /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-rd1ae/conf.mk /optee_os/core/arch/arm/plat-rd1ae/main.c /optee_os/core/arch/arm/plat-rd1ae/platform_config.h /optee_os/core/arch/arm/plat-rd1ae/rd1ae_core_pos.S /optee_os/core/arch/arm/plat-rd1ae/sub.mk /optee_os/core/arch/arm/plat-stm32mp2/conf.mk /optee_os/core/arch/arm/plat-stm32mp2/main.c /optee_os/core/arch/arm/plat-stm32mp2/platform_config.h /optee_os/core/arch/arm/plat-stm32mp2/stm32_sysconf.h /optee_os/core/arch/arm/plat-stm32mp2/stm32_util.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/kernel/asm-defines.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/drivers/clk/clk-stm32-core.c /optee_os/core/drivers/clk/clk-stm32-core.h /optee_os/core/drivers/clk/clk-stm32mp13.c /optee_os/core/drivers/clk/clk-stm32mp15.c /optee_os/core/drivers/crypto/stm32/stm32_saes.c /optee_os/core/drivers/firewall/firewall.c /optee_os/core/drivers/firewall/stm32_rifsc.c /optee_os/core/drivers/firewall/stm32_risab.c /optee_os/core/drivers/firewall/stm32_risaf.c /optee_os/core/drivers/firewall/sub.mk /optee_os/core/drivers/gic.c /optee_os/core/drivers/stm32_gpio.c /optee_os/core/drivers/stm32_rng.c /optee_os/core/include/drivers/firewall.h /optee_os/core/include/drivers/stm32_rif.h /optee_os/core/include/drivers/stm32_risab.h /optee_os/core/include/drivers/stm32_risaf.h /optee_os/core/include/drivers/stm32mp_dt_bindings.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rif.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-rifsc.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-risab.h /optee_os/core/include/dt-bindings/firewall/stm32mp25-risaf.h /optee_os/core/include/kernel/pm.h /optee_os/core/kernel/notif.c /optee_os/core/kernel/pm.c /optee_os/ldelf/ta_elf_rel.c /optee_os/lib/libmbedtls/include/mbedtls_config_uta.h /optee_os/lib/libutee/include/tee_api_types.h /optee_os/mk/config.mk /optee_os/mk/subdir.mk mk/ta_dev_kit.mk
19662e41	20-Sep-2024	Jerome Forissier <jerome.forissier@linaro.org>	ta: apply __no_stack_protector to __ta_entry() or __ta_entry_c() Apply the __no_stack_protector attribute to the first C function called following the TA entry point (i.e., __ta_entry(), or for the ta: apply __no_stack_protector to __ta_entry() or __ta_entry_c() Apply the __no_stack_protector attribute to the first C function called following the TA entry point (i.e., __ta_entry(), or for the special case of ARM32, __ta_entry_c()). This is required because __stack_chk_guard is initialized in this very function, therefore stack protection cannot be assumed to be functional at this point. Fixes a TA crash on QEMUv7 with Clang 18.1.7 [1]. Link: https://github.com/OP-TEE/optee_os/issues/7047 [1] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Khoa Hoang <admin@khoahoang.com> show more ... /optee_os/.github/workflows/ci.yml /optee_os/core/arch/arm/include/mm/core_mmu_arch.h /optee_os/core/arch/arm/include/optee_ffa.h /optee_os/core/arch/arm/include/sm/optee_smc.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/mm/core_mmu_v7.c /optee_os/core/arch/arm/plat-corstone1000/conf.mk /optee_os/core/arch/arm/tee/entry_fast.c /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/mm/core_mmu_arch.h /optee_os/core/arch/riscv/kernel/abort.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/mm/core_mmu_arch.c /optee_os/core/arch/riscv/plat-virt/conf.mk /optee_os/core/drivers/stm32_rng.c /optee_os/core/include/kernel/delay.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/tee_cryp_utl.h /optee_os/core/include/tee/tee_fs.h /optee_os/core/mm/core_mmu.c /optee_os/core/pta/device.c /optee_os/core/tee/tee_cryp_utl.c /optee_os/core/tee/tee_rpmb_fs.c /optee_os/lib/libutee/include/pta_device.h /optee_os/lib/libutee/include/user_ta_header.h /optee_os/lib/libutils/ext/include/compiler.h /optee_os/mk/config.mk user_ta_header.c
55a4d839	04-Sep-2024	Georges Savoundararadj <savoundg@amazon.com>	ta: pkcs11: fix memory leak On update_persistent_object_attributes failure, head_new (stored in obj->attributes) is not freed, causing a memory leak. Reported-by: Christian Zoia <czoia@amazon.es> C ta: pkcs11: fix memory leak On update_persistent_object_attributes failure, head_new (stored in obj->attributes) is not freed, causing a memory leak. Reported-by: Christian Zoia <czoia@amazon.es> Closes: https://github.com/OP-TEE/optee_os/issues/7023 Fixes: 6959626e1621 ("ta: pkcs11: preserve object when set attribute fails") Signed-off-by: Georges Savoundararadj <savoundg@amazon.com> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... /optee_os/.checkpatch.conf /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/arch/arm/plat-vexpress/conf.mk /optee_os/core/arch/riscv/include/kernel/thread_arch.h /optee_os/core/arch/riscv/include/kernel/thread_private_arch.h /optee_os/core/arch/riscv/include/riscv.h /optee_os/core/arch/riscv/kernel/boot.c /optee_os/core/arch/riscv/kernel/thread_arch.c /optee_os/core/arch/riscv/kernel/thread_rv.S /optee_os/core/arch/riscv/plat-spike/platform_config.h /optee_os/core/arch/riscv/plat-virt/platform_config.h /optee_os/core/drivers/crypto/hisilicon/hpre_montgomery.c /optee_os/core/drivers/crypto/hisilicon/hpre_montgomery.h /optee_os/core/drivers/crypto/hisilicon/sub.mk /optee_os/core/include/drivers/rstctrl.h /optee_os/core/include/kernel/thread.h /optee_os/core/include/mm/core_mmu.h /optee_os/core/include/mm/phys_mem.h /optee_os/core/kernel/ree_fs_ta.c /optee_os/core/kernel/thread.c /optee_os/core/mm/core_mmu.c /optee_os/core/mm/fobj.c /optee_os/core/mm/pgt_cache.c /optee_os/core/mm/phys_mem.c /optee_os/core/mm/sub.mk /optee_os/core/pta/stats.c /optee_os/lib/libutils/ext/include/types_ext.h /optee_os/lib/libutils/isoc/include/malloc.h pkcs11/src/object.c
12 3 4 5 6 7 8 9 10 >>...20