ta - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
bc555ee0	14-Sep-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: relocate shared session object db to client session PKCS11 has concept of shared objects between different PKCS11 sessions which need to work. As in OP-TEE context there can be multiple ta: pkcs11: relocate shared session object db to client session PKCS11 has concept of shared objects between different PKCS11 sessions which need to work. As in OP-TEE context there can be multiple callers which should not share the objects use OP-TEE client session association to separate those from each other. Specified in: PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40 2.6 Sessions Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/core/arch/arm/include/ffa.h /optee_os/core/arch/arm/include/kernel/abort.h /optee_os/core/arch/arm/include/kernel/secure_partition.h /optee_os/core/arch/arm/include/kernel/spmc_sp_handler.h /optee_os/core/arch/arm/include/kernel/thread.h /optee_os/core/arch/arm/include/kernel/thread_spmc.h /optee_os/core/arch/arm/kernel/abort.c /optee_os/core/arch/arm/kernel/ldelf_loader.c /optee_os/core/arch/arm/kernel/secure_partition.c /optee_os/core/arch/arm/kernel/spmc_sp_handler.c /optee_os/core/arch/arm/kernel/stmm_sp.c /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/kernel/thread.c /optee_os/core/arch/arm/kernel/thread_private.h /optee_os/core/arch/arm/kernel/thread_spmc.c /optee_os/core/arch/arm/kernel/thread_spmc_a64.S /optee_os/core/arch/arm/kernel/user_ta.c /optee_os/core/include/kernel/ldelf_loader.h /optee_os/core/include/kernel/linker.h /optee_os/core/include/kernel/pseudo_ta.h /optee_os/core/include/kernel/time_source.h /optee_os/core/include/kernel/timer.h /optee_os/core/include/kernel/unwind.h /optee_os/core/include/kernel/user_mode_ctx.h /optee_os/core/include/kernel/user_ta.h /optee_os/core/kernel/ldelf_syscalls.c /optee_os/core/kernel/user_access.c /optee_os/ldelf/main.c pkcs11/src/object.c pkcs11/src/object.h pkcs11/src/persistent_token.c pkcs11/src/pkcs11_token.c pkcs11/src/pkcs11_token.h
4dad6642	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Rename entry_derive_key() to make it more generic entry_derive_key() is renamed to entry_processing_key() and parameter is added to pass processing information to it. This is done becaus ta: pkcs11: Rename entry_derive_key() to make it more generic entry_derive_key() is renamed to entry_processing_key() and parameter is added to pass processing information to it. This is done because the flow for key derivation and key unwrapping is very similar and this function can be reused. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/entry.c pkcs11/src/processing.c pkcs11/src/processing.h
8c499324	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add function to set key data Earlier derive_key_by_symm_enc() was used to derive key by cipher operation and set the derived key value in the object attributes. Simplify it to just deriv ta: pkcs11: Add function to set key data Earlier derive_key_by_symm_enc() was used to derive key by cipher operation and set the derived key value in the object attributes. Simplify it to just derive the key and return the derived key value to calling function. Separate function is created to add this derived key value in the key object. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_attributes.c pkcs11/src/pkcs11_attributes.h pkcs11/src/processing.c pkcs11/src/processing.h pkcs11/src/processing_symm.c
7107ac10	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove check from entry_derive_key() Explicit checking for invalid mechanism is no longer required in entry_derive_key() as this is taken care of by call to check_mechanism_against_proce ta: pkcs11: Remove check from entry_derive_key() Explicit checking for invalid mechanism is no longer required in entry_derive_key() as this is taken care of by call to check_mechanism_against_processing(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/processing.c
df705578	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Correct error returned when processing mechanisms check_mechanism_against_processing() checks if a mechanism is supported for the selected function. If mechanism specified cannot be used ta: pkcs11: Correct error returned when processing mechanisms check_mechanism_against_processing() checks if a mechanism is supported for the selected function. If mechanism specified cannot be used in the selected token with the selected function, the error code is expected to be CKR_MECHANISM_INVALID. Earlier check_mechanism_against_processing() was returning error code CKR_KEY_FUNCTION_NOT_PERMITTED when doing such checking which is not correct. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_attributes.c
402d884a	18-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Update attributes in persistent storage For token objects, for any modification in attributes, the attributes also need to be updated in the objects persistent storage. These modificatio ta: pkcs11: Update attributes in persistent storage For token objects, for any modification in attributes, the attributes also need to be updated in the objects persistent storage. These modifications are done when C_SetAttributeValue() is used. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/.shippable.yml /optee_os/core/arch/arm/kernel/otp_stubs.c /optee_os/core/kernel/sub.mk /optee_os/core/tee/sub.mk pkcs11/src/object.c pkcs11/src/persistent_token.c pkcs11/src/pkcs11_token.h
a01ae03a	02-Mar-2021	Sumit Garg <sumit.garg@linaro.org>	ta: trusted_keys: Fix to align with strict buffer checks Commit e12c9f67d12c ("core: strict buffer check in syscalls following GP 1.1") has switched to stricter buffer checks to reside in TA private ta: trusted_keys: Fix to align with strict buffer checks Commit e12c9f67d12c ("core: strict buffer check in syscalls following GP 1.1") has switched to stricter buffer checks to reside in TA private memory. So accordingly fix buffer allocations corresponding to TEE_GenerateRandom() and TEE_AEDecryptFinal() APIs. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/plat-hikey/spi_test.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/registers/imx8m.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/drivers/bcm_gpio.c /optee_os/core/drivers/ls_gpio.c /optee_os/core/drivers/pl022_spi.c /optee_os/core/drivers/pl061_gpio.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_gpio.h /optee_os/core/include/gpio.h /optee_os/core/include/kernel/mutex.h /optee_os/core/include/kernel/wait_queue.h /optee_os/core/kernel/mutex.c /optee_os/core/kernel/mutex_lockdep.c /optee_os/core/kernel/mutex_lockdep.h /optee_os/core/kernel/sub.mk /optee_os/core/kernel/wait_queue.c /optee_os/core/pta/bcm/gpio.c trusted_keys/entry.c
18e77482	26-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Correct the error in tracing indirect attributes When tracing indirect attributes, size passed in trace_attributes_from_api_head() was not correct resulting in error. Reviewed-by: Etien ta: pkcs11: Correct the error in tracing indirect attributes When tracing indirect attributes, size passed in trace_attributes_from_api_head() was not correct resulting in error. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/sanitize_object.c
efe1165f	26-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Fix class check when sanitizing indirect attributes Indirect attributes are expected only for keys. Correct this check in sanitize_indirect_attr(). Reviewed-by: Etienne Carriere <etienn ta: pkcs11: Fix class check when sanitizing indirect attributes Indirect attributes are expected only for keys. Correct this check in sanitize_indirect_attr(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/sanitize_object.c
c3033708	23-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Forbid derivation by encryption from AES encryption keys Enforce that AES keys should not be allowed for both 'derivation by encryption' and ciphering. This is not explicitly mentioned i ta: pkcs11: Forbid derivation by encryption from AES encryption keys Enforce that AES keys should not be allowed for both 'derivation by encryption' and ciphering. This is not explicitly mentioned in the PKCS#11 specifications v2.4 and v3.0 but is essential to avoid attacks where derived key can be revealed by doing data encryption using parent key. Suggested-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_attributes.c
48799892	17-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for key derivation Add code for handling C_DeriveKey() for mechanisms : CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: Etienne Carriere <etienne.carri ta: pkcs11: Add implementation for key derivation Add code for handling C_DeriveKey() for mechanisms : CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/entry.c pkcs11/src/pkcs11_attributes.c pkcs11/src/pkcs11_helpers.c pkcs11/src/processing.c pkcs11/src/processing.h pkcs11/src/processing_symm.c
5c5bd5fe	16-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Allocate command ID for key derivation Allocate command ID for C_DeriveKey(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@lin ta: pkcs11: Allocate command ID for key derivation Allocate command ID for C_DeriveKey(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... /optee_os/.azure-pipelines.yml /optee_os/core/arch/arm/include/kernel/tlb_helpers.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/include/mm/pgt_cache.h /optee_os/core/arch/arm/kernel/boot.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/mm/mobj_dyn_shm.c /optee_os/core/arch/arm/mm/pgt_cache.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/mm/vm.c /optee_os/core/pta/system.c /optee_os/core/tee/tadb.c /optee_os/ldelf/ta_elf.c /optee_os/lib/libutee/tee_api_arith_mpi.c /optee_os/lib/libutee/tee_api_operations.c /optee_os/lib/libutee/tee_api_panic.c pkcs11/include/pkcs11_ta.h
65fb9092	13-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: private key can also be public Even thou normal operations should mark private key a private with CKA_PRIVATE attribute it is possible that someone could do unexpected choise. Specifica ta: pkcs11: private key can also be public Even thou normal operations should mark private key a private with CKA_PRIVATE attribute it is possible that someone could do unexpected choise. Specification does not state that private key class itself means that it is private, specification only states that CKA_PRIVATE is in control of the privacy of the object. This commit moves object class CKO_PRIVATE_KEY processing to normal handling of CKA_PRIVATE. CKA_PRIVATE is specified in: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 4.4 Storage Objects Possibility of having private key object with CKA_PRIVATE as false: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata 01 4.9 Private key objects Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/MAINTAINERS /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/ls_i2c.c /optee_os/core/drivers/sub.mk /optee_os/core/include/drivers/ls_i2c.h pkcs11/src/pkcs11_attributes.c
e3737878	12-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Correct the return type of functions and typos Correct return types of few functions and few typos. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne C ta: pkcs11: Correct the return type of functions and typos Correct return types of few functions and few typos. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/object.c
49ed60ab	12-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add key size check for AES type of key For AES Keys, the allowed lengths are 16, 24 or 32 bytes. Return error if the key length passed when creating keys is not one of these. If not che ta: pkcs11: Add key size check for AES type of key For AES Keys, the allowed lengths are 16, 24 or 32 bytes. Return error if the key length passed when creating keys is not one of these. If not checked when creating keys, error CKR_MECHANISM_INVALID is returned later when trying to use invalid keys which is ambiguous.The right approach is to disallow creation of such keys. Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_attributes.c
2d0cd829	12-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Fix interpretation of CKA_VALUE_LEN for Generic Secrets PKCS#11 specification [1] section 2.6.3 states that - For CKM_GENERIC_SECRET_KEY_GEN mechanism, the ulMinKeySize and ulMaxKeySize ta: pkcs11: Fix interpretation of CKA_VALUE_LEN for Generic Secrets PKCS#11 specification [1] section 2.6.3 states that - For CKM_GENERIC_SECRET_KEY_GEN mechanism, the ulMinKeySize and ulMaxKeySize fields of the CK_MECHANISM_INFO structure specify the supported range of key sizes, in bits. Based on this, assumption was being made in the code that key length specified by CKA_VALUE_LEN for keys of type CKK_GENERIC_SECRET is also in bits. This assumption is not correct as per Section 2.6.2 in [1]. Special handling in code for CKK_GENERIC_SECRET for handling keysize in bits has been now removed. [1] - PKCS #11 Cryptographic Token Interface Current Mechanisms Specification Version 2.40 Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_attributes.c pkcs11/src/pkcs11_token.c pkcs11/src/processing.c pkcs11/src/processing_symm.c pkcs11/src/token_capabilities.c pkcs11/src/token_capabilities.h
0fafe5c7	17-Feb-2021	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Close file handle after object has been created When creating a object file handle was left open. This was observed in tee-supplicant as open file handles. This fixes the situation so t ta: pkcs11: Close file handle after object has been created When creating a object file handle was left open. This was observed in tee-supplicant as open file handles. This fixes the situation so that file handles are not left open. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/core/arch/arm/kernel/sub.mk /optee_os/core/arch/arm/plat-rcar/conf.mk /optee_os/core/arch/arm/plat-rcar/core_pos_a32.S /optee_os/core/arch/arm/plat-rcar/core_pos_a64.S /optee_os/core/arch/arm/plat-rcar/main.c /optee_os/core/arch/arm/plat-rcar/platform_config.h /optee_os/core/arch/arm/plat-rcar/sub.mk /optee_os/lib/libmbedtls/core/cmac.c /optee_os/lib/libmbedtls/core/sub.mk /optee_os/mk/compile.mk pkcs11/src/object.c
22587dc4	30-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Add implementation for random number generation Add code for handling C_SeedRandom() and C_GenerateRandom() functionality. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed ta: pkcs11: Add implementation for random number generation Add code for handling C_SeedRandom() and C_GenerateRandom() functionality. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11/src/entry.c pkcs11/src/pkcs11_helpers.c pkcs11/src/pkcs11_token.c pkcs11/src/pkcs11_token.h
6028ce67	30-Dec-2020	Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>	ta: pkcs11: Allocate command ID for random number generation Allocate command IDs for C_SeedRandom() and C_GenerateRandom() functionality. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Revi ta: pkcs11: Allocate command ID for random number generation Allocate command IDs for C_SeedRandom() and C_GenerateRandom() functionality. Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.shippable.yml /optee_os/core/arch/arm/include/mm/mobj.h /optee_os/core/arch/arm/kernel/virtualization.c /optee_os/core/crypto/crypto.c /optee_os/core/drivers/crypto/caam/utils/utils_mem.c /optee_os/core/drivers/crypto/se050/adaptors/sub.mk /optee_os/core/drivers/crypto/se050/cflags.mk /optee_os/core/drivers/crypto/se050/core/sub.mk /optee_os/core/drivers/crypto/se050/sub.mk /optee_os/core/include/crypto/crypto_impl.h /optee_os/core/lib/libtomcrypt/cmac.c /optee_os/core/tee/tee_cryp_utl.c /optee_os/lib/libmbedtls/core/des3_cmac.c /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libutee/include/tee_api_defines_extensions.h /optee_os/lib/libutee/include/utee_defines.h /optee_os/lib/libutee/tee_api_operations.c pkcs11/include/pkcs11_ta.h
f44a7a58	04-Feb-2021	Etienne Carriere <etienne.carriere@linaro.org>	ta: pkcs11: fix TEE identity authentication token reference Correct token reference pass to verify client credentials. Fixes: 1a27b197 ("ta: pkcs11: Add TEE Identity based authentication support") ta: pkcs11: fix TEE identity authentication token reference Correct token reference pass to verify client credentials. Fixes: 1a27b197 ("ta: pkcs11: Add TEE Identity based authentication support") Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... pkcs11/src/pkcs11_token.c
df017b2b	10-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy In C_CopyObject(), forbid copying of an object with a template which attempts to change the attribute CKA_PRIVATE from true ta: pkcs11: forbid change of CKA_PRIVATE from true to false on object copy In C_CopyObject(), forbid copying of an object with a template which attempts to change the attribute CKA_PRIVATE from true to false. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11/src/pkcs11_attributes.c
bc09507c	09-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for copying objects Implement command PKCS11_CMD_COPY_OBJECT. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro. ta: pkcs11: Add support for copying objects Implement command PKCS11_CMD_COPY_OBJECT. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... pkcs11/include/pkcs11_ta.h pkcs11/src/entry.c pkcs11/src/object.c pkcs11/src/object.h pkcs11/src/pkcs11_helpers.c
2d25a9bc	09-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add support for modifying objects Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carrie ta: pkcs11: Add support for modifying objects Implement command PKCS11_CMD_SET_ATTRIBUTE_VALUE. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> show more ... /optee_os/.shippable.yml /optee_os/MAINTAINERS /optee_os/core/arch/arm/dts/fsl-lx2160a-qds.dts /optee_os/core/arch/arm/dts/fsl-lx2160a-rdb.dts /optee_os/core/arch/arm/dts/fsl-lx2160a.dtsi /optee_os/core/arch/arm/include/arm64.h /optee_os/core/arch/arm/include/kernel/cache_helpers.h /optee_os/core/arch/arm/include/kernel/linker.h /optee_os/core/arch/arm/include/mm/core_mmu.h /optee_os/core/arch/arm/kernel/kern.ld.S /optee_os/core/arch/arm/kernel/link_dummy.ld /optee_os/core/arch/arm/kernel/thread_a32.S /optee_os/core/arch/arm/kernel/thread_optee_smc.c /optee_os/core/arch/arm/mm/core_mmu.c /optee_os/core/arch/arm/plat-imx/conf.mk /optee_os/core/arch/arm/plat-imx/drivers/imx_csu.c /optee_os/core/arch/arm/plat-imx/registers/imx6-dcp.h /optee_os/core/arch/arm/plat-imx/registers/imx6.h /optee_os/core/arch/arm/plat-ls/conf.mk /optee_os/core/arch/arm/plat-ls/main.c /optee_os/core/arch/arm/plat-ls/platform_config.h /optee_os/core/crypto.mk /optee_os/core/crypto/sm2-kdf.c /optee_os/core/crypto/sub.mk /optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c /optee_os/core/drivers/crypto/crypto_api/acipher/ecc.c /optee_os/core/drivers/crypto/se050/adaptors/apis/sss.c /optee_os/core/drivers/crypto/se050/adaptors/include/se050_utils.h /optee_os/core/drivers/crypto/se050/adaptors/utils/scp_config.c /optee_os/core/drivers/crypto/se050/core/cipher.c /optee_os/core/drivers/crypto/se050/core/ctr.c /optee_os/core/drivers/crypto/se050/core/rsa.c /optee_os/core/drivers/crypto/se050/glue/i2c.c /optee_os/core/drivers/crypto/se050/session.c /optee_os/core/drivers/imx/dcp/dcp.c /optee_os/core/drivers/imx/dcp/dcp_huk.c /optee_os/core/drivers/imx/dcp/dcp_utils.c /optee_os/core/drivers/imx/dcp/include/dcp_utils.h /optee_os/core/drivers/imx/dcp/include/local.h /optee_os/core/drivers/imx/dcp/sub.mk /optee_os/core/drivers/imx/sub.mk /optee_os/core/drivers/sub.mk /optee_os/core/include/crypto/sm2-kdf.h /optee_os/core/include/drivers/imx/dcp.h /optee_os/core/include/kernel/huk_subkey.h /optee_os/core/include/optee_rpc_cmd.h /optee_os/core/include/tee/tee_supp_plugin_rpc.h /optee_os/core/lib/libtomcrypt/acipher_helpers.h /optee_os/core/lib/libtomcrypt/ecc.c /optee_os/core/lib/libtomcrypt/mpi_desc.c /optee_os/core/lib/libtomcrypt/sm2-kep.c /optee_os/core/lib/libtomcrypt/sm2-pke.c /optee_os/core/lib/libtomcrypt/sub.mk /optee_os/core/lib/libtomcrypt/tomcrypt.c /optee_os/core/pta/system.c /optee_os/core/tee/sub.mk /optee_os/core/tee/tee_supp_plugin_rpc.c /optee_os/core/tee/tee_svc_cryp.c /optee_os/lib/libmbedtls/core/aes_cbc.c /optee_os/lib/libmbedtls/core/aes_ctr.c /optee_os/lib/libmbedtls/core/aes_ecb.c /optee_os/lib/libmbedtls/core/dh.c /optee_os/lib/libmbedtls/core/ecc.c /optee_os/lib/libmbedtls/core/mbed_helpers.c /optee_os/lib/libmbedtls/core/mbed_helpers.h /optee_os/lib/libmbedtls/core/rsa.c /optee_os/lib/libmbedtls/core/sm2-dsa.c /optee_os/lib/libmbedtls/core/sm2-dsa.h /optee_os/lib/libmbedtls/core/sm2-kep.c /optee_os/lib/libmbedtls/core/sm2-pke.c /optee_os/lib/libmbedtls/core/sm2-pke.h /optee_os/lib/libmbedtls/core/sub.mk /optee_os/lib/libmbedtls/include/mbedtls_config_kernel.h /optee_os/lib/libmbedtls/mbedtls/include/mbedtls/ecp.h /optee_os/lib/libmbedtls/mbedtls/library/ecp.c /optee_os/lib/libmbedtls/mbedtls/library/ecp_curves.c /optee_os/lib/libutee/include/pta_system.h /optee_os/lib/libutee/include/tee_internal_api_extensions.h /optee_os/lib/libutee/tee_system_pta.c /optee_os/lib/libutee/tee_tcpudp_socket.c pkcs11/include/pkcs11_ta.h pkcs11/src/attributes.c pkcs11/src/attributes.h pkcs11/src/entry.c pkcs11/src/object.c pkcs11/src/object.h pkcs11/src/pkcs11_attributes.c pkcs11/src/pkcs11_attributes.h pkcs11/src/pkcs11_helpers.c
ddcd07a2	26-Jan-2021	Igor Opaniuk <igor.opaniuk@foundries.io>	ta: avb: copy data to temporary buffers Use intermediate temporary buffers instead of directly supplying non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject(). This fixes TA panics ta: avb: copy data to temporary buffers Use intermediate temporary buffers instead of directly supplying non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject(). This fixes TA panics while accessing persistent objects: E/TC:? 0 TA panicked with code 0xffff0001 E/LD: Status of TA 023f8f1a-292a-432b-8fc4-de8471358067 ... D/TC:? 0 user_ta_enter:176 tee_user_ta_enter: TA panicked with code 0xffff0001 Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... avb/entry.c
3bf0e097	22-Jan-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list When traversing object list to remove objects, use LIST_FOREACH_SAFE to avoid segmentation fault. Signed-off-by: Ruchika Gupta <ruch ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list When traversing object list to remove objects, use LIST_FOREACH_SAFE to avoid segmentation fault. Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> show more ... pkcs11/src/pkcs11_token.c
1 2 3 4 5 6 789 10 >>...20