ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.ja

ta: pkcs11: fix EC private key import

When importing EC private key also generate hidden EC public key for that.

This fixes EC private key import problem.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add hidden EC point support

The PKCS#11 standard does not allow one to have CKA_EC_POINT for private
keys but TEE internal API requires one to be present when performing
private key oper

ta: pkcs11: add hidden EC point support

The PKCS#11 standard does not allow one to have CKA_EC_POINT for private
keys but TEE internal API requires one to be present when performing
private key operations. Instead of calculating it each time it is needed
store it as hidden attribute.

This fixes EC private key generation to function as specified in standard.

There is backwards support for existing keys that has been created
inadvertently with CKA_EC_POINT included.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jä

ta: pkcs11: add OP-TEE hidden attribute extension

Attributes which has hidden OP-TEE vendor flag specified are not exported
to user space nor can be imported from user space.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>

show more ...

ta: pkcs11: specify OP-TEE's vendor specific attribute scheme

Add vendor allocation specification for OP-TEE specific attributes.

Specifies which bits of attribute identifier is for what purpose.

ta: pkcs11: specify OP-TEE's vendor specific attribute scheme

Add vendor allocation specification for OP-TEE specific attributes.

Specifies which bits of attribute identifier is for what purpose.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: introduce PKCS11_CKF_ARRAY_ATTRIBUTE

Add own define for PKCS11_CKF_ARRAY_ATTRIBUTE to keep attribute defines
clear.

Adjust users to new define.

Value is same as CKF_ARRAY_ATTRIBUTE in

ta: pkcs11: introduce PKCS11_CKF_ARRAY_ATTRIBUTE

Add own define for PKCS11_CKF_ARRAY_ATTRIBUTE to keep attribute defines
clear.

Adjust users to new define.

Value is same as CKF_ARRAY_ATTRIBUTE in standard.

Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Reviewed-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Tested-by: Ayoub Zaki <ayoub.zaki@embetrix.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR

drivers: caam: check OPTEE DDR location if the CAAM DMA is 32 bits width

On i.MX platforms, the CAAM DMA width is limited to 32 bits. That
limitation requires OPTEE to be located in the 32 bits DDR address
space.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: update NXP (Freescale) i.MX family

Update MAINTAINERS and remove myself from NXP (Freescale) i.MX family.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander

MAINTAINERS: update NXP (Freescale) i.MX family

Update MAINTAINERS and remove myself from NXP (Freescale) i.MX family.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: update i.MX drivers

Add missing i.MX drivers to the list.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wik

crypto: introduce CFG_CRYPTO_HW_PBKDF2

Add a new configuration flag to support hardware implementation of
PBKDF2.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16

core: spmc: Fix setting the destination of FFA_ERROR calls

Fixing multiple issues in the destination logic of FFA_ERROR messages.
ffa_handle_error extracted the destination FF-A ID from the lower 16 bit
of W1. First of all this register should only be set at the NS virtual
FF-A instance. Secondly W1 was not set correctly when an error happened
in ffa_handle_sp_direct_req and ffa_handle_sp_direct_resp. This could
cause sending FFA_ERROR messages to the wrong FF-A endpoint. The patch
clears up the faulty destination handling across all these functions.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

core: spmc: Clear reserved registers in FFA_ERROR calls

Clear reserved registers in FFA_ERROR calls which are declared MBZ in
the FF-A specification. This also prevents potential information leaks.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander

core: spmc: Set initial SP state to busy

Set initial SP state to busy in order to prevent sending messages to
uninitialized SPs.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-ze

drivers: clk: avoid the assert failure when there's "assigned-clocks"

Once "assigned-clocks" is parsed correctly variable "clk" will
retain the non-NULL value and skip "return", when "res" is
non-zero for new "clock_idx" assert(false) will happen.

Signed-off-by: Tony Han <tony.han@microchip.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

core: simplify calls to bb_memdup_user_private()

Now that bb_memdup_user_private() supports supplying zero-lenth buffers
remove checks for zero-length buffer before calling
bb_memdup_user_private().

Removes calls to memtag_strip_tag() for input buffer to
bb_memdup_user_private() since that's also dealt with internally by that
function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
R

core: allow zero length for bounce buffer input

Allows zero length for bb_memdup_user(), bb_memdup_user_private(), and
bb_strndup_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to

core: pta: system: use bb_free_wipe() in system_derive_ta_unique_key()

Use the recently introduced function bb_free_wipe() to wipe bounce
buffers of sensitive data when freeing then. Also updates to use a
bouncer buffer instead of the heap to hold user supplied data when
deriving the TA unique key now that we have bb_free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere

core: add bb_free_wipe()

Adds bb_free_wipe() the bounce buffer counter-part of free_wipe().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wikland

core: simplify utee_param_to_param() with BB_MEMDUP_USER()

Simplifies utee_param_to_param() by using BB_MEMDUP_USER() instead of
bb_alloc() followed by copy_from_user().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more prob

core: dt_driver: fix error handling in probe_dt_drivers()

When the dt_driver_probe_list is empty but the dt_driver_failed_list
is not empty, meaning a probe has failed, and that there's no more probe
to defer, the probe_dt_drivers() does not panic().

Fix and simplify the error handling to panic if a probe has failed.

Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: export remoteproc signature script and default key

The remoteproc firmware signature script and its associated
default key must be exported in the dev kit in order to be
able to sign the remotep

ta: export remoteproc signature script and default key

The remoteproc firmware signature script and its associated
default key must be exported in the dev kit in order to be
able to sign the remoteproc firmware.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: add remote processor firmware signature tool

Add a script that signs one or several remote processor ELF firmware that
will be authenticated by the remoteproc TA.

This tool adds a binary h

scripts: add remote processor firmware signature tool

Add a script that signs one or several remote processor ELF firmware that
will be authenticated by the remoteproc TA.

This tool adds a binary header, a signature and a TLV list.

The header contains a magic number, a version number and
the size of the different blobs (signature, images, TLV list blobs).

The signature contains a signature authenticating the
header blob hash and the TLV blob hash.

The TLV blob contains a list of data formatted as Type/Length/Value
fields. It contains information for the remoteproc TA and
the remoteproc platform specific PTA.

The TLV types from 0 to 0x00010000 are predefined information used by
the remoteproc TA:
- algorithm used for signature
- algorithm used for computing segment's hash
- number of images to load
- types of the images to load
- sizes of the images to load
- a copy of the elf segment tables with associated hash

the TLV types from 0x00010000 to 0x00020000 contains information
transferred to the remoteproc platform PTA.

Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

core: fix race in handling TA panic

A TA context (struct tee_ta_ctx), can only be accessed and manipulated
if either locked or set to busy by the current thread, or if it has no
no other references.

Prior to this patch this wasn't followed by tee_ta_open_session(),
tee_ta_invoke_command(), and dump_ta_memstats(). Accesses were made to
the "panicked" field of struct tee_ta_ctx.
destroy_ta_ctx_from_session() was also manipulating sessions possibly
being used by other threads.

So fix this by only accessing the internals of the TA context while
holding the needed lock. destroy_ta_ctx_from_session() is removed, the
new ts_ops callback release_state() is used instead to free what can be
freed from a panicked TA context. The last session referencing the TA
context will free it.

Fixes: fd10f62b8210 ("core: keep alive TA context can be created after TA has panicked")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Tested-by: Wentao Sun <wentao.sun@amlogic.com>

show more ...

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible ne

core: add release_state to struct ts_ops

Adds the optional function pointer release_state() to struct ts_ops.
This callback will be called when a TA has panicked and as many
resources as possible need to be released early. release_state() is a
subset of the destroy() callback. When the destroy() is called
eventually it will free the entire state of the TA regardless if
release_state() has been called before or not. This allows freeing
resources while there are still open sessions to the TA.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: vm_info_final(): clear vm_info.asid only

vm_info_final() was prior to this patch clearing the entire
uctx->vm_info when clearing uctx->vm_info.asid only is enough. So fix
that by clearing uctx

core: vm_info_final(): clear vm_info.asid only

vm_info_final() was prior to this patch clearing the entire
uctx->vm_info when clearing uctx->vm_info.asid only is enough. So fix
that by clearing uctx->vm_info.asid only.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: arm64: write_64bit_pair()

Implement write_64bit_pair that write two 64 bits data together.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linar

core: arm64: write_64bit_pair()

Implement write_64bit_pair that write two 64 bits data together.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...