crypto: change TEE_MAIN_ALGO_X448 value to 0x49

Change the value of TEE_MAIN_ALGO_X448 to 0x49 so that
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, true) == TEE_TYPE_X448_KEYPAIR and
TEE_ALG_GET_KEY_TYPE(TEE_

crypto: change TEE_MAIN_ALGO_X448 value to 0x49

Change the value of TEE_MAIN_ALGO_X448 to 0x49 so that
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, true) == TEE_TYPE_X448_KEYPAIR and
TEE_ALG_GET_KEY_TYPE(TEE_ALG_X448, false) == TEE_TYPE_X448_PUBLIC_KEY.

Signed-off-by: loubaihui <loubaihui1@huawei.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: assign memory tags to bounce buffers

Just as the heap uses memory tags (CFG_MEMTAG=y) use memory tags for the
temporary bounce buffers. This should catch problems with out of bounds
accesses,

core: assign memory tags to bounce buffers

Just as the heap uses memory tags (CFG_MEMTAG=y) use memory tags for the
temporary bounce buffers. This should catch problems with out of bounds
accesses, using already freed, reset bounce buffers.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: riscv.mk: define CFG_WITH_LPAE

Set CFG_WITH_LPAE according to CFG_CORE_LARGE_PHYS_ADDR.
Memory manager makes use of CFG_WITH_LPAE, therefore, we set it
according to the platform specifi

core: riscv: riscv.mk: define CFG_WITH_LPAE

Set CFG_WITH_LPAE according to CFG_CORE_LARGE_PHYS_ADDR.
Memory manager makes use of CFG_WITH_LPAE, therefore, we set it
according to the platform specifications.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: mm: move pgt_cache.c to core/mm

This commit moves core/arch/arm/mm/pgt_cache.c to core/mm/pgt_cache.c
The implementation can be used by other architectures.
The commit does not rename CFG_CORE

core: mm: move pgt_cache.c to core/mm

This commit moves core/arch/arm/mm/pgt_cache.c to core/mm/pgt_cache.c
The implementation can be used by other architectures.
The commit does not rename CFG_CORE_PREALLOC_EL0_TBLS flag and other
depending flags (CFG_WITH_PAGER, CFG_WITH_LPAE). Therefore, an
architecture implementation may set or not these flags.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: asan: KASAN and ASLR are incompatible

The address sanitizer shadow offset address is given at compile time
(CFG_ASAN_SHADOW_OFFSET) and is hard-coded by the compiler into the
prologue of instr

core: asan: KASAN and ASLR are incompatible

The address sanitizer shadow offset address is given at compile time
(CFG_ASAN_SHADOW_OFFSET) and is hard-coded by the compiler into the
prologue of instrumented functions, for the purpose of initializing
the shadow area for the stack (local variables). With ASLR turned on,
this offset becomes invalid because of the random ASLR offset.

For KASAN to work with ASLR, we would need to either keep the shadow
area at the expected offset (which may not be very easy, I have not
investigated in more details) or provide the shadow offset dynamically.
An attempt was made three years ago to extend the GCC compiler with
such a feature [1] but there was no feedback from the maintainers [2].

Add a check in mk/config.mk so that KASAN and ASLR may not be enabled
simultaneously.

Link: https://blogs.coreboot.org/blog/2020/08/31/gsoc-address-sanitizer-wrap-up/ [1]
Link: https://gcc.gnu.org/pipermail/gcc-patches/2020-July/550176.html [2]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: linker.h: replace __arm__ with ARM32

We use ARM32 and ARM64 throughout the core code, not __arm__ and
__aarch64__, so replace the occurrence of __arm__ that is in linker.h.

Signed-off-by: Jer

core: linker.h: replace __arm__ with ARM32

We use ARM32 and ARM64 throughout the core code, not __arm__ and
__aarch64__, so replace the occurrence of __arm__ that is in linker.h.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: arm64: increase stack sizes for ASAN

Increase STACK_TMP_SIZE and STACK_THREAD_SIZE when
CFG_CORE_SANITIZE_KADDRESS=y. With that, xtest passes on
PLATFORM=vexpress-qemu_armv8a.

Signed-of

core: asan: arm64: increase stack sizes for ASAN

Increase STACK_TMP_SIZE and STACK_THREAD_SIZE when
CFG_CORE_SANITIZE_KADDRESS=y. With that, xtest passes on
PLATFORM=vexpress-qemu_armv8a.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: prevent nefarious optimization in unchecked memcpy() and memset()

Add __inhibit_loop_to_libcall qualifier to asan_memcpy_unchecked() and
asan_memset_unchecked() so that the compiler does

core: asan: prevent nefarious optimization in unchecked memcpy() and memset()

Add __inhibit_loop_to_libcall qualifier to asan_memcpy_unchecked() and
asan_memset_unchecked() so that the compiler does not invoke the real
(checked) memcpy() and memset().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard l

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard library calls (typically: memcpy() and memset()).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked ver

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked versions of
these functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: initialize __exidx and __extab only for __arm__

__exidx_start/__exidx_end and __extab_start/__extab_end are defined
only for 32-bit Arm, so guard their ASAN initialization with __arm__.

core: asan: initialize __exidx and __extab only for __arm__

__exidx_start/__exidx_end and __extab_start/__extab_end are defined
only for 32-bit Arm, so guard their ASAN initialization with __arm__.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_armv8a: define CFG_ASAN_SHADOW_OFFSET

Sets the proper value for CFG_ASAN_SHADOW_OFFSET in order to enable
CFG_CORE_SANITIZE_KADDRESS=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro

qemu_armv8a: define CFG_ASAN_SHADOW_OFFSET

Sets the proper value for CFG_ASAN_SHADOW_OFFSET in order to enable
CFG_CORE_SANITIZE_KADDRESS=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: qemuv8: add check Hafnium

Adds a check with Hafnium, that is, testing with Hafnium as SPMC at S-EL2
and OP-TEE as an SP at S-EL1. Building with SPMC_AT_EL=2.

Signed-off-by: Jens Wiklander <jens

ci: qemuv8: add check Hafnium

Adds a check with Hafnium, that is, testing with Hafnium as SPMC at S-EL2
and OP-TEE as an SP at S-EL1. Building with SPMC_AT_EL=2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewe

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: attestation: check return value of crypto_bignum_bin2bn()

Check the return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Foris

core: pta: attestation: check return value of crypto_bignum_bin2bn()

Check the return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-o

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.fa

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.
Use array index syntax instead of pointer arithmetic for better
readability.

Signed-off-by: Clem

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.
Use array index syntax instead of pointer arithmetic for better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: rsamgf: initialize allocated buffer

In drvcrypt_rsa_mgf1() function, the memcpy() could potentially
copy an uninitialized buffer. Allocate and initialize tmpdigest buffer
with calloc() inste

crypto: rsamgf: initialize allocated buffer

In drvcrypt_rsa_mgf1() function, the memcpy() could potentially
copy an uninitialized buffer. Allocate and initialize tmpdigest buffer
with calloc() instead of malloc().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: mp: fix memory on CAAM descriptor allocation failure

Free the output DMA object upon CAAM descriptor allocation failure.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by

drivers: caam: mp: fix memory on CAAM descriptor allocation failure

Free the output DMA object upon CAAM descriptor allocation failure.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: free resource upon dmaobj initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_init_[input|output}() failure
to free buffer allocated by allocate_private().

Signed-off-by:

drivers: caam: free resource upon dmaobj initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_init_[input|output}() failure
to free buffer allocated by allocate_private().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_mu: read RX and TX buffer sizes from MU configuation register

On i.MX8ULP, there are multiple MUs with a different number of RX and TX
buffer sizes. To make the driver generic for all M

drivers: imx_mu: read RX and TX buffer sizes from MU configuation register

On i.MX8ULP, there are multiple MUs with a different number of RX and TX
buffer sizes. To make the driver generic for all MUs on this platform, get
the RX and TX buffer size from the MU configuration register.

The configuration remains static for i.MX8Q.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...