core: asan: prevent nefarious optimization in unchecked memcpy() and memset()

Add __inhibit_loop_to_libcall qualifier to asan_memcpy_unchecked() and
asan_memset_unchecked() so that the compiler does

core: asan: prevent nefarious optimization in unchecked memcpy() and memset()

Add __inhibit_loop_to_libcall qualifier to asan_memcpy_unchecked() and
asan_memset_unchecked() so that the compiler does not invoke the real
(checked) memcpy() and memset().

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard l

compiler.h: add __inhibit_loop_to_libcall

Introduce __inhibit_loop_to_libcall which allows to disable a specific
compiler optimization that detects and replaces some open coded loops
with standard library calls (typically: memcpy() and memset()).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked ver

libutils: asan: raw_realloc(): use unchecked memset() and memcpy()

When raw_realloc() invokes memset() and memcpy() the destination buffer
is not yet tagged for ASAN. Therefore use the unchecked versions of
these functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: asan: initialize __exidx and __extab only for __arm__

__exidx_start/__exidx_end and __extab_start/__extab_end are defined
only for 32-bit Arm, so guard their ASAN initialization with __arm__.

core: asan: initialize __exidx and __extab only for __arm__

__exidx_start/__exidx_end and __extab_start/__extab_end are defined
only for 32-bit Arm, so guard their ASAN initialization with __arm__.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_armv8a: define CFG_ASAN_SHADOW_OFFSET

Sets the proper value for CFG_ASAN_SHADOW_OFFSET in order to enable
CFG_CORE_SANITIZE_KADDRESS=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro

qemu_armv8a: define CFG_ASAN_SHADOW_OFFSET

Sets the proper value for CFG_ASAN_SHADOW_OFFSET in order to enable
CFG_CORE_SANITIZE_KADDRESS=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: qemuv8: add check Hafnium

Adds a check with Hafnium, that is, testing with Hafnium as SPMC at S-EL2
and OP-TEE as an SP at S-EL1. Building with SPMC_AT_EL=2.

Signed-off-by: Jens Wiklander <jens

ci: qemuv8: add check Hafnium

Adds a check with Hafnium, that is, testing with Hafnium as SPMC at S-EL2
and OP-TEE as an SP at S-EL1. Building with SPMC_AT_EL=2.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewe

core: tee: initialize variables in entry_open_session()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>

lib: libutee: initialize variables in TEE_GetPropertyAsString()

Initialize local variables at declaration as specified by the coding
guidelines.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: attestation: check return value of crypto_bignum_bin2bn()

Check the return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Foris

core: pta: attestation: check return value of crypto_bignum_bin2bn()

Check the return value of crypto_bignum_bin2bn().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-o

core: tee: initialize dirfile_entry objects

Coverity reports many errors where dirfile_entry{} is used
un-initialized.
Resolve these errors by setting these objects to zero on declaration.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

core: tee: entry_open_session(): initialize tee_ta_param object

Initialize tee_ta_param{} to zero in entry_open_session() so it can be used
initialized in cleanup_shm_refs() without Coverity error.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.fa

lib: libutee: initialize TA property type

TA property type `type` is declared without being initialized and might
be used in the if statement uninitialized.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-

lib: libutee: fix use after free

Make sure to call addr_is_in_no_share_heap() before the freeing buffer.
This is a false positive as only the pointer value is used and not the
memory freed.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.
Use array index syntax instead of pointer arithmetic for better
readability.

Signed-off-by: Clem

drivers: caam: remove dead code

Remove value check as it cannot be true and appears to be dead code.
Use array index syntax instead of pointer arithmetic for better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: rsamgf: initialize allocated buffer

In drvcrypt_rsa_mgf1() function, the memcpy() could potentially
copy an uninitialized buffer. Allocate and initialize tmpdigest buffer
with calloc() inste

crypto: rsamgf: initialize allocated buffer

In drvcrypt_rsa_mgf1() function, the memcpy() could potentially
copy an uninitialized buffer. Allocate and initialize tmpdigest buffer
with calloc() instead of malloc().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: mp: fix memory on CAAM descriptor allocation failure

Free the output DMA object upon CAAM descriptor allocation failure.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by

drivers: caam: mp: fix memory on CAAM descriptor allocation failure

Free the output DMA object upon CAAM descriptor allocation failure.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: caam: free resource upon dmaobj initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_init_[input|output}() failure
to free buffer allocated by allocate_private().

Signed-off-by:

drivers: caam: free resource upon dmaobj initialization failure

Call caam_dmaobj_free() upon caam_dmaobj_init_[input|output}() failure
to free buffer allocated by allocate_private().

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

drivers: imx_mu: read RX and TX buffer sizes from MU configuation register

On i.MX8ULP, there are multiple MUs with a different number of RX and TX
buffer sizes. To make the driver generic for all M

drivers: imx_mu: read RX and TX buffer sizes from MU configuation register

On i.MX8ULP, there are multiple MUs with a different number of RX and TX
buffer sizes. To make the driver generic for all MUs on this platform, get
the RX and TX buffer size from the MU configuration register.

The configuration remains static for i.MX8Q.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: plat-versal: Add maybe_unused attribute to constant strings

If log level is set to print only EMSGs, constant strings can be unused.
Add maybe_unused attribute to prevent compilation erro

core: arm: plat-versal: Add maybe_unused attribute to constant strings

If log level is set to print only EMSGs, constant strings can be unused.
Add maybe_unused attribute to prevent compilation errors.

Signed-off-by: Sriram Sriram <sriramsriram@microsoft.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

crypto: stm32: use generic macro in authenc.c

Replace TOBE32 and FROMBE32 macros with generic TEE_U32_TO_BIG_ENDIAN and
TEE_U32_FROM_BIG_ENDIAN respectively.

Signed-off-by: Thomas Bourgoin <thomas.

crypto: stm32: use generic macro in authenc.c

Replace TOBE32 and FROMBE32 macros with generic TEE_U32_TO_BIG_ENDIAN and
TEE_U32_FROM_BIG_ENDIAN respectively.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: conf: default enable SAES

Default enable SAES compilation.
Enable the STM32_CRYPTO_DRIVERS if any crypto SAES or CRYP is compiled.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@fos

plat-stm32mp1: conf: default enable SAES

Default enable SAES compilation.
Enable the STM32_CRYPTO_DRIVERS if any crypto SAES or CRYP is compiled.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: stm32_saes: redefine huk_subkey_derive()

We set huk_subkey_derive() as a weak function and we define it in SAES
driver to be able to use SAES IP to make a secure key derivation from
the SAE

drivers: stm32_saes: redefine huk_subkey_derive()

We set huk_subkey_derive() as a weak function and we define it in SAES
driver to be able to use SAES IP to make a secure key derivation from
the SAES only accessible SOC unique secret key.

We use the Key Derivation function (KDF) in counter mode defined in [1]
using as the PRF (pseudo random function) the PRF(AES-CMAC).
PRF(AES-CMAC) is hardware accelerated by SAES, and use the secure DHUK
(derived hardware unique key) only readable by the SAES IP.

Link: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf [1]
Co-developed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of

core: allow redefinition of function huk_subkey_derive()

Set the function huk_subkey_derive() as weak to allow platform custom
implementation.
We add __huk_subkey_derive() with the implementation of
HUK derivation so the default implementation is still accessible
when huk_subkey_derive() is overridden.
This is useful if the key derivation is implemented using hardware
discovered during intilization.
If the substem used to derive a key is disabled, the function
__huk_subkey_derive() can be used as a fallback.

Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

crypto: stm32: SAES cipher support

Add SAES HW driver, and update OP-TEE cipher hooks to be able to use
SAES or CRYP for cipher algorithms.
SAES and CRYP cannot be enabled at the same time in OP-TEE

crypto: stm32: SAES cipher support

Add SAES HW driver, and update OP-TEE cipher hooks to be able to use
SAES or CRYP for cipher algorithms.
SAES and CRYP cannot be enabled at the same time in OP-TEE.

Co-developed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

plat-stm32mp1: allocate SAES to secure world

SAES was allocated to non-secure world but it should be allocated to
OP-TEE.

Fixes: b5ec47ff7668 ("plat-stm32mp1: temporary ETZPC configuration")
Signed

plat-stm32mp1: allocate SAES to secure world

SAES was allocated to non-secure world but it should be allocated to
OP-TEE.

Fixes: b5ec47ff7668 ("plat-stm32mp1: temporary ETZPC configuration")
Signed-off-by: Thomas Bourgoin <thomas.bourgoin@foss.st.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...