core: arm: fix external DT when async notif interrupt is a GIC PPI

Fixes values loaded in interrupt properties of the optee node created
in external DT for cases where the interrupt used is a PPI.

core: arm: fix external DT when async notif interrupt is a GIC PPI

Fixes values loaded in interrupt properties of the optee node created
in external DT for cases where the interrupt used is a PPI.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: gic: rename macros GIC_SGI, GIC_PPI and GIC_SPI

Renames OP-TEE core macros GIC_SGI(), GIC_PPI() and GIC_SPI() to
GIC_xxx_TO_ITNUM() to prevent collision with macros GIC_SPI and CFG_PPI
defined

core: gic: rename macros GIC_SGI, GIC_PPI and GIC_SPI

Renames OP-TEE core macros GIC_SGI(), GIC_PPI() and GIC_SPI() to
GIC_xxx_TO_ITNUM() to prevent collision with macros GIC_SPI and CFG_PPI
defined in GIC DT bindings.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: Allow to embed binary SPs to OP-TEE binary

If the ELF header is not found in the file, then assume it's a binary
format SP.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wikla

core: sp: Allow to embed binary SPs to OP-TEE binary

If the ELF header is not found in the file, then assume it's a binary
format SP.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Add support for raw binary format SPs

The current SP loading mechanism is using a similar ELF format as
GP TAs. The new SP format is a flat binary which doesn't require the
presence of a

core: spmc: Add support for raw binary format SPs

The current SP loading mechanism is using a similar ELF format as
GP TAs. The new SP format is a flat binary which doesn't require the
presence of an ELF loader and it doesn't have any SPMC specific ties.
These properties make the format the one that can be used across
different SPMC implementations. Combined with the load address relative
memory regions the sections of the binary can be mapped in a similar
way as with ELF files.
The elf-format field of the SP manifest selects the ELF based or the
binary format loading mechanism.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Add support for load address relative memory regions

Add support for memory regions where the required VA is set as an
offset from the SP's load address. The mapping of memory regions is

core: spmc: Add support for load address relative memory regions

Add support for memory regions where the required VA is set as an
offset from the SP's load address. The mapping of memory regions is
done in two phases. First the load address relative memory regions
are being mapped to the given VA and then ones where the VA is
selected by the system. This way conflicts between the memory regions
in the VA space can be prevented.
The NOBITS load-flags value is similar to the NOBITS ELF sections. If
this bit is set then the SPMC allocates new area otherwise it will set
the access rights of already mapped areas.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Provide access to TS load address

Propagate ELF load address from ldelf to user mode context as a
preparation for load address relative memory regions.

Signed-off-by: Imre Kis <imre.kis@arm.

ldelf: Provide access to TS load address

Propagate ELF load address from ldelf to user mode context as a
preparation for load address relative memory regions.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: Differentiate return values of SP manifest helpers

Distinguish between non-existing properties and invalid property
lengths in manifest helper functions to allow having optional
properti

core: spmc: Differentiate return values of SP manifest helpers

Distinguish between non-existing properties and invalid property
lengths in manifest helper functions to allow having optional
properties.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to

versal: enable the crypto driver

The crypto driver API provides an extra indirection level to enable
different ciphers.

Since Versal ACAP supports acipher and authenc, enable them.

Falling-back to software operations (RSA sign/verify) triggers a
fault detection; we will disable this config while a solution is
found.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

versal: increase CFG_CORE_HEAP_SIZE

Empirically incrementing limit to avoid OOM when executing xtests.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.for

versal: increase CFG_CORE_HEAP_SIZE

Empirically incrementing limit to avoid OOM when executing xtests.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: rsa: only support sign/verify operations

RSA encryption/decryption is not supported (the PLM does not
return the size of the encrypted/decrypted buffers).

Signed-off-by: Jorge Ramir

crypto: versal: rsa: only support sign/verify operations

RSA encryption/decryption is not supported (the PLM does not
return the size of the encrypted/decrypted buffers).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: ecc: sign/verify fix

Both the message (hash) and the generated signatures must be swapped.

The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.

crypto: versal: ecc: sign/verify fix

Both the message (hash) and the generated signatures must be swapped.

The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.

Signing and verifying using pkcs#11 alone (ie like done in xtest) was
not sufficient to capture this bug.

PTOOL='pkcs11-tool --module /usr/lib/libckteec.so.0.1.0'
SO_PIN=55555555
PIN=44444444
FILE=hello

printf "OP-TEE: create key pair"
$PTOOL --id 01 --label ldts --token-label fio --pin $PIN \
--keypairgen \
--key-type EC:prime384v1

printf "OP-TEE: read the public key"
$PTOOL -l --pin $PIN --id 01 \
--read-object --type pubkey --output-file pubkey.spki

printf "Openssl: export key to PEM"
openssl ec -inform DER -outform PEM -in pubkey.spki -pubin > pubkey.pub

printf "Create file to sign"
echo "hello world" > $FILE

printf "OpenSSL: create the file sha384"
openssl dgst -binary -sha384 $FILE > $FILE.hash

printf "OP-TEE: generate signature "
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--sign
--input-file $FILE.hash
--output-file $FILE.sig
--mechanism ECDSA
-f openssl

printf "OpenSSL: verify signature"
openssl dgst -sha384 -verify pubkey.pub -signature "$FILE".sig "$FILE"

printf "OP-TEE: verify signature"
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--verify \
--input-file $FILE.hash \
--signature-format openssl \
--signature-file $FILE.sig \
--mechanism ECDSA

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: disable QEMUv8_check_rust job

Since the GlobalPlatrform 1.3.1 update, the check-rust job is failing
because some Rust interface needs to be updated [1]. In the meantime,
disable the CI job.

Lin

ci: disable QEMUv8_check_rust job

Since the GlobalPlatrform 1.3.1 update, the check-rust job is failing
because some Rust interface needs to be updated [1]. In the meantime,
disable the CI job.

Link: [1] https://github.com/OP-TEE/optee_os/pull/5688#issuecomment-1370608865
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: QEMuv8_check*: do not run as root

Now that the Docker image doesn't come with pre-cloned source files
owned by root, there is no need to use sudo to run commands.
Check out the build tree as the

ci: QEMuv8_check*: do not run as root

Now that the Docker image doesn't come with pre-cloned source files
owned by root, there is no need to use sudo to run commands.
Check out the build tree as the CI user, one level higher than the
optee_os checkout created for the current CI run.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ci: add job with BTI, MTE and PAC enabled

Add a new job to test OP-TEE with Branch Target Identification,
Memory Tagging Extension and Pointer Authentication Codes enabled.
BTI requires special supp

ci: add job with BTI, MTE and PAC enabled

Add a new job to test OP-TEE with Branch Target Identification,
Memory Tagging Extension and Pointer Authentication Codes enabled.
BTI requires special support in the toolchain (libgcc) so use a
custom cross-compiler (aarch64-unknown-linux-uclibc-gcc) which is
installed in the Docker image.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: make QEMUv8 jobs download source tree from scratch

Update the QEMUv8 jobs to user a new Docker image:
jforissier/optee_os_ci:qemuv8_check2 [2]. The main differences with
the previous one (:qemuv

ci: make QEMUv8 jobs download source tree from scratch

Update the QEMUv8 jobs to user a new Docker image:
jforissier/optee_os_ci:qemuv8_check2 [2]. The main differences with
the previous one (:qemuv8_check [1]) are:
- The OP-TEE development tree is not included. Instead a script is used
to download the source trees via repo init, repo sync etc.
(/root/get_optee_qemuv8.sh).
- The new image contains a toolchain with full BTI support.

Several reasons for that:
- The Gits in the older Docker image can be outdated. Doing "repo sync"
then rebuilding without "make clean" often works in practice but it
can also cause problems when external components are updated. For
example we may run out of disk space when Buildroot is updated and
brings many new packages. It can also happen that new sources are not
properly rebuilt.
- The Docker image is much bigger if it contains a pre-built OP-TEE
tree, that means longer download times but more importantly much slower
upload times when it needs updating, which is all the more often if it
contains the non OP-TEE software.
- Caching (ccache) is enabled and saved/restored by GitHub cache actions
so build time should not suffer too much.

Link: [1] https://github.com/jforissier/docker_optee_os_ci/tree/qemuv8_check
Link: [2] https://github.com/jforissier/docker_optee_os_ci/tree/qemuv8_check2
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: use set -v consistently

Use "set -v" in all jobs to display the commands before they are
executed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etie

ci: use set -v consistently

Use "set -v" in all jobs to display the commands before they are
executed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: configure ccache for jobs that use Buildroot

The jobs that use Buildroot are not configured properly to benefit from
ccache when compiling the Builroot packages. Therefore set BR2_CCACHE_DIR
to

ci: configure ccache for jobs that use Buildroot

The jobs that use Buildroot are not configured properly to benefit from
ccache when compiling the Builroot packages. Therefore set BR2_CCACHE_DIR
to point to the location that is cached by the CI environment.

The QEMUv8_check_rust job also needs a cache action and should not
change HOME to /root because ccache would default to /root/.cache
instead of /github/home/.cache.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: move Xen checks to a separate job

Move the Xen tests out of the QEMUv8_check job into their own job:
QEMUv8_Xen_check. This allows parallel execution which should reduce
the overall CI time. It

ci: move Xen checks to a separate job

Move the Xen tests out of the QEMUv8_check job into their own job:
QEMUv8_Xen_check. This allows parallel execution which should reduce
the overall CI time. It is easier to see what fails from the main CI
report as well.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core, ldelf: add support for RISC-V

RISC-V support of argument for ldelf dump state.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@lin

core, ldelf: add support for RISC-V

RISC-V support of argument for ldelf dump state.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core, ldelf: replace is_arm32 with is_32bit

To refer to 32-bit mode, this commit replace is_arm32 with is_32bit
in the following files:
- core/kernel/ldelf_loader.c
- ldelf/include/ldelf.h
- ldelf/m

core, ldelf: replace is_arm32 with is_32bit

To refer to 32-bit mode, this commit replace is_arm32 with is_32bit
in the following files:
- core/kernel/ldelf_loader.c
- ldelf/include/ldelf.h
- ldelf/main.c

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: kernel: move ldelf_loader.c to core/kernel

Make other architecture implementations benefit from ldelf_loader.c,
therefore move it from core/arch/arm/kernel to core/kernel.
The header file is a

core: kernel: move ldelf_loader.c to core/kernel

Make other architecture implementations benefit from ldelf_loader.c,
therefore move it from core/arch/arm/kernel to core/kernel.
The header file is already located outside the arch folder.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to b

GP131: Fix the TEE_ALG_SM2_PKE define

The define TEE_ALG_SM2_PKE was introduced with the value 0x80000045 in
the v1.2 specification and later changed to 0x80000046 in v1.3. At this
point we try to be compatible with v1.3.1 so update the value to match
that version of the GlobalPlatform specification.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

GP131: tee_api_defines.h: remove obsolete comments

Removes the obsolete comments "/* vx.y.z spec */" from attributes, type,
and algorithm defines. The defines are all now up to date with GP
v1.3.1.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject

Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject.

All syscalls operating on an object handle and can return
TEE_ERROR_CO

GP131: Add TA property gpd.ta.doesNotCloseHandleOnCorruptObject

Adds the TA property gpd.ta.doesNotCloseHandleOnCorruptObject.

All syscalls operating on an object handle and can return
TEE_ERROR_CORRUPT_OBJECT must also do special treatment when
TEE_ERROR_CORRUPT_OBJECT is returned. Prior to
gpd.ta.doesNotCloseHandleOnCorruptObject this meant removing the object
and closing the object handle. With the
gpd.ta.doesNotCloseHandleOnCorruptObject property the object handle
shouldn't be close if this the current TA has the property set to true.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GP131: TEE_Asymmetric{En,De}crypt() add return codes

Adds TEE_ERROR_CIPHERTEXT_INVALID and TEE_ERROR_NOT_SUPPORTED to the
list of supported return code for TEE_AsymmetricEncrypt() and
TEE_Asymmetric

GP131: TEE_Asymmetric{En,De}crypt() add return codes

Adds TEE_ERROR_CIPHERTEXT_INVALID and TEE_ERROR_NOT_SUPPORTED to the
list of supported return code for TEE_AsymmetricEncrypt() and
TEE_AsymmetricDecrypt().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...