plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.

plat-totalcompute: change entrypoint of secure partition

The default image offset is changed from 0x1000 to 0x4000 to accommodate
the boot protocol information.

Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: save mechanism type on operation initialization

Sets session active processing mechanism type from init_symm_operation(),
init_asymm_operation() and init_disgest_operation() rather than

ta: pkcs11: save mechanism type on operation initialization

Sets session active processing mechanism type from init_symm_operation(),
init_asymm_operation() and init_disgest_operation() rather than from
their caller functions. No functional change.

Reviewed-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: J

drivers: implement lpc_uart driver

Support for lpc_uart that is a serial driver.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: support RISC-V syscall

Add 64-bit RISC-V TA system call function.
Modify the utee_syscalls_asm.S file to be generic.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: ch

libutee: support RISC-V syscall

Add 64-bit RISC-V TA system call function.
Modify the utee_syscalls_asm.S file to be generic.

Signed-off-by: liushiwei <liushiwei@eswincomputing.com>
Reviewed-by: chenchaokai <chenchaokai@eswincomputing.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: Fix tee_obj_attr_copy_from for X25519

Make sure in tee_obj_attr_copy_from() if the source object type
is TEE_TYPE_X25519_KEYPAIR the destination object type should be
TEE_TYPE_X25519_P

core: crypto: Fix tee_obj_attr_copy_from for X25519

Make sure in tee_obj_attr_copy_from() if the source object type
is TEE_TYPE_X25519_KEYPAIR the destination object type should be
TEE_TYPE_X25519_PUBLIC_KEY. The function should extract public
key attributes if presented with a key pair object.

According to the TEE Internal Core API Specification v1.2 we should
check if the source is of type *_KEYPAIR then the destination is a
subset of type *_PUBLIC_KEY when populating the destination object as
listed in the Table 5-11.

Fixes: 90040fa4c81c ("core: crypto: add X25519 support")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>

show more ...

drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL

drivers: imx_lpuart: remove stubbed .flush() implementation

There is no need to provide function stubs for unimplemented functions
in struct serial_ops. Just let the compiler set the pointer to NULL.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(

drivers: struct serial_ops: make all functions optional except putc()

Many platforms only use the putc() function pointer in struct
serial_ops. Therefore, explicitly make the others optional (flush(),
have_rx_data() and getchar()) by adding comments to the struct and
making sure the code checks the pointer before using them.

With this it should be clear that drivers do not need to provide
stub functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES K

ta: pkcs11: Add RSA AES key wrap

The PKCS#11 Specification:
https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/
pkcs11-spec-v3.1-cs01.pdf

6.1.23 RSA AES KEY WRAP

The mechanism requires AES KWP mechanism CKM_AES_KEY_WRAP_KWP
which is not currently implemented in OP-TEE nor mentioned in
Global Platform specification.

Use the MBedTLS to wrap/unwrap the target key.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some

ta: pkcs11: Copy secret key data for wrapping

Currently the secret-key data is returned as a pointer to
the key attribute parameter. But the RSA private key
constitites of multiple parameters, some memory has to be
allocated and populated. After the unwrapping an allocated
memory has to be freed. To generalise, return the secret
key value as a copy.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libmbedtls: Enable nist_kw

Enable the AES KW mechanisms to be able to use them
from a trusted application.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Serg

libmbedtls: Enable nist_kw

Enable the AES KW mechanisms to be able to use them
from a trusted application.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libmbedtls: Fix cipher_wrap.c for nist_kw

The *_ctx_clone() function is missing and therefore
the wrong function pointers are assigned to
.ctx_free_func when MBEDTLS_NIST_KW_C is enabled.

lib/libmb

libmbedtls: Fix cipher_wrap.c for nist_kw

The *_ctx_clone() function is missing and therefore
the wrong function pointers are assigned to
.ctx_free_func when MBEDTLS_NIST_KW_C is enabled.

lib/libmbedtls/mbedtls/library/cipher_wrap.c:2248:5: warning:
initialization of ‘void (*)(void *, const void *)’ from incompatible
pointer type ‘void (*)(void *)’ [-Wincompatible-pointer-types]
2248 | kw_ctx_free,
^~~~~~~~~~~

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
-

core: drivers: nxp: Add LX series SFP driver

- Implement reading and writing to the NXP LX2160-series Security Fuse
Processor (SFP).
- Add the CFG_LS_SFP flag to enable building the SFP driver.
- The SFP driver should be able to:
- Read the entire SFP.
- Read the debug level.
- Read the Intent to Secure (ITS) and Secure Boot (SB) flags.
- Read individual OEM Unique Scratch Pad Fuse (OUID) registers.
- Read individual Super Root Key Hash (SRKH) registers.
- Set the debug level.
- Set the device to permanently program the fuse block by
setting the ITS and SB flags.
- Set individual OUID registers.
- Get the status of the SFP driver itself.
- Update fsl-lx2160a device tree with sfp and gpio nodes.

Signed-off-by: Andrew Mustea <andrew.mustea@microsoft.com>
Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: remove _utee_se_*() prototypes

Removes the obsolete _utee_se_*() prototypes in utee_syscalls.h.

Fixes: e147a447ccc0 ("Remove Secure Element API support")
Reviewed-by: Etienne Carriere <eti

libutee: remove _utee_se_*() prototypes

Removes the obsolete _utee_se_*() prototypes in utee_syscalls.h.

Fixes: e147a447ccc0 ("Remove Secure Element API support")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix TEE_MemFill() return type

TEE_MemFill() has until this patch returned a void *, but the standard
says it should return void. So fix this.

Reviewed-by: Etienne Carriere <etienne.carrier

libutee: fix TEE_MemFill() return type

TEE_MemFill() has until this patch returned a void *, but the standard
says it should return void. So fix this.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alt

Fix TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_*

Commit 5b385b3f835d ("core: crypto: add support for SM2 KEP")defined by
mistake the wrong values for these two. To fix this we're are renaming
these IDs alternative IDs which OP-TEE will recognize in addition to the
correct official values when deriving a key using the TEE_ALG_SM2_KEP
algorithm.

TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_X and
TEE_ATTR_ECC_EPHEMERAL_PUBLIC_VALUE_Y are only used as input parameters
so there is no need to translate back to the old invalid values.

Fixes: 5b385b3f835d ("core: crypto: add support for SM2 KEP")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: embedded_ts: use mempool to decompress TS image

Changes embedded TS management to have zlib using default mempool to
allocate buffers for image decompression. This is useful as the process
can

core: embedded_ts: use mempool to decompress TS image

Changes embedded TS management to have zlib using default mempool to
allocate buffers for image decompression. This is useful as the process
can require buffer of several kilobytes.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: fix debug message

Minor mistake of printing key handle values after reset.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.o

ta: pkcs11: fix debug message

Minor mistake of printing key handle values after reset.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acke

core: crypto: implement SM4 XTS

In this patch, we add software computing support for sm4-xts.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@

core, libutee: introduce TEE_ALG_SM4_XTS

In this patch, The sm4-xts algorithm is supported in the GP process.

Signed-off-by: Pingan Xie <xiepingan3@huawei.com>
Reviewed-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_COR

Update reported version to GP Core Internal API v1.3.1

Updates the reported version to 1.3.1. Three new defines:
- TEE_CORE_API_REQUIRED_MAJOR_VERSION
- TEE_CORE_API_REQUIRED_MINOR_VERSION
- TEE_CORE_API_REQUIRED_MAINTENANCE_VERSION
are added by the standard as a way for the TA to specify required
version of the API. OP-TEE only supports downgrading to version 1.1.

A simplified OP-TEE specific method is also provided:
Adds the configuration option CFG_TA_OPTEE_CORE_API_COMPAT_1_1 which
enables TEE Internal Core API v1.1 compatibility for in-tree TAs.

The TA dev kit is also updated to recognize
CFG_TA_OPTEE_CORE_API_COMPAT_1_1 and set define
__OPTEE_CORE_API_COMPAT_1_1 to 1 if set.

These new defines does not do anything yet, but in following commits
functions and types will be updated gradually until all functions and
types changed in version 1.3.1 compared to the ones in v1.1 have been
updated.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: versal: SHA3-384 engine

Maintain the Versal ACAP SHA3-384 driver

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-b

MAINTAINERS: versal: SHA3-384 engine

Maintain the Versal ACAP SHA3-384 driver

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>

show more ...

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the le

drivers: versal: SHA3-384 engine support

Enable the PLM controlled SHA3-384 cryptographic engine for TEE core
usage.

Since the engine does not have the concept of "context", it can't
provide the level support required by user-space (multiple parallel
contexts) hence why it is being provided just to the core.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Nathan Menhorn <nathan.menhorn@amd.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algor

crypto: fallback to LibTomCrypt for X25519/Ed25519 when CFG_CRYPTOLIB_NAME=mbedtls

Mbed TLS currently does not support X25519/Ed25519. This commit allows the
use of LTC implementation of these algorithms when CFG_CRYPTO_ED25519=y
and/or CFG_CRYPTO_X25519=y, and CFG_CRYPTOLIB_NAME=mbedtls.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: Versal ACAP: RSA driver maintained

Maintain RSA driver for Versal ACAP.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <j

crypto: versal: RSA driver

This driver uses the PLM xilsecure service to deliver RSA
encryption/decryption functionality.

https://github.com/Xilinx/embeddedsw

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...