riscv: plat-spike: conf.mk: set CFG_TEE_RAM_VA_SIZE to 4MB

Set CFG_TEE_RAM_VA_SIZE to 0x00400000 in core/arch/riscv/plat-spike/conf.mk

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
A

riscv: plat-spike: conf.mk: set CFG_TEE_RAM_VA_SIZE to 4MB

Set CFG_TEE_RAM_VA_SIZE to 0x00400000 in core/arch/riscv/plat-spike/conf.mk

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: include: riscv_macros.S: define RISC-V macro helpers

Add multiplication macro for RISC-V harts without M extension.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jer

riscv: include: riscv_macros.S: define RISC-V macro helpers

Add multiplication macro for RISC-V harts without M extension.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: kernel: add stub for tee_time_get_sys_time()

A stub implementation which returns TEE_ERROR_NOT_IMPLEMENTED for now.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jen

riscv: kernel: add stub for tee_time_get_sys_time()

A stub implementation which returns TEE_ERROR_NOT_IMPLEMENTED for now.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: kernel: idle.c: implement cpu_idle()

Required by panic() to abort current execution. It ensures memory
operations were complete and stalls the hart.

Signed-off-by: Marouene Boubakri <marouen

riscv: kernel: idle.c: implement cpu_idle()

Required by panic() to abort current execution. It ensures memory
operations were complete and stalls the hart.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: kernel: main.c: implement tee_otp_get_hw_unique_key()

Sets the hardware unique key to zero. To model OTP device, Spike introduce
the ability to write plugins in the form of shared object file

riscv: kernel: main.c: implement tee_otp_get_hw_unique_key()

Sets the hardware unique key to zero. To model OTP device, Spike introduce
the ability to write plugins in the form of shared object files that allow
user-defined Memory-Mapped-I/O behaviors.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: include: add core_mmu_arch.h

Add defines for MMU configuration and helper functions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere

riscv: include: add core_mmu_arch.h

Add defines for MMU configuration and helper functions.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

riscv: include: add thread_arch.h

Minimalist version which defines contexts registers structures and
thread local structure. This to allow compiling for RISC-V architecture.

Signed-off-by: Marouene

riscv: include: add thread_arch.h

Minimalist version which defines contexts registers structures and
thread local structure. This to allow compiling for RISC-V architecture.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

riscv: include: add cache_helpers_arch.h

Nothing to define for now.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

riscv: core: define CFG_MAX_CACHE_LINE_SHIFT in riscv.mk

Define platform specific maximum cache line size in address lines.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Je

riscv: core: define CFG_MAX_CACHE_LINE_SHIFT in riscv.mk

Define platform specific maximum cache line size in address lines.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: include: cache_helpers.h: allow reusing architecture-dependent code

To allow reuse of architecture-dependent code, divide original
cache_helpers.h into two separate header files
core/$arch/inc

core: include: cache_helpers.h: allow reusing architecture-dependent code

To allow reuse of architecture-dependent code, divide original
cache_helpers.h into two separate header files
core/$arch/include/kernel/cache_helpers_arch.h and
core/include/kernel/cache_helpers.h

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
[jf: set author to be same as Signed-off-by:]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

riscv: include: kernel: add tee_l2cc_mutex.h

The tee_l2cc_mutex.h header file is required by core/mm/core_mmu.c
and core/mm/vm.c, therefore, add an empty one to pass compilation.

Signed-off-by: Mar

riscv: include: kernel: add tee_l2cc_mutex.h

The tee_l2cc_mutex.h header file is required by core/mm/core_mmu.c
and core/mm/vm.c, therefore, add an empty one to pass compilation.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

riscv: include: add misc_arch.h

Nothing to define for now.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

core: include: misc.h: divide into misc.h and misc_arch.h

get_core_pos() is architecture-independent function and could be re-used
by an arch implementation, therefore, move it to a separate header

core: include: misc.h: divide into misc.h and misc_arch.h

get_core_pos() is architecture-independent function and could be re-used
by an arch implementation, therefore, move it to a separate header file
core/include/kernel/misc.h, and, keep architecture-dependent code
in core/$arch/include/kernel/misc_arch.h

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: set author to be same as Signed-off-by:]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: add fault mitigations in ree_fs_ta_open()

Adds and enables fault mitigation in ree_fs_ta_open() to check the
signature of the TA before returning success.

Acked-by: Jerome Forissier <jerome.f

core: add fault mitigations in ree_fs_ta_open()

Adds and enables fault mitigation in ree_fs_ta_open() to check the
signature of the TA before returning success.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fault mitigations in buf_ta_open()

Adds and enables fault mitigation in buf_ta_open() to check both the
signature of the TA and then also the hash of the TA before returning
success.

Acke

core: add fault mitigations in buf_ta_open()

Adds and enables fault mitigation in buf_ta_open() to check both the
signature of the TA and then also the hash of the TA before returning
success.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fault mitigations to shdr_verify_signature*()

Adds fault mitigations to shdr_verify_signature() and
shdr_verify_signature2(). shdr_verify_signature() and
shdr_verify_signature2() are calle

core: add fault mitigations to shdr_verify_signature*()

Adds fault mitigations to shdr_verify_signature() and
shdr_verify_signature2(). shdr_verify_signature() and
shdr_verify_signature2() are called using the wrapper FTMN_CALL_FUNC()
which verifies that the correct function was called and that the return
value hasn't been tampered with.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_C

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_CALLEE_DONE()
to record that the function was indeed called and a redundant copy of
the return value.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() and dependent
functions in libTomCrypt in order to include the critical fin

core: ltc: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() and dependent
functions in libTomCrypt in order to include the critical final
memcompare.

This fault mitigation is only enabled with the calling function enabled
fault mitigations and CFG_CORE_FAULT_MITIGATION is 'y'.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the ha

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the hash in the RSA
signature was called and was successful.

The internal call to memcmp() records the result of the comparison if
successful. This is double checked against the normal return value from
the called pk_info->verify_func().

If the normal return value is OK then the recorded return value must
match or we're likely subject to a fault injection attack and we're
triggering a panic.

If the normal return value isn't OK we don't care about the recorded
value, it's overridden by a new error code. In this case we don't know
if we're subject to a fault injection attack or not, the important thing
to make sure that the calling function doesn't miss the error.

This fault mitigation is only enabled with the calling function enabled
fault mitigations and CFG_CORE_FAULT_MITIGATION is 'y'.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just
mbedtls_safer_memcmp() when checking that the hash in the RSA signature
is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp()

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking
that the hash in the RSA signature is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fault mitigation tests

Adds some simple test for the fault mitigation routines.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@lina

core: add fault mitigation tests

Adds some simple test for the fault mitigation routines.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at leas

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at least improve the situation.

These routines focus on verifying that a function has been called and
that the returned value matches the result from the function. This is
done by having a handshake between the caller and the callee where also
the return value is transmitted in a separate channel.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: remove pager annotations

Configuration with pager and FF-A is currently not supported. Supporting
this would require extensions to the FF-A specification to be able to
load OP-TEE with pa

core: ffa: remove pager annotations

Configuration with pager and FF-A is currently not supported. Supporting
this would require extensions to the FF-A specification to be able to
load OP-TEE with paging enabled. So far we don't have any platforms with
FF-A which are memory constrained enough that paging can be motivated. If
this would change we'll have a good use case to test with when adding
pager support for FF-A.

Currently we have a few pager annotations (DECLARE_KEEP_PAGER() and
__*_unpaged) which are effectively unused. So save us from adding yet
more unused annotations by removing the few we have in the FF-A specific
code.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: compile with -std=gnu11 instead of -std=gnu99

Changes C source build directives to comply with C11 instead of C99.
This change affects core and user applications and libraries. C11 is
supported

mk: compile with -std=gnu11 instead of -std=gnu99

Changes C source build directives to comply with C11 instead of C99.
This change affects core and user applications and libraries. C11 is
supported in GCC since version 4.7, see [1].

This change is initially intended to bring aligned_alloc() support in
OP-TEE.

Link: [1] https://gcc.gnu.org/wiki/C11Status
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...