core: add fault mitigations in buf_ta_open()

Adds and enables fault mitigation in buf_ta_open() to check both the
signature of the TA and then also the hash of the TA before returning
success.

Acke

core: add fault mitigations in buf_ta_open()

Adds and enables fault mitigation in buf_ta_open() to check both the
signature of the TA and then also the hash of the TA before returning
success.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fault mitigations to shdr_verify_signature*()

Adds fault mitigations to shdr_verify_signature() and
shdr_verify_signature2(). shdr_verify_signature() and
shdr_verify_signature2() are calle

core: add fault mitigations to shdr_verify_signature*()

Adds fault mitigations to shdr_verify_signature() and
shdr_verify_signature2(). shdr_verify_signature() and
shdr_verify_signature2() are called using the wrapper FTMN_CALL_FUNC()
which verifies that the correct function was called and that the return
value hasn't been tampered with.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_C

drivers: crypto: add stubbed fault mitigation in crypto_acipher_rsassa_verify()

Adds a stubbed fault mitigation for the drivers version of
crypto_acipher_rsassa_verify). End the function with FTMN_CALLEE_DONE()
to record that the function was indeed called and a redundant copy of
the return value.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() and dependent
functions in libTomCrypt in order to include the critical fin

core: ltc: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() and dependent
functions in libTomCrypt in order to include the critical final
memcompare.

This fault mitigation is only enabled with the calling function enabled
fault mitigations and CFG_CORE_FAULT_MITIGATION is 'y'.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the ha

core: libmbedtls: add fault mitigation in crypto_acipher_rsassa_verify()

Adds fault mitigations in crypto_acipher_rsassa_verify() by checking
that the internal call to memcmp() when verifying the hash in the RSA
signature was called and was successful.

The internal call to memcmp() records the result of the comparison if
successful. This is double checked against the normal return value from
the called pk_info->verify_func().

If the normal return value is OK then the recorded return value must
match or we're likely subject to a fault injection attack and we're
triggering a panic.

If the normal return value isn't OK we don't care about the recorded
value, it's overridden by a new error code. In this case we don't know
if we're subject to a fault injection attack or not, the important thing
to make sure that the calling function doesn't miss the error.

This fault mitigation is only enabled with the calling function enabled
fault mitigations and CFG_CORE_FAULT_MITIGATION is 'y'.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()

Adds fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of just
mbedtls_safer_memcmp() when checking that the hash in the RSA signature
is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp()

libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()

Adds fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext() by using
the macro FTMN_CALLEE_DONE_MEMCMP() instead of memcmp() when checking
that the hash in the RSA signature is matching the expected value.

FTMN_CALLEE_DONE_MEMCMP() saves on success the result in a thread local
storage if fault mitigations was enabled when the function was called.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add fault mitigation tests

Adds some simple test for the fault mitigation routines.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@lina

core: add fault mitigation tests

Adds some simple test for the fault mitigation routines.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at leas

Basic fault mitigation routines

Adds basic fault mitigation routines designed to help protecting from
fault injection attacks on the hardware. This is by no means bullet
proof, but it should at least improve the situation.

These routines focus on verifying that a function has been called and
that the returned value matches the result from the function. This is
done by having a handshake between the caller and the callee where also
the return value is transmitted in a separate channel.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: remove pager annotations

Configuration with pager and FF-A is currently not supported. Supporting
this would require extensions to the FF-A specification to be able to
load OP-TEE with pa

core: ffa: remove pager annotations

Configuration with pager and FF-A is currently not supported. Supporting
this would require extensions to the FF-A specification to be able to
load OP-TEE with paging enabled. So far we don't have any platforms with
FF-A which are memory constrained enough that paging can be motivated. If
this would change we'll have a good use case to test with when adding
pager support for FF-A.

Currently we have a few pager annotations (DECLARE_KEEP_PAGER() and
__*_unpaged) which are effectively unused. So save us from adding yet
more unused annotations by removing the few we have in the FF-A specific
code.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk: compile with -std=gnu11 instead of -std=gnu99

Changes C source build directives to comply with C11 instead of C99.
This change affects core and user applications and libraries. C11 is
supported

mk: compile with -std=gnu11 instead of -std=gnu99

Changes C source build directives to comply with C11 instead of C99.
This change affects core and user applications and libraries. C11 is
supported in GCC since version 4.7, see [1].

This change is initially intended to bring aligned_alloc() support in
OP-TEE.

Link: [1] https://gcc.gnu.org/wiki/C11Status
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. Thi

libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. This
change prevents conflicts with external component as faced with
SCP-firmware [1] that implements wrapper headers with #include_next for
assert.h and stdlib.h using ASSERT_H [2] and STDLIB_H [3] as header
guards as in libutils.

Prior this change did stdint.h both define STDINT_H and _STDINT_H but
guards only upon STDINT_H. This change removes STDINT_H.

Link: [1] https://github.com/ARM-software/SCP-firmware.git
Link: [2] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/assert.h#L8-L9
Link: [3] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/stdlib.h#L8-L9
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBU

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBUG is enabled.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: stmm: use mempool to decompress stmm image

Changes StMM management to have zlib using default mempool to allocate
buffers for StMM image decompression. This is useful as the process
can r

core: arm: stmm: use mempool to decompress stmm image

Changes StMM management to have zlib using default mempool to allocate
buffers for StMM image decompression. This is useful as the process
can require buffer of several kilobytes.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: stmm: preserve usr_lr register in stmm context

Adds management of CPU user mode LR register when executing StMM.

Generic function __thread_enter_user_mode() does not load that register
i

core: arm: stmm: preserve usr_lr register in stmm context

Adds management of CPU user mode LR register when executing StMM.

Generic function __thread_enter_user_mode() does not load that register
in the user mode context while StMM expects it is preserved between
exit and next entry. Therefore this change loads and saves that register
into StMM context from stmm_enter_user_mode() while in thread entry
atomic context.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by:

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces are only permitted in the initialization phase thus a new
state variable is being introduced in sp_session. SPs indicate the end
of their initialization phase through the FFA_MSG_WAIT interface.

Co-developed-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: add Versal ACAP crypto maintainer

Maintain the IPI and authenc drivers.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
a

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
an extra check to only allow algorithms strong enough.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
share

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
shared memory twice, first one time to read the total size of the
header, and then a second time to copy in the entire header. Fix this
by only copying in what wasn't copied the first time.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...