libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. Thi

libutils: prefix system header guard with 2 underscore chars

Adds prefix "__" to standard header files implemented in libutils. This
is applicable as these header guards macro are system macros. This
change prevents conflicts with external component as faced with
SCP-firmware [1] that implements wrapper headers with #include_next for
assert.h and stdlib.h using ASSERT_H [2] and STDLIB_H [3] as header
guards as in libutils.

Prior this change did stdint.h both define STDINT_H and _STDINT_H but
guards only upon STDINT_H. This change removes STDINT_H.

Link: [1] https://github.com/ARM-software/SCP-firmware.git
Link: [2] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/assert.h#L8-L9
Link: [3] https://github.com/ARM-software/SCP-firmware/blob/v2.11.0/framework/include/stdlib.h#L8-L9
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBU

libutils: implement aligned_alloc()

Implements aligned_alloc() in bget_malloc.c based on memalign(). The
implementation also covers when ENABLE_MDBG is enabled, that is when
CFG_TEE_CORE_MALLOC_DEBUG is enabled.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: stmm: use mempool to decompress stmm image

Changes StMM management to have zlib using default mempool to allocate
buffers for StMM image decompression. This is useful as the process
can r

core: arm: stmm: use mempool to decompress stmm image

Changes StMM management to have zlib using default mempool to allocate
buffers for StMM image decompression. This is useful as the process
can require buffer of several kilobytes.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: stmm: preserve usr_lr register in stmm context

Adds management of CPU user mode LR register when executing StMM.

Generic function __thread_enter_user_mode() does not load that register
i

core: arm: stmm: preserve usr_lr register in stmm context

Adds management of CPU user mode LR register when executing StMM.

Generic function __thread_enter_user_mode() does not load that register
in the user mode context while StMM expects it is preserved between
exit and next entry. Therefore this change loads and saves that register
into StMM context from stmm_enter_user_mode() while in thread entry
atomic context.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by:

core: arm: thread: 32bit helpers thread_get_usr_lr()/thread_set_usr_lr()

Adds helper function thread_get_usr_lr() and thread_set_usr_lr() to
read and write CPU USR_LR banked register.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces are only permitted in the initialization phase thus a new
state variable is being introduced in sp_session. SPs indicate the end
of their initialization phase through the FFA_MSG_WAIT interface.

Co-developed-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: add Versal ACAP crypto maintainer

Maintain the IPI and authenc drivers.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
a

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
an extra check to only allow algorithms strong enough.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
share

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
shared memory twice, first one time to read the total size of the
header, and then a second time to copy in the entire header. Fix this
by only copying in what wasn't copied the first time.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: check ta size before use

Check that the total loaded size of a TA matches what is in the sign
header. This prevents an eventual attacker from providing arbitrary
values in the img_size

core: ree_fs: check ta size before use

Check that the total loaded size of a TA matches what is in the sign
header. This prevents an eventual attacker from providing arbitrary
values in the img_size field of the signed header.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal w

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal world
request [1].

The rotation configuration that can be built-in in the driver allows
the algorithm to rotate to a HUK based secret key or back to the
factory based keys.

[1] https://u-boot.readthedocs.io/en/latest/usage/cmd/scp03.html

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-zynqmp: add ZCU104 and ZCU106 flavour support

Adding support for the ZCU104 and ZCU106 boards
since they possess the same core as the ZCU102.
This is to avoid having the "flavour not supported

plat-zynqmp: add ZCU104 and ZCU106 flavour support

Adding support for the ZCU104 and ZCU106 boards
since they possess the same core as the ZCU102.
This is to avoid having the "flavour not supported error"
when compiling for the ZCU104 and ZCU106.

Tested successfully on the ZCU106

Tested-by: Nasreddine Ouldei Tebina <tebina1@live.fr>
Signed-off-by: Nasreddine Ouldei Tebina <tebina1@live.fr>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: fix potential integer overflow in syscall_log()

Fixes a potential integer overflow in syscall_log(). Note that an
eventual overflow would still be caught by copy_from_user(), but it's
preferab

core: fix potential integer overflow in syscall_log()

Fixes a potential integer overflow in syscall_log(). Note that an
eventual overflow would still be caught by copy_from_user(), but it's
preferable to catch this earlier.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: add stm32 drivers entries

Adds stm32 platforms drivers maintainer.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

plat-stm32mp1: helper config CFG_STM32MP15_HUK_OTP_BASE

Adds helper configuration switch CFG_STM32MP15_HUK_OTP_BASE to
define the OTP base index where HUK storage that occupies
the 4 32bit contiguou

plat-stm32mp1: helper config CFG_STM32MP15_HUK_OTP_BASE

Adds helper configuration switch CFG_STM32MP15_HUK_OTP_BASE to
define the OTP base index where HUK storage that occupies
the 4 32bit contiguous BSEC words.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set
when CFG_STM32MP15_HUK is enable.

When CFG_STM32MP15_HUK_BSEC_KEY is enabled, HUK is HUK fuses raw content.
When CFG_STM32MP15_HUK_BSEC_DERIVE_UID is enabled, HUK is the derivation
of HUK fuses content derived with device UID fuses content.

The platform default enables CFG_STM32MP15_HUK_BSEC_KEY when
CFG_STM32MP15_HUK is enable.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by:

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one bein

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one being used to the console for
informational purposes.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: allow null value in reg property

This change allows reg property to have value 0. The reg property can
be used to describe an element that is not a physical address and
for which 0 is a va

core: dt: allow null value in reg property

This change allows reg property to have value 0. The reg property can
be used to describe an element that is not a physical address and
for which 0 is a valid value.

Signed-off-by: Olivier Moysan <olivier.moysan@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...