core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c:

core: fix compile error with CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n

Prior to this patch there's a compile error when building with
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC=n:
core/arch/arm/kernel/thread.c: In function 'select_vector_wa_spectre_bhb':
core/arch/arm/kernel/thread.c:644:48: error: 'thread_user_kdata_page' undeclared (first use in this function); did you mean 'thread_user_kcode_size'?
644 | struct thread_core_local *cl = (void *)thread_user_kdata_page;
| ^~~~~~~~~~~~~~~~~~~~~~
| thread_user_kcode_size
core/arch/arm/kernel/thread.c:644:48: note: each undeclared identifier is reported only once for each function it appears in
core/arch/arm/kernel/thread.c:646:27: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
646 | cl[get_core_pos()].bhb_loop_count = loop_count;
| ^
core/arch/arm/kernel/thread.c:648:32: error: 'struct thread_core_local' has no member named 'bhb_loop_count'
648 | thread_get_core_local()->bhb_loop_count = loop_count;
| ^~

Fix this by disabling the unused code.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
ar

core: simplify pgt interface provided by pgt_cache.h

Many of the function in the pgt interface takes more than one pointer to
struct pgt_cache, struct vm_info or struct ts_ctx. All these pointers
are available in struct user_mode_ctx so pass a pointer to that struct
instead. This saves a few function arguments and also makes it a bit
more clear how a function can be used.

pgt_clear_ctx_range(), pgt_flush_ctx_range() and pgt_flush_ctx() are
renamed to drop the "_ctx" part in their names since it's not relevant
any longer.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: add build for CFG_CORE_PREALLOC_EL0_TBLS=y

Add config for building with CFG_CORE_PREALLOC_EL0_TBLS=y, both for
Armv7 and Armv8.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked

ci: add build for CFG_CORE_PREALLOC_EL0_TBLS=y

Add config for building with CFG_CORE_PREALLOC_EL0_TBLS=y, both for
Armv7 and Armv8.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struc

core: pgt: support preallocated translation tables for S-EL0

With CFG_CORE_PREALLOC_EL0_TBLS=y translation tables are allocated for a
user space context at the time when the mapping is added a struct
vm_region. The translation tables will be kept available for the S-EL0
context as long at the mappings are unchanged.

Secure Partitions (SPs) can depend on translation tables always being
available and avoid having to wait for translation tables.

Memory for the translation tables is allocated from the same memory as
used for TAs and SPs. The number of available translation tables are
limited by the amount of TA/SP memory available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This m

core: pgt: rename to pgt_put_all() and pgt_get_all()

The two functions pgt_free() and pgt_alloc() has names which doesn't
match well what they do so rename them.

pgt_free() to pgt_put_all():
This matches better how page tables are managed since pgt_put_all()
doesn't free the tables, they are just put in a cache list from which
they later can be free or re-allocated.

pgt_alloc() to pgt_get_all():
pgt_get_all() may actually not allocate a new table, not if it can be
found in the cache list.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translat

core: use set_um_region() to update translation tables

Adds an internal function in core/mm/vm.c which is called when
translation tables needs to be updated.

With a cache for recently used translation tables
core_mmu_populate_user_map() will only update translation tables which
are new and not populated yet.

Each user space context has a linked list of struct vm_region describing
the logical memory map. To ensure that this logical memory map is kept
in sync with the translation tables in use set_um_region() must be used
to copy the content of a struct vm_region into translation tables as
needed.

If the current context is updated then the pgts currently in use are
updated. However, if the context isn't current then the cached tables
are updated instead. When cached tables are updated some of the needed
translation tables may actually be missing. This is ignored at this
stage and later taken care of by core_mmu_populate_user_map() since
those tables will be new and have the "populated" entry set to false.
Once core_mmu_populate_user_map() has initialized tables "populated" is
set to true for each table.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too.

core: pgt: use pgt_cache_list without pager too

Prior to this patch was only unused pgts cached when paging was enabled.
Take this one step further and cache unused pgts when paging is disabled
too. The purpose of this is to allow core_mmu_populate_user_map() to
skip already initialized translation tables.

Add two helper functions pgt_pop_from_cache_list() and
pgt_push_to_cache_list() to be used when updating the translation tables
currently in the cache list.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-

core: tee_pager.h: provide stubbed tee_pager_pgt_save_and_release_entries()

Provides a stubbed static inline
tee_pager_pgt_save_and_release_entries() when CFG_PAGED_USER_TA isn't
defined.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etien

core: call pgt_flush_ctx() from vm_info_final()

Moves the call to pgt_flush_ctx() into vm_info_final() from
destroy_context() and tee_ta_init_user_ta_session().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <e

core: call tee_pager_rem_um_regions() from vm_info_final()

Moves the call to tee_pager_rem_um_regions() into vm_info_final() from
free_utc() and stmm_ctx_destroy().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome F

core: move pgt_cache to struct user_mode_ctx

Moves pgt_cache from struct thread_specific_data to struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: initialize struct user_mode_ctx with vm_info_init()

Broadens the scope of vm_info_init() to initialize the entire struct
user_mode_ctx.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs wa

core: remove save_ctx parameter from pgt_free()

Prior to this patch was pgt_free() taking a save_ctx parameter which was
only used if paging of TAs was enabled. If on the other hand paging of
TAs was enabled this parameter was always true. So simplify the logic by
removing this parameter and where used internally always do as if
save_ctx was true. This means that pgts used for paging will always
first be pushed to the cache list to later be reclaimed by other means.

This patch does not change the de facto behaviour.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each priv

core: add pointer authentication support

Previously pointer authentication was only supported for TAs. With this
patch add a configuration option CFG_CORE_PAUTH to enable support for
core. Each privileged thread has its own APIA key. There are also a
separate APIA key for each physical core used when handling an abort or
when using the tmp stack.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Ki

core: crypto: add Ed25519 support

Put in place Ed25519 core functionality and support it for
OP-TEE crypto syscalls.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik

core: libtomcrypt: add Ed25519 support

Enable Ed25519 implementation of libtomcrypt and add the OP-TEE wrappers.

Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add Ed25519 support

This commit adds Ed25519 support as defined in TEE Internal Core API v1.3.1

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii

libutee: add Ed25519 support

This commit adds Ed25519 support as defined in TEE Internal Core API v1.3.1

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Signed-off-by: Valerii Chubar <valerii_chubar@epam.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: QEMUv8_check: also run tests with Cryptographic Extension enabled

Adds a line to build and run regression tests with CFG_CRYPTO_WITH_CE=y.
Many Armv8 CPUs support this extension so it is very co

ci: QEMUv8_check: also run tests with Cryptographic Extension enabled

Adds a line to build and run regression tests with CFG_CRYPTO_WITH_CE=y.
Many Armv8 CPUs support this extension so it is very commonly used and
deserves to be tested here.

While we're at it, set CFG_TEE_CORE_LOG_LEVEL=0 at the beginning to avoid
duplication.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libtomcrypt: ctr_encrypt(): adjust for OP-TEE CE accelerated routines

Commit 8411e6ad673d ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20220913") is missing a local change in
ctr_encryp

libtomcrypt: ctr_encrypt(): adjust for OP-TEE CE accelerated routines

Commit 8411e6ad673d ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20220913") is missing a local change in
ctr_encrypt.c which should have been carried over from the previous
import branch, see commit 5a913ee74d3c ("Squashed commit upgrading to
libtomcrypt-1.18.2-develop-20180819"). The missing code is from commit
c54b6344cc4e ("core: crypto: cleanup and fix CE accelerated AES CTR").
Most of that commit was made irrelevant after the move of accelerated
code out of core/lib/libtomcrypt/src, except for the bits that touch
ctr_encrypt() in core/lib/libtomcrypt/src/modes/ctr/ctr_encrypt.c.

Re-introduce the needed change. Fixes failures in xtest 4003 when
CFG_CRYPTO_WITH_CE=y.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ffa: Export ffa.h to be used by host

The ffa.h file is needed by the OP-TEE test suite. Export it so it can
be used by it.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier

ffa: Export ffa.h to be used by host

The ffa.h file is needed by the OP-TEE test suite. Export it so it can
be used by it.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in au

Squashed commit upgrading to libtomcrypt-1.18.2-develop-20220913

Squash merging branch import/libtomcrypt-1.18.2-develop-20220913

cedf001cc024 ("ci: rust: apply upstream patch to fix failure in authentication-rs")
1c8f27245e4f ("core: ltc: fix .qord value in DSA sign and verify")
87431ada69ed ("libtomcrypt: define LTC_MPI at the same time as LTC_DER")
7d8cdbb85a57 ("core: ltc: add missing <string_ext.h>")
fa3ac5998cc7 ("core: ltc: import sub.mk files from master and update")
35f56bc9f8c4 ("core: libtomcrypt: Remove prng_state* NULL pointer check from x25519_make_key()")
85140c1f9be4 ("core: ltc: fix missing mutex unlock")
02f519845bbe ("core: ltc: add SM2 curve parameters")
757ab2c4462d ("core: ltc: make key in accel_ecb_encrypt() and accel_ecb_decrypt() const")
15c897fbe000 ("core: ltc: fix 'switch case misses default'")
6276df75362f ("core: ltc: add custom DH key generation function dh_make_key()")
1da50b460270 ("core: ltc: tomcrypt_custom.h: OP-TEE thread support")
6f78a99a6e8c ("libtomcrypt: implement zeromem() with memzero_explicit()")
90eaafe0f10f ("core: LTC use only _CFG_CORE_LTC_ variables")
fbd6fb746576 ("LTC: add GHASH acceleration")
e3ff5f701223 ("ltc: make cipher_descriptor a pointer to descriptors")
fbe13c05804d ("ltc: make hash_descriptor a pointer to descriptors")
6c193f5e561a ("ltc: make prng_descriptor a pointer to descriptors")
9f40d2838fa3 ("libtomcrypt: tomcrypt_private.h: add HASH_PROCESS_NBLOCKS")
4f6b32962d15 ("ECC: optimize the pool of temporary variables")
955eced29a6f ("Import LibTomCrypt v1.18.2 branch "develop" (Sep 13, 2022)")
3717d76418c8 ("Remove LibTomCrypt")

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: J

drivers: versal: mailbox communication

Mailbox driver to communicate with the PLM firmware executing on the
Microblaze processor.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-versal: define the length of the cache line

Explicitly define the length of the cache line for the Versal ACAP
platform.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerom

plat-versal: define the length of the cache line

Explicitly define the length of the cache line for the Versal ACAP
platform.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: sp: add support for SPs in the FIP

This commit introduces support for using SPs from the FIP. TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add tha

core: sp: add support for SPs in the FIP

This commit introduces support for using SPs from the FIP. TF-A offers a
mechanism to encapsulate an SP image and its manifest into an SP package
and add that to the FIP. During boot BL2 will load these packages into
memory and the SPMC manifest is used to pass the load addresses to the
SPMC. The SP package contains a header, the SP manifest and the SP image
itself [1].

For loading the SP packages the existing embedded SP handling code is
mostly reused. The only difference is that instead of a scattered array
that's created at build time the SP packages are discovered at runtime
and collected into a linked list.

Link: [1] https://trustedfirmware-a.readthedocs.io/en/v2.6/components/secure-partition-manager.html#secure-partition-packages
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: sp: fix sp_dt_get_u64() alignment issue

In the SP DT files 64-bit values are represented by two 32-bit cells.
When loaded into memory, the address of such value might not be 64-bit
aligned. Cu

core: sp: fix sp_dt_get_u64() alignment issue

In the SP DT files 64-bit values are represented by two 32-bit cells.
When loaded into memory, the address of such value might not be 64-bit
aligned. Currently sp_dt_get_u64() simply dereferences a pointer to such
value. This compiles to a 64-bit load instruction, which causes an
alignment fault if the address was not 64-bit aligned.

Replace the direct dereferencing with the fdt64_ld() helper function
which only uses byte loads.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...