core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: include: Fix simple typo in drivers/stm32_gpio.h

Replace "Configuratioh" with "Configuration".

Signed-off-by: Ding Tao <miyatsu@qq.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces

core: ffa: Add support for FFA_MEM_PERM_GET/SET

Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces are only permitted in the initialization phase thus a new
state variable is being introduced in sp_session. SPs indicate the end
of their initialization phase through the FFA_MSG_WAIT interface.

Co-developed-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Imre Kis <imre.kis@arm.com>
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA

core: implement a method to dump user TA runtime status

This patch is to dump user TA runtime status for debug purposes.
The change includes:
1. Add new command (STATS_CMD_TA_STATS) in the stats PTA.
2. Add tee_ta_dump_stats() to scan all ongoing TA instance and sessions
and snapshot their status.
3. Add new function: entry_dump_memstats() to __utee_entry() to get TA
heap statistics.
4. Add new compile option (CFG_TA_STATS, default n) to enable this
feature.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens

libutee: change __utee_entry() handling on unknown function IDs

Change __utee_entry() to return TEE_ERROR_NOT_SUPPORTED
instead panicking when handling unknown entry function IDs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
[jf: edit commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: add Versal ACAP crypto maintainer

Maintain the IPI and authenc drivers.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengt

crypto: versal: authentication driver

This driver uses the PLM xilsecure service to deliver authentication
functionality using AES-GCM.

The driver currently does not handle unaligned data and lengths; due
to this the corresponding xtest regression test will not pass
(xtest -t regression 4005 will fail).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

crypto: versal: interprocessor communication

Interface to the PLM xilsecure service.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
a

core: shdr: check that hash algorithm is strong enough

Until now shdr_verify_signature() accepted any hash GP algorithm known
to OP-TEE. A few of those (MD5 and SHA-1) are known to be weak. So add
an extra check to only allow algorithms strong enough.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
share

core: ree_fs: copy in encrypted TA header only once

In ree_fs_ta_open() when an encrypted TA is loaded there is an encrypted
TA sub-header. Prior to this patch it was copied in from non-secure
shared memory twice, first one time to read the total size of the
header, and then a second time to copy in the entire header. Fix this
by only copying in what wasn't copied the first time.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: check ta size before use

Check that the total loaded size of a TA matches what is in the sign
header. This prevents an eventual attacker from providing arbitrary
values in the img_size

core: ree_fs: check ta size before use

Check that the total loaded size of a TA matches what is in the sign
header. This prevents an eventual attacker from providing arbitrary
values in the img_size field of the signed header.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal w

crypto: se050: provision SCP03 keys on SCP03 enablement.

Rotate the SCP03 keys as soon as the SCP03 communication channel
is established.

This can happen during boot or at a later time via normal world
request [1].

The rotation configuration that can be built-in in the driver allows
the algorithm to rotate to a HUK based secret key or back to the
factory based keys.

[1] https://u-boot.readthedocs.io/en/latest/usage/cmd/scp03.html

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked

crypto: se050: reword configuration options

Reword and add caution clauses to some of the critical configuration
options in the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-zynqmp: add ZCU104 and ZCU106 flavour support

Adding support for the ZCU104 and ZCU106 boards
since they possess the same core as the ZCU102.
This is to avoid having the "flavour not supported

plat-zynqmp: add ZCU104 and ZCU106 flavour support

Adding support for the ZCU104 and ZCU106 boards
since they possess the same core as the ZCU102.
This is to avoid having the "flavour not supported error"
when compiling for the ZCU104 and ZCU106.

Tested successfully on the ZCU106

Tested-by: Nasreddine Ouldei Tebina <tebina1@live.fr>
Signed-off-by: Nasreddine Ouldei Tebina <tebina1@live.fr>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: fix potential integer overflow in syscall_log()

Fixes a potential integer overflow in syscall_log(). Note that an
eventual overflow would still be caught by copy_from_user(), but it's
preferab

core: fix potential integer overflow in syscall_log()

Fixes a potential integer overflow in syscall_log(). Note that an
eventual overflow would still be caught by copy_from_user(), but it's
preferable to catch this earlier.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Asaf Modelevsky <amodele@amazon.com>
Reported-by: Asaf Modelevsky <amodele@amazon.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: add stm32 drivers entries

Adds stm32 platforms drivers maintainer.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

plat-stm32mp1: helper config CFG_STM32MP15_HUK_OTP_BASE

Adds helper configuration switch CFG_STM32MP15_HUK_OTP_BASE to
define the OTP base index where HUK storage that occupies
the 4 32bit contiguou

plat-stm32mp1: helper config CFG_STM32MP15_HUK_OTP_BASE

Adds helper configuration switch CFG_STM32MP15_HUK_OTP_BASE to
define the OTP base index where HUK storage that occupies
the 4 32bit contiguous BSEC words.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set

drivers: stm32mp15_huk: default to fuse key without derivation

Introduces 2 configuration switches for defining how stm32mp15 HUK
is generated from fuses. Both are exclusive. One of them must be set
when CFG_STM32MP15_HUK is enable.

When CFG_STM32MP15_HUK_BSEC_KEY is enabled, HUK is HUK fuses raw content.
When CFG_STM32MP15_HUK_BSEC_DERIVE_UID is enabled, HUK is the derivation
of HUK fuses content derived with device UID fuses content.

The platform default enables CFG_STM32MP15_HUK_BSEC_KEY when
CFG_STM32MP15_HUK is enable.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by:

crypto: se050: provision SCP03 keys back factory keys

This commit allows a user who might have rotated the device's SCP03
keys to reset them back to their factory settings (public).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one bein

crypto: se050: output the SCP03 security level to the console

The SCP03 keys used in the secure channel have different levels of
security that can change at runtime.

Output the name of the one being used to the console for
informational purposes.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: allow null value in reg property

This change allows reg property to have value 0. The reg property can
be used to describe an element that is not a physical address and
for which 0 is a va

core: dt: allow null value in reg property

This change allows reg property to have value 0. The reg property can
be used to describe an element that is not a physical address and
for which 0 is a valid value.

Signed-off-by: Olivier Moysan <olivier.moysan@foss.st.com>
Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

MAINTAINERS: support HiSilicon D06

Add maintainer for HiSilicon D06.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

core: Add support for Hisilicon D06 (PLATFORM=d06)

D06 is a server-class development board equipped with a Hisilicon
Phosphor processor.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by:

core: Add support for Hisilicon D06 (PLATFORM=d06)

D06 is a server-class development board equipped with a Hisilicon
Phosphor processor.

Signed-off-by: Xiaoxu Zeng <zengxiaoxu@huawei.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support loading TAs signed with a subkey

Adds support to load TAs signed with subkey or a chain of subkeys. This
allows delegation of TA signing without distributing the root key. TAs
signed w

core: support loading TAs signed with a subkey

Adds support to load TAs signed with subkey or a chain of subkeys. This
allows delegation of TA signing without distributing the root key. TAs
signed with a subkey are confined to the UUID-V5 namespace of the subkey
to avoid TA UUID clashes with different subkeys.

SHDR_SUBKEY is a type of header which enables chains of public keys.
The public root key is used to verify the first public subkey, which
then is used to verify the next public subkey and so on.

The TA is finally verified using the last subkey. All these headers are
added in front of the TA binary so everything needed to verify the TA is
available when it's loaded into memory.

For example:
Subkey
struct shdr
magic: 0x4f545348
img_type: 3 (SHDR_SUBKEY)
img_size: 320 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: f573f329fe77be686ce71647909c4ea35b5e1cd7de86369bd7d9fca31f6a4d65
struct shdr_subkey
uuid: f04fa996-148a-453c-b037-1dcfbad120a6
name_size: 64
subkey_version: 1
max_depth: 4
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
attr_count: 2
next name: "mid_level_subkey"
Next header at offset: 692 (0x2b4)
Subkey
struct shdr
magic: 0x4f545348
img_type: 3 (SHDR_SUBKEY)
img_size: 320 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: 233a6dcf1a2cf69e50cde8e20c4129157da707c76fa86ce12ee31037edef02d7
struct shdr_subkey
uuid: 1a5948c5-1aa0-518c-86f4-be6f6a057b16
name_size: 64
subkey_version: 1
max_depth: 3
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
attr_count: 2
next name: "subkey1_ta"
Next header at offset: 1384 (0x568)
Bootstrap TA
struct shdr
magic: 0x4f545348
img_type: 1 (SHDR_BOOTSTRAP_TA)
img_size: 84576 bytes
algo: 0x70414930 (TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256)
hash_size: 32 bytes
sig_size: 256 bytes
hash: ea31ac7dc2cc06a9dc2853cd791dd00f784b5edc062ecfa274deeb66589b4ca5
struct shdr_bootstrap_ta
uuid: 5c206987-16a3-59cc-ab0f-64b9cfc9e758
ta_version: 0
TA offset: 1712 (0x6b0) bytes
TA size: 84576 (0x14a60) bytes

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_virt)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs: refactor check_update_version()

Refactors check_update_version() to support more than one version
database.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etien

core: ree_fs: refactor check_update_version()

Refactors check_update_version() to support more than one version
database.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add offset argument to shdr_alloc_and_copy()

Adds an offset argument to shdr_alloc_and_copy() to make it easier to
copy a signed header located further into a non-secure buffer.

Reviewed-by:

core: add offset argument to shdr_alloc_and_copy()

Adds an offset argument to shdr_alloc_and_copy() to make it easier to
copy a signed header located further into a non-secure buffer.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...