tpm2: Add commands to GetCapability, Read/Extend PCR

Add support for TPM2_PCR_{Read/Extend} and TPM2_GetCapability.
TPM uses PCR for integrity collections. Add support to
read and extend PCR's. For

tpm2: Add commands to GetCapability, Read/Extend PCR

Add support for TPM2_PCR_{Read/Extend} and TPM2_GetCapability.
TPM uses PCR for integrity collections. Add support to
read and extend PCR's. For PCR's some generic information like
number of banks, number of PCR's, supported and active algorithms etc.
is required which can be obtained from TPM using TPM2_GetCapability
command. This information is required at lot of places, so save the
basic capability information with tpm2_chip.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: libtomcrypt: Fix compilation issue with CFG_CRYPTO_ECC=n

Disabling ECC crypto does not disable the libtomcrypt ECC
related declarations, so CFG_CRYPTO_ECC=n gives a compilation error.

Signed-

core: libtomcrypt: Fix compilation issue with CFG_CRYPTO_ECC=n

Disabling ECC crypto does not disable the libtomcrypt ECC
related declarations, so CFG_CRYPTO_ECC=n gives a compilation error.

Signed-off-by: Sohaib ul Hassan <sohaib.ul.hassan@unikie.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

build: allow multiple occurrences of the same directory in subdirs-y

This change enables adding the same directory several times to subdirs-y
in sub.mk without causing warnings. This means we can no

build: allow multiple occurrences of the same directory in subdirs-y

This change enables adding the same directory several times to subdirs-y
in sub.mk without causing warnings. This means we can now use patterns
such as:

subdirs-$(CFG_FOO) += foobar
subdirs-$(CFG_BAR) += foobar

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix value of TEE_ECC_CURVE_SM2

The GlobalPlatform TEE Interbal Core API specification v1.3 has the
following text:

In TEE Internal Core API v1.2 and v1.2.1, TEE_ECC_CURVE_25519 and
TEE_E

libutee: fix value of TEE_ECC_CURVE_SM2

The GlobalPlatform TEE Interbal Core API specification v1.3 has the
following text:

In TEE Internal Core API v1.2 and v1.2.1, TEE_ECC_CURVE_25519 and
TEE_ECC_CURVE_SM2 were incorrectly assigned the same identifier.

Indeed, both were 0x00000300. In v1.3, TEE_ECC_CURVE_SM2 is now
0x00000400. Update the code accordingly.

This is an API and ABI change, but note that this value is used only
in TEE_IsAlgorithmSupported(). Therefore, only TAs that dynamically
check for algorithm support at runtime may be impacted. This change
was tested on QEMUv8 by running "old" TAs (built without this commit)
with a "newer" OP-TEE OS (including this commit), that is:
- 'make run' and run 'xtest'
- apply this change
- 'make arm-tf && make run-only' and run 'xtest' again. No errors.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to

plat-k3: Initialize Secure Storage with DKEK

K3 HS devices have a randomly generated 256 bit key written into the
efuses in TI Factory. This key is called a Key Encryption Key (KEK) and
is unique to each device.

KEK is fed in hardware into the AES engine inside DMSC/SMS. The efuses
carrying the KEK are marked as read and write protected. As a result,
KEK is only accessible via the AES engine in DMSC/SMS.

System Firmware provides API to obtain a key derived from KEK(DKEK) for
encryption/decryption which is accessible through TI-SCI protocol.

The DKEK will be used in K3 SOCs to initialize HUK for Secure Storage.

Adds TI_SCI_MSG_SA2UL_GET_DKEK in TISCI protocol to extract the DKEK from
K3 SOCs and initialize HUK.

Further details can be found in the TISCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip

plat-k3: drivers: Add basic support for TI System Control Interface (TI-SCI) protocol

Texas Instruments System Control Interface (TI-SCI) Message Protocol
is used in Texas Instruments System on Chip (SoC) such as those
in keystone family K3 SoC to communicate between various compute
processors with a central system controller entity.

TISCI message protocol provides support for management of various
hardware entities within the SoC. Add support driver to allow
communication with system controller entity within the SoC using the
Secure Proxy.

Introduce the basic registration and query capability for the
driver protocol as part of this change. Subsequent patches add in
functionality specific to the TI-SCI features.

Further information can be found in TI-SCI documentation:
https://software-dl.ti.com/tisci/esd/latest/index.html

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication pa

plat-k3: drivers: Add secure proxy driver for communication with System Controller

Secure Proxy is a communication scheme in Texas Instrument's devices
intended to provide an unique communication path from various processors
in the System on Chip(SoC) to a central System Controller.

Secure Proxy instance exposes "threads" or "proxies" which is
primary representation of "a" communication channel. Each thread is
preconfigured by System controller configuration based on SoC usage
requirements. Secure proxy by itself represents a single "queue" of
communication but allows the proxies to be independently operated.

For communication with TISCI, Secure Proxy driver is required in OP-TEE.

NOTE: Secure proxy configuration is only done by System Controller,
hence these are assumed to be pre-configured instances.

Provide the driver support for Secure Proxy and thread instances.

Tested on AM65x.

See AM65x Technical Reference Manual (SPRUID7E, April 2018)
for further details: https://www.ti.com/lit/ug/spruid7e/spruid7e.pdf

Signed-off-by: Manorit Chawdhry <m-chawdhry@ti.com>
Acked-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

symbolize.py: translate TA panic codes

When a TA panics, the TEE core shows the panic code as follows:

E/TC:? 0 TA panicked with code 0xffff000f

The value is whatever was passed to TEE_Panic() by

symbolize.py: translate TA panic codes

When a TA panics, the TEE core shows the panic code as follows:

E/TC:? 0 TA panicked with code 0xffff000f

The value is whatever was passed to TEE_Panic() by the TA or the library
that caused the panic; typically, the TEE Intenal Core API functions
implemented in libutee. It quite often happens that this value is a
TEE_Result code. Therefore it is convenient to translate the hexadecimal
value to a symbolic name (TEE_ERROR_*). With this commit, if a match is
found, the name is shown in parentheses like so:

E/TC:? 0 TA panicked with code 0xffff000f (TEE_ERROR_SECURITY)

If the code doesn't correspond to a known TEE_Result value however
nothing is appended to the output.

Suggested-by: Peter Griffin <peter.griffin@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Peter Griffin <peter.griffin@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: fix MTE error in realloc()

With memory tagging realloc() should only untag the old buffer if the
allocation of a new buffer is successful.

The implementation of realloc() prior to this pa

libutils: fix MTE error in realloc()

With memory tagging realloc() should only untag the old buffer if the
allocation of a new buffer is successful.

The implementation of realloc() prior to this patch is based on bgetr().
This is not so convenient with MTE enabled since the old buffer must be
untagged before calling bgetr(). If realloc() fails the memory tags must
be restored, but this was not done.

Restoring the tags is made somewhat more complicated by the fact that
the size reported by bget_buf_size() may actually be larger than the
size of the tagged buffer. Memalign() is sometimes forced to allocate
buffers larger than requested in order to honor the requested alignment.

So instead of using bgetr(), realloc() is implemented using bget(),
memcpy(), memset() and brel() as needed. This is the same thing that
bgetr() did, except that the old buffer is not untagged until a new
buffer has been successfully allocated.

Fixes: 08a5c4f9ae42 ("libutils: add MTE support in malloc() and friends")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (vexpress-qemu_armv8a gp_20056)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: azure: add build for CFG_SECURE_PARTITION=y

Add config for building the S-EL1 SPMC with support for S-EL0 SPs.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Balint Dob

ci: azure: add build for CFG_SECURE_PARTITION=y

Add config for building the S-EL1 SPMC with support for S-EL0 SPs.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

MAINTAINERS: add TI AM62x and AM64x

Adds MAINTAINER for the AM64x and AM62x SoC lines from Texas Instruments.

AM64x Technical Reference Manual: https://www.ti.com/lit/pdf/spruim2
AM62x Technical Re

MAINTAINERS: add TI AM62x and AM64x

Adds MAINTAINER for the AM64x and AM62x SoC lines from Texas Instruments.

AM64x Technical Reference Manual: https://www.ti.com/lit/pdf/spruim2
AM62x Technical Reference Manual: https://www.ti.com/lit/pdf/spruiv7

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ci: azure: build for k3-am62x and k3-am64x

Adds ci build for the AM64x and AM62x SoC lines from Texas Instruments.

AM64x Technical Reference Manual: https://www.ti.com/lit/pdf/spruim2
AM62x Technic

ci: azure: build for k3-am62x and k3-am64x

Adds ci build for the AM64x and AM62x SoC lines from Texas Instruments.

AM64x Technical Reference Manual: https://www.ti.com/lit/pdf/spruim2
AM62x Technical Reference Manual: https://www.ti.com/lit/pdf/spruiv7

Signed-off-by: Andrew Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't

core: sp_mem: fix get_cattr() callback name

Commit 8afe7a7c5220 ("core: rename mobj_get_cattr() to
mobj_get_mem_type()") renames the get_cattr() callback in struct
mobj_ops(). However, sp_mem wasn't updated as part of this change, so
currently it doesn't compile. Fix this and get aligned with the new
naming.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

symbolize.py: strip MTE tag

When the Armv8.5 Memory Tagging Extension is enabled, the address shown
in data-abort messages may include a non-zero tag. For example (xtest
1038):

E/TC:? 0 User mode

symbolize.py: strip MTE tag

When the Armv8.5 Memory Tagging Extension is enabled, the address shown
in data-abort messages may include a non-zero tag. For example (xtest
1038):

E/TC:? 0 User mode data-abort at address 0x2000000401824f0 (tag check fault)

The tag needs to be cleared before the address can be translated into
symbol + offset.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add MTE support in malloc() and friends

Adds support for memory tagging using the hardware assisted Armv8.5-A
Memory Tagging Extension in malloc() and friends.

When allocating memory the

libutils: add MTE support in malloc() and friends

Adds support for memory tagging using the hardware assisted Armv8.5-A
Memory Tagging Extension in malloc() and friends.

When allocating memory the acquired memory range in tagged a special
pointer with the tag coded in the top bits of the pointer. Accessing
this memory without the coded tag will result in a Tag Check Exception.

MTE is enabled for both OP-TEE core and TAs at the same time with
CFG_MEMTAG=y.

When the memory is freed it's untagged again. All accesses to heap
memory using old/stale pointers will be caught. This is an efficient
method to catch use-after-free and buffer overruns on the heap. The
buffer overruns are limited in granularity to blocks of 16 bytes.
However, the heap itself is also managed in blocks of 16 bytes so
smaller buffer overruns will not damage the heap.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: syscalls: strip tags from user space pointers

Strips the tags from user space pointers before using them.
We're relying on TCR_EL1.TCMA0=1 to make the accesses unchecked.

Acked-by: Jerome For

core: syscalls: strip tags from user space pointers

Strips the tags from user space pointers before using them.
We're relying on TCR_EL1.TCMA0=1 to make the accesses unchecked.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any o

core: add support for MTE

Adds support for the Armv8.5-A Memory Tagging Extension with
CFG_MEMTAG=y.

A memtag.h API is introduced to handle this extension. If CFG_MEMTAG=n
the API doesn't add any overhead and the behaviour is unchanged. With
CFG_MEMTAG=y a check is performed to see if the platform can support MTE
and the API is dynamically configured accordingly. This means that it's
safe to have CFG_MEMTAG=y even for platforms not supporting MTE. There
will be some minimal overhead then, but likely not noticeable.

An entry is also added in the TEE_PROPSET_TEE_IMPLEMENTATION for a u32
property "org.trustedfirmware.optee.cpu.feat_memtag_implemented". The
property is set to a non-zero value only if CFG_CORE_MEMTAG is
configured and the underlying CPU supports FEAT_MTE.

This commit still only uses the default tag with the value 0 resulting
in unchanged pointers when accessing memory. However, all plumbing is in
place allowing for instance tagging of the heap in a later commit.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere

core: map TA memory using TEE_MATTR_MEM_TYPE_TAGGED

Maps TA memory using the TEE_MATTR_MEM_TYPE_TAGGED which results in
tagged cached memory if the system has it enabled.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as t

core: mm: add TEE_MATTR_MEM_TYPE_TAGGED

Adds TEE_MATTR_MEM_TYPE_TAGGED used to map tagged memory as defined in
Armv8.5-A Memory Tagging Extension (MTE).

All OP-TEE core memory should be mapped as tagged memory when supported.

Memory potentially shared with non-secure world or other firmware should
not be mapped as tagged since we don't have control over the tags then.

The mappings used by TEE_MATTR_MEM_TYPE_TAGGED is replaced by
TEE_MATTR_MEM_TYPE_CACHED if MTE isn't supported or configured.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: arm64: add read_dczid_el0()

Adds read_dczid_el0() to read Data Cache Zero ID register.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikla

libutee: arm64: add read_dczid_el0()

Adds read_dczid_el0() to read Data Cache Zero ID register.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

core: arm64.h: add MTE related defines

Adds defines for bits in SCTLR_EL1 TCR_EL1 and GCR_EL1 relating to the
Memory Tagging Extension (MTE).

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.

core: arm64.h: use 64-bit macros for TCR_* defines

The TCR_EL1 register is a 64-bit register, update the defines to use
64-bit macros instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerom

core: arm64.h: use BIT64() for SCTLR_* defines

The SCTLR_EL1 register is a 64-bit register, update the defines to use
the BIT64() macro instead to reflect that.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flav

core: arm64: add MTE bits for ID_AA64PFR1

Adds fields in register ID_AA64PFR1 to report the presence of Memory
Tagging Extension (MTE).

Adds feat_mte_implemented() to report which MTE feature flavor is
supported.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carr

core: recognize tag check faults in abort handler

Adds support in the abort handler to recognize tag check faults.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...