core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is

core: Add property to check feature BTI in TEE property set

Add an entry in TEE_PROPSET_TEE_IMPLEMENTATION for a boolean
property org.trustedfirmware.optee.cpu.feat_bti_implemented.
The property is set true only if CFG_TA_BTI is configured and
the underlying CPU supports FEAT_BTI.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF

Generate ELF Note for BTI in all arm64 asm files

Add program property note section in the assembly files to
ensure that when linking them, program property note section
is generated in the final ELF.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructio

ldelf: Add support for mapping ELF executable sections as guarded

Introduce LDELF_MAP_FLAG_BTI to indicate if ELF supports BTI. A
BTI instruction is used to guard against the execution of instructions
that are not the intended target of a branch. The executable pages need
to be marked as guarded to ensure that BTI doesn't execute as NOP.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: Add ELF program property parsing support to check for BTI

ELF program properties will be needed for detecting whether to
enable optional architecture or ABI features for a new ELF process.

T

ldelf: Add ELF program property parsing support to check for BTI

ELF program properties will be needed for detecting whether to
enable optional architecture or ABI features for a new ELF process.

The PT_GNU_PROPERTY is generated by a linker to describe the
.note.gnu.property section. The definition of PT_GNU_PROPERTY can
be found in [1].

For AArch64, GNU_PROPERTY_AARCH64_FEATURE_1_AND program property type
describes a set of processor features with which an ELF object or
executable image is compatible, but does not require in order to
execute correctly. These processor features are BTI and PAC.

[1] https://github.com/hjl-tools/linux-abi/wiki/linux-abi-draft.pdf

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

elf_common: add GNU note types and properties

Add NT_GNU_PROPERTY_TYPE_0 bits and
GNU_PROPERTY_AARCH64_FEATURE_1_AND used to tell which
CPU features the binary is compatible with.

Signed-off-by: Ru

elf_common: add GNU note types and properties

Add NT_GNU_PROPERTY_TYPE_0 bits and
GNU_PROPERTY_AARCH64_FEATURE_1_AND used to tell which
CPU features the binary is compatible with.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

checkpatch_inc.sh: Add elf_common.h in ignore list

The typedef warning in elf_common.h is a false positive
since it is an accepted pattern in this header file.

Signed-off-by: Ruchika Gupta <ruchika

checkpatch_inc.sh: Add elf_common.h in ignore list

The typedef warning in elf_common.h is a false positive
since it is an accepted pattern in this header file.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: bti: Support building user mode libraries with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source f

arm64: bti: Support building user mode libraries with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source files compiled for user mode libraries or Trusted Application
will be compiled with BTI.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm : Enable GP bit for kernel mapping for userspace

Mark the kernel pages mapped in userspace as guarded.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier

core: mm : Enable GP bit for kernel mapping for userspace

Mark the kernel pages mapped in userspace as guarded.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ldelf: Enable GP bit when creating mapping for ldelf

Since ldelf loader is compiled with BTI if CFG_CORE_BTI is enabled,
mark the GP bit when creating mapping for ldelf in user space.

Signed-

core: ldelf: Enable GP bit when creating mapping for ldelf

Since ldelf loader is compiled with BTI if CFG_CORE_BTI is enabled,
mark the GP bit when creating mapping for ldelf in user space.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will b

core: mm: Set GP bit to enable BTI for TEE core

For all the descriptor entries marked with TEE_MATTR_PX, enable
GP bit if BTI is enabled.

TEE_MATTR_GUARDED attribute is also added here. This will be used
when creating mapping for user space.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: Add support for reading register ID_AA64PFR1_EL1

Register ID_AA64PFR1_EL1 provides information about
implemented PE features in AArch64 state. Read it to determine
if BTI mechanism is support

arm64: Add support for reading register ID_AA64PFR1_EL1

Register ID_AA64PFR1_EL1 provides information about
implemented PE features in AArch64 state. Read it to determine
if BTI mechanism is supported or not.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add BTI launch pads in aarch64 assembly files

Compiler adds BTI launchpads only in C source files. For
assembly files, BTI launchpad is also required at locations
where "br" is used and at the start

Add BTI launch pads in aarch64 assembly files

Compiler adds BTI launchpads only in C source files. For
assembly files, BTI launchpad is also required at locations
where "br" is used and at the start of the functions. This
needs to be added manually.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asm.S : Introduce parameter _bti in FUNC's

There are few places where the original macros FUNC and LOCAL_FUNC
are used to define vector tables or exception vector tables.
To take care of s

libutils: asm.S : Introduce parameter _bti in FUNC's

There are few places where the original macros FUNC and LOCAL_FUNC
are used to define vector tables or exception vector tables.
To take care of such assembly code where BTI is not needed,
introduce new parameter _bti. If the _bti passed to the
function is not default, don't add BTI launchpad to the function.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: asm.S : Introduce BTI in macros for functions

When the TEE core, TA's or user space libraries are built for BTI,
add a BTI landing pad to the start of all functions, ensuring that
they are

libutils: asm.S : Introduce BTI in macros for functions

When the TEE core, TA's or user space libraries are built for BTI,
add a BTI landing pad to the start of all functions, ensuring that
they are BTI safe.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm64: bti: Support building TEE core C files with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source file

arm64: bti: Support building TEE core C files with BTI

When running with BTI enabled we need to ask the compiler to enable
generation of BTI landing pads. With this option enabled, all C
source files compiled for TEE Core including the kernel versions
of libraries such as libutils.a will be compiled with BTI. This
also includes ldelf loader C files.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move section .note.gnu.property after .text in lds files

It is observed that clang compiler sometimes places the
.note.gnu.property at offset 0. For TA's, the loader expects
the user_ta_header at th

Move section .note.gnu.property after .text in lds files

It is observed that clang compiler sometimes places the
.note.gnu.property at offset 0. For TA's, the loader expects
the user_ta_header at that location while for ldelf,
_ldelf_start() is expected at this point. To avoid such
conflicts place this section after the text section.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use adr_l for global r/w variable threads

Replace an adr instruction with adr_l in thread_foreign_intr_exit to
make sure that the r/w global variable threads is accessible even if the
optee bi

core: use adr_l for global r/w variable threads

Replace an adr instruction with adr_l in thread_foreign_intr_exit to
make sure that the r/w global variable threads is accessible even if the
optee binary is very large.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

GitHub actions: General updates

- Update 'stale' from v3.0.7 to v4.0.1.
- Give 'write' permissions to actions (pull requests and issues).
- Add and set (to true)
remove-issue-stale-when-updated

GitHub actions: General updates

- Update 'stale' from v3.0.7 to v4.0.1.
- Give 'write' permissions to actions (pull requests and issues).
- Add and set (to true)
remove-issue-stale-when-updated
remove-pr-stale-when-updated
which will automatically remove the 'Stale' label when someone adds a
new comment to a ticket marked as stale.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thr

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thread.h
Source file mobj_ffa.c makes use of these two functions, hence include
kernel/thread_spmc.h header.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \

crypto: drivers: se050: fix rsa encrypt/decrypt

- Fix input/output buffers (they were swapped).
- Fix algorithm selection for RSAES

Test:
openssl rsautl -encrypt -inkey rsa-pubkey.pub \
-in data -pubin -out data.crypt

pkcs11-tool --module /usr/lib/libckteec.so.0.1 \
--pin 87654321 --decrypt --id 01 \
--token-label fio --mechanism RSA-PKCS \
--input-file data.crypt > data.decrypted

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

crypto: drivers: se050: OEFID runtime detection

The CFG_CORE_SE05X_OEFID definition is not required as the SE05X OEFID
can be read during early init - before the SCP03 session has been
established.

The user we can continue to define its value so that the OP-TEE driver
only works when such OEFID is available.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mecha

crypto: drivers: se050: ecc sign

The crypto API validates the size of the buffer that will hold the
resulting signature. This means that the SE05X driver can not use the
variable length buffer mechanism to request extra bytes to handle the
DER format.

To address this situation, this patch allocates a temporary buffer to
get the signature from the Plug-and-Trust subsystem; then, upon doing
the DER to binary conversion, copies the resulting data to the output
buffer.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: stmm: Increase the shared number of pages

Currently we only allow single page sharing for the StanAloneMM non-secure
world buffer. There are cases on EFI variables though which this isn't
eno

core: stmm: Increase the shared number of pages

Currently we only allow single page sharing for the StanAloneMM non-secure
world buffer. There are cases on EFI variables though which this isn't
enough. For example an EFI signature list (.esl) containing more than
two keys would fail since the payload is larger than a single page. So
let's bump the number to something more reasonable.

Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

show more ...

core: libtomcrypt: increase MPI_MEMPOOL_SIZE to 46kB

This value is increased because xtest pkcs11_1019 when run
in loop, leads to extensive use of memory pool which
sometimes leads to memory allocat

core: libtomcrypt: increase MPI_MEMPOOL_SIZE to 46kB

This value is increased because xtest pkcs11_1019 when run
in loop, leads to extensive use of memory pool which
sometimes leads to memory allocation failure.

Problem is the way mempool_alloc() is implemented in combination
with how it's used from ltc_ecc_projective_add_point().

mempool_alloc() has a stack like allocation scheme. When freeing
the top element that memory is returned to the pool, but if memory
further down is free it's not returned until all elements above has
been freed. If two or more elements gets allocated and freed in a
cycle they can continue to use more and more memory with nothing
returned.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5022

show more ...

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code

drivers: atmel-shdwc: add atmel shdwc driver

Add atmel shdwc driver for sama5d2. This driver uses assembly code
which expects to run from a single cache line. For the time being,
building this code is restricted to single core system since it rely
on the fact that no other cores can invalidate the TLB or the
I-cache. This driver will be used by PSCI to shutdown the SoC.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...