core: move FS files out of CFG_WITH_USER_TA

Some files which are currently guarded with CFG_WITH_USER_TA should be
guarded with _CFG_WITH_SECURE_STORAGE or FS-specific configs (CFG_RPMB_FS,
CFG_RPMB

core: move FS files out of CFG_WITH_USER_TA

Some files which are currently guarded with CFG_WITH_USER_TA should be
guarded with _CFG_WITH_SECURE_STORAGE or FS-specific configs (CFG_RPMB_FS,
CFG_RPMB_FS). This will allow the use of secure storage from kernel code
when CFG_WITH_USER_TA=n.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

build: introduce _CFG_WITH_SECURE_STORAGE

Adds _CFG_WITH_SECURE_STORAGE set to 'y' when at least one secure
storage backend is enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Review

build: introduce _CFG_WITH_SECURE_STORAGE

Adds _CFG_WITH_SECURE_STORAGE set to 'y' when at least one secure
storage backend is enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix build dependencies for fs_htree.c

core/tee/fs_htree.c is used when CFG_REE_FS=y, and is also used by the
test PTA core/pta/tests/fs_htree.c. Rather than make the implementation
depend on t

core: fix build dependencies for fs_htree.c

core/tee/fs_htree.c is used when CFG_REE_FS=y, and is also used by the
test PTA core/pta/tests/fs_htree.c. Rather than make the implementation
depend on the test (CFG_TEE_CORE_EMBED_INTERNAL_TESTS), do the opposite.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a

core: move tee_svc_storage_create_filename_dfh() to core/tee/tee_fs_rpc.c

tee_svc_storage_create_filename_dfh() is only used in
core/tee/tee_fs_rpc.c, so move it there, make it static and give it a
shorter name: create_filename().

Fundamentally, this function is needed when CFG_REE_FS=y but the whole
file core/tee/tee_svc_storage.c (which is the current location of this
function) essentially defines the storage syscalls for TAs and is
therefore not needed when CFG_WITH_USER_TA=n. If we want to later be
able to exclude it from the build while still providing secure storage
to kernel code, the function has to move.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: add dump_ta_header.py

Add a Python script to dump the information contained in the header of
a TA file (*.ta). One use case is to extract struct shdr::hash, which is
returned by the attesta

scripts: add dump_ta_header.py

Add a Python script to dump the information contained in the header of
a TA file (*.ta). One use case is to extract struct shdr::hash, which is
returned by the attestation PTA to be added in a later commit.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: mmu: fix compile time assertion to allow 48-bit VA space

The compile time assertion on CFG_LPAE_ADDR_SPACE_BITS is inconsistent
with the one in <mm/core_mmu.h>. It should allow a 48-bit s

core: arm: mmu: fix compile time assertion to allow 48-bit VA space

The compile time assertion on CFG_LPAE_ADDR_SPACE_BITS is inconsistent
with the one in <mm/core_mmu.h>. It should allow a 48-bit size.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: remove always true conditional

The runtime conditional: 'if (CORE_MMU_BASE_TABLE_LEVEL == 0)' in
core_init_mmu_prtn_ta_core() is redundant with the preprocessor
conditional: '#if (CORE_M

core: lpae: remove always true conditional

The runtime conditional: 'if (CORE_MMU_BASE_TABLE_LEVEL == 0)' in
core_init_mmu_prtn_ta_core() is redundant with the preprocessor
conditional: '#if (CORE_MMU_BASE_TABLE_LEVEL == 0)'. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: delete unused variable

Variable 'ret' in is not used so remove it. Fixes the following warning:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_LPAE_ADDR_SPACE_BITS=40
core/arch/arm/

core: lpae: delete unused variable

Variable 'ret' in is not used so remove it. Fixes the following warning:

$ make -j10 -s PLATFORM=vexpress-qemu_armv8a CFG_LPAE_ADDR_SPACE_BITS=40
core/arch/arm/mm/core_mmu_lpae.c: In function ‘core_init_mmu_prtn_ta_core’:
core/arch/arm/mm/core_mmu_lpae.c:708:22: warning: unused variable ‘ret’ [-Wunused-variable]
708 | bool ret = false;
| ^~~

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sam: enable Atmel TRNG driver

Default embed Atmel TRNG in sama5d2 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed

plat-sam: enable Atmel TRNG driver

Default embed Atmel TRNG in sama5d2 platform.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne

drivers: add Atmel TRNG driver

This driver uses the device tree to probe the TRNG and then allows
random data to be queried using both hw_get_random_byte() and
crypto_rng_read().

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: include sama5d2.h file necessary for some values

Defines that are in platform_config.h uses values from sama5d2.h file.
Include it to avoid dependency problems.

Acked-by: Etienne Carriere

plat-sam: include sama5d2.h file necessary for some values

Defines that are in platform_config.h uses values from sama5d2.h file.
Include it to avoid dependency problems.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

crypto: drivers: se050: object identifier range

With the introduction of the se050 APDU driver, external clients can
create persistent objects on the secure element non-volatile memory.

The unique

crypto: drivers: se050: object identifier range

With the introduction of the se050 APDU driver, external clients can
create persistent objects on the secure element non-volatile memory.

The unique identifiers for these objects do not necessarily need to
fall within the range defined for objects created using the
cyptographic operation interfaces (keypair_gen).

This commit fixes the use case where a key stored in the SE05x device
(for example via a cloud service communicating to the optee-client's
libseteec) is imported into the pkcs#11 database and then used for
authentication (ie, EC sign)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: remove unnecessary code

Remove unnecessary assignment.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: dt_driver: allow drivers to fail initialization

Change the probing logic to not panic core if a drivers fails to
initialize. Driver that fail to probe are moved in a specific list
that may be

core: dt_driver: allow drivers to fail initialization

Change the probing logic to not panic core if a drivers fails to
initialize. Driver that fail to probe are moved in a specific list
that may be later print for debug purpose.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: factorize resource releasing

Moves dt_driver_release_provider() into release_probe_lists() to get all
DT driver probing resources released upon core initialization completion.

Also

core: dt_driver: factorize resource releasing

Moves dt_driver_release_provider() into release_probe_lists() to get all
DT driver probing resources released upon core initialization completion.

Also removes the debug verbosity that is not useful at that place.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: clk: add verbosity on provider probe error case

Prints the names of the parent node and node for which core failed to
probe a clock instance. Also prints the returned error code. These
adde

drivers: clk: add verbosity on provider probe error case

Prints the names of the parent node and node for which core failed to
probe a clock instance. Also prints the returned error code. These
added debug information help understanding where and FDT parsing failed.

Acked-by: Clément Léger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: drivers: caam: disable jobring in DT only in case of external DTB

On LX2160 board, Embedded DTB is enabled.
While booting with CAAM enabled, a crash comes in OP-TEE because it
tries to disable

core: drivers: caam: disable jobring in DT only in case of external DTB

On LX2160 board, Embedded DTB is enabled.
While booting with CAAM enabled, a crash comes in OP-TEE because it
tries to disable the Job Ring in Embedded DTB, which is read only.
So disable Job ring only when using External DTB.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: kernel: introduce function is_embedded_dt()

This function will return true if passed DTB is same as Embedded DTB,
otherwise false

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-

core: kernel: introduce function is_embedded_dt()

This function will return true if passed DTB is same as Embedded DTB,
otherwise false

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: skip drivers not providing a probe operator

If drivers is not providing a probe operator, that can result in
crash, so skip drivers not providing a probe operator.

Signed-off-by: S

core: dt_driver: skip drivers not providing a probe operator

If drivers is not providing a probe operator, that can result in
crash, so skip drivers not providing a probe operator.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/5017

show more ...

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driv

core: dt_driver: use driver type when finding a driver provider

Adds driver type argument to functions dt_driver_get_provider_by_node(),
and dt_driver_get_provider_by_phandle() to differentiate driver provider
references when a single DT node relates to several driver providers
that are of different type by DT binding definition. For example, a DT
node may describe a device that acts both as a clock provider and a reset
controller, for which two driver references are needed in the driver
provider list.

Updates dt_driver_device_from_node_idx_prop() accordingly.

Fixes: f498c4042931 ("core: dt_driver: factorize clk_get_provider_by_*()")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: stm32_cryp: register secure peripheral

Adds registering of CRYP1 device as a secure peripheral when it is
registered as a crypto driver.

Fixes: 95134dac4b22 ("plat-stm32mp1: enable

drivers: crypto: stm32_cryp: register secure peripheral

Adds registering of CRYP1 device as a secure peripheral when it is
registered as a crypto driver.

Fixes: 95134dac4b22 ("plat-stm32mp1: enable CRYPTO HW if available")
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel

dts: stm32mp1: disable CRYP1 device

Don't enable CRYP1 support in OP-TEE core from ST boards supporting
stm32mp1 platform to comply with the upstream boards DTS files since
v5.11 [1] in Linux kernel that enables CRYP1 in non-secure world.

Link: [1] https://github.com/torvalds/linux/commit/b6aa35c7393680ee0a1286ca3b3237fd106ef896
Fixes: 5e64ae6796b7 ("crypto: stm32: use CRYP IP for CIPHER algorithms")
Reviewed-by: Nicolas Toromanoff <nicolas.toromanoff@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: dt_driver: return TEE_ERROR_DEFER_DRIVER_INIT if no provider

Changes dt_driver_device_from_node_idx_prop() to report caller driver
probe deferral when the expected provider is not yet found in

core: dt_driver: return TEE_ERROR_DEFER_DRIVER_INIT if no provider

Changes dt_driver_device_from_node_idx_prop() to report caller driver
probe deferral when the expected provider is not yet found in the provider
list as the function description expects.

Fixes: d8b14b46af9d ("core: dt_driver: get return code when querying a device")
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libtomcrypt/sha256_accel: fix stringop-overflow error

Attempting to build optee-os with gcc11 fails with the following error
----
In function ‘sha256_compress_nblocks’,
inlined from ‘sha256_comp

libtomcrypt/sha256_accel: fix stringop-overflow error

Attempting to build optee-os with gcc11 fails with the following error
----
In function ‘sha256_compress_nblocks’,
inlined from ‘sha256_compress’ at core/lib/libtomcrypt/sha256_accel.c:81:11,
inlined from ‘sha256_done’ at core/lib/libtomcrypt/sha256_accel.c:158:5:
core/lib/libtomcrypt/sha256_accel.c:75:5: error: ‘crypto_accel_sha256_compress’ accessing 32 bytes in a region of size 20 [-Werror=stringop-overflow=]
75 | crypto_accel_sha256_compress(state, buf, blocks);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
core/lib/libtomcrypt/sha256_accel.c: In function ‘sha256_done’:
core/lib/libtomcrypt/sha256_accel.c:75:5: note: referencing argument 1 of type ‘uint32_t *’ {aka ‘unsigned int *’}
In file included from core/lib/libtomcrypt/sha256_accel.c:41:
core/include/crypto/crypto_accel.h:45:6: note: in a call to function ‘crypto_accel_sha256_compress’
45 | void crypto_accel_sha256_compress(uint32_t state[8], const void *src,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
----

Indeed, the 'state' argument here is taken from sha1.state which is a
uint32_t state[5], so 20 bytes long instead of the uint32_t state[8]
crypto_accel_sha256_compress expects.

OTOH we're in a sha256 function, and sha256.state conveniently is of the
correct size, so use sha256.state as appropriate instead.

Note that hash_state is a union and sha{1,256}.state are at the same
offset, so this is actually a no-op change.

Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

build: use CFLAGS32/CFLAGS64 when building in-tree TAs

Commit 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
only partially implements what is mentioned in the commit descriptio

build: use CFLAGS32/CFLAGS64 when building in-tree TAs

Commit 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
only partially implements what is mentioned in the commit description.
The ldelf part is OK, but in-tree TAs still don't use CFLAGS32 or
CFLAGS64. The reason is that the submodule name $(sm) is not ta_arm32 or
ta_arm64 like for TAs build with the "dev kit". Instead, $(sm) is the
name of the directory (such as "avb" for core/ta/avb, "pkcs11" for
core/ta/pkcs11, etc.). Therefore, it is not arch-bits-ta_arm32 or
arch-bits-ta_arm64 that needs to be set but arch-bits-$(sm).

Fixes: 19fdfcf617e3 ("build: ldelf and TAs can rely on CFLAGS32/CFLAGS64")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...