core: arm: mmu: fix find_map_by_pa() on areas end addresses

Fix find_map_by_pa() to test the inclusive end address of an area
to prevent issues when end address overlaps size field byte size.

Revie

core: arm: mmu: fix find_map_by_pa() on areas end addresses

Fix find_map_by_pa() to test the inclusive end address of an area
to prevent issues when end address overlaps size field byte size.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: the FF-A ABI is now a stable ABI

The OP-TEE FF-A driver in the Linux kernel has been merged, so the
changes in the ABI towards the Linux kernel from now on have to be
backwards compatible.

Ac

core: the FF-A ABI is now a stable ABI

The OP-TEE FF-A driver in the Linux kernel has been merged, so the
changes in the ABI towards the Linux kernel from now on have to be
backwards compatible.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

crypto: drivers: se050: ecc shared secret

Allow clients to inject their own keypairs to derive the secret - the
previous implementation only allowed for secure element NVM based
keypairs to be used.

By default, the secure element does not store all the possible EC
curves in its internal memory; however attempting to inject a keypair
when the curve is not in the secure element would cause the injection
to fail.

This commit addresses that situation by generating those curves in the
SE whenever they are not available.

Tested with TEE_ALG_ECDH_P192, TEE_ALG_ECDH_P224, TEE_ALG_ECDH_P256
and TEE_ALG_ECDH_P384 and TEE_ALG_ECDH_P521 (xtest 4009 passing)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix race in ffa_inc_map()

Fixes a race in ffa_inc_map() when mapcount is 0. The problem goes like:

Thread 1 and 2 calls ffa_inc_map() at the same time and mapcount is 0.
Thread 1 takes the lo

core: fix race in ffa_inc_map()

Fixes a race in ffa_inc_map() when mapcount is 0. The problem goes like:

Thread 1 and 2 calls ffa_inc_map() at the same time and mapcount is 0.
Thread 1 takes the lock first and initializes mapcount to 1 and map the
mobj etc.

When thread 2 has the lock it discovers that mapcount has been
initialize while it was waiting for the lock.

Prior to this patch we where exiting the function doing nothing more
since the mobj was mapped, but by doing so we'll miss to increase
mapcount.

Fix this by restarting the call to refcount_inc() using a loop.

Fixes: 73e1d3f398b0 ("core: add mobj_ffa")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix race in mobj_reg_shm_inc_map()

Fixes a race in mobj_reg_shm_inc_map() when mapcount is 0. The problem
goes like:

Thread 1 and 2 calls mobj_reg_shm_inc_map() at the same time and
mapcount

core: fix race in mobj_reg_shm_inc_map()

Fixes a race in mobj_reg_shm_inc_map() when mapcount is 0. The problem
goes like:

Thread 1 and 2 calls mobj_reg_shm_inc_map() at the same time and
mapcount is 0. Thread 1 takes the lock first and initializes mapcount to
1 and map the mobj etc.

When thread 2 has the lock it discovers that mapcount has been
initialize while it was waiting for the lock.

Prior to this patch we where exiting the function doing nothing more
since the mobj was mapped, but by doing so we'll miss to increase
mapcount.

Fix this by restarting the call to refcount_inc() using a loop.

Fixes: 37a6b717787b ("core: introduce CFG_CORE_DYN_SHM")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt_driver: fix result argument description get_of_device_func

Fixes inline description of type get_of_device_func that falsely mentions
TEE_ERROR_BUSY instead of TEE_ERROR_DEFER_DRIVER_INIT wh

core: dt_driver: fix result argument description get_of_device_func

Fixes inline description of type get_of_device_func that falsely mentions
TEE_ERROR_BUSY instead of TEE_ERROR_DEFER_DRIVER_INIT when expected
resource requests deferral of the driver probing.

Fixes: d8b14b46af9d ("core: dt_driver: get return code when querying a device")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jor

drivers: crypto: rsa: handle not implemented sign/verify operations

Route the unimplemented RSA sign/verify optional cases to their
software implementations.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.

core: make mobj_get_va() more secure

Adds a length parameter to allow mobj_get_va() to check that the entire
va range requested is available.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix argument checks in yielding_call_with_arg()

Fixes two invalid checks of the argument mobj in yielding_call_with_arg().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed

core: fix argument checks in yielding_call_with_arg()

Fixes two invalid checks of the argument mobj in yielding_call_with_arg().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix link error with CFG_CC_OPT_LEVEL=0

Prior to this patch there's a link error when compiled with
CFG_CC_OPT_LEVEL=0 CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=n:
LD out/arm/core/all_ob

core: fix link error with CFG_CC_OPT_LEVEL=0

Prior to this patch there's a link error when compiled with
CFG_CC_OPT_LEVEL=0 CFG_CORE_SEL1_SPMC=y CFG_SECURE_PARTITION=n:
LD out/arm/core/all_objs.o
aarch64-linux-gnu-ld.bfd: out/arm/core/arch/arm/kernel/thread_spmc.o: in function `handle_mem_share_rxbuf':
core/arch/arm/kernel/thread_spmc.c:781: undefined reference to `spmc_sp_add_share'

Fix this by adding a dummy static inline spmc_sp_add_share().

Fixes: 6a1b230ce97c ("core: FFA_SHARE: Process Normal World share")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: Panic when IV is provided for ECB modes

Ideally, the ECB mode doesn't need an IV at all.
The GlobalPlatform spec says "IV required: No" for
the algorithms that use this mode (Table 6-6b).

libutee: Panic when IV is provided for ECB modes

Ideally, the ECB mode doesn't need an IV at all.
The GlobalPlatform spec says "IV required: No" for
the algorithms that use this mode (Table 6-6b).

So, in order to be inclined to the requirement of the
spec, the implementation can panic when IV is provided
for ECB modes.

Signed-off-by: Sadiq Hussain <sadiq.muchumarri@intel.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Fix FID for FFA_SECONDARY_EP_REGISTER_64

Commit ef30482b4ad6 ("plat-vexpress: FF-A: update secondary core init")
updated secondary core init for the vexpress platform. In the process,
it used FFA_SE

Fix FID for FFA_SECONDARY_EP_REGISTER_64

Commit ef30482b4ad6 ("plat-vexpress: FF-A: update secondary core init")
updated secondary core init for the vexpress platform. In the process,
it used FFA_SECONDARY_EP_REGISTER with FID 0xC4000084 based on the ALP0
ABI of the spec and the TF-A upstream implementation at the time with a
note that the function ID needs to updated to the one finalied in the
spec and the TF-A implementation.

Assuming it is all finalised now, let us update the same with correct/
updated FID 0xC4000087.

Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Olivier Deprez <olivier.deprez@arm.com>
Cc: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: readability improvements

A few constant values would have been better if replaced with constant
definitions

Signed-off-by: Donald Chan <hoiho@amazon.com>
Reviewed-by: Jerom

scripts/sign_encrypt.py: readability improvements

A few constant values would have been better if replaced with constant
definitions

Signed-off-by: Donald Chan <hoiho@amazon.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are

ta: pkcs11: Clean up temporary_object_list on object creation failure

Calls LIST_REMOVE() only from cleanup_volatile_obj_ref() this is always
called to finalize object release. Allocated objects are always inserted
into a list after being created and therefore need to be removed for its
owner list before the memory is released.

This changes fixes an issue when handle_get() failed in create_object()
and does not remove the reference from temporary_object_list.

Signed-off-by: Mengchi Cheng <mengcc@amazon.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-sam: enable PSCI shutdown support

Enable PSCI shutdown support using atmel shutdown controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.

plat-sam: enable PSCI shutdown support

Enable PSCI shutdown support using atmel shutdown controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: enable PSCI reset support

Enable PSCI reset support using atmel reset controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@

plat-sam: enable PSCI reset support

Enable PSCI reset support using atmel reset controller driver.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

plat-sam: enable PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC

Enable config PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC to implement
basic PSCI support. Force enable PSCI_ARM32 but allow other options
to be mo

plat-sam: enable PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC

Enable config PSCI_ARM32, ATMEL_SHDWC and ATMEL_RSTC to implement
basic PSCI support. Force enable PSCI_ARM32 but allow other options
to be modified if shutdown and reset is not needed.

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>

show more ...

core: FF-A: Add FFA_MEM_RECLAIM support

FFA_MEM_RECLAIM is used by a SP to retract given access to a memory
region. Afterwards the SP has full exclusive ownership of the memory
region again.
After c

core: FF-A: Add FFA_MEM_RECLAIM support

FFA_MEM_RECLAIM is used by a SP to retract given access to a memory
region. Afterwards the SP has full exclusive ownership of the memory
region again.
After calling FFA_MEM_RECLAIM all bookkeepings of the share are removed
from the SPMC.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FF-A: Add FFA_MEM_RELINQUISH

FFA_MEM_RELINQUISH is used by a SP to release a memory share that was
claimed by calling FFA_MEM_RETRIEVE_REQ_64 before.
The memory region will be unmapped from th

core: FF-A: Add FFA_MEM_RELINQUISH

FFA_MEM_RELINQUISH is used by a SP to release a memory share that was
claimed by calling FFA_MEM_RETRIEVE_REQ_64 before.
The memory region will be unmapped from the SPs memory once
FFA_MEM_RELINQUISH has been called the same amount of times as
FFA_MEM_RETRIEVE_REQ_64.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FF-A: ADD FFA_MEM_RETRIEVE for SPs

FFA_MEM_RETRIEVE is used by a SP to retrieve a FF-A memory share with a
handle. Once the FFA_MEM_RETRIEVE message is handled correctly the
corresponding memo

core: FF-A: ADD FFA_MEM_RETRIEVE for SPs

FFA_MEM_RETRIEVE is used by a SP to retrieve a FF-A memory share with a
handle. Once the FFA_MEM_RETRIEVE message is handled correctly the
corresponding memory region is mapped into the SPs memory

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FFA_SHARE: Process Normal World share

Process a FFA_SHARE command coming from the Normal World. When
receiving a FFA_SHARE message from the Normal World, we check the
first receiver endpoint i

core: FFA_SHARE: Process Normal World share

Process a FFA_SHARE command coming from the Normal World. When
receiving a FFA_SHARE message from the Normal World, we check the
first receiver endpoint id. If the endpoint id is that off the OP_TEE
endpoint, we let the thread_spmc handler handle the share. If it is not,
we process it inside the spmc_sp_handler.
The mobj_ffa_() functions are used to create a new mobj for each new
share and to keep track of them.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FFA_SHARE: Process secure share

Process a FFA_SHARE command coming from a SP. When receiving a
FFA_SHARE message from a SP, we don't create any new mobj's. Instead we
retrieve the mobj's from

core: FFA_SHARE: Process secure share

Process a FFA_SHARE command coming from a SP. When receiving a
FFA_SHARE message from a SP, we don't create any new mobj's. Instead we
retrieve the mobj's from the SP list off already mapped mobj's via
vm_get_mobj(). For each FFA_SHARE we check that the memory regions are
mapped and not shared with any other endpoints.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FFA_SHARE: Process receiver data

Process the receiver specific data of a FFA_SHARE command.
Store the receiver and link it to the endpoints (SPs).

Signed-off-by: Jelle Sels <jelle.sels@arm.co

core: FFA_SHARE: Process receiver data

Process the receiver specific data of a FFA_SHARE command.
Store the receiver and link it to the endpoints (SPs).

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: FFA_SHARE: Process FFA_MEM_SHARE message

Process a FF-A FFA_MEM_SHARE message coming from a SP or being sent
from the Normal world with one or more SPs receivers.
FFA_MEM_SHARE is used to shar

core: FFA_SHARE: Process FFA_MEM_SHARE message

Process a FF-A FFA_MEM_SHARE message coming from a SP or being sent
from the Normal world with one or more SPs receivers.
FFA_MEM_SHARE is used to share a memory region from an endpoint (SP or
normal world) with one or more endpoints in secure world(SPs).

A simplified version of the share memory transaction descriptor looks
like the following:

|-------------------|
|ffa_mem_transaction| Contains general data for the whole share
|-------------------|
|mem_access_array[0]| Contains information specific for each receiver SP
|-------------------|
|mem_access_array[1]|
|-------------------|
|mem_access_array[n]|
|-------------------|
|ffa_mem_region | Contains the memory which is shared
|-------------------|

Add sp_mem as a new memory object. Sp_mem is used to store all
information needed for a FF-A share. For each new FF-A share a sp_mem
object is created. Each share is stored inside the mem_shares list
inside sp_mem.c

The ffa_mem_transaction data is stored inside the sp_mem object.
The receivers list inside sp_mem is used to store all the
ffa_mem_region related data.
The regions list is used to store all data related to the
mem_access_array. A mobj reference is will be used to map the region
into the SPs endpoint.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

FF-A: Add macro for FF-A memory cookie bit

When creating a new cookie of the mobj_ffa a BIT64(44) was used inline.
Create a macro for it.

Signed-off-by: Jelle <jelle.sels@arm.com>
Reviewed-by: Jens

FF-A: Add macro for FF-A memory cookie bit

When creating a new cookie of the mobj_ffa a BIT64(44) was used inline.
Create a macro for it.

Signed-off-by: Jelle <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...