lib: mbedtls: return TEE_ERROR_BAD_PARAMETERS on input data error

This change fixes Keymaster VTS if cryptolib uses libmedtls
EncryptionOperationsTest, RsaPkcs1Success and
EncryptionOperationsTest,

lib: mbedtls: return TEE_ERROR_BAD_PARAMETERS on input data error

This change fixes Keymaster VTS if cryptolib uses libmedtls
EncryptionOperationsTest, RsaPkcs1Success and
EncryptionOperationsTest, RsaOaepSuccess probabilistic failure.
We should change error code from libmedtls to TEE_AsymmetricDecrypt.
In the same scenario, the tomcrypt return value is eventually
Converted to TEE_ERROR_BAD_PARAMETERS,and then pass the test.
But mbedtls converted to TEE_ERROR_BAD_STATE,
This causes TEE_AsymmetricDecrypt() to panic.

Signed-off-by: Liu Shiwei <liushiwei@eswin.com>
Tested-by: Liu Shiwei <liushiwei@eswin.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: fix second DDR bank address for m3_2x4g flavor

Due to mistake, NSEC_DDR_1_BASE was set to incorrect value. In fact, second
DDR bank begins at 0x480000000.

Signed-off-by: Volodymyr Babch

plat: rcar: fix second DDR bank address for m3_2x4g flavor

Due to mistake, NSEC_DDR_1_BASE was set to incorrect value. In fact, second
DDR bank begins at 0x480000000.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix split_region() to maintain order

Fixes split_region() to maintain the order of paged regions when a
region is split into two.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_page

core: pager: fix split_region() to maintain order

Fixes split_region() to maintain the order of paged regions when a
region is split into two.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1 w/ gp, stmm)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager fix alloc_merged_pgt_array()

Fix the logic for how a shared pgt is detected in
alloc_merged_pgt_array(). Without this there's a buffer overrun in the
pgt_array plus of course not quite

core: pager fix alloc_merged_pgt_array()

Fix the logic for how a shared pgt is detected in
alloc_merged_pgt_array(). Without this there's a buffer overrun in the
pgt_array plus of course not quite right pgt pointers in that array.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix split_region() pgt assignment

Fixes an error in how pgt_array is copied from the original paged region
into the new split off region.

Fixes: 4a3f6ad054d4 ("core: pager: let struct

core: pager: fix split_region() pgt assignment

Fixes an error in how pgt_array is copied from the original paged region
into the new split off region.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix increment calculation in tee_pager_set_um_region_attr()

With the introduction of the commit referred below may a paged region
span multiple translation tables, but tee_pager_set_um_

core: pager: fix increment calculation in tee_pager_set_um_region_attr()

With the introduction of the commit referred below may a paged region
span multiple translation tables, but tee_pager_set_um_region_attr()
wasn't updated to handle this. So fix this by accurately calculate
the increment in the main loop of that function.

Fixes: 4a3f6ad054d4 ("core: pager: let struct tee_pager_area span multiple translation tables")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-zynq7k: fix wrong argument ordering in NS world unlocking

A defect was introduced in 3.5.0 where the register value and address
in io_write32 are displaced, which eventually led to failure swit

plat-zynq7k: fix wrong argument ordering in NS world unlocking

A defect was introduced in 3.5.0 where the register value and address
in io_write32 are displaced, which eventually led to failure switching
to NS world.

Fixes: af4c7f4b3ad2 ("zynq7k: upgrade from write32() to io_write32() and friends")
Signed-off-by: Yan Yan <yan.yan@windriver.com>
Tested-by: Yan Yan <yan.yan@windriver.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-imx: add compulab iot-gate-imx8 board support

Support for Compulab IoT Gateway (imx8mm) platform.
(PLATFORM=imx-mx8mm_cl_iot_gate)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
A

plat-imx: add compulab iot-gate-imx8 board support

Support for Compulab IoT Gateway (imx8mm) platform.
(PLATFORM=imx-mx8mm_cl_iot_gate)

Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

libtomcrypt: fix rsa key generation public exponent

Fix libtomcrypt crypto_acipher_gen_rsa_key() to call rsa_make_key_bn_e()
API to generate a RSA key with a public exponent up to 256 bits.

RSA sta

libtomcrypt: fix rsa key generation public exponent

Fix libtomcrypt crypto_acipher_gen_rsa_key() to call rsa_make_key_bn_e()
API to generate a RSA key with a public exponent up to 256 bits.

RSA standard specify that public exponent e can be between 65537 (included)
and 2^256 (excluded).

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core_mmu: fix implicit behavior of core_mmu_add_mapping()

In core_mmu_add_mapping() requested physical address
rounded up/down to granule size (0x100000), which leads
to establishing of virtual mapp

core_mmu: fix implicit behavior of core_mmu_add_mapping()

In core_mmu_add_mapping() requested physical address
rounded up/down to granule size (0x100000), which leads
to establishing of virtual mappings with overlapped
physical counterparts. If two virtual mappings overlaps
due to such roundings, then following phys_to_virt() can
implicitly return result of virtual address from
unexpected mapping. This patch fix such behavior by
returning virtual address of newly established mapping.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Anton Rybakov <a.rybakov@omp.ru>

show more ...

rsa: add rsa key generate with public exponent upto 256 bits

Function rsa_make_key() limits the RSA key generates to a public
exponent of type long (32 bits or 64 bits).
RSA standard specify that pu

rsa: add rsa key generate with public exponent upto 256 bits

Function rsa_make_key() limits the RSA key generates to a public
exponent of type long (32 bits or 64 bits).
RSA standard specify that public exponent e can be between 65537 (included)
and 2^256 (excluded).

Add function rsa_make_key_ubin_e to use a hexadecimal public exponent.
Add function rsa_make_key_bn_e to use a bignumber public exponent
(op-tee).

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
[jf: cherry-pick commit 49556a8e606cfa37375324a6051833f3db916640 upstream]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks

core: fix populate_files() coverity warning

In populate_files() db->files is checked to be not NULL leading but at
another place db->nbits is checked instead before accessing db->files.
Both checks are OK since db->files mustn't be NULL if db->nbits is
larger than 0.

This confuses coverity to emit a warning, so change the function to
check db->nbits instead.

This fixes coverity scan:
CID 1501793 (#1 of 1): Dereference after null check (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix tee_fs_dirfile_get_tmp() coverity warning

In tee_fs_dirfile_get_tmp() dirh->files is checked to be not NULL
leading but at another place dirh->nbits is checked instead before
accessing dir

core: fix tee_fs_dirfile_get_tmp() coverity warning

In tee_fs_dirfile_get_tmp() dirh->files is checked to be not NULL
leading but at another place dirh->nbits is checked instead before
accessing dirh->files. Both checks are OK since dirh->files mustn't be
NULL if dirh->nbits is larger than 0.

This confuses coverity to emit a warning, so change the function to
check dirh->nbits instead.

This fixes coverity scan:
CID 1501821 (#1 of 1): Dereference after null check (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check presence of sym_tab in e32_relocate()

Adds checks in e32_relocate() that sym_tab is assigned a symbol table
before using it.

This fixes coverity scan:
CID 1501826 (#1 of 3): Explicit n

ldelf: check presence of sym_tab in e32_relocate()

Adds checks in e32_relocate() that sym_tab is assigned a symbol table
before using it.

This fixes coverity scan:
CID 1501826 (#1 of 3): Explicit null dereferenced (FORWARD_NULL)
CID 1501826 (#2 of 3): Explicit null dereferenced (FORWARD_NULL)
CID 1501826 (#3 of 3): Explicit null dereferenced (FORWARD_NULL)

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: fix range check in gen_malloc_add_pool()

Prior to this patch was the length of supplied buffer not checked
accurately for very small buffer. This could result in an unexpected
assert():
E/

libutils: fix range check in gen_malloc_add_pool()

Prior to this patch was the length of supplied buffer not checked
accurately for very small buffer. This could result in an unexpected
assert():
E/TC:0 0 assertion 'start < end' failed at lib/libutils/isoc/bget_malloc.c:775 <gen_malloc_add_pool>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>

So fix this with a proper test.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a

core: arm32: update thread_smc() for SMCCC v1.2

SMC Calling Convention v1.2 allows returning result in r4-r7 in addition
to the already used r0-r3. In thread_smc() we're not using r4-r7 to
return a result, but the normal function calling convention requires
r4-r7 to be preserved so save and restore them.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: FF-A: add missing break statements to spmc_sp_msg_handler()

Some break statements are missing in spmc_sp_msg_handler(). Add them.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jero

core: FF-A: add missing break statements to spmc_sp_msg_handler()

Some break statements are missing in spmc_sp_msg_handler(). Add them.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: enable hardware RNG pseudo TA

Enable access of hardware entropy through HWRNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.

plat: rcar: enable hardware RNG pseudo TA

Enable access of hardware entropy through HWRNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this rea

core: pta: add generic RNG pseudo TA

Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this reason the interface of rng.pta implemented for Developerbox
platform is re-used. Interface is generic and corresponds to in-kernel
optee-rng driver.

Pseudo TA interface is specifically used so that credible entropy is
available to REE early at boot, even before user-space is fully up.

[1] https://lwn.net/Articles/777260/

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome

synquacer: rng-pta: move rng_pta_client.h to common path

Header is platform independent and can be used by generic RNG PTA.

Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(

drivers:caam: Update DRVCRYPT_OID_MB_US_RSADSI macro with correct value

This macro forms the HASH OID for MD5 algorithm,

It is defined as:
id-md5 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
}

According to OpenSSL,
iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
part is encoded as
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05

Links for reference:
OpenSSL: https://bit.ly/3hVZ7Is
RFC: https://datatracker.ietf.org/doc/html/rfc8017#section-9.2[Page 46]

But in this case it was being formed as
0x2A,0x86,0x48,0x86,0x48,0x02,0x05 which was wrong.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jer

core: dt: don't add optee node for FF-A systems

Systems with FF-A enabled doesn't need an OP-TEE node since the driver
is initialized via the FF-A framework instead.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platfor

core: ffa: FF-A specific boot arguments

Updates OP-TEE accept FF-A specific boot arguments. This is only used
when OP-TEE is a SPMC at S-EL1 and is loaded with TF-A. So no change
for ARMv7-A platforms.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers preven

plat: rcar: enable ASLR

On RCAR hw_get_random_byte() can be called very early, as it have no
dependencies. So we can use it to provide ASLR seed value.

Also, the previous fix to SCIF drivers prevents crashes with ASLR enabled.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
fu

plat: rcar: implement hw_get_random_byte() function

As we now can call ROM API to access hardware random generator, it is
possible to implement generic interface to it, using hw_get_random_byte()
function.

ROM API provides 32 bytes of random data at a time. To optimally use it, we
need to cache received random vector and provide random number bytes from
it one by one.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...