optee_os - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
7107ac10	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Remove check from entry_derive_key() Explicit checking for invalid mechanism is no longer required in entry_derive_key() as this is taken care of by call to check_mechanism_against_proce ta: pkcs11: Remove check from entry_derive_key() Explicit checking for invalid mechanism is no longer required in entry_derive_key() as this is taken care of by call to check_mechanism_against_processing(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/processing.c
df705578	03-Mar-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Correct error returned when processing mechanisms check_mechanism_against_processing() checks if a mechanism is supported for the selected function. If mechanism specified cannot be used ta: pkcs11: Correct error returned when processing mechanisms check_mechanism_against_processing() checks if a mechanism is supported for the selected function. If mechanism specified cannot be used in the selected token with the selected function, the error code is expected to be CKR_MECHANISM_INVALID. Earlier check_mechanism_against_processing() was returning error code CKR_KEY_FUNCTION_NOT_PERMITTED when doing such checking which is not correct. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/pkcs11_attributes.c
402d884a	18-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Update attributes in persistent storage For token objects, for any modification in attributes, the attributes also need to be updated in the objects persistent storage. These modificatio ta: pkcs11: Update attributes in persistent storage For token objects, for any modification in attributes, the attributes also need to be updated in the objects persistent storage. These modifications are done when C_SetAttributeValue() is used. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/object.c ta/pkcs11/src/persistent_token.c ta/pkcs11/src/pkcs11_token.h
6a4e5c53	03-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	ci: build for QEMU with CFG_WITH_USER_TA=n Enable building and testing with configuration flag CFG_WITH_USER_TA=n Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jerome Fo ci: build for QEMU with CFG_WITH_USER_TA=n Enable building and testing with configuration flag CFG_WITH_USER_TA=n Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> show more ... .azure-pipelines.yml .shippable.yml
22ac5767	03-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	core: kernel: sub.mk: don't build user_access.c when CFG_WITH_USER_TA=n The user_access.c functions are used by tee_svc* which are not built when CFG_WITH_USER_TA=n, therefore, make it depend on CFG core: kernel: sub.mk: don't build user_access.c when CFG_WITH_USER_TA=n The user_access.c functions are used by tee_svc* which are not built when CFG_WITH_USER_TA=n, therefore, make it depend on CFG_WITH_USER_TA flag. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> show more ... core/kernel/sub.mk
ece8d869	03-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	core: kernel: otp_stubs: fix unresolved symbols when CFG_WITH_USER_TA=n Building with CFG_WITH_USER_TA=n leads to linking issues. The default tee_otp_get_ta_enc_key() function references ta_pub_key_ core: kernel: otp_stubs: fix unresolved symbols when CFG_WITH_USER_TA=n Building with CFG_WITH_USER_TA=n leads to linking issues. The default tee_otp_get_ta_enc_key() function references ta_pub_key_modulus_size and ta_pub_key_modulus which are not resolved, therefore change its definition to depend on the CFG_WITH_USER_TA flag. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> show more ... core/arch/arm/kernel/otp_stubs.c
785da9b0	03-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	core: tee: sub.mk: don't build tee_ta_enc_manager.c when CFG_WITH_USER_TA=n This commit makes tee_ta_enc_manager.c source file depend on CFG_WITH_USER_TA flag. Building it when CFG_WITH_USER_TA=n le core: tee: sub.mk: don't build tee_ta_enc_manager.c when CFG_WITH_USER_TA=n This commit makes tee_ta_enc_manager.c source file depend on CFG_WITH_USER_TA flag. Building it when CFG_WITH_USER_TA=n leads to an inconsistency (extra unresolved symbols). Moreover it adds unused code. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> show more ... core/tee/sub.mk
a01ae03a	02-Mar-2021	Sumit Garg <sumit.garg@linaro.org>	ta: trusted_keys: Fix to align with strict buffer checks Commit e12c9f67d12c ("core: strict buffer check in syscalls following GP 1.1") has switched to stricter buffer checks to reside in TA private ta: trusted_keys: Fix to align with strict buffer checks Commit e12c9f67d12c ("core: strict buffer check in syscalls following GP 1.1") has switched to stricter buffer checks to reside in TA private memory. So accordingly fix buffer allocations corresponding to TEE_GenerateRandom() and TEE_AEDecryptFinal() APIs. Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome@forissier.org> show more ... ta/trusted_keys/entry.c
16c13b4d	23-Feb-2021	Manish Tomar <manish.tomar@nxp.com>	plat-ls: Add GPIO driver for NXP LS Platforms This patch adds GPIO driver for Layerscape Platforms. GPIO compilation is enabled by default for LX2160A-QDS and LX2160A-RDB. Signed-off-by: Manish Tom plat-ls: Add GPIO driver for NXP LS Platforms This patch adds GPIO driver for Layerscape Platforms. GPIO compilation is enabled by default for LX2160A-QDS and LX2160A-RDB. Signed-off-by: Manish Tomar <manish.tomar@nxp.com> Acked-by: Victor Chong <victor.chong@linaro.org> Reviewed-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com> show more ... MAINTAINERS core/arch/arm/plat-ls/conf.mk core/drivers/ls_gpio.c core/drivers/sub.mk core/include/drivers/ls_gpio.h
fc5d98e8	23-Feb-2021	Manish Tomar <manish.tomar@nxp.com>	core: gpio.h: Add 'struct gpio_chip chip' in 'struct gpio_ops' To get the GPIO controller base address, 'struct gpio_chip chip' is passed as a member in the container 'struct gpio_ops' Also updat core: gpio.h: Add 'struct gpio_chip chip' in 'struct gpio_ops' To get the GPIO controller base address, 'struct gpio_chip chip' is passed as a member in the container 'struct gpio_ops' Also updated bcm_gpio and pl061_gpio as per modified gpio.h definition. Signed-off-by: Manish Tomar <manish.tomar@nxp.com> Reviewed-by: Victor Chong <victor.chong@linaro.org> Reviewed-by: Clement Faure <clement.faure@nxp.com> Reviewed-by: Sahil Malhotra <sahil.malhotra@nxp.com> show more ... core/arch/arm/plat-hikey/spi_test.c core/drivers/bcm_gpio.c core/drivers/pl022_spi.c core/drivers/pl061_gpio.c core/include/gpio.h core/pta/bcm/gpio.c
588800bf	28-Feb-2021	Igor Opaniuk <igor.opaniuk@foundries.io>	core: imx: build snvs driver for imx8mm Build SNVS driver for iMX8MM. Acked-by: Clement Faure <clement.faure@nxp.com> Acked-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Igor Opaniuk < core: imx: build snvs driver for imx8mm Build SNVS driver for iMX8MM. Acked-by: Clement Faure <clement.faure@nxp.com> Acked-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> show more ... core/arch/arm/plat-imx/conf.mk
6bd963b9	28-Feb-2021	Igor Opaniuk <igor.opaniuk@foundries.io>	core: imx: add snvs base address for imx8m Add Secure Non-Volatile Storage base address for iMX8M SoCs. Acked-by: Clement Faure <clement.faure@nxp.com> Acked-by: Jerome Forissier <jerome@forissier. core: imx: add snvs base address for imx8m Add Secure Non-Volatile Storage base address for iMX8M SoCs. Acked-by: Clement Faure <clement.faure@nxp.com> Acked-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> show more ... core/arch/arm/plat-imx/registers/imx8m.h
51f49692	01-Mar-2021	Marouene Boubakri <marouene.boubakri@nxp.com>	core: mutex: mutex is abstract pull it from arch folder This commit moves mutex* and wait_queue* from arch folder to core/kernel to make it architecture-independent. Signed-off-by: Marouene Boubakr core: mutex: mutex is abstract pull it from arch folder This commit moves mutex* and wait_queue* from arch folder to core/kernel to make it architecture-independent. Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/arch/arm/kernel/sub.mk core/include/kernel/mutex.h core/include/kernel/wait_queue.h core/kernel/mutex.c core/kernel/mutex_lockdep.c core/kernel/mutex_lockdep.h core/kernel/sub.mk core/kernel/wait_queue.c
18e77482	26-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Correct the error in tracing indirect attributes When tracing indirect attributes, size passed in trace_attributes_from_api_head() was not correct resulting in error. Reviewed-by: Etien ta: pkcs11: Correct the error in tracing indirect attributes When tracing indirect attributes, size passed in trace_attributes_from_api_head() was not correct resulting in error. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/sanitize_object.c
efe1165f	26-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Fix class check when sanitizing indirect attributes Indirect attributes are expected only for keys. Correct this check in sanitize_indirect_attr(). Reviewed-by: Etienne Carriere <etienn ta: pkcs11: Fix class check when sanitizing indirect attributes Indirect attributes are expected only for keys. Correct this check in sanitize_indirect_attr(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/sanitize_object.c
c3033708	23-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Forbid derivation by encryption from AES encryption keys Enforce that AES keys should not be allowed for both 'derivation by encryption' and ciphering. This is not explicitly mentioned i ta: pkcs11: Forbid derivation by encryption from AES encryption keys Enforce that AES keys should not be allowed for both 'derivation by encryption' and ciphering. This is not explicitly mentioned in the PKCS#11 specifications v2.4 and v3.0 but is essential to avoid attacks where derived key can be revealed by doing data encryption using parent key. Suggested-by: Etienne Carriere <etienne.carriere@linaro.org> Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/pkcs11_attributes.c
48799892	17-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Add implementation for key derivation Add code for handling C_DeriveKey() for mechanisms : CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: Etienne Carriere <etienne.carri ta: pkcs11: Add implementation for key derivation Add code for handling C_DeriveKey() for mechanisms : CKM_AES_ECB_ENCRYPT_DATA CKM_AES_CBC_ENCRYPT_DATA Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/src/entry.c ta/pkcs11/src/pkcs11_attributes.c ta/pkcs11/src/pkcs11_helpers.c ta/pkcs11/src/processing.c ta/pkcs11/src/processing.h ta/pkcs11/src/processing_symm.c
5c5bd5fe	16-Feb-2021	Ruchika Gupta <ruchika.gupta@linaro.org>	ta: pkcs11: Allocate command ID for key derivation Allocate command ID for C_DeriveKey(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@lin ta: pkcs11: Allocate command ID for key derivation Allocate command ID for C_DeriveKey(). Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org> show more ... ta/pkcs11/include/pkcs11_ta.h
a5a72f28	05-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: clear user mappings from tables when removed When a user mapping is removed clear it immediately from active or cached translation tables. Reviewed-by: Etienne Carriere <etienne.carriere@lina core: clear user mappings from tables when removed When a user mapping is removed clear it immediately from active or cached translation tables. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/mm/vm.c
c1e0a835	05-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: add tlbi_mva_range_asid() Adds tlbi_mva_range_asid() which invalidates a range of virtual addresses for a specific ASID. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off core: add tlbi_mva_range_asid() Adds tlbi_mva_range_asid() which invalidates a range of virtual addresses for a specific ASID. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/arch/arm/include/kernel/tlb_helpers.h core/arch/arm/include/mm/core_mmu.h core/arch/arm/mm/core_mmu.c
3fb20484	05-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: add pgt_clear_ctx_range() Adds pgt_clear_ctx_range() which clears the corresponding entries in the active or cached translation tables of user mode context. Reviewed-by: Etienne Carriere <eti core: add pgt_clear_ctx_range() Adds pgt_clear_ctx_range() which clears the corresponding entries in the active or cached translation tables of user mode context. Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/arch/arm/include/mm/pgt_cache.h core/arch/arm/mm/pgt_cache.c
8944bb96	23-Feb-2021	Jerome Forissier <jerome@forissier.org>	ci: add .azure-pipelines.yml The Shippable Continuous Integration service is scheduled for retirement on May 3rd, 2021 [1]. Therefore, a replacement has to be found. This commit introduces .azure-p ci: add .azure-pipelines.yml The Shippable Continuous Integration service is scheduled for retirement on May 3rd, 2021 [1]. Therefore, a replacement has to be found. This commit introduces .azure-pipelines.yml which serves the same purpose as .shippable.yml but runs on the Microsoft Azure Pipelines infrastructure [2]. Link: [1] https://blog.shippable.com/the-next-step-in-the-evolution-of-shippable-jfrog-pipelines Link: [2] https://azure.microsoft.com/en-us/services/devops/pipelines/ Signed-off-by: Jerome Forissier <jerome@forissier.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... .azure-pipelines.yml
db82201b	19-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: check snprintf() return value in add_res_mem_dt_node() Adds a check for the return value from snprintf() in add_res_mem_dt_node(). In case snprintf() has failed of truncates the output a debug core: check snprintf() return value in add_res_mem_dt_node() Adds a check for the return value from snprintf() in add_res_mem_dt_node(). In case snprintf() has failed of truncates the output a debug warning in the log. This fixes coverity scan: CID 1501804 (#1 of 1): Unchecked return value (CHECKED_RETURN) Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/arch/arm/kernel/boot.c
dea9063e	19-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	libutee: check srcLen in TEE_CipherDoFinal() Adds another check of srcLen in TEE_CipherDoFinal() before calling tee_buffer_update() to make sure that we don't dereference destLen when it's NULL. Th libutee: check srcLen in TEE_CipherDoFinal() Adds another check of srcLen in TEE_CipherDoFinal() before calling tee_buffer_update() to make sure that we don't dereference destLen when it's NULL. This fixes coverity scan: CID 1501811 (#1 of 1): Dereference after null check (FORWARD_NULL) Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... lib/libutee/tee_api_operations.c
3dd5cda2	19-Feb-2021	Jens Wiklander <jens.wiklander@linaro.org>	core: add NULL check in system_dlsym() system_dlsym() takes a uuid in one of the memref parameters. Prior to this patch that memref wasn't checked correctly in all cases. system_dlsym() passes the u core: add NULL check in system_dlsym() system_dlsym() takes a uuid in one of the memref parameters. Prior to this patch that memref wasn't checked correctly in all cases. system_dlsym() passes the uuid to ldelf_dlsym() which uses this uuid so the pointer must be valid and of the expected size. Fix this by checking that the pointer is non-NULL and of the correct size. This fixes coverity scan: CID 1501812 (#1 of 1): Dereference after null check (FORWARD_NULL) Fixes: ebef121c1f5c ("core, ldelf: add support for runtime loading of shared libraries") Reviewed-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/pta/system.c
1...<<161 162163164 165 166 167 168 169 170 >>...336