libutee: user_ta_header.h: remove unused enum user_ta_core_service_id

enum user_ta_core_service_id is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne

libutee: user_ta_header.h: remove unused enum user_ta_core_service_id

enum user_ta_core_service_id is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose exis

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose existing pl022_flush_fifo API to caller via spi_ops.

The validation is performed on bcm platform.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Reviewed-by: Victor Chong <victor.chong@linaro.org>

show more ...

ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.

ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.
The RFC 2202 and 4231 specify some HMAC test vectors where key size
is greater than the sizes as supported in current TEE implementation.
For such key sizes, greater than the maximum key size supported by TEE,
first hash the key and then use the resultant as the actual key to
HMAC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add minimum key size checking for HMAC Mechanisms

For HMAC mechanisms for hash operations, if the size of the key object
is less than the minimum size supported by the implementation,
er

ta: pkcs11: Add minimum key size checking for HMAC Mechanisms

For HMAC mechanisms for hash operations, if the size of the key object
is less than the minimum size supported by the implementation,
error PKCS11_CKR_KEY_SIZE_RANGE should be returned. If this check
is not done before TEE_AllocateOperation(), passing a key size not
supported by TEE results in a PKCS11_CKR_MECHANISM_INVALID error,
which is ambiguous as Mehcanism is supported here and the issue is
with key size.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions

The use of CKK_GENERIC_SECRET is allowed with HMAC mechanisms.
In earlier implementation, CKK_GENERIC_SECRET was mapped to
TEE_GENERIC_

ta: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions

The use of CKK_GENERIC_SECRET is allowed with HMAC mechanisms.
In earlier implementation, CKK_GENERIC_SECRET was mapped to
TEE_GENERIC_KEY. TEE_AllocateOperation() would return an error
when TEE key of type TEE_GENERIC_KEY is used with HMAC algorithms.
So, special handling is required for such keys where the PKCS11
mechanism should be used to determine the corresponding TEE
KEY Type for CKK_GENERIC_SECRET when used with HMAC mechanisms.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add support for HMAC keys in get_key_min_max_sizes()

The PKCS11_CKK_<h>_HMAC key entries were missing in
get_key_min_max_sizes(). These have been added.

Signed-off-by: Ruchika Gupta <ru

ta: pkcs11: Add support for HMAC keys in get_key_min_max_sizes()

The PKCS11_CKK_<h>_HMAC key entries were missing in
get_key_min_max_sizes(). These have been added.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Correct the key size for HMAC mechanisms

The minimum and maximum key sizes supported by HMAC mechanism
should be in sync with the Global Platform API's used for
implementing them. The si

ta: pkcs11: Correct the key size for HMAC mechanisms

The minimum and maximum key sizes supported by HMAC mechanism
should be in sync with the Global Platform API's used for
implementing them. The sizes are now in sync with the key
sizes as specified in TEE_AllocateTransientObjects() in [1].

[1] GlobalPlatform Technology TEE Internal Core API Specification
Version 1.1.2.50

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Remove unused file lib/libutee/errno.c

lib/libutee/errno.c is not built or used in any way so remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklan

Remove unused file lib/libutee/errno.c

lib/libutee/errno.c is not built or used in any way so remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: kernel: link.mk: make path to kernel linker script generic

The path to kernel script is hard-coded. Despite it is in a arch specific
folder, it should use defined variables.
This is helpful in

core: kernel: link.mk: make path to kernel linker script generic

The path to kernel script is hard-coded. Despite it is in a arch specific
folder, it should use defined variables.
This is helpful in case of porting OP-TEE OS to a new architecture such we
make maximum reuse of existing sources.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-mediatek: add support for MT8183 SoC

Add OP-TEE support for MT8183 SoC.

Signed-off-by: Fabien Parent <fparent@baylibre.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

plat-mediatek: Add support for GIC

Add the support for the GIC for the MediaTek platforms.

Signed-off-by: Fabien Parent <fparent@baylibre.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.or

plat-mediatek: Add support for GIC

Add the support for the GIC for the MediaTek platforms.

Signed-off-by: Fabien Parent <fparent@baylibre.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections

The DECLARE_KEEP_PAGER() and DECLARE_KEEP_INIT() macros create symbols
in a special section called __keep_meta_vars_pager. The

core: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections

The DECLARE_KEEP_PAGER() and DECLARE_KEEP_INIT() macros create symbols
in a special section called __keep_meta_vars_pager. The behavior
differs slightly in C and assembler:

- In C, the section is of type SHT_PROGBITS and has (SHF_ALLOC |
SHF_WRITE) flags,
- In assembler, the section is also SHT_PROGBITS but has no flags.

Enter the Clang linker, ld.lld. When used with --gc-sections, all
sections without the SHF_ALLOC flag (and a few other conditions) are
marked "live" in a first pass before dependencies on other sections
are considered. A side effect is that the reference to the symbol given
in DECLARE_KEEP_*() is ignored and the macro does not pull the desired
section in the link. That section is garbage collected instead.

Whether or not it is a bug in the linker is slightly above my level of
expertise. However, the DECLARE_KEEP_*() macros declare global symbols
that reference other symbols, so it really is allocatable stuff and
having the SHF_ALLOC flag does make sense. It is also consistent with
the C version. Note that adding the flag does not take more space in the
final executable since core/arch/arm/kernel/kern.ld.S discards the
__keep_meta_vars_pager output section anyways.

Therefore, add "a" to the .section command in DECLARE_KEEP_*().

Fixes a core crash which may be reproduced on QEMUv8 with xtest 1013
when OP-TEE is compiled with Clang 11 and CFG_WITH_PAGER=y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: kern.ld.S: fix ROUNDUP() and ROUNDDOWN() for Clang

Fixes exceptions on boot when CFG_WITH_ASLR=y CFG_WITH_PAGER=y and the
Clang toolchain is used (tested with QEMUv8 and Clang 11.0.0).

T

core: arm: kern.ld.S: fix ROUNDUP() and ROUNDDOWN() for Clang

Fixes exceptions on boot when CFG_WITH_ASLR=y CFG_WITH_PAGER=y and the
Clang toolchain is used (tested with QEMUv8 and Clang 11.0.0).

The Clang linker happens to generate non-relocatable references to
symbols defined by expressions in the linker script which involve
some arithmetic operations on another symbol. More specifically, when
rounding up or down addresses to page boundaries using the expressions
defined in <util.h>. This commit introduces different ways of doing
ROUNDUP() and ROUNDDOWN() which work with both Clang and GCC:
- ROUNDUP() is replaced with the linker ALIGN() built-in function,
- ROUNDDOWN() is rewritten as 'symbol - something'.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: kern.ld.S: remove redundant line

__rodata_init_end is defined twice. Remove one instance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wikland

core: arm: kern.ld.S: remove redundant line

__rodata_init_end is defined twice. Remove one instance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add support to import external TA signing public key

Build process requires that private key is present when signing TAs.

In order to support external HSM based re-signing of the TAs, add sup

core: Add support to import external TA signing public key

Build process requires that private key is present when signing TAs.

In order to support external HSM based re-signing of the TAs, add support
to import different TA signing public key into TEE OS binary by
introducing TA_PUBLIC_KEY.

By default TA_PUBLIC_KEY gets the value of TA_SIGN_KEY.

Re-signing of the TA's works by first signing TA during the build with
private key readily available during the build process (TA_SIGN_KEY).
Private key can in example be bundled key in keys/default_ta.pem.

Build will generate TA binary with signature embedded matching provided
private key.

This TA binary will be sent for HSM re-signing process where digest will
be calculated from the binary to get digest which will be signed with
private key protected by HSM. New signature will replaced the old
signature in the TA binary.

This re-signed TA will need to be deployed into the device for execution.

In order for OP-TEE OS to load the TA it needs to have the matching public
key from the HSM. Public key needs to be available during the build
process (TA_PUBLIC_KEY).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Remove unused function entry_verify_oneshot()

entry_verify_oneshot() is currently not used in any of the
flows. Hence remove it.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

ta: pkcs11: Remove unused function entry_verify_oneshot()

entry_verify_oneshot() is currently not used in any of the
flows. Hence remove it.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: pkcs11 : add support for HMAC modes for Sign/Verify

Add support for HMAC modes for hash functions - MD5, SHA1,
SHA256, SHA224, SHA284 and SHA512 in Sign/Verify operations.

PKCS#11 offers 2 HMAC

ta: pkcs11 : add support for HMAC modes for Sign/Verify

Add support for HMAC modes for hash functions - MD5, SHA1,
SHA256, SHA224, SHA284 and SHA512 in Sign/Verify operations.

PKCS#11 offers 2 HMAC methods for each hash function <h>,
CKM_<h>_HMAC and CKM_<h>_HMAC_GENERAL. Fixed tag length of the
output size of hash function i.e CKM_h_HMAC is currently supported.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: pkcs11: define TA command for signing/verification

Adds commands
- PKCS11_CMD_SIGN_INIT
- PKCS11_CMD_VERIFY_INIT
- PKCS11_CMD_SIGN_UPDATE
- PKCS11_CMD_VERIFY_UPDATE
- PKCS11_CMD_SIGN_FINAL
- PKC

ta: pkcs11: define TA command for signing/verification

Adds commands
- PKCS11_CMD_SIGN_INIT
- PKCS11_CMD_VERIFY_INIT
- PKCS11_CMD_SIGN_UPDATE
- PKCS11_CMD_VERIFY_UPDATE
- PKCS11_CMD_SIGN_FINAL
- PKCS11_CMD_VERIFY_FINAL
- PKCS11_CMD_SIGN_ONESHOT
- PKCS11_CMD_VERIFY_ONESHOT
in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: pkcs11: define TA mechanisms for HMAC modes

Adds the mechanisms
- PKCS11_CKM_MD5_HMAC
- PKCS11_CKM_SHA_1_HMAC
- PKCS11_CKM_SHA256_HMAC
- PKCS11_CKM_SHA224_HMAC
- PKCS11_CKM_SHA384_HMAC
- PKCS11_

ta: pkcs11: define TA mechanisms for HMAC modes

Adds the mechanisms
- PKCS11_CKM_MD5_HMAC
- PKCS11_CKM_SHA_1_HMAC
- PKCS11_CKM_SHA256_HMAC
- PKCS11_CKM_SHA224_HMAC
- PKCS11_CKM_SHA384_HMAC
- PKCS11_CKM_SHA512_HMAC
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

core: stmm: remove useless return values to local svc handlers

Remove the boolean return value from local functions
stmm_handle_mem_mgr_service(), stmm_handle_storage_service(),
spm_eret_error() and

core: stmm: remove useless return values to local svc handlers

Remove the boolean return value from local functions
stmm_handle_mem_mgr_service(), stmm_handle_storage_service(),
spm_eret_error() and spm_handle_direct_req() that all end
returning to secure partition (StMM) execution. Rename
return_helper() to return_from_sp_helper() and remove its
return value as it only prepare returning to SP caller.
No functional change.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: stmm: set panic flag when secure partition panics

Set the panic flag, that is in struct ta_ctx of the ts_ctx
(trusted service context) instance, when the secure partition
panics. This allows g

core: stmm: set panic flag when secure partition panics

Set the panic flag, that is in struct ta_ctx of the ts_ctx
(trusted service context) instance, when the secure partition
panics. This allows generic sequence to possibly release resources
related to the secure partition instance.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: stmm: support 32bit execution

Add support for 32bit EL0 secure partition StMM when Core is 32bit.

Defines 32bit FFA identifiers FFA_SVC_*_32 and FFA_MSG_*_32.
Defines SVC_REGS_Ax() macros to

core: stmm: support 32bit execution

Add support for 32bit EL0 secure partition StMM when Core is 32bit.

Defines 32bit FFA identifiers FFA_SVC_*_32 and FFA_MSG_*_32.
Defines SVC_REGS_Ax() macros to wrap 32b/64b thread_svc_regs structure
fields in StMM secure partition driver.
Defines __FFA_* local macros to wrap 32b/64b service IDs.

Save usr_sp banked register in return_helper() has it shall be preserved
when we will enter again the secure partition.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: stmm: fix storage syscalls return value

Fix the return value for the RPMB storage service where syscalls
returned a TEE_Result value instead of a STMM_RET_* value.

Fixes: 42471ecf25b7 ("core:

core: stmm: fix storage syscalls return value

Fix the return value for the RPMB storage service where syscalls
returned a TEE_Result value instead of a STMM_RET_* value.

Fixes: 42471ecf25b7 ("core: load stmm via secure partition")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: arm: helper function to read 32bit usr_sp banked register

Helper function thread_get_usr_sp() allows Core threaded execution
to read usr_sp CPU register. This is needed as part of the secure
p

core: arm: helper function to read 32bit usr_sp banked register

Helper function thread_get_usr_sp() allows Core threaded execution
to read usr_sp CPU register. This is needed as part of the secure
partition execution context when a secure partition execution is
about to return to normal world.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix return code on one-shot process of a updated operation

Fix return value when one-short processing is requested over an operation
that has already gone through a operation update proc

ta: pkcs11: fix return code on one-shot process of a updated operation

Fix return value when one-short processing is requested over an operation
that has already gone through a operation update processing. Prior this
change the PKCS11 TA return PKCS11_CKR_KEY_FUNCTION_NOT_PERMITTED which
is not accurate when key permits the operation but not the specification.

For clarity, this change splits one-shot and update steps case in
check_mechanism_against_processing().

Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...