build: fix ld-option again

Commit 5510db0b9458 ("build: ld-option: handle any linker warning as an
error") fixed an issue when used with the GNU linker, but while doing
so it broke the Clang use cas

build: fix ld-option again

Commit 5510db0b9458 ("build: ld-option: handle any linker warning as an
error") fixed an issue when used with the GNU linker, but while doing
so it broke the Clang use case. The problem is, the exit status tested
by `|| echo "Not supported"' is the one from grep, not the one from the
link command.

The fix provided here is tested with GCC (ld) and Clang (ld.lld).

Fixes: 5510db0b9458 ("build: ld-option: handle any linker warning as an error")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

MAINTAINERS: maintain se050

Tag core/drivers/crypto/se050 as maintained

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

drivers: se050: glue layer

The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.

1) user crypto operations: these operations must run outside the SE050
in orde

drivers: se050: glue layer

The glue layer implements functionality required by the Plug And Trust
library from OP-TEE.

1) user crypto operations: these operations must run outside the SE050
in order to implement SCP03.

2) i2c operations: these operations provide access to the I2C bus to
communicate with the SE050.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@fori

core: build: se050 driver

Core work to support building the platform independent se050 crypto
driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-imx: conf: don't force CRYPTO_DRIVER

A platform independent driver could be providing the CRYPTO_DRIVER
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etie

plat-imx: conf: don't force CRYPTO_DRIVER

A platform independent driver could be providing the CRYPTO_DRIVER
functionality.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-imx: conf: don't force SOFTWARE_PRNG

A platform independent driver could be providing a real RNG and
therefore have different requirements with respect to the PRNG.

Signed-off-by: Jorge Ramire

plat-imx: conf: don't force SOFTWARE_PRNG

A platform independent driver could be providing a real RNG and
therefore have different requirements with respect to the PRNG.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: svc store: delete keys from secure elements

The cryptographic API provides an interface for the creation of
cryptographic keys.

These keys can be stored in secure elements and handlers to the

core: svc store: delete keys from secure elements

The cryptographic API provides an interface for the creation of
cryptographic keys.

These keys can be stored in secure elements and handlers to these keys
(since the keys themselves can not be read from the secure elements)
given back to the caller.

When the object holding a key is being deleted, the cryptographic API
must be informed in order to proceed with the deletion of the real
key from the secure element.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pta: SCP03 pseudo trusted application

Implement GlobalPlatform Secure Channel Protocol 3 control from
REE. Secure boot requires that SCP03 is enabled as soon as secure
storage is available (ie

core: pta: SCP03 pseudo trusted application

Implement GlobalPlatform Secure Channel Protocol 3 control from
REE. Secure boot requires that SCP03 is enabled as soon as secure
storage is available (ie RPMB).

Host side example:
github.com/foundriesio/optee-scp03

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@

drivers: implement se050 driver

Add AES_CTR/RSA/RNG/HUK support for NXP SE050 via the Plug And Trust
library.

Tested on imx8mm LPDDR EVK and imx6ull EVK.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi: remove unused references

SCMI power domain and performance monitoring protocols are not
implemented hence removing related references in STM32MP1 SCMI server.

Acked-by: Jerome

plat-stm32mp1: scmi: remove unused references

SCMI power domain and performance monitoring protocols are not
implemented hence removing related references in STM32MP1 SCMI server.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi: make local arrays static

Change local structures to static attribute since not exported
outside scmi_server.c

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: E

plat-stm32mp1: scmi: make local arrays static

Change local structures to static attribute since not exported
outside scmi_server.c

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: scmi: handlers for STPMIC1 regulators

Add SCMI regulator platform handlers for regulators driven from STPMIC1
companion power chip.

STPMIC1 is under secure world exclusive access whe

plat-stm32mp1: scmi: handlers for STPMIC1 regulators

Add SCMI regulator platform handlers for regulators driven from STPMIC1
companion power chip.

STPMIC1 is under secure world exclusive access when its bus
interface is secure. In such case voltage regulators controller by
STPMIC1 can still be assigned to non-secure world control using SCMI
Voltage Domain protocol to expose services for these regulators.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm32mp1: stub stm32mp_nsec_can_access_pmic_regu() when no PMIC

Define a stub implementation for stm32mp_nsec_can_access_pmic_regu()
when the platform does not embed its PMIC driver.

Acked-by:

plat-stm32mp1: stub stm32mp_nsec_can_access_pmic_regu() when no PMIC

Define a stub implementation for stm32mp_nsec_can_access_pmic_regu()
when the platform does not embed its PMIC driver.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: fix return value in crypto API SM2 PKA decrypt

Fix calloc() failure case in core crypto API function for SM2 PKE
decryption. Prior this change the function failed but return 0/OK.
This ch

core: ltc: fix return value in crypto API SM2 PKA decrypt

Fix calloc() failure case in core crypto API function for SM2 PKE
decryption. Prior this change the function failed but return 0/OK.
This change sets the return value to TEE_ERROR_OUT_OF_MEMORY before
reaching the function exit sequence.

Fixes: f9a78287dd12 (core: ltc: add support for SM2 PKE)
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix RPMB rollback vulnerability

Normal world is used to pass the RPMB request to the eMMC. If normal
world saves a write request and returns an error instead it can be used
at a later stage wh

core: fix RPMB rollback vulnerability

Normal world is used to pass the RPMB request to the eMMC. If normal
world saves a write request and returns an error instead it can be used
at a later stage where OP-TEE doesn't expect a certain block to be
updated. For more details on possible attacks and mitigations see [1]
and [2].

The mitigation consists of two parts, while initializing and later how
each write request is handled.

While initializing the RPMB file system we don't have a spare dummy
block so the alternative method of reading a block and writing it again
is used instead.

For normal write request all errors after the request message has been
created will be retried 10 times. If a write request fails after 10
retries RPMB is disabled entirely until next boot. An eventual
requesting TA is with an unexpected error code since we can't tell if
the request has been committed to storage or not.

Link: [1] https://www.westerndigital.com/support/productsecurity/wdc-20008-replay-attack-vulnerabilities-rpmb-protocol-applications
Link: [2] https://documents.westerndigital.com/content/dam/doc-library/en_us/assets/public/western-digital/collateral/white-paper/white-paper-replay-protected-memory-block-protocol-vulernabilities.pdf

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: dh_make_key(): do not force bit 'xbits' to be 1

When xbits != 0, dh_make_key() generates a private key of size xbits as
specified by GP ("TEE_ATTR_DH_X_BITS: If present, constrain

core: libtomcrypt: dh_make_key(): do not force bit 'xbits' to be 1

When xbits != 0, dh_make_key() generates a private key of size xbits as
specified by GP ("TEE_ATTR_DH_X_BITS: If present, constrains the private
value x to have [xbits] bits"). However, it also makes sure the top bit
of the private key is 1. Not only is it not required by the spec, it is
also a security vulnerability because it can drastically reduce the
acceptable range for the key: 2^(xbits-1) <= X <= P - 2.

Note: this brings the LTC implementation in line with the MBed TLS one,
see mbedtls_dhm_make_public().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: dh_make_key(): remove useless code

In dh_make_key(), random data is copied into key->x by
mp_read_unsigned_bin(), and immediately after key->x is overwritten
by mp_mod(). Remove t

core: libtomcrypt: dh_make_key(): remove useless code

In dh_make_key(), random data is copied into key->x by
mp_read_unsigned_bin(), and immediately after key->x is overwritten
by mp_mod(). Remove the useless call.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: print "TEE load address" message on abort

Commit 02d307b7db90 ("core: use libunw") has involuntarily removed the
"TEE load address @ ..." message when a TEE core abort occurs. This
information

core: print "TEE load address" message on abort

Commit 02d307b7db90 ("core: use libunw") has involuntarily removed the
"TEE load address @ ..." message when a TEE core abort occurs. This
information is essential to be able to resolve function addresses when
ASLR is enabled, and scripts/symbolize.py needs this line. Add it back.

Fixes: 02d307b7db90 ("core: use libunw")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: fix SM2 PKE memory leak

In function `sm2_ltc_pke_decrypt`, the ecc_point `S` was not deleted
if the following bignumber `h` initialization failed.

Fixes: f9a78287dd1 (core: ltc: add supp

core: ltc: fix SM2 PKE memory leak

In function `sm2_ltc_pke_decrypt`, the ecc_point `S` was not deleted
if the following bignumber `h` initialization failed.

Fixes: f9a78287dd1 (core: ltc: add support for SM2 PKE)
Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: generic resources for crypto device driver - ECC

Add a generic cryptographic ECC driver interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveu

core: driver: generic resources for crypto device driver - ECC

Add a generic cryptographic ECC driver interface connecting
TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: change SM2 PKE to use crypto_ecc_[public/keypair]_ops

Change the crypto_acipher_sm2_pke_encrypt and
crypto_acipher_sm2_pke_decrypt to use the crypto_ecc_public_ops and
crypto_ecc_keypair_

core: ltc: change SM2 PKE to use crypto_ecc_[public/keypair]_ops

Change the crypto_acipher_sm2_pke_encrypt and
crypto_acipher_sm2_pke_decrypt to use the crypto_ecc_public_ops and
crypto_ecc_keypair_ops methods.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used fo

core: crypto: add encrypt/decrypt to crypto_ecc_[public/keypair]_ops

Add encypt and decrypt methods to respectively the crypto_ecc_public_ops
and the crypto_ecc_keypair_ops structure.
Method used for the SM2 PKE algorithms.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: set SM2 ECC Keys operations

Change the SM2 DSA sign/verify to be called through the allocated ECC
keys operations like ECC sign/verify operations.

Signed-off-by: Cedric Neveux <cedric.ne

core: ltc: set SM2 ECC Keys operations

Change the SM2 DSA sign/verify to be called through the allocated ECC
keys operations like ECC sign/verify operations.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: unify ECC and SM2_DSA sign/verify

Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify
functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify
function

core: crypto: unify ECC and SM2_DSA sign/verify

Remove the crypto_acipher_sm2_dsa_sign/crypto_acipher_sm2_dsa_verify
functions and call the crypto_acipher_ecc_sign/crypto_acipher_ecc_verify
functions that are calling the ecc key operations set.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libs: ltc and mbedtls introduce crypto_ecc[public/keypair]_ops

Change ECC call functions name to be able to use a ECC HW driver.
At ECC public and keypair allocation, if success, set the key ops fie

libs: ltc and mbedtls introduce crypto_ecc[public/keypair]_ops

Change ECC call functions name to be able to use a ECC HW driver.
At ECC public and keypair allocation, if success, set the key ops field
to call the cryptographic operations linked to the key allocator.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...