core: libmbedtls: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <j

core: libmbedtls: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <

core: libtomcrypt: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jer

drivers: se050: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <je

drivers: crypto: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jero

drivers: caam: drop useless & before function names

There is no need to use & on a function name to obtain the function
address. Drop the useless & characters.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugi

libutee: add a new API to interact with plugins from TA

This patch adds a new API to libutee to interact
with tee-supplicant plugins from TEE userspace.

Every user TA can use 'tee_invoke_supp_plugin()' to send any commands
to a plugin. The commands are predefined by the plugin developer.

See the https://github.com/linaro-swg/optee_examples
repo for an example of using plugins.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup proces

core: add a new RPC as an interface to tee-supplicant plugins

Any external TEE services can be designed as a tee-supplicant plugin.
The plugins will be loaded by the supplicant during startup process
using libdl.
It makes it easy to:
- add new features in the supplicant that aren't needed in upstream,
e.g. Rich OS specific services;
- sync upstream version with own fork;

This patch adds a new RPC - 'OPTEE_RPC_CMD_SUPP_PLUGIN' as an unified
interface between OP-TEE and any plugins. Kernel code can use it
to call for execution of some command in plugins.

Every plugin has own name based on UUID.
OP-TEE has access to plugins by it.

See definition of protocol for the plugin RPC command
in 'core/include/optee_rpc_cmd.h' file.

Signed-off-by: Aleksandr Anisimov <a.anisimov@omprussia.ru>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix shared memory buffer rpc allocation

When dynamic shared memory has been configured, contiguous shared
memory regions outside reserved SHM need to be included in the
allocation pool.

To ke

core: fix shared memory buffer rpc allocation

When dynamic shared memory has been configured, contiguous shared
memory regions outside reserved SHM need to be included in the
allocation pool.

To keep the implementation simple, we will restrict the size of these
allocations to a single page; we can then leverage the mechanism used
for the allocation of arguments.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libmbedtls: core: fix copy of AES context

The mbedtls_aes_context type cannot generally be copied with a simple
assignment (dst = src) because it contains a pointer field ('rk') which
needs to point

libmbedtls: core: fix copy of AES context

The mbedtls_aes_context type cannot generally be copied with a simple
assignment (dst = src) because it contains a pointer field ('rk') which
needs to point to the 'buf' field. The current code is incorrect and
causes errors in xtest 4003 on all platforms that do not have
CFG_CRYPTO_WITH_CE=y. When CE is enabled, a different structure
mbedtls_aes_context from aes_alt.h is used and the copy is correct.

Introduce a helper function: mbed_copy_mbedtls_aes_context() to perform
the copy operation and use it when copying AES ECB, CBC and CTR
contexts.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: core: rename mbd_rand.h to mbed_helpers.h

mbd_rand.h contains only one helper function: mbd_rand(). Give it a more
generic name so that other functions may be added in subsequent commits

libmbedtls: core: rename mbd_rand.h to mbed_helpers.h

mbd_rand.h contains only one helper function: mbd_rand(). Give it a more
generic name so that other functions may be added in subsequent commits.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

link: make section size definitions relocation-proof

Value of define VCORE_UNPG_RW_SZ is determined by linker script and
provided to C code as a symbol value (__vcore_unpg_rw_size). This is a
standa

link: make section size definitions relocation-proof

Value of define VCORE_UNPG_RW_SZ is determined by linker script and
provided to C code as a symbol value (__vcore_unpg_rw_size). This is a
standard way of sharing linker variables with C code, which is described in
ld manual.

Problem is that linker sometimes makes those symbols relocatable and ASLR
code then moves them to random places with rest of the OP-TEE image.

For example, on build for RCAR platform I am getting those entries in
relocation section:

[...]
000000004415b120 R_AARCH64_RELATIVE *ABS*+0x0000000044100180
000000004415af60 R_AARCH64_RELATIVE *ABS*+0x000000004415fc48
000000004415afb0 R_AARCH64_RELATIVE *ABS*+0x00000000000a4000 <======
000000004415aef8 R_AARCH64_RELATIVE *ABS*+0x000000004415c000
[...]

From programmer's point of view this looks like "constant" VCORE_UNPG_RW_SZ
has random value every boot.

Obvious approach is to provide section end address and then calculate size
on C side:

#define VCORE_UNPG_RW_SZ ((size_t)(__vcore_unpg_rx_end -
__vcore_unpg_rx_start))

But with this approach compiler can't initialize constant values in
definitions like

register_phys_mem_ul(MEM_AREA_TEE_RAM_RW, VCORE_UNPG_RW_PA,
VCORE_UNPG_RW_SZ);

from core_mmu.c.

Basically, this leads to following constraints:

1. If we calculate section size in linker script, then compiler can use
it as a constant expression, but this value may be mangled by ASLR
at run-time.

2. We can't calculate section size in C code, because this value can't be
used as a constant expression.

This patch provides a workaround around this issue by providing two sets of
definitions: old _SZ definition is renamed to _SZ_UNSAFE and it should be
used only in places where a constant expression is required and provided it
is referenced only before dynamic relocations have been applied, while the
new _SZ definition can be used in all other situations.

Value of _new SZ is obtained by deducting section start address from end
address. Additional linker symbols are introduced to provide section end
addresses.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: avb: copy data to temporary buffers

Use intermediate temporary buffers instead of directly supplying
non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject().
This fixes TA panics

ta: avb: copy data to temporary buffers

Use intermediate temporary buffers instead of directly supplying
non-secure buffers to TEE_ReadObjectData()/TEE_CreatePersistentObject().
This fixes TA panics while accessing persistent objects:

E/TC:? 0 TA panicked with code 0xffff0001
E/LD: Status of TA 023f8f1a-292a-432b-8fc4-de8471358067
...
D/TC:? 0 user_ta_enter:176 tee_user_ta_enter: TA panicked with
code 0xffff0001

Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list

When traversing object list to remove objects, use LIST_FOREACH_SAFE
to avoid segmentation fault.

Signed-off-by: Ruchika Gupta <ruch

ta/pkcs11: Use LIST_FOREACH_SAFE when removing objects from list

When traversing object list to remove objects, use LIST_FOREACH_SAFE
to avoid segmentation fault.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM

Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by:

ta: pkcs11: add debug string for PKCS11_CKA_KEY_GEN_MECHANISM

Add missing attribute debug string for PKCS11_CKA_KEY_GEN_MECHANISM.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so de

ta: pkcs11: Fix serialization handling for non-indirect attributes

Both sides of serialization and de-serialization must match the logic.

Only TEMPLATE based arguments has indirect attributes so detect them and
handle them specifically.

Otherwise use standard attribute handling code for other attributes.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: get_attribute: fix return value when querying value size

When C_GetAttributeValue() is issued with attribute with pValue == NULL:
- Size of the attribute value should be returned
- Retur

ta: pkcs11: get_attribute: fix return value when querying value size

When C_GetAttributeValue() is issued with attribute with pValue == NULL:
- Size of the attribute value should be returned
- Return value should be CKR_OK

If pValue != NULL and value does not fit then CKR_BUFFER_TOO_SMALL should
be returned.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: get_attribute: fix returning values into larger buffer

It is completely fine for callee to allocate more memory than what is
needed.

Now attributes value is wholly copied and copied dat

ta: pkcs11: get_attribute: fix returning values into larger buffer

It is completely fine for callee to allocate more memory than what is
needed.

Now attributes value is wholly copied and copied data amount is returned.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: fix get attribute data alignment problem

In OP-TEE there is no behind the scenes handler that would fix data
alignment problems.

Use aligned variables when accessing struct variables.

ta: pkcs11: fix get attribute data alignment problem

In OP-TEE there is no behind the scenes handler that would fix data
alignment problems.

Use aligned variables when accessing struct variables.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

libutils: sys/queue.h: add LIST_FOREACH_SAFE()

Import macro LIST_FOREACH_SAFE from FreeBSD.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@peng

libutils: sys/queue.h: add LIST_FOREACH_SAFE()

Import macro LIST_FOREACH_SAFE from FreeBSD.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

lib: libutils: ext/isoc: sub.mk: make sources path platform generic

The path to platform specific code is hard-coded. This commit
changes it to use defined variable. This is helpful in case
of porti

lib: libutils: ext/isoc: sub.mk: make sources path platform generic

The path to platform specific code is hard-coded. This commit
changes it to use defined variable. This is helpful in case
of porting OP-TEE OS to a new architecture such we make
maximum reuse of existing sources.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

Install in-tree TAs into $(TA_DEV_KIT_DIR)/ta

In order for a build environment to easily pick all the in-tree TAs, and
not depend too much on the layout of the out directory, copy them into
the "dev

Install in-tree TAs into $(TA_DEV_KIT_DIR)/ta

In order for a build environment to easily pick all the in-tree TAs, and
not depend too much on the layout of the out directory, copy them into
the "dev kit" directory similar to what is already done for TA shared
libraries when CFG_ULIBS_SHARED=y. Libraries are copied to
$(TA_DEV_KIT_DIR)/lib/*.ta so let's use $(TA_DEV_KIT_DIR)/ta/*.ta
for the in-tree TAs.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: link.mk: add dependency of the .ta file on the signing script

The signing script is used to generate the .ta file from the .elf input.
Therefore this dependency needs to be declared. Fixes the f

ta: link.mk: add dependency of the .ta file on the signing script

The signing script is used to generate the .ta file from the .elf input.
Therefore this dependency needs to be declared. Fixes the following
issue:

$ make -s out/arm-plat-vexpress/ta/pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta
python3: can't open file 'out/arm-plat-vexpress/export-ta_arm32/scripts/sign_encrypt.py': [Errno 2] No such file or directory
make: *** [ta/arch/arm/link.mk:114: out/arm-plat-vexpress/ta/pkcs11/fd02c9da-306c-48c7-a49c-bbd827ae86ee.ta] Error 2

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: drop SDP PTA

Drop SDP PTA as it is not used anywhere and looks like isn't
maintained. When is CFG_SDP_PTA=y the build fails with
compile errors:

error: implicit declaration of function ‘

core: pta: drop SDP PTA

Drop SDP PTA as it is not used anywhere and looks like isn't
maintained. When is CFG_SDP_PTA=y the build fails with
compile errors:

error: implicit declaration of function ‘tee_ta_get_calling_session’;
did you mean ‘ts_get_calling_session’?
[-Werror=implicit-function-declaration]
...
error: ‘struct tee_ta_session’ has no member named ‘ctx’

Signed-off-by: Igor Opaniuk <igor.opaniuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: split boot_init_primary()

Splits boot_init_primary() into boot_init_primary_early() and
boot_init_primary_late(). The thread#0 stack pointer is assigned as
stack pointer before boot_init_prima

core: split boot_init_primary()

Splits boot_init_primary() into boot_init_primary_early() and
boot_init_primary_late(). The thread#0 stack pointer is assigned as
stack pointer before boot_init_primary_late() is called. This allows
functions registered to be called by call_finalcalls() to depend on the
full thread stack being available.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etie

core: optee_rpc_cmd.h: shorten some I2C defines

Make the I2C defines consistent with the rest of the defines in
optee_rpc_cmd.h.

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...