Update CHANGELOG for 3.12.0

Update CHANGELOG for 3.12.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabrea

Update CHANGELOG for 3.12.0

Update CHANGELOG for 3.12.0 and collect Tested-by tags.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6qpsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qxpmek)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome@forissier.org> ((HiKey GP) # issue 4324)
Tested-by: Jerome Forissier <jerome@forissier.org> ((HiKey960 GP) # issue 4324)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B-NFS)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-ccimx6ulsbcpro)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-mx6qsabrelite)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (Developerbox)
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey960 AOSP P)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (Rcar H3)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (Rcar H3/virtualization)

show more ...

ta: pkcs11: Don't load objects that don't match the search during find

Don't load all persistent object attributes in find_objects_init().
Instead, temporary load object attributes and release them

ta: pkcs11: Don't load objects that don't match the search during find

Don't load all persistent object attributes in find_objects_init().
Instead, temporary load object attributes and release them if not matching
the current search.

Move object attribute loading from token_obj_matches_ref() to
load_persistent_object_attributes() and introduce counterpart
release_persistent_object_attributes().

Changes attributes_match_reference() to always return true when reference
is empty (match all case).

Remove token_obj_matches_ref() since attributes_match_reference() can be
called straight from load_persistent_object_attributes().

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

core: imx: remove security check for i.MX6DQ

Recent commit cfff3778dae0 ("core: imx: remove security check for
i.MX6SDL") fixed an issue where i.MX6SDL SoC does not expose the
security configuration

core: imx: remove security check for i.MX6DQ

Recent commit cfff3778dae0 ("core: imx: remove security check for
i.MX6SDL") fixed an issue where i.MX6SDL SoC does not expose the
security configuration in the HPSR registers correctly.

This issue also affects i.MX6DQ. Let's add a check for this SoC
family in the same place.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

show more ...

ta: link.mk: export trace_ext_prefix and trace_level

Global data defined in user_ta_header.c need to be made visible to
shared libraries because they may be referenced by them. For example,
trace_le

ta: link.mk: export trace_ext_prefix and trace_level

Global data defined in user_ta_header.c need to be made visible to
shared libraries because they may be referenced by them. For example,
trace_level is ultimately referenced by the trace macros (IMSG() and
similar). Therefore, when IMSG() is called in a shared library, the
dynamic loader (ldelf) needs to locate the trace_level symbol in the
TA. But since a TA is a "main executable" and not a shared library,
the linker by default will not add all global symbols to the dynamic
symbol table (.dynsym section). Instead those symbols are put in the
static symbol table (.symtab) which is typically not used at run time
and discarded when executables are stripped. In any case, ldelf only
uses the dynamic symbol table.

Add trace_ext_prefix and trace_level to the list of exported symbols to
fix the IMSG() issue.

Link: https://github.com/OP-TEE/optee_client/issues/242#issuecomment-755378055
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: imx_wdog: search node by compatible

Instead of searching the node by hard-coded paths, search the node by
the compatible, which should be more robust against upstream device tree
changes. Up

driver: imx_wdog: search node by compatible

Instead of searching the node by hard-coded paths, search the node by
the compatible, which should be more robust against upstream device tree
changes. Upstream recently changed the naming of "aips-bus" to "bus",
breaking the OP-TEE i.MX Watchdog driver in the process, since the path
can no longer be found within the tree.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Ricardo Salveti <ricardo@foundries.io> (imx6ull evk, imx6q apalis-imx6, imx8mm evk, imx8mq evk)
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

drivers: imx_wdog: default initialize variables

Set all function variables to sensible defaults.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

core: fix bad memset() in update_write_helper()

update_write_helper() is clearing uninitialized parts of blk_buf.
There's an error in the logic calculating how much should be cleared
resulting in a

core: fix bad memset() in update_write_helper()

update_write_helper() is clearing uninitialized parts of blk_buf.
There's an error in the logic calculating how much should be cleared
resulting in a negative size being supplied to memset(). Fix this by
always clearing blk_buf before usage.

Fixes: cd799689cd3d ("core: rpmb: fix initialization of new rpmb data")
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey)
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Deal with the private objects in C_Logout

The logic to deal with the private objects was missing in the
C_Logout() implementation.
PKCS#11 specification states that :
When C_Logout succe

ta: pkcs11: Deal with the private objects in C_Logout

The logic to deal with the private objects was missing in the
C_Logout() implementation.
PKCS#11 specification states that :
When C_Logout successfully executes, any of the application’s
handles to private objects should become invalid (even if a user
is later logged back into the token, those handles remain invalid).
In addition, all private session objects from sessions belonging
to the application should also be destroyed.

In addition, also release any ongoing cryptographic or
object-finding operations that may be associated with the session
while logging out.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Reduce the minimum pin length required

SoftHSM Unit test suite passes a 4 byte pin while
initializing pin. Since current implementation
restricts the minimum pin length to 10, C_InitPin(

ta: pkcs11: Reduce the minimum pin length required

SoftHSM Unit test suite passes a 4 byte pin while
initializing pin. Since current implementation
restricts the minimum pin length to 10, C_InitPin()
fails resulting in the testcases to be aborted.
Reduce the minimum pin length requirement inorder to
run the SoftHSM test suite.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Access check for private objects

Private objects of a session/token are accessible only
in a R/O or R/W user session i.e if a user is logged in.
R/O or R/W public session or a R/W SO ses

ta: pkcs11: Access check for private objects

Private objects of a session/token are accessible only
in a R/O or R/W user session i.e if a user is logged in.
R/O or R/W public session or a R/W SO session cannot
access these private objects. Check for SO session
was missing in the logic when checking for access of
private objects. This has now been added.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix file handle leakage in syscall_storage_next_enum()

Prior to this patch was syscall_storage_next_enum() opening a file
handle with tee_svc_storage_read_head() but never freeing the handle.

core: fix file handle leakage in syscall_storage_next_enum()

Prior to this patch was syscall_storage_next_enum() opening a file
handle with tee_svc_storage_read_head() but never freeing the handle.
Fix this by closing the file handle as part of cleaning up before
returning.

Fixes: 928efd065222 ("core: syscall_storage_next_enum() use live pobj")
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carri

ta: pkcs11: Add support for getting object size and attribute value

Implement commands
- PKCS11_CMD_GET_OBJECT_SIZE
- PKCS11_CMD_GET_ATTRIBUTE_VALUE

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: Add support for finding objects

Implement commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL

Co-developed-by: Etienne Carriere <etienne.ca

ta: pkcs11: Add support for finding objects

Implement commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: define TA commands for finding objects

Adds commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL
in enum pkcs11_ta_cmd.

Co-developed-by: Eti

ta: pkcs11: define TA commands for finding objects

Adds commands
- PKCS11_CMD_FIND_OBJECTS_INIT
- PKCS11_CMD_FIND_OBJECTS
- PKCS11_CMD_FIND_OBJECTS_FINAL
in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Co-developed-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Gabor Szekely <szvgabor@gmail.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: fix processing of DT_FINI_ARRAY

The code that is supposed to invoke the finalization functions in the
DT_FINI_ARRAY of a TA is broken. It mixes DT_INIT_ARRAY with
DT_FINI_ARRAYSZ. As a result, t

ta: fix processing of DT_FINI_ARRAY

The code that is supposed to invoke the finalization functions in the
DT_FINI_ARRAY of a TA is broken. It mixes DT_INIT_ARRAY with
DT_FINI_ARRAYSZ. As a result, the finalization functions are never
called and the TA may even crash on exit.

Fix the issue by replacing the erroneous DT_INIT_ARRAY with
DT_FINI_ARRAY.

Fixes: dd655cb9906c ("ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY")
Reported-by: JY Ho <JY.Ho@mediatek.com>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_g

ftrace: fix regression causing panic in ftrace_update_times()

Commit 00b3b9a25e76 ("core: add generic struct ts_session") has
introduced a regression in the ftrace code by introducing a call to
ts_get_current_session() in ftrace_update_times() in replacement of
tee_ta_get_current_session(). At this point it can happen that no
current session exists, in which case the function should simply return.
Unfortunately ts_get_current_session() will call panic() is such a
situation. The proper function is ts_get_current_session_may_fail().

Fixes: 00b3b9a25e76 ("core: add generic struct ts_session")
Fixes: https://github.com/OP-TEE/optee_os/issues/4313
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: rpmb: fix initialization of new rpmb data

Add memset() calls to ensure added object is extended with byte value 0
as specified in GPD TEE specification.

Fixes: 64c6d2917d12 ("core: rpmb fs us

core: rpmb: fix initialization of new rpmb data

Add memset() calls to ensure added object is extended with byte value 0
as specified in GPD TEE specification.

Fixes: 64c6d2917d12 ("core: rpmb fs uses mempool for temporary transfer buffers")
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Remove persistent objects on token re-initialization

When re-initializing a token the previously created objects need
to be removed.

Signed-off-by: Robin van der Gracht <robin@protonic.

ta: pkcs11: Remove persistent objects on token re-initialization

When re-initializing a token the previously created objects need
to be removed.

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add TEE Identity based authentication support

In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.

Once activated:

- When ever

ta: pkcs11: Add TEE Identity based authentication support

In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.

Once activated:

- When ever PIN is required client's TEE Identity will be used for
authentication
- PIN failure counters are disabled
- If new PIN is given as input it is in form of PIN ACL string
- It can be disabled with C_InitToken with non-zero PIN

Internally protected authentication path will be used for mode
determination.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: set_pin: use token shortcut like in other pin functions

Use common shortcut variable 'token' as in check_so_pin and check_user_pin.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Re

ta: pkcs11: set_pin: use token shortcut like in other pin functions

Use common shortcut variable 'token' as in check_so_pin and check_user_pin.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

ta: pkcs11: entry_ck_token_initialize: reset SO flags on init

If successful token init has been performed and new PIN is set then reset
all pin change flags.

Call update_persistent_db() only once a

ta: pkcs11: entry_ck_token_initialize: reset SO flags on init

If successful token init has been performed and new PIN is set then reset
all pin change flags.

Call update_persistent_db() only once as a last step during the execution.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>

show more ...

pkcs11: persistent_token: Don't read token object UUIDs if we have none

Do not call TEE_ReadObjectData() when there is no object data to read
because the function panics when reading 0 bytes.

Revie

pkcs11: persistent_token: Don't read token object UUIDs if we have none

Do not call TEE_ReadObjectData() when there is no object data to read
because the function panics when reading 0 bytes.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Robin van der Gracht <robin@protonic.nl>

show more ...

ta: pkcs11: Change sizeof argument for consistency

The bytes subtracted here were added a few lines ago. Since *db_objs
was used there we should also do this here for readability.

Reviewed-by: Etie

ta: pkcs11: Change sizeof argument for consistency

The bytes subtracted here were added a few lines ago. Since *db_objs
was used there we should also do this here for readability.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Robin van der Gracht <robin@protonic.nl>

show more ...

core: tee_rpmb_fs: Return error when block decryption fails

When decrypt_block fails (although unlikely) it shouldn't be silently
ignored. In such case the data in the buffer pointed to by *out is
u

core: tee_rpmb_fs: Return error when block decryption fails

When decrypt_block fails (although unlikely) it shouldn't be silently
ignored. In such case the data in the buffer pointed to by *out is
unmodified or bogus while the return code is TEE_SUCCESS.

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: remove temporary external DT mapping

During boot the external DT is mapped while processing the DT. Once
OP-TEE is done with the DT it should be unmapped to avoid stale mappings
that might cau

core: remove temporary external DT mapping

During boot the external DT is mapped while processing the DT. Once
OP-TEE is done with the DT it should be unmapped to avoid stale mappings
that might cause problems later. Fix this by calling
core_mmu_rem_mapping() from release_external_dt() just before jumping to
normal world.

Fixes: https://github.com/OP-TEE/optee_os/issues/4278
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...