core: copy mode in cts_copy_state()

Fixes cts_copy_state() by copying the "mode" element also for the state
to be complete.

Fixes: 96098f011f7c ("core: crypto: introduce struct crypto_cipher_ops")

core: copy mode in cts_copy_state()

Fixes cts_copy_state() by copying the "mode" element also for the state
to be complete.

Fixes: 96098f011f7c ("core: crypto: introduce struct crypto_cipher_ops")
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Tony He <tony.he@armchina.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rockchip: mark parameters as __maybe_unused in platform_secure_ddr_region

The weak variant of platform_secure_ddr_region() only emits a message
that the target region won't get protected due to

plat-rockchip: mark parameters as __maybe_unused in platform_secure_ddr_region

The weak variant of platform_secure_ddr_region() only emits a message
that the target region won't get protected due to missing platform-code.

Depending on the log-level this can result in the function parameters not
getting used at all, so mark them as __maybe_unused.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: tzc380: restart search at full size

Restart the search at the biggest region size after finding a region.
This way we can use subregions for the first offset and use full regions
afterwards.

core: tzc380: restart search at full size

Restart the search at the biggest region size after finding a region.
This way we can use subregions for the first offset and use full regions
afterwards.

Fixes https://github.com/OP-TEE/optee_os/issues/4252

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Robin van der Gracht <robin@protonic.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 1

drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 12 bytes while the se050 unique
identifier is 18 bytes which is an issue as the uniqueness of the
device can be lost due to the truncation of the identifier.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix user mode context reference in pager

Fix tee_pager_gpt_save_and_release_entries() to use to_user_mode_ctx()
to get current context user memory areas instead of to_user_ta_ctx()
since the f

core: fix user mode context reference in pager

Fix tee_pager_gpt_save_and_release_entries() to use to_user_mode_ctx()
to get current context user memory areas instead of to_user_ta_ctx()
since the former supports both SP and TA contexts.

Prior this change was pager asserting with an error trace like below:
E/TC:0 0 assertion 'is_user_ta_ctx(ctx)' failed at core/arch/arm/include/kernel/user_ta.h:56 <to_user_ta_ctx>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: make 'force' macro more robust

The 'force' macro can cause unexpected errors in some cases where
the name of the configuration variable is preceded by a space:
'$(call force, CFG_FOO,foo)' in

build: make 'force' macro more robust

The 'force' macro can cause unexpected errors in some cases where
the name of the configuration variable is preceded by a space:
'$(call force, CFG_FOO,foo)' instead of '$(call force,CFG_FOO,foo)'.
For example:

$ make PLATFORM=imx-mx8mmevk CFG_STACK_{TMP,THREAD}_EXTRA=8192 \
CFG_CRYPTO_DRV_ACIPHER=y CFG_NXP_SE05X=y CFG_NXP_CAAM=y
core/drivers/crypto/se050/crypto.mk:49: *** CFG_CRYPTO_DRV_ACIPHER is set to '' (from undefined) but its value must be 'y' [Mandated by CFG_NXP_SE05X_ACIPHER_DRV]. Stop.

Fixing the callers is certainly a good thing to do (if only for
consistency) but the current behavior is difficult to troubleshoot.
Therefore, make the 'force' macro more robust by stripping any space
around the variable name.

Reported-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: se050: strip spaces from crypto.mk

Some versions of the force function used in the makefile might produce
incorrect results when spaces are included in the parameter field.

In gene

drivers: crypto: se050: strip spaces from crypto.mk

Some versions of the force function used in the makefile might produce
incorrect results when spaces are included in the parameter field.

In general is a better practice to strip spaces when invoking this
sort of functions.

To prevent issues (ie: in case of backport) make sure that the SE050
driver is not affected by that variability.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: remove non-portable use of define

Fix the build error triggered when enabling
-Werror=expansion-to-defined

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Eti

drivers: imx_i2c: remove non-portable use of define

Fix the build error triggered when enabling
-Werror=expansion-to-defined

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Initial support for Renesas RZ/G2{H,M,N,E} SoC's

This patch adds support for Renesas RZ/G2{H,M,N,E} SoC's.

* Compiled with:
| make PLATFORM=rzg # Defaults to RZ/G2M SoC

Based on the work done

Initial support for Renesas RZ/G2{H,M,N,E} SoC's

This patch adds support for Renesas RZ/G2{H,M,N,E} SoC's.

* Compiled with:
| make PLATFORM=rzg # Defaults to RZ/G2M SoC

Based on the work done from Huynh Thanh Hung for RZ/G2 internally and
similar work done for Renesas RCar-Gen3 SoC's in mainline OP-TEE OS.

Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: kernel: link.mk: Move rules to generate tee-raw.bin and tee.srec from rcar platform

Move the rules to generate tee-raw.bin and tee.srec from rcar platform to
core/arch/arm/kernel/link.mk so th

core: kernel: link.mk: Move rules to generate tee-raw.bin and tee.srec from rcar platform

Move the rules to generate tee-raw.bin and tee.srec from rcar platform to
core/arch/arm/kernel/link.mk so that similar platforms can re-use it.

Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: rename argument bp to attrs for generic attributes

Rename input argument bp/bp_count to attrs/attrs_count in several
local functions in pkcs11_attributes.c since the reference cover
any

ta: pkcs11: rename argument bp to attrs for generic attributes

Rename input argument bp/bp_count to attrs/attrs_count in several
local functions in pkcs11_attributes.c since the reference cover
any kind of attribute, not only boolean attributes (bp stood for
boolean property).

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix initial value for return code

Fix initial value for enumerated variable of type enum pkcs11_rc.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere

ta: pkcs11: fix initial value for return code

Fix initial value for enumerated variable of type enum pkcs11_rc.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix ordering in switch case

Fix ordering switch/case block of get_key_min_max_sizes().

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.car

ta: pkcs11: fix ordering in switch case

Fix ordering switch/case block of get_key_min_max_sizes().

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add missing header files

Add missing header files inclusion in few source files.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@

ta: pkcs11: add missing header files

Add missing header files inclusion in few source files.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: remove empty tee_release_ctr_operation()

Remove function tee_release_ctr_operation() that is empty since
the generic sequence already releases CTR operation extra context.

Reviewed-by:

ta: pkcs11: remove empty tee_release_ctr_operation()

Remove function tee_release_ctr_operation() that is empty since
the generic sequence already releases CTR operation extra context.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: release active process on session closure

Release the possible active processing resources when closing a session.

Fixes: 512cbf1d30dd ("ta: pkcs11: adds support for symmetric AES ciphe

ta: pkcs11: release active process on session closure

Release the possible active processing resources when closing a session.

Fixes: 512cbf1d30dd ("ta: pkcs11: adds support for symmetric AES cipher modes")
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix return code when parsing attribute templates

Fix return code that was not set in few error cases in
create_attributes_from_template().

Fixes: 63f89caa9022 ("ta: pkcs11: attribute he

ta: pkcs11: fix return code when parsing attribute templates

Fix return code that was not set in few error cases in
create_attributes_from_template().

Fixes: 63f89caa9022 ("ta: pkcs11: attribute helper functions")
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: remove unused TEE_TIME_BOOT_TICKS_HZ

The TEE_TIME_BOOT_TICKS_HZ macro is not used, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.car

core: remove unused TEE_TIME_BOOT_TICKS_HZ

The TEE_TIME_BOOT_TICKS_HZ macro is not used, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: user_ta_header.h: remove unused struct ta_func_head

struct ta_func_head is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.

libutee: user_ta_header.h: remove unused struct ta_func_head

struct ta_func_head is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: user_ta_header.h: remove unused property strings

user_ta_header.h defines a few macros with property names that are not
used anywhere and are not part of any specification. Remove them.

Si

libutee: user_ta_header.h: remove unused property strings

user_ta_header.h defines a few macros with property names that are not
used anywhere and are not part of any specification. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: user_ta_header.h: remove unused enum user_ta_core_service_id

enum user_ta_core_service_id is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne

libutee: user_ta_header.h: remove unused enum user_ta_core_service_id

enum user_ta_core_service_id is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose exis

spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose existing pl022_flush_fifo API to caller via spi_ops.

The validation is performed on bcm platform.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Reviewed-by: Victor Chong <victor.chong@linaro.org>

show more ...

ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.

ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.
The RFC 2202 and 4231 specify some HMAC test vectors where key size
is greater than the sizes as supported in current TEE implementation.
For such key sizes, greater than the maximum key size supported by TEE,
first hash the key and then use the resultant as the actual key to
HMAC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Add minimum key size checking for HMAC Mechanisms

For HMAC mechanisms for hash operations, if the size of the key object
is less than the minimum size supported by the implementation,
er

ta: pkcs11: Add minimum key size checking for HMAC Mechanisms

For HMAC mechanisms for hash operations, if the size of the key object
is less than the minimum size supported by the implementation,
error PKCS11_CKR_KEY_SIZE_RANGE should be returned. If this check
is not done before TEE_AllocateOperation(), passing a key size not
supported by TEE results in a PKCS11_CKR_MECHANISM_INVALID error,
which is ambiguous as Mehcanism is supported here and the issue is
with key size.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions

The use of CKK_GENERIC_SECRET is allowed with HMAC mechanisms.
In earlier implementation, CKK_GENERIC_SECRET was mapped to
TEE_GENERIC_

ta: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions

The use of CKK_GENERIC_SECRET is allowed with HMAC mechanisms.
In earlier implementation, CKK_GENERIC_SECRET was mapped to
TEE_GENERIC_KEY. TEE_AllocateOperation() would return an error
when TEE key of type TEE_GENERIC_KEY is used with HMAC algorithms.
So, special handling is required for such keys where the PKCS11
mechanism should be used to determine the corresponding TEE
KEY Type for CKK_GENERIC_SECRET when used with HMAC mechanisms.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...