core: libmbedtls: crypto_acipher_free_rsa_keypair(): add missing free for s->dq

The crypto_acipher_free_rsa_keypair() function lacks a call to
crypto_bignum_free() for the dq member of the key. Add

core: libmbedtls: crypto_acipher_free_rsa_keypair(): add missing free for s->dq

The crypto_acipher_free_rsa_keypair() function lacks a call to
crypto_bignum_free() for the dq member of the key. Add it.

Fixes: a1d5c81f8834 ("crypto: add function to free rsa keypair")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: use crypto_acipher_free_rsa_keypair() instead of open-coding

There is a function to free an RSA keypair, use it instead of
duplicating the code.

Signed-off-by: Jerome Forissier <jerome@f

core: ltc: use crypto_acipher_free_rsa_keypair() instead of open-coding

There is a function to free an RSA keypair, use it instead of
duplicating the code.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: crypto_acipher_free_rsa_keypair(): add missing free for s->dq

The crypto_acipher_free_rsa_keypair() function lacks a call to
crypto_bignum_free() for the dq member of the key. Add it.

Fi

core: ltc: crypto_acipher_free_rsa_keypair(): add missing free for s->dq

The crypto_acipher_free_rsa_keypair() function lacks a call to
crypto_bignum_free() for the dq member of the key. Add it.

Fixes: a1d5c81f8834 ("crypto: add function to free rsa keypair")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

hikey: increase CFG_CORE_HEAP_SIZE from 64 to 72 KB

HiKey 620 uses the default core heap size which is 64 KB. This seems to
be a bit small now and the likely reason of some IBART failures [1]:

283

hikey: increase CFG_CORE_HEAP_SIZE from 64 to 72 KB

HiKey 620 uses the default core heap size which is 64 KB. This seems to
be a bit small now and the likely reason of some IBART failures [1]:

2833: regression_6018.2 OK
2834: o regression_6018.3 Storage id: 80000100
[...]
2846: E/TC:? 0 TA panicked with code 0xffff000c

Increase the size to 72 KB.

Link: [1] https://optee.mooo.com:5000/logs/OP-TEE/build/441/518642707/65112f06d1ffdd93762acdd1d8a8a06e9bebdd1d
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_

core: move non TA specific fields from user_ta_ctx

Moves fields from user_ta_ctx to user_mode_ctx, which are not specific
to user TAs. This is needed to prepare for handling Secure Partitions,
user_mode_ctx will be the common ground for the fields used by both TAs
and SPs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: extract ldelf related code from user_ta.c

Moves ldelf functionality from user_ta.c to a separate file.
This is the first step for decoupling ldelf from user TAs.

Reviewed-by: Jens Wiklander <

core: extract ldelf related code from user_ta.c

Moves ldelf functionality from user_ta.c to a separate file.
This is the first step for decoupling ldelf from user TAs.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: pass user_mode_ctx to thread_user_clear_vfp()

Changes the parameter type of thread_user_clear_vfp() to struct
user_mode_ctx. This makes using the function more convenient, now it
doesn't have

core: pass user_mode_ctx to thread_user_clear_vfp()

Changes the parameter type of thread_user_clear_vfp() to struct
user_mode_ctx. This makes using the function more convenient, now it
doesn't have to be surrounded with conditional directives on each use.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

drivers: imx_i2c: move utility macros

Move I2C utility macros (driver specific) from SoC specific register
definition files to the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Re

drivers: imx_i2c: move utility macros

Move I2C utility macros (driver specific) from SoC specific register
definition files to the driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: get base addresses from device tree

Enable device tree support.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by

drivers: imx_i2c: get base addresses from device tree

Enable device tree support.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: enable the driver when not all three buses are ready

Allow the driver to operate even though not all three buses might have
been configured.

Signed-off-by: Jorge Ramirez-Ortiz <jo

drivers: imx_i2c: enable the driver when not all three buses are ready

Allow the driver to operate even though not all three buses might have
been configured.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: add support for imx6ull

Support native I2C access on imx6ull (this SoC has an additional
register - compared to the imx8mm - to configure the daisy chain in
the iomuxc).

A patch [

drivers: imx_i2c: add support for imx6ull

Support native I2C access on imx6ull (this SoC has an additional
register - compared to the imx8mm - to configure the daisy chain in
the iomuxc).

A patch [1] has been sent to U-boot to address their current release
as of Oct 23, 2020 - where the peripheral clock is still set to 66MHz
instead of 24MHz.

Tested on imx6ull-evk 14x14 with the bus at 400Kbps.
[1] https://lists.denx.de/pipermail/u-boot/2020-October/430482.html

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: imx_i2c: prepare for imx6ull support

Improve code readability before adding support for more platforms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <

drivers: imx_i2c: prepare for imx6ull support

Improve code readability before adding support for more platforms.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ta: pkcs11: fix error handling when reading ALLOWED_MECHANISMS list

If parent_key_complies_allowed_processings() cannot return a clear
status on the mechanism IDs allowed by a key object, then somet

ta: pkcs11: fix error handling when reading ALLOWED_MECHANISMS list

If parent_key_complies_allowed_processings() cannot return a clear
status on the mechanism IDs allowed by a key object, then something
is broken. This cannot happen hence panic.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: sks: stringify error core KEY_SIZE_RANGE

Add string converter for PKCS11_CKR_KEY_SIZE_RANGE that can be returned
by check_created_attrs().

Actually check_created_attrs() is currently never call

ta: sks: stringify error core KEY_SIZE_RANGE

Add string converter for PKCS11_CKR_KEY_SIZE_RANGE that can be returned
by check_created_attrs().

Actually check_created_attrs() is currently never called. It is however
intended to key/object wrapping, derivation and generation.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: CKA_SIGN and CKA_VERIFY default to empty

Change CKA_SIGN and CKA_VERIFY attributes default value to false
as other keys cryptography processing support boolean attributes.
No reason only

ta: pkcs11: CKA_SIGN and CKA_VERIFY default to empty

Change CKA_SIGN and CKA_VERIFY attributes default value to false
as other keys cryptography processing support boolean attributes.
No reason only sign and verify support default to true.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: fix for spec WRAP_WITH_TRUSTED/ALWAYS_AUTHENTICATE defaults

Set PKCS11_CKA_WRAP_WITH_TRUSTED and PKCS11_CKA_ALWAYS_AUTHENTICATE
default values in the static values list of the specificat

ta: pkcs11: fix for spec WRAP_WITH_TRUSTED/ALWAYS_AUTHENTICATE defaults

Set PKCS11_CKA_WRAP_WITH_TRUSTED and PKCS11_CKA_ALWAYS_AUTHENTICATE
default values in the static values list of the specification.
No functional change.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: Handle optional attributes without default values

In the current implementation all optional attributes of an object
if not specified in the template while creating object, are assigned

ta: pkcs11: Handle optional attributes without default values

In the current implementation all optional attributes of an object
if not specified in the template while creating object, are assigned
empty value by default. This works fine for the attributes where
specification mentions that default value is empty or the
attribute is modifiable later.

However for attributes like CKA_ALLOWED_MECHANISM, adding an empty
default value results in a failure later in crypto operations when
attribute of the object are checked against the mechanism.

To avoid such errors, the optional attributes array are split in 2 parts,
one with the default empty value and ones which don't require a
default value. All attributes in the specification which either should
have default empty value or are allowed to be modified later by call to
C_SetAttributes() or C_CopyObjects() would fall in the former category
and be initialized with empty/NULL value.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>

show more ...

core: add secure partitions store

SPs need to be started as part of the initialisation process of the
OP-TEE kernel. The secure partition store uses the embedded_ts store to
load SPs

Signed-off-by:

core: add secure partitions store

SPs need to be started as part of the initialisation process of the
OP-TEE kernel. The secure partition store uses the embedded_ts store to
load SPs

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: move early_ta implementation to embedded_ts

Ealy_ta's are similar to embedded SPs. Move all shared logic to the
embedded_ts.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens W

core: move early_ta implementation to embedded_ts

Ealy_ta's are similar to embedded SPs. Move all shared logic to the
embedded_ts.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: create embedded_ts

Create an embedded ts struct which will encapsulate both early_ta's
and embedded SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wikla

core: create embedded_ts

Create an embedded ts struct which will encapsulate both early_ta's
and embedded SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that th

core: rename ta_store to ts_store

Rename the ta_store to the ts_store. We will need the stores to load
SPs (secure partitions). By renaming ta_store to ts_store
(trusted service) we indicate that the stores are not only used by the
TAs but that they can also be used by SPs.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: rename secure_partition to stmm_sp

The current secure partition code is used for the stmm SP. Rename it so
we can start integrating the FF-A secure partitions.

Backwards compatibility is main

core: rename secure_partition to stmm_sp

The current secure partition code is used for the stmm SP. Rename it so
we can start integrating the FF-A secure partitions.

Backwards compatibility is maintained when CFG_STMM_PATH is used to
enable support for STMM. The internal configuration flag
CFG_WITH_SECURE_PARTITION is renamed to CFG_WITH_STMM_SP.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

show more ...

checkpatch: add --kconfig-prefix=CFG_

A few days before v5.9-rc1, the checkpatch.pl script was modified in
the Linux kernel tree [1]. This caused spurious warnings in the OP-TEE
CI such as [2]:

WA

checkpatch: add --kconfig-prefix=CFG_

A few days before v5.9-rc1, the checkpatch.pl script was modified in
the Linux kernel tree [1]. This caused spurious warnings in the OP-TEE
CI such as [2]:

WARNING: IS_ENABLED(CFG_VIRTUALIZATION) is normally used as IS_ENABLED(CONFIG_CFG_VIRTUALIZATION)

Fortunately, checkpatch now has an option to control the prefix used for
configuration variables [3]. Add this option to .checkpatch.conf.

Link: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=50161266973bcc662e969e63d68fc7bff71de21b
Link: [2] https://travis-ci.org/github/OP-TEE/optee_os/builds/717905104
Link: [3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e89ad8506f39c4739a6c9ca1e1552f506f000c9
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these fi

core: replace tee_mmu prefix with vm

Replaces the tee_mmu prefix with vm. tee_mmu.h is renamed to vm.h and
core/arch/arm/mm/tee_mmu.c is moved to core/mm/vm.c. Public functions
belonging to these files are renamed with a vm prefix.

Introduces: vm_map_param(), vm_clean_param(),
vm_buf_is_inside_private(), vm_buf_intersects_private(),
vm_buf_to_mboj_offs(), vm_buf_is_inside_um_private(),
vm_buf_intersects_um_private(), vm_add_rwmem(), vm_rem_rwmem(),
vm_va2pa(), vm_pa2va(), vm_check_access_rights(), vm_set_ctx() replacing
their tee_mmu_*() counterpart.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to core_mmu_init_ta_ram()

Renames teecore_init_ta_ram() to core_mmu_init_ta_ram() and moves it
to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier

core: rename to core_mmu_init_ta_ram()

Renames teecore_init_ta_ram() to core_mmu_init_ta_ram() and moves it
to core_mmu.c.

Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...