ta: pkcs11: helper function to serialize object attribute

Helper function to add attributes in serial list of object
attributes in PKCS11 TA.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Rev

ta: pkcs11: helper function to serialize object attribute

Helper function to add attributes in serial list of object
attributes in PKCS11 TA.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
[jw: change return types to enum pkcs11_rc]
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add id-to-string conversion for new TA commands

Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.

Reviewed-by: R

ta: pkcs11: add id-to-string conversion for new TA commands

Add missing user authentication commands id-to-string conversion.
Add new import/destroy commands id-to-string conversion.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: define TA commands for object creation/destruction

Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.

Reviewed-by: Ricardo Salveti <ricardo@found

ta: pkcs11: define TA commands for object creation/destruction

Add commands PKCS11_CMD_IMPORT_OBJECT and PKCS11_CMD_DESTROY_OBJECT
in enum pkcs11_ta_cmd.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add vendor mechanism used for object import

Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Rev

ta: pkcs11: add vendor mechanism used for object import

Add PKCS11_PROCESSING_IMPORT and PKCS11_CKM_UNDEFINED_ID in
enum pkcs11_mechanism_id.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add attributes/class/key type IDs in TA API

Add attributes/class/key type IDs in TA API.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski

ta: pkcs11: add attributes/class/key type IDs in TA API

Add attributes/class/key type IDs in TA API.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

ta: pkcs11: add object attribute ABI in TA header file

Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.

Reviewed-by: Ricardo Salveti <ricardo

ta: pkcs11: add object attribute ABI in TA header file

Define the ABI used to exchange attributes and lists of attributes
between the PKCS11 TA and its client.

Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't f

core: fix tee_fs_rpc_readdir() parameter direction

The type of params[1] is changed to OUT to match the expected params in
tee-supplicant's tee_fs_rpc_readdir, so calls to tee_fs_rpc_readdir
won't fail with TEE_ERROR_BAD_PARAMETERS.

Signed-off-by: Roland Nagy <rnagy@xmimx.tk>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

github: fix error in workflow file

GitHub reports [1]:

The workflow is not valid.
.github/workflows/stales.yml (Line: 2, Col: 1): Unexpected value
'description'

This commit removes the descript

github: fix error in workflow file

GitHub reports [1]:

The workflow is not valid.
.github/workflows/stales.yml (Line: 2, Col: 1): Unexpected value
'description'

This commit removes the description: line to fix the issue and moves
additional text to the name: line.

Link: [1] https://github.com/OP-TEE/optee_os/actions/runs/156017617
Fixes: 50bbda3dd3b2 ("github: add a new actions/workflow file")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

github: add a new actions/workflow file

Instead of having two different workflow files, let's combine them into
a single file instead. This also updates the actions from v1.0 to
v3.0.7. This new wor

github: add a new actions/workflow file

Instead of having two different workflow files, let's combine them into
a single file instead. This also updates the actions from v1.0 to
v3.0.7. This new workflow file also makes use of the 'exempt' feature
meaning that we can exclude issues and pull requests from being
automatically closed if they have a certain label. Here we have chosen
the labels "bug" and "enhancement".

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

lib.mk: clang: link shared libraries with -z separate-loadable-segments

The same Clang 10 fix in commit 4d35ab6a0cef ("TA dev kit: clang: link
shared libraries with -z separate-loadable-segments") i

lib.mk: clang: link shared libraries with -z separate-loadable-segments

The same Clang 10 fix in commit 4d35ab6a0cef ("TA dev kit: clang: link
shared libraries with -z separate-loadable-segments") is needed for
locally built user space libraries when CFG_ULIBS_SHARED=y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add .gitattributes

This patch adds a .gitattributes file to specify files that should
never end up in a distribution tarball.

Signed-off-by: Hu Keping <hukeping@huawei.com>
Acked-by: Etienne Carrie

Add .gitattributes

This patch adds a .gitattributes file to specify files that should
never end up in a distribution tarball.

Signed-off-by: Hu Keping <hukeping@huawei.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jen

core: pager: refactored to fix NULL dereferencing

assert not NULL before dereferencing in tee_pager_add_core_area().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on

core: refactoring to avoid possible NULL_PTR arithmetics

Issue detected by Cppcheck in internal_aes_gcm_ghash_update().
Issue mitigated by adding an argument check that prevents
passing a pointer on that is calculated with NULL as base.

Also fixed a cast in the same code lines to keep constness.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

core: rsa: Avoid NULL dereferencing in RSA trace messages

Show 0 size for NULL message/cipher length.

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carr

core: mm: fix MMU memory leak

Fix memory leak in split_vm_region().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

core: fix TA REE backed secure storage memory leak

Fix memory leak in ree_fs_ta_open().

Signed-off-by: Sander Visser <github@visser.se>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

checkpatch: limit maximum line length to 80

The Linux kernel has recently increased maximum line length to 100, but
still recommends to stay under 80. So make sure the checkpatch still warn
when exc

checkpatch: limit maximum line length to 80

The Linux kernel has recently increased maximum line length to 100, but
still recommends to stay under 80. So make sure the checkpatch still warn
when exceeding 80.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by:

plat-stm32mp1: remove duplicate config

There are two lines of "CFG_STM32_RNG ?= y" in plat-stm32mp1/conf.mk.
Remove a duplicate one.

Signed-off-by: Che-Chia Chang <vivahavey@gmail.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwi

imx: add support for ccbv2

The Webasto common communication board version 2 (ccbv2) is a mx6ul
based custom board with 256MB of RAM and the communication done on
UART7.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

libutee: add leading underscore to base64 functions

Add a leading underscore to global functions: base64_dec(),
base64_enc(), base64_enc_len() to avoid the risk of conflicts with user
programs.

Sig

libutee: add leading underscore to base64 functions

Add a leading underscore to global functions: base64_dec(),
base64_enc(), base64_enc_len() to avoid the risk of conflicts with user
programs.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: remove unnecessary parentheses

checkpatch warns about unnecessary parentheses, remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@

libutee: remove unnecessary parentheses

checkpatch warns about unnecessary parentheses, remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
und

libutee, ldelf: add leading underscore to syscall wrappers

libutee defines assembler wrapper functions for each OP-TEE system call.
These wrappers have a utee_ prefix. This commit adds a leading
underscore so that the names cannot clash with user-defined symbols.
Doing so is common practice for "system" libraries, as defined by the C
standard in a set of requirements that can be summarized as follows
(excerpt from the GNU libc documentation [1]):

[R]eserved names include all external identifiers (global functions
and variables) that begin with an underscore (‘_’) and all identifiers
regardless of use that begin with either two underscores or an
underscore followed by a capital letter are reserved names. This is so
that the library and header files can define functions, variables, and
macros for internal purposes without risk of conflict with names in
user programs.

The utee_*() wrappers are internal to OP-TEE and are not supposed to be
called directly by TAs so this should not have any user-visible impact.

Link: [1] https://www.gnu.org/software/libc/manual/html_node/Reserved-Names.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

symbolize.py: ignore error if ELF file is not found

When processing the memory map of a TA, it can happen that the ELF file
for a region is not found. One typical reason is a missing -d argument
on

symbolize.py: ignore error if ELF file is not found

When processing the memory map of a TA, it can happen that the ELF file
for a region is not found. One typical reason is a missing -d argument
on the command line (can easily happen when a TA uses shared libraries
for instance).

In the above case, the script crashes with no clear indication about
the cause. This commit fixes the crash by ignoring ELFs that are not
found. This is consistent with the general behavior of symbolize.py,
which is to always print out all the information it is fed and simply
augment it with debug information when possible.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

ldelf: arm64: do not unwind past end of stack

unwind_arm64() currently does not check the value of the frame pointer
after it has done its job unwinding one frame. A NULL value indicates
the end of

ldelf: arm64: do not unwind past end of stack

unwind_arm64() currently does not check the value of the frame pointer
after it has done its job unwinding one frame. A NULL value indicates
the end of the call stack, and therefore the function should return
false to stop the caller from unwinding further (a do .. while loop is
used in print_stack_arm64()). Instead invalid values for FP and PC are
returned which causes an erroneous display and the unwind stops one
step too late, when the FP is found to be outside the stack.

Fixes the invalid last line in call stacks such as xtest 1019:

E/TC:? 0 TA panicked with code 0x0
E/LD: Status of TA 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
E/LD: arch: aarch64
[...]
E/LD: Call stack:
E/LD: 0x0000000080062a50
E/LD: 0x00000000801df848
E/LD: 0x00000000800631a8
E/LD: 0xfffffffffffffffc

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. N

Move CFG_WITH_STACK_CANARIES to global config file

All platforms but one (bcm-ns3) set CFG_WITH_STACK_CANARIES ?= y in
their configuration files. Move this flag to the global mk/config.mk
instead. Not sure it matters much, but in order to avoid any functional
change, CFG_WITH_STACK_CANARIES ?= n is added to plat-bcm/conf.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...