ta: pkcs11: remove unused variable token in entry_ck_slot_info()

Remove unused variable token in entry_ck_slot_info().
No functional change.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro

ta: pkcs11: remove unused variable token in entry_ck_slot_info()

Remove unused variable token in entry_ck_slot_info().
No functional change.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carrie

plat-stm32mp1: remove static ETZPC configuration

Remove static ETZPC configuration and rely on shared_resources
driver to dynamically configure secure aware resources.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. Th

stm32_bsec: BSEC data access do not depend on non-closed device

BSEC driver does not need to check if device is closed_device or not
to tell which BSEC data non-secure world is allowed to access. This
change removes this support as it simplifies BSEC initialization
structure.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etien

stm32_bsec: introduce configuration switch for write support

Introduce configuration switch CFG_STM32_BSEC_WRITE to not embed
write operation support in BSEC.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not B

stm32_bsec: correct error detection in driver

Change stm32_bsec_read_otp() and stm32_bsec_write_otp() as accessing
BSEC shadow memory cannot report error.

Change check_no_error() to verify or not BSEC internal disturbance
error as only shadowing or writing OTPs can report BSEC disturbance
issues.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: simplify lock support functions

Change stm32_bsec_otp_lock() to only lock fuses as hardware safely does
not allow unlocking a locked BSEC word.

Functions to read a lock return a TEE_Res

stm32_bsec: simplify lock support functions

Change stm32_bsec_otp_lock() to only lock fuses as hardware safely does
not allow unlocking a locked BSEC word.

Functions to read a lock return a TEE_Result status aside from the
effective lock value read.

Rename stm32_bsec_wr_lock() into stm32_bsec_read_permanent_lock()
as it is more explicit.

Change IMSG() into DMSG() as traces refer to debug info rather than
informative info.

Use flag character '#' to prefix printed hexadecimal values with "0x".

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

stm32_bsec: correct OTP locked programming bit position

Correct BSEC_LOCK_PROGRAM value in stm32_bsec driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jen

stm32_bsec: correct OTP locked programming bit position

Correct BSEC_LOCK_PROGRAM value in stm32_bsec driver.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of th

plat-stm32mp1: map GPIOZ bank registers as secure

Fix GPZIOZ registers memory mapping that shall be mapped secure
for secure world to safely access the secure hardening configuration
registers of the bank.

Fixes: 68c4a16b37c7 ("stm32mp1: use phys_to_virt_io_secure() where expected")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

scripts/gen_ldelf_hex.py: relax rules for PT_LOAD segments

Latest Clang [1] generates the following ldelf.elf:

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg A

scripts/gen_ldelf_hex.py: relax rules for PT_LOAD segments

Latest Clang [1] generates the following ldelf.elf:

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x001000 0x00000000 0x00000000 0x04834 0x04834 R E 0x1000
LOAD 0x005838 0x00004838 0x00004838 0x01620 0x01620 R 0x1000
LOAD 0x007000 0x00006000 0x00006000 0x0006c 0x0006c RW 0x1000
LOAD 0x00706c 0x0000606c 0x0000606c 0x00068 0x00078 RW 0x1000
DYNAMIC 0x007000 0x00006000 0x00006000 0x00060 0x00060 RW 0x4
GNU_RELRO 0x007000 0x00006000 0x00006000 0x0006c 0x01000 R 0x1
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0
EXIDX 0x006800 0x00005800 0x00005800 0x002b8 0x002b8 R 0x4

Nothing wrong with that from a strict ELF compliance point of view, but
it doesn't meet the requirements of our current gen_ldelf_hex.py script
which makes the build fail:

$ scripts/gen_ldelf_hex.py --input out/arm-plat-vexpress/ldelf/ldelf.elf \
--output out/arm-plat-vexpress/core/ldelf_hex.c
Expected load segment to be read/write

I think our script is a bit too strict, what really matters is that
OP-TEE creates two memory mappings for the PT_LOAD segments of ldelf,
one is RX and the other is RW. We can therefore concatenate segments as
long as we have one or more non-writable segments followed by one or
more writable ones.

This commit relaxes the requirements in gen_ldelf_hex.py and implements
the above conditions instead.

[1] clang version 11.0.0 (https://github.com/llvm/llvm-project.git
6b3168f8cdb46656330929877b0b4daab35d30de)

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, GCC 8.3/Clang 10/Clang pre-11)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, GCC 8.3/Clang 10)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: device pta: enumerate early TAs

This is an extension of commit 0b611081804a ("core: pta: Add device
pseudo TA") to register not only pseudo-TAs but also user-space early
TAs that have the TA_F

core: device pta: enumerate early TAs

This is an extension of commit 0b611081804a ("core: pta: Add device
pseudo TA") to register not only pseudo-TAs but also user-space early
TAs that have the TA_FLAG_DEVICE_ENUM flag set.

This change makes enumerated early TAs visible on the optee bus in the
Linux kernel.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
[jf: minor edits to descritpion, swap #include lines, s/(*pos)/*pos/]
[jf: move local variable declaration up]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Maxim Uvarov <maxim.uvarov@linaro.org> (QEMU, ftpm)
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-

core: move for_each_early_ta() macro to <kernel/early_ta.h>

Move the for_each_early_ta() macro out of early_ta.c so that it can be
used in other parts of the code (pseudo TAs for instance).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_t

core: early_ta: expose TA flags in struct early_ta

Store TA flags in early TA descriptions so that such TAs can later be
enumerated by the device PTA when TA_FLAG_DEVICE_ENUM is set.
Change ta_bin_to_c.py to read the TA flags from its ELF file and store
it in the early TA description.

Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: minor edits to commit message and one comment]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/ta_bin_to_c.py: remove blank lines

Python functions don't have to start with a blank line. Remove them for
consistency with other scripts.

Signed-off-by: Jerome Forissier <jerome@forissier.

scripts/ta_bin_to_c.py: remove blank lines

Python functions don't have to start with a blank line. Remove them for
consistency with other scripts.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Maxim Uvarov <maxim.uvarov@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

core: ree_fs_ta.c: initialize structs with '= { };'

Initialize structs with '= { };' rather than '= {0};' because (1) it is
the recommended style and (2) it fixes the following warning with Clang
9:

CC out/arm/core/arch/arm/kernel/ree_fs_ta.o
core/arch/arm/kernel/ree_fs_ta.c:325:40: warning: suggest braces around initialization of subobject [-Wmissing-braces]
struct shdr_bootstrap_ta hdr_entry = {0};
^
{}

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Clement Faure <clement.faure@nxp.com>

show more ...

core: RPMB FS: Caching for FAT FS entries

This patch adds optional FAT FS entry caching functionality to the
RPMB FS. This functionality can be enabled by a non zero value for
CFG_RPMB_FS_CACHE_ENTR

core: RPMB FS: Caching for FAT FS entries

This patch adds optional FAT FS entry caching functionality to the
RPMB FS. This functionality can be enabled by a non zero value for
CFG_RPMB_FS_CACHE_ENTRIES. The caching functionality can improve RPMB
I/O at the cost of additional heap memory. The cache size is most
likely platform-specific and should be chosen according to available
secure world memory and expected FAT FS entries in RPMB. The cache
holds the first X FAT FS entry in RAM. Whenever the FAT FS is
traversed, we read from the cache instead of invoking RPMB I/O. The
cache is updated when cached FAT FS entries are written.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, GP)

show more ...

mk: clang.mk: use 'clang -E' instead of clang-cpp

AOSP's prebuilt versions of Clang [1] don't contain the clang-cpp
symlink to clang, so use the equivalent command of 'clang -E' instead.

LINK: [1]

mk: clang.mk: use 'clang -E' instead of clang-cpp

AOSP's prebuilt versions of Clang [1] don't contain the clang-cpp
symlink to clang, so use the equivalent command of 'clang -E' instead.

LINK: [1] https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/refs/heads/master
LINK: [2] https://github.com/llvm/llvm-project/tree/llvmorg-9.0.1
LINK: [3] https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/refs/heads/master/clang-r370808/bin/clang

Suggested by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Tested-by: Victor Chong <victor.chong@linaro.org> (builds only with
clang-v9.0.1 [2] and AOSP clang v10.0.1 [3])
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to mbedtls-2.22.0

Squash merging branch import/mbedtls-2.22.0

5cab03377186 ("mk/clang.mk: define libgcc$(sm)")
3607a5386a72 ("core: mbedtls: enable MBEDTLS_ECDH_LEGACY_CON

Squashed commit upgrading to mbedtls-2.22.0

Squash merging branch import/mbedtls-2.22.0

5cab03377186 ("mk/clang.mk: define libgcc$(sm)")
3607a5386a72 ("core: mbedtls: enable MBEDTLS_ECDH_LEGACY_CONTEXT")
896c8845bbda ("mbedtls: remove file md_wrap.c from build")
400b2af54fa0 ("libmbedtls: mbedtls_mpi_exp_mod(): optimize mempool usage")
777827c7af3d ("libmbedtls: mbedtls_mpi_exp_mod(): reduce stack usage")
549e4600678e ("libmbedtls: preserve mempool usage on reinit")
02d636083fe2 ("libmbedtls: mbedtls_mpi_exp_mod() initialize W")
d2ac2b3c92bf ("libmbedtls: fix no CRT issue")
f550879d5be2 ("libmbedtls: add interfaces in mbedtls for context memory operation")
219173d807ce ("libmedtls: mpi_miller_rabin: increase count limit")
7930b0b6b5e4 ("libmbedtls: add mbedtls_mpi_init_mempool()")
78af9fdc120f ("libmbedtls: make mbedtls_mpi_mont*() available")
8f7357271cc2 ("libmbedtls: refine mbedtls license header")
c5993878881f ("mbedtls: configure mbedtls to reach for config")
6f9c587783af ("mbedtls: remove default include/mbedtls/config.h")
3d3bd3b12752 ("Import mbedtls-2.22.0")

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk/clang.mk: define libgcc$(sm)

Adds missing definition for libgcc$(sm) (the compiler runtime library)
to mk/clang.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklande

mk/clang.mk: define libgcc$(sm)

Adds missing definition for libgcc$(sm) (the compiler runtime library)
to mk/clang.mk.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we sh

core: crypto: ECC: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. If
the size derived from the attributes is not key_size, we should return
TEE_ERROR_BAD_PARAMETERS as per the GP TEE Internal Core API
specification v1.2.1: "If an incorrect or inconsistent attribute is
detected. The checks that are performed depend on the implementation.".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: DH: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. For
Diffie-Hellman, if the size of the prime number (TEE_ATTR_D

core: crypto: DH: make sure key_size is consistent with attributes

TEE_GenerateKey() takes a key_size argument and various attributes. For
Diffie-Hellman, if the size of the prime number (TEE_ATTR_DH_PRIME) is
not key_size, we should return TEE_ERROR_BAD_PARAMETERS as per the GP
TEE Internal Core API specification v1.2.1: "If an incorrect or
inconsistent attribute is detected. The checks that are performed
depend on the implementation.".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: use supplied DSA parameters when creating key

When generating a DSA key, syscall_obj_generate_key() currently ignores
the supplied parameters: TEE_ATTR_DSA_PRIME, TEE_ATTR_DSA_SUBPRIME

core: crypto: use supplied DSA parameters when creating key

When generating a DSA key, syscall_obj_generate_key() currently ignores
the supplied parameters: TEE_ATTR_DSA_PRIME, TEE_ATTR_DSA_SUBPRIME and
TEE_ATTR_DSA_BASE. Instead a new set of parameters is generated each
time based on the specified key size. This does not comply with the
GlobalPlatform TEE Internal Core API specification which lists these
atrributes as mandatory input to the generation function (see v1.2.1
table 5-12 TEE_GenerateKey parameters).

Fix this issue by providing the supplied parameters to LibTomCrypt's
dsa_generate_key() instead of calling dsa_make_key().

Fixes: https://github.com/OP-TEE/optee_os/issues/3746
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/

Add initial UniPhier platform support

This introduces support for Socionext UniPhier SoCs. This support
includes LD11 and LD20 SoCs only. Tested with Akebi96 board[1].

[1] https://www.96boards.org/product/akebi96/

Signed-off-by: Tetsuya Yoshizaki <yoshizaki.tetsuya@socionext.com>
Signed-off-by: Kunihiko Hayashi <hayashi.kunihiko@socionext.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: remove unused PIN encryption key functions

PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.

Acked-by:

ta: pkcs11: remove unused PIN encryption key functions

PINs are hashed with a salt instead of being encrypted with a secret
key. So remove the now unused management of these secret keys.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT

Implements login/logout support.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carrier

ta: pkcs11: implement commands PKCS11_CMD_LOGIN/_LOGOUT

Implements login/logout support.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command PKCS11_CMD_SET_PIN

PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.

Acked-by: Rouven Czerwinski <r.czerwinski@p

ta: pkcs11: implement command PKCS11_CMD_SET_PIN

PKCS11_CMD_SET_PIN implements C_SetPIN() client API function that is in
charge of modifying a login PIN.

Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...