core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks t

core: parameter check in system_rng_reseed()

Removes confusing comment in system_rng_reseed(). Removes the max limit
on input buffer size, that's handled inside crypto_rng_add_event(). Also
checks that the supplied buffer isn't NULL.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: gprof: check that PC sampling is idle before starting

In gprof_start_pc_sampling() check that PC sampling isn't started yet,
or have been stopped before starting again. This avoids memory leak

core: gprof: check that PC sampling is idle before starting

In gprof_start_pc_sampling() check that PC sampling isn't started yet,
or have been stopped before starting again. This avoids memory leakage
by s->sbuf being overwritten with a pointer to a new buffer.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: bnxt: add overflow check in bnxt_copy_crash_dump()

Adds a check that offset + len doesn't overflow when checking that the
resulting size is still less than BNXT_CRASH_LEN.

Reviewed-by: Joa

drivers: bnxt: add overflow check in bnxt_copy_crash_dump()

Adds a check that offset + len doesn't overflow when checking that the
resulting size is still less than BNXT_CRASH_LEN.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add overflow check in SHDR_GET_SIZE()

Adds overflow check in SHDR_GET_SIZE(), 0 which never can be a correct
size is returned in case of overflow.

Reviewed-by: Joakim Bech <joakim.bech@linaro

core: add overflow check in SHDR_GET_SIZE()

Adds overflow check in SHDR_GET_SIZE(), 0 which never can be a correct
size is returned in case of overflow.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Bastien Simondi <bsimondi@netflix.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mk/lib.mk: cleanup shared library link command

The command used to link shared libraries when CFG_ULIBS_SHARED=y is
slightly incorrect for two reasons:

1. The -L/-l arguments are passed before the

mk/lib.mk: cleanup shared library link command

The command used to link shared libraries when CFG_ULIBS_SHARED=y is
slightly incorrect for two reasons:

1. The -L/-l arguments are passed before the object files, when they
should normally be added after;

2. The shared libraries needed during the link are passed as files in
addition to being supplied with -L/-l. This is redundant, and is a
consequence of having the shared libraries in the prerequisites and
using $^. Therefore, filter out the .so files.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: identify user as per define user types

Define users with CKU User Type in Cryptoki API:
PKCS11_CKU_SO and PKCS11_CKU_USER. They will be used as identifiers
for login and related PKCS#11

ta: pkcs11: identify user as per define user types

Define users with CKU User Type in Cryptoki API:
PKCS11_CKU_SO and PKCS11_CKU_USER. They will be used as identifiers
for login and related PKCS#11 API functions.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: use sizeof(rc) instead of sizeof(uint32_t)

Prefer sizeof() to use rc reference rather than explicit 32bit.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jer

ta: pkcs11: use sizeof(rc) instead of sizeof(uint32_t)

Prefer sizeof() to use rc reference rather than explicit 32bit.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: remove #include <elf_common.h>

Since the introduction of ldelf, the TEE kernel does not do any ELF
processing anymore. Remove the useless ELF includes.

Signed-off-by: Jerome Forissier <jerome

core: remove #include <elf_common.h>

Since the introduction of ldelf, the TEE kernel does not do any ELF
processing anymore. Remove the useless ELF includes.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: arm64: update register accessor macros to support Clang

When building a 64-bit TA that includes <arm64_user_sysreg.h>, Clang
complains about ASM operand width:

lib/libutee/include/arm64_u

libutee: arm64: update register accessor macros to support Clang

When building a 64-bit TA that includes <arm64_user_sysreg.h>, Clang
complains about ASM operand width:

lib/libutee/include/arm64_user_sysreg.h:31:1: error: value size does not match register size specified by the constraint and modifier [-Werror,-Wasm-operand-widths]
DEFINE_REG_READ_FUNC_(cntfrq, uint32_t, cntfrq_el0)
^
lib/libutee/include/arm64_user_sysreg.h:20:42: note: expanded from macro 'DEFINE_REG_READ_FUNC_'
asm volatile("mrs %0, " #asmreg : "=r" (val)); \
^
lib/libutee/include/arm64_user_sysreg.h:31:1: note: use constraint modifier "w"
lib/libutee/include/arm64_user_sysreg.h:20:20: note: expanded from macro 'DEFINE_REG_READ_FUNC_'
asm volatile("mrs %0, " #asmreg : "=r" (val)); \
^
Let's apply the same fix as in commit 16e2153c57f0 ("core: arm64:
update register accessor macros to support Clang").

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

drivers: caam: add descriptive defines for RSA key formats

Add descriptive defines for RSA private key formats for a better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-b

drivers: caam: add descriptive defines for RSA key formats

Add descriptive defines for RSA private key formats for a better
readability.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: driver: fix RSA encoded message length computation

Fix the RSA encoded message length computation when verifying the
message.
This fixes inconsistent xtest 4006.20 and 4006.32 fails.

Signed-o

core: driver: fix RSA encoded message length computation

Fix the RSA encoded message length computation when verifying the
message.
This fixes inconsistent xtest 4006.20 and 4006.32 fails.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: fix RSA key format number 3

Fix the RSA private key format number 3.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

libutils: add __noreturn to longjmp() prototype

The longjmp() function does not return, therefore it should have the
__noreturn attribute. Avoids compiler warnings.

Signed-off-by: Jerome Forissier

libutils: add __noreturn to longjmp() prototype

The longjmp() function does not return, therefore it should have the
__noreturn attribute. Avoids compiler warnings.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from

core: core_mmu_v7.c: set TTBCR_PD1 in reduced mappings

When using reduced mappings set TTBCR_PD1 in order to disable table
walks using TTBR1 which holds the OP-TEE Core mappings. This saves us
from keeping an empty L1 translation table (16 KiB) with
CFG_CORE_UNMAP_CORE_AT_EL0=y.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: make main l1 translation tables static again

The main level 1 memory translation tables for both short and
longer descriptors are only accessed internally in respective
C file. So make the tab

core: make main l1 translation tables static again

The main level 1 memory translation tables for both short and
longer descriptors are only accessed internally in respective
C file. So make the tables static again.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: prints consistent with readelf

Prints names of sections consistent with names used in the readelf
utility.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander

ldelf: prints consistent with readelf

Prints names of sections consistent with names used in the readelf
utility.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: consistent error codes

Changes error codes related to bad format or values in ELF to
TEE_ERROR_BAD_FORMAT. This includes overflowing multiplications and
addresses outside the range of the cur

ldelf: consistent error codes

Changes error codes related to bad format or values in ELF to
TEE_ERROR_BAD_FORMAT. This includes overflowing multiplications and
addresses outside the range of the current ELF being parsed.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: use confine_array_index() to cap speculation

Uses confine_array_index() to limit speculation on different indexes into
the ELF.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Ac

ldelf: use confine_array_index() to cap speculation

Uses confine_array_index() to limit speculation on different indexes into
the ELF.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check ranges in __resolve_sym()

Adds checks in __resolve_sym() to see that the offset of the name and
location of a symbol is in range.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
A

ldelf: check ranges in __resolve_sym()

Adds checks in __resolve_sym() to see that the offset of the name and
location of a symbol is in range.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: calculate correct elf->max_addr

Prior to this patch when the different load sections are mapped
elf->max_addr is inceased as appropriate, except in one case, when memsz
is larger than filesz.

ldelf: calculate correct elf->max_addr

Prior to this patch when the different load sections are mapped
elf->max_addr is inceased as appropriate, except in one case, when memsz
is larger than filesz. With this patch use memsz instead to calculate
elf->max_addr in order to also cover .bss and friends.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command to get token information

Implement TA command PKCS11_CMD_TOKEN_INFO for client to get
information on a token embedded in the PKCS11 TA.

Rename PKCS11_TOKEN_PIN_SIZE in

ta: pkcs11: implement command to get token information

Implement TA command PKCS11_CMD_TOKEN_INFO for client to get
information on a token embedded in the PKCS11 TA.

Rename PKCS11_TOKEN_PIN_SIZE into PKCS11_TOKEN_PIN_SIZE_MAX as
introducing PKCS11_TOKEN_PIN_SIZE_MIN, in pkcs11_token.h.

Rely on serializer.h for de-serializing the command arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ta: pkcs11: add pad_str() helper in token info wrapper

Add pad_str() to pad a string ('\0' terminated) with blank characters
(' '), removing the '\0' termination as per PKCS#11 specification.

This

ta: pkcs11: add pad_str() helper in token info wrapper

Add pad_str() to pad a string ('\0' terminated) with blank characters
(' '), removing the '\0' termination as per PKCS#11 specification.

This will factorize other padding needed in other function/command
wrappers.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ldelf: strict checks during relocation

Adds strict check of symbol index, string table index and destination
location when relocating an ELF. This fixes an error where a malformed
ELF may cause the

ldelf: strict checks during relocation

Adds strict check of symbol index, string table index and destination
location when relocating an ELF. This fixes an error where a malformed
ELF may cause the loader to read/write data from/in other ELF or from
the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check dynsym index is in range

Checks that a dynsym index found in hashtab is in the valid range of
dynsyms before indexing into the dynsym table. This fixes an error where
a malformed ELF ma

ldelf: check dynsym index is in range

Checks that a dynsym index found in hashtab is in the valid range of
dynsyms before indexing into the dynsym table. This fixes an error where
a malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check string table ranges

Checks that the string table is in the range of the ELF and also checks
that offsets into the string table are indeed inside the string table.
This fixes an error wh

ldelf: check string table ranges

Checks that the string table is in the range of the ELF and also checks
that offsets into the string table are indeed inside the string table.
This fixes an error where a malformed ELF may cause the loader to read
data from other ELF or from the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...