ldelf: fix possible integer overflow in init_elf()

The size of the program headers is calculated as:
e_phoff + e_phnum * e_phentsize
This can overflow for large values leading to the 4k size check t

ldelf: fix possible integer overflow in init_elf()

The size of the program headers is calculated as:
e_phoff + e_phnum * e_phentsize
This can overflow for large values leading to the 4k size check to fail.
Fix this by using MUL_OVERFLOW() and ADD_OVERFLOW() instead.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check dynsymtab and dynstr ranges

Checks the ranges of dynsymtab and dynstr. Also checks that the dynstr
index in section headers isn't out of range. This fixes an error where a
malformed ELF

ldelf: check dynsymtab and dynstr ranges

Checks the ranges of dynsymtab and dynstr. Also checks that the dynstr
index in section headers isn't out of range. This fixes an error where a
malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check against section headers size overflow

Adds a check in copy_section_headers() to guard against overflow in
the e_shnum * e_shentsize multiplication.

Reviewed-by: Etienne Carriere <etien

ldelf: check against section headers size overflow

Adds a check in copy_section_headers() to guard against overflow in
the e_shnum * e_shentsize multiplication.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that hashtab entries are in range

Adds checks that each looked up entry in the hashtab is in the range of
the hashtab. This fixes an error where a malformed ELF may cause the
loader to

ldelf: check that hashtab entries are in range

Adds checks that each looked up entry in the hashtab is in the range of
the hashtab. This fixes an error where a malformed ELF may cause the
loader to read data from other ELF or from the loader itself.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that hashtab is in range before use

Adds checks that the hashtab found via the dynamic section is in range
of the loaded ELF before they are used. This fixes an error where a
malformed

ldelf: check that hashtab is in range before use

Adds checks that the hashtab found via the dynamic section is in range
of the loaded ELF before they are used. This fixes an error where a
malformed ELF may cause the loader to read data from other ELF or from
the loader itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF m

ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF may cause the loader to read data from other ELF or from the loader
itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command to get slot information

Implement TA command PKCS11_CMD_SLOT_INFO for client get information
on a specific slot.

Rely on serializer.h for de-serializing the command ar

ta: pkcs11: implement command to get slot information

Implement TA command PKCS11_CMD_SLOT_INFO for client get information
on a specific slot.

Rely on serializer.h for de-serializing the command arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: speculation safe lookup of token instance

Change get_token_id() to be safe against speculation execution for
IDs provided by client. This change is needed for TA command handlers
relying

ta: pkcs11: speculation safe lookup of token instance

Change get_token_id() to be safe against speculation execution for
IDs provided by client. This change is needed for TA command handlers
relying on slot/token IDs provided by client applications.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command to get slots list

Implement TA command PKCS11_CMD_SLOT_LIST for client to get the IDs of
the slots embedded in the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.

ta: pkcs11: implement command to get slots list

Implement TA command PKCS11_CMD_SLOT_LIST for client to get the IDs of
the slots embedded in the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: de-serialization of command arguments

Add serialize.c|.h that provide functions to extract a sized data
in a serialized buffer as used for command serial arguments.

Signed-off-by: Etien

ta: pkcs11: de-serialization of command arguments

Add serialize.c|.h that provide functions to extract a sized data
in a serialized buffer as used for command serial arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: better test object ids generation

Change init_pin_keys() and init_persistent_db() to rely on the
strict byte size of the object ID reference rather than using hard
coded value 32.

Fixes

ta: pkcs11: better test object ids generation

Change init_pin_keys() and init_persistent_db() to rely on the
strict byte size of the object ID reference rather than using hard
coded value 32.

Fixes: c84ccd0a805e ("ta: pkcs11: persistent database for the pkcs11 tokens")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

.shippable.yml: build imx boards with CFG_NXP_CAAM=y

Add the compilation of the following i.MX platforms with the CAAM
enabled (CFG_NXP_CAAM=y) :
* mx6ulevk
* mx6sxsabresd
* mx6qsabreauto
* mx7d

.shippable.yml: build imx boards with CFG_NXP_CAAM=y

Add the compilation of the following i.MX platforms with the CAAM
enabled (CFG_NXP_CAAM=y) :
* mx6ulevk
* mx6sxsabresd
* mx6qsabreauto
* mx7dsabresd
* mx8mmevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined but not used [-Wunused-const-variable=]
static const struct reglist jr_backup[] = {

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]
return &drvcrypt_hash_oid[main_alg];

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MA

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MAIN_ALG’;
did you mean ‘TEE_ALG_HMAC_SM3’?
[-Werror=implicit-function-declaration]
uint32_t main_alg = TEE_ALG_GET_MAIN_ALG(algo);

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instan

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instantiate the RNG if needed.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Kh

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: s/Initial call/Initcall/, wrap line, uppercase ASLR in subject]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

confine_array_index.h: add A32 and T32 versions of confine_array_index()

Adds inline assembly implementations for the A32 and T32 instruction
sets. The implementation is based on __load_no_speculate

confine_array_index.h: add A32 and T32 versions of confine_array_index()

Adds inline assembly implementations for the A32 and T32 instruction
sets. The implementation is based on __load_no_speculate1() in
<speculation_barrier.h>.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: import confine_array_index.h from Fuchsia

Imports confine_array_index.h from [1].

Replaced include statements to suit OP-TEE and removed the namespace
directive. Added content from [2] as

libutils: import confine_array_index.h from Fuchsia

Imports confine_array_index.h from [1].

Replaced include statements to suit OP-TEE and removed the namespace
directive. Added content from [2] as a comment to clarify the license.

The speculation safe function confine_array_index() is provided with
this.

Note that only AArch64 and x86_64 versions of the function is implemented
in this commit.

Link: [1] https://fuchsia.googlesource.com/fuchsia/+/39d9b8c2dbb0f6133a835676f8f669b07aca6b30/zircon/system/ulib/fbl/include/fbl/confine_array_index.h
Link: [2] https://fuchsia.googlesource.com/fuchsia/+/39d9b8c2dbb0f6133a835676f8f669b07aca6b30/LICENSE

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: ta.ld.S: merge .ARM.extab* sections

Contrary to .ARM.exidx, we have no .ARM.extab entry in the TA linker
script. As a result, the multiple .ARM.extab* sections gathered from
the object files wil

ta: ta.ld.S: merge .ARM.extab* sections

Contrary to .ARM.exidx, we have no .ARM.extab entry in the TA linker
script. As a result, the multiple .ARM.extab* sections gathered from
the object files will remain in the TA. While this is perfectly valid
and does not cause any functional issue, it uselessly pollutes the
readelf/symbolize.py/etc. dumps.

This commit merges all the .ARM.extab* into a unique .ARM.extab.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, relate

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, related to CK function C_GetSlotList(),
- get information from a slot, related to C_GetSlotInfo(),
- get information from a token, related to C_GetTokenInfo(),
- get the list of mechanisms supported by a token, C_GetMechanismList(),
- get information a mechanism from a token, C_GetMechanismInfo().

The TA API involves several byte serialization of invocation
parameters data inside TEE invocation input/output memory reference
parameters.

This change introduces the command APIs and some debug helpers for
the newly defined slot/token flags.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: persistent database for the pkcs11 tokens

Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state

ta: pkcs11: persistent database for the pkcs11 tokens

Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.

PKCS11 TA may implement several tokens each related to its own
database.

A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.

At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.

Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: implement NXP CAAM Driver - RSA

Add the NXP CAAM drivers:
- Asymmetric RSA:
- Encrypt/Decrypt
- Sign/Verify
- Mathematical operation XOR (mod N)

Signed-off-by: Cedric Neveux <cedric.

drivers: caam: implement NXP CAAM Driver - RSA

Add the NXP CAAM drivers:
- Asymmetric RSA:
- Encrypt/Decrypt
- Sign/Verify
- Mathematical operation XOR (mod N)

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: generic resources for crypto device driver - RSA

TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.

drivers: crypto: generic resources for crypto device driver - RSA

TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...