ci: travis: Use proper construct for full clone

As per the Travis docs at
https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth to
avoid performing git clones with limited depth, the

ci: travis: Use proper construct for full clone

As per the Travis docs at
https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth to
avoid performing git clones with limited depth, the depth should be set
to "false", not to a large magic number.

Signed-off-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE sho

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE should not be trapping asynchronous data aborts by default
(unless for bringups) because they usually indicate memory errors
outside the control of PE's MMU and thus better handled by the normal
world OS. Trapping async data aborts also force-unloads keep-alive TAs,
which defeats the feature.

This (masking async data aborts) turns out to be indeed the expected
behavior as `CPSR.A` is set upon SMC entry. The bit is however mistakenly
cleared upon transitioning from SVC mode (OP-TEE) to user mode (TA) due
to a typo introduced in the following commit:

commit a702f5e71e79 ("core: split thread_enter_user_mode")

where `get_spsr()` should be calling `read_cpsr()` instead of
`read_spsr()` in order to save important bits in CPSR to SPSR prior to
switching to user mode.

More general background at the risk of being pedantic:

Invoking a TA from the REE-OS triggers a series of exception level
transitions: NS.EL1-->[NS.EL2-->]EL3-->[S.EL2-->]S.EL1-->S.EL0.

During each transtion the SPSR of each level except EL0 should be kept
in sync with the level's PSTATE(ARM64) or CPSR(ARM32).

The PSTATE/CPSR is initialized by target level's software when
transitioning from a high level to a lower level. For example OP-TEE
initializes the PSTATE/CPSR upon SMC entry.

The PSTATE/CPSR is saved to the current level SPSR by software prior
to transitioning out to a lower level. The PSTATE/CPSR is restored
from SPSR automatically (without software intervention) upon
"returning" to a highlevel from a lower level.

Fixes: https://github.com/OP-TEE/optee_os/issues/3576

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ali Zhang <alizhang@google.com>

show more ...

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_speculate() is used to protect the sensitive lookup.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

This fixes a regression with CFG_FTRACE_SUPPORT=y:
E/TC:? 0 assertion '!res' failed at core/arch/arm/kernel/user_ta.c:571 <user_ta_dump_ftrace>

Fixes: cffe74d2446b ("core: fix assigned size of struct mobj_reg_shm")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signe

ta: pkcs11: add debug trace at command entry/exit

Add debug traces at entry and exit of the command invocation handler
of the TA. Prints TA command as a readable string thanks to ck_helpers.c

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a stri

ta: pkcs11: string debug trace for ta command ids

ck_helper.c/.h provide will helper functions for IDs. This change
starts with providing a string ID for a numerical command ID.

Matching IDs a strings are stored in a constant array. Macros
PKCS11_ID() ease definition of ID/string conversion arrays content.
Function id2str() finds the string for a IDs possibly skip a given
prefix, i.e. printing "ENCRYPT" instead of "PKCS11_CKFM_ENCRYPT".

TA command IDs are the first introduced ID/string conversion util.
Function id2str_ta_cmd() return string "PKCS11_CMD_..." for a known
command ID.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off

core: arm: set SCTLR_SPAN

Initializes SCTLR.SPAN to 1. SCTLR.SPAN was introduced with v8.1-PAN and
was prior to that defined as RES1.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@f

core: arm: add SCTLR_SPAN define

Adds define for setting SCTLR.SPAN which is available with the
architecture feature ARMv8.1-PAN in both AArch32 and AArch64.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey960: fix support for 4G & 6G boards

Since commit 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
platforms are required to define CFG_CORE_ARM64_PA_BITS if their physical
address

hikey960: fix support for 4G & 6G boards

Since commit 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
platforms are required to define CFG_CORE_ARM64_PA_BITS if their physical
address space extends beyond 4G. This was missing for HiKey960 4G & 6G
versions, which indeed have addresses beyond 4G.

Signed-off-by: Henrik Uhrenfeldt <henrik.uhrenfeldt@huawei.com>

show more ...

core: driver: Fix CAAM Hash - User Buffers

Fix the CAAM Hash driver when input/output buffers are User buffers
allocated on multiple Small Pages.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com

core: driver: Fix CAAM Hash - User Buffers

Fix the CAAM Hash driver when input/output buffers are User buffers
allocated on multiple Small Pages.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: CAAM driver User Buffer SGT create

CAAM Driver can operate directly with the User Buffer and in this
case, the buffer can be on non-contiguous physical page.

CAAM is using a DMA to load/st

drivers: CAAM driver User Buffer SGT create

CAAM Driver can operate directly with the User Buffer and in this
case, the buffer can be on non-contiguous physical page.

CAAM is using a DMA to load/store data from memory. The DMA is working
with physical address. In case of the User Buffer, if the buffer is
crossing multiple Small Page, a CAAM Scatter Gather Table needs to
be created to rebuild the physical memory chunks used by the User virtual
buffer.

Add a function to check if a buffer is a User buffer crossing mutliple
small page.
Add a function to create a SGT Table of the User buffer.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l

plat-amlogic: Add initial support for Amlogic platforms

This is the initial support for the Amlogic platforms.

Tested 64-bin mode on A113D (AXG) board using upstream TF-A BL31.

* xtest results (-l 15):
| 44074 subtests of which 0 failed
| 96 test cases of which 0 failed
| 0 test cases were skipped
| TEE test application done!

* Compiled with:
| make PLATFORM=amlogic

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Carlo Caione <ccaione@baylibre.com>

show more ...

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provid

ta: pkcs11: invocation command PKCS11

Introduce a first invocation command for the TA: PKCS11_CMD_PING
can be used the check TA presence and possibly retrieve TA version
information if client provides an output buffer.

Add helpers to trace command and parameters configuration.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable

ta: pkcs11: specific IDs in TA API

Define PKCS11_UNAVAILABLE_INFORMATION to reflect the PKCS#11 specific
IDCK_UNAVAILABLE_INFORMATION. It is used as PKCS11_UNDEFINED_ID for
invalid or not applicable IDs.

Define PKCS11_TRUE/PKCS11_FALSE for boolean attributes.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step f

ta: pkcs11: base for PKCS#11 services and TA API

PKCS11 TA aims at providing PKCS#11 compliant services through a
trusted application operating as a secure service provider. This
is the first step for the PKCS#11 TA that introduces the TA skeleton
source file tree.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core_mmu: fix warnings when CFG_CORE_DYN_SHM=n && CFG_SECURE_DATA_PATH=n

Static function pbuf_is_special_mem() is used only when dynamic shared
memory or secure data path are enabled. Add the proper

core_mmu: fix warnings when CFG_CORE_DYN_SHM=n && CFG_SECURE_DATA_PATH=n

Static function pbuf_is_special_mem() is used only when dynamic shared
memory or secure data path are enabled. Add the proper #ifdefs to fix
the following warning:

$ make -s CFG_CORE_DYN_SHM=n CFG_SECURE_DATA_PATH=n
core/arch/arm/mm/core_mmu.c:260:13: warning: ‘pbuf_is_special_mem’ defined but not used [-Wunused-function]
260 | static bool pbuf_is_special_mem(paddr_t pbuf, size_t len,
| ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: entry_fast.c: fix warning when CFG_CORE_DYN_SHM=n

When CFG_CORE_DYN_SHM=n and CFG_TEE_CORE_LOG_LEVEL<3 we have:

$ make -s CFG_CORE_DYN_SHM=n CFG_TEE_CORE_LOG_LEVEL=2
core/arch/arm/tee/entry

core: entry_fast.c: fix warning when CFG_CORE_DYN_SHM=n

When CFG_CORE_DYN_SHM=n and CFG_TEE_CORE_LOG_LEVEL<3 we have:

$ make -s CFG_CORE_DYN_SHM=n CFG_TEE_CORE_LOG_LEVEL=2
core/arch/arm/tee/entry_fast.c: In function ‘tee_entry_exchange_capabilities’:
core/arch/arm/tee/entry_fast.c:65:7: warning: unused variable ‘dyn_shm_en’ [-Wunused-variable]
65 | bool dyn_shm_en = false;
| ^~~~~~~~~~

Add __maybe_unused to get rid of the warning.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public

libmbedtls: fix public key size in crypto_acipher_gen_dh_key()

GP wrapper of mbedtls DH operation generate key function wrongly
calculates the number of bytes from bits, leading to incorrect public
key generated and returned.

Fixes: 34789f62982f ("libmbedtls: support mbedtls DH function")

Signed-off-by: Cao, Vincent T <vincent.t.cao@intel.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

libfdt: move to version v1.5.1

Imports upstream libfdt version v1.5.1 [1]. Things worthy of note:

- SPDX license identifiers were added upstream in commit 94f87cd5b7c5
("libfdt: Add dual GPL/BSD

libfdt: move to version v1.5.1

Imports upstream libfdt version v1.5.1 [1]. Things worthy of note:

- SPDX license identifiers were added upstream in commit 94f87cd5b7c5
("libfdt: Add dual GPL/BSD SPDX tags to files missing license text").
They conflict with those we have added locally in commit 1bb929836182
("Add SPDX license identifiers"). We added "BSD-2-Clause" while
upstream added "GPL-2.0-or-later OR BSD-2-Clause". This commit keeps
the upstream tags.

- At this stage we carry no local modification except for two minor
things enabling C99 compliance:
1. Zero sized arrays at the end of structs fdt_node_header and
fdt_property are changed from "[0]" to "[]",
2. An extra semicolon is removed after the static function
overlay_fixup_one_phandle().
These changes were in the initial import already, commit b908c67504cd
("Import libfdt v1.4.1").

Link: [1] https://github.com/dgibson/dtc/tree/v1.5.1/libfdt
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text

symbolize.py: Python < 3.7 compatibility

The documentation for the Python 3 subprocess module [1] has the
following note related to the Popen() constructor:

Changed in version 3.7: Added the text parameter, as a more
understandable alias of universal_newlines.

In order to avoid a runtime error with versions of Python prior to 3.7,
replace the 'text' parameter with 'universal_newlines'.

Link: [1] https://docs.python.org/3/library/subprocess.html
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

plat-imx: Add SA settings for i.MX6UL

The Secure Access register configures the access mode for non-TrustZone
aware DMA masters. To ensure that no DMA master can read the secure
memory for OP-TEE, w

plat-imx: Add SA settings for i.MX6UL

The Secure Access register configures the access mode for non-TrustZone
aware DMA masters. To ensure that no DMA master can read the secure
memory for OP-TEE, we set access for all masters except the
processor (Cortex-A7) to non-secure only and lock the settings
afterwards.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Review

plat-imx: add CSU SA register for i.MX6/7

CSU_SA is at the same offset for both i.MX6 and i.MX7, add it to both
register files.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked

libutee: add TEE_IsAlgorithmSupported()

Adds function TEE_IsAlgorithmSupported() as per the GlobalPlatform TEE
Internal Core API v1.2.1.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissie

Move core/include/config.h to lib/libutils/ext/include

In order to be able to use the IS_ENABLED() macro in user space
libraries, move config.h from core to libutils.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...