core: move struct thread_ctx_regs to thread.h

Moves definition of struct thread_ctx_regs from thread_private.h to
<kernel/thread.h>.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>

core: move struct thread_ctx_regs to thread.h

Moves definition of struct thread_ctx_regs from thread_private.h to
<kernel/thread.h>.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by:

core: add struct user_mode_ctx

Adds struct user_mode_ctx which replaces user mode specific fields used
for memory mapping.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some re

core: thread_enter_user_mode(): avoid leaking register content

Prior to this patch not all registers passed to user mode where assigned
a new value. This allows user mode to see the value of some registers
used by Core. With this patch all general purpose registers available in
user mode are either cleared or assigned a value.

Acked-by: Pipat Methavanitpong <pipat.methavanitpong@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to

core: link.mk: Un-deprecate tee.bin v1 image generation

The v1 OP-TEE image "tee.bin" is used by a couple platforms as the only
supported image version, until these platforms can migrate continue
to build this image and do not mark it a deprecated. The tee-pager.bin
and tee-pageable.bin are not used by these platforms and are properly
deprecated by the v2 versions, leave these images deprecated.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This

plat-ti: Restore non-secure entry address from saved copy in r5

When resuming the only value we need to work with a new version of is the
non-secure context as it will have changed since boot. This value is
stored on OP-TEE entry in r5, previously we saved this value by moving
r5 to r3 then r3 to r4 basically just dodging getting overwritten by
functions we call. This can be simplified now as nothing clobbers r5,
so we can use it directly as the source for the non-secure context
pointer feed into init_sec_mon().

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

shippable: generate deprecated v1 images

Modifies two targets to also generate the deprecated v1 images.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklan

shippable: generate deprecated v1 images

Modifies two targets to also generate the deprecated v1 images.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: re

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: recipe for target 'out/core/tee.bin' failed

Introduce a special __get_tee_init_end to fix this and also avoid
confusion with __init_end used in the code for the pager case.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linar

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <j

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of
tee.elf for use by gen_tee_bin.py which then discards them. As a
result, they are not present in the final binary and should not be
reported by the memory usage script.

By ignoring any section past the _end_of_ram symbol, we avoid reporting
those discarded sections as well as a hole before them.

Before:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E301E04 size 00201E04 2056 KiB 514 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB
*hole* 0E176B80 - 0E300000 size 00189480 1573 KiB
.dynamic 0E300000 - 0E300098 size 00000098 0 KiB
.hash 0E300098 - 0E3000B0 size 00000018 0 KiB
.dynsym 0E3000B0 - 0E3000E0 size 00000030 0 KiB
.dynstr 0E3000E0 - 0E3000E1 size 00000001 0 KiB
*hole* 0E3000E1 - 0E3000E4 size 00000003 0 KiB
.rel 0E3000E4 - 0E301E04 size 00001D20 7 KiB

After:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E176B80 size 00076B80 475 KiB 119 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissie

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulne

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulnerabilities in PCKS#1 RSASSA V1.5 at this date there
has been issues in the past (for instance Bleichenbacher).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
cr

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
crypto_acipher_rsassa_verify().

A salt is something introduced by PCKS1_PSS, PKCS1_V1.5 does not have a
salt and the parameter will be ignored by crypto_acipher_rsassa_verify()
for the latter.

With the PCKS1_PSS algorithm it is common practice to use a salt with
the same size as the hash, but it is not a requirement. The
implementation here depends on using a salt with the same size as the
hash. This is a compromise to avoid extending the signed header with a
salt length field.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.ga

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: s/Load address @/TEE load address @/]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

[1] $ make CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y \
CFLAGS_ta_arm32=-pg
[run test and copy content of /tmp/ftrace*]
$ optee_os/scripts/symbolize.py -d optee_os/out/arm/core \
-d out-br/build/optee_test-1.0/ta/*/out
[paste ftrace log here]

Fixes: 105e09c24479 ("symbolize.py: add support for TEE core ASLR")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

Update Broadcom DRAM2 base and size

Update Broadcom DRAM2 base and size
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into s

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into secure ddr memory region

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gp

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gpio pin

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jero

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not found:

$ make
...
GEN out/arm/core/tee-header_v2.bin
Cannot find symbol _start
core/arch/arm/kernel/link.mk:191: recipe for target 'out/arm/core/tee-header_v2.bin' failed
make[1]: *** [out/arm/core/tee-header_v2.bin] Error 1

(This error was observed when building on Ubuntu 16.04.)

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to produce the final TEE binaries from tee.elf or
cause errors when building them. However, since commit 1a9edabc0ed4
("core: link.mk: use gen_tee_bin.py"), objcopy is not used for this
purpose anymore. Thus we can safely use llvm-objcopy.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The defa

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The default value of TA_ENC_KEY is derived from 16 zero
bytes default hardware unique key.

Also rename scripts/sign.py to scripts/sign_encrypt.py to reflect
optional encryption support along with signing of TAs.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...