ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF m

ldelf: check that PT_DYNAMIC is in range before use

Adds checks that the ELF program header PT_DYNAMIC is in range of the
loaded ELF before they are used. This fixes an error where a malformed
ELF may cause the loader to read data from other ELF or from the loader
itself.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Martijn Bogaard <martijn@riscure.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command to get slot information

Implement TA command PKCS11_CMD_SLOT_INFO for client get information
on a specific slot.

Rely on serializer.h for de-serializing the command ar

ta: pkcs11: implement command to get slot information

Implement TA command PKCS11_CMD_SLOT_INFO for client get information
on a specific slot.

Rely on serializer.h for de-serializing the command arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: speculation safe lookup of token instance

Change get_token_id() to be safe against speculation execution for
IDs provided by client. This change is needed for TA command handlers
relying

ta: pkcs11: speculation safe lookup of token instance

Change get_token_id() to be safe against speculation execution for
IDs provided by client. This change is needed for TA command handlers
relying on slot/token IDs provided by client applications.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: implement command to get slots list

Implement TA command PKCS11_CMD_SLOT_LIST for client to get the IDs of
the slots embedded in the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.

ta: pkcs11: implement command to get slots list

Implement TA command PKCS11_CMD_SLOT_LIST for client to get the IDs of
the slots embedded in the PKCS11 TA.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: de-serialization of command arguments

Add serialize.c|.h that provide functions to extract a sized data
in a serialized buffer as used for command serial arguments.

Signed-off-by: Etien

ta: pkcs11: de-serialization of command arguments

Add serialize.c|.h that provide functions to extract a sized data
in a serialized buffer as used for command serial arguments.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: better test object ids generation

Change init_pin_keys() and init_persistent_db() to rely on the
strict byte size of the object ID reference rather than using hard
coded value 32.

Fixes

ta: pkcs11: better test object ids generation

Change init_pin_keys() and init_persistent_db() to rely on the
strict byte size of the object ID reference rather than using hard
coded value 32.

Fixes: c84ccd0a805e ("ta: pkcs11: persistent database for the pkcs11 tokens")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

.shippable.yml: build imx boards with CFG_NXP_CAAM=y

Add the compilation of the following i.MX platforms with the CAAM
enabled (CFG_NXP_CAAM=y) :
* mx6ulevk
* mx6sxsabresd
* mx6qsabreauto
* mx7d

.shippable.yml: build imx boards with CFG_NXP_CAAM=y

Add the compilation of the following i.MX platforms with the CAAM
enabled (CFG_NXP_CAAM=y) :
* mx6ulevk
* mx6sxsabresd
* mx6qsabreauto
* mx7dsabresd
* mx8mmevk

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined

drivers: caam: fix compilation warning hal_jr.c

Fix compilation warning when CFG_NXP_CAAM=y and CFG_CRYPTO_DRIVER=n

core/drivers/crypto/caam/hal/common/hal_jr.c:19:29: warning:
‘jr_backup’ defined but not used [-Wunused-const-variable=]
static const struct reglist jr_backup[] = {

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]

drivers: crypto: fix compilation warning hash_oid.c

core/drivers/crypto/crypto_api/oid/hash_oid.c:37:10:
warning: return discards ‘const’ qualifier from pointer target
type [-Wdiscarded-qualifiers]
return &drvcrypt_hash_oid[main_alg];

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MA

drivers: crypto: fix missing header hash_oid.c

Fix compilation error when CFG_NXP_CAAM=y

core/drivers/crypto/crypto_api/oid/hash_oid.c:34:22:
error: implicit declaration of function ‘TEE_ALG_GET_MAIN_ALG’;
did you mean ‘TEE_ALG_HMAC_SM3’?
[-Werror=implicit-function-declaration]
uint32_t main_alg = TEE_ALG_GET_MAIN_ALG(algo);

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instan

drivers: caam: fix suspend/resume issue

Add missing save/restore of the Secure JR configuration (all devices).
On i.MX6Q/D fix the job ring resume to reconfigure the Software JR queues
and re-instantiate the RNG if needed.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Kh

core: init: ASLR offset leak in initcall error message

Initial call error message print out call pointer. This leak
the ASLR offset. Subtract VA start address to hide ASLR offset.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: s/Initial call/Initcall/, wrap line, uppercase ASLR in subject]
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

confine_array_index.h: add A32 and T32 versions of confine_array_index()

Adds inline assembly implementations for the A32 and T32 instruction
sets. The implementation is based on __load_no_speculate

confine_array_index.h: add A32 and T32 versions of confine_array_index()

Adds inline assembly implementations for the A32 and T32 instruction
sets. The implementation is based on __load_no_speculate1() in
<speculation_barrier.h>.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: import confine_array_index.h from Fuchsia

Imports confine_array_index.h from [1].

Replaced include statements to suit OP-TEE and removed the namespace
directive. Added content from [2] as

libutils: import confine_array_index.h from Fuchsia

Imports confine_array_index.h from [1].

Replaced include statements to suit OP-TEE and removed the namespace
directive. Added content from [2] as a comment to clarify the license.

The speculation safe function confine_array_index() is provided with
this.

Note that only AArch64 and x86_64 versions of the function is implemented
in this commit.

Link: [1] https://fuchsia.googlesource.com/fuchsia/+/39d9b8c2dbb0f6133a835676f8f669b07aca6b30/zircon/system/ulib/fbl/include/fbl/confine_array_index.h
Link: [2] https://fuchsia.googlesource.com/fuchsia/+/39d9b8c2dbb0f6133a835676f8f669b07aca6b30/LICENSE

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: ta.ld.S: merge .ARM.extab* sections

Contrary to .ARM.exidx, we have no .ARM.extab entry in the TA linker
script. As a result, the multiple .ARM.extab* sections gathered from
the object files wil

ta: ta.ld.S: merge .ARM.extab* sections

Contrary to .ARM.exidx, we have no .ARM.extab entry in the TA linker
script. As a result, the multiple .ARM.extab* sections gathered from
the object files will remain in the TA. While this is perfectly valid
and does not cause any functional issue, it uselessly pollutes the
readelf/symbolize.py/etc. dumps.

This commit merges all the .ARM.extab* into a unique .ARM.extab.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, relate

ta: pkcs11: API for slot/token information

Define invocation commands to carry the request related to
PKCS#11 API functions related to slot and token information:
- get the list of the slots, related to CK function C_GetSlotList(),
- get information from a slot, related to C_GetSlotInfo(),
- get information from a token, related to C_GetTokenInfo(),
- get the list of mechanisms supported by a token, C_GetMechanismList(),
- get information a mechanism from a token, C_GetMechanismInfo().

The TA API involves several byte serialization of invocation
parameters data inside TEE invocation input/output memory reference
parameters.

This change introduces the command APIs and some debug helpers for
the newly defined slot/token flags.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

ta: pkcs11: enumerate ta command ids

Enumerate RA command IDs rather than using macros.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: persistent database for the pkcs11 tokens

Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state

ta: pkcs11: persistent database for the pkcs11 tokens

Initialize token(s) state from a persistent database. If no
persistent database is found in the secure storage, initialize
it to a default state and save the database in secure storage.

PKCS11 TA may implement several tokens each related to its own
database.

A token persistent database is stored in several part in TEE secure
storage. The main database stores token label, flags and PINs status.
Another database stores the UUIDs of the TEE persistent objects
used to store the token PKCS11 objects allowing the token to find
back PKCS11 persistent objects. This object database is out of the
scope of this change.

At runtime, a token instance is reference by a struct ck_token instance
in RAM which stores the state of the token and references to the
resources the token as loaded as PIN cipher keys (see paragraph below),
session states and the volatile copy of the persistent databases.

Among data saved in persistent database is the reference to
the keys used to cipher the PINs that will be used. A symmetric
encryption scheme is used using keys PKCS11 TA does not have access
to. This allows PKCS11 TA to save in RAM an encrypted value of
the owners PINs.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: implement NXP CAAM Driver - RSA

Add the NXP CAAM drivers:
- Asymmetric RSA:
- Encrypt/Decrypt
- Sign/Verify
- Mathematical operation XOR (mod N)

Signed-off-by: Cedric Neveux <cedric.

drivers: caam: implement NXP CAAM Driver - RSA

Add the NXP CAAM drivers:
- Asymmetric RSA:
- Encrypt/Decrypt
- Sign/Verify
- Mathematical operation XOR (mod N)

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: crypto: generic resources for crypto device driver - RSA

TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.

drivers: crypto: generic resources for crypto device driver - RSA

TEE Crypto generic APIs to HW driver interface

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: change CAAM debug trace method

Change the method to enable the CAAM debug.
Split the debug compilation 32 bits word to 3x32 bits words, one for the
trace, one for the descriptor dump

drivers: caam: change CAAM debug trace method

Change the method to enable the CAAM debug.
Split the debug compilation 32 bits word to 3x32 bits words, one for the
trace, one for the descriptor dump and one for the buffer dump.

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: use adr_l to allow bigger data sections

Compiling for NXP lx2160ardb with debug enabled fails with:

$ make -j32 CFG_ARM64_core=y PLATFORM=ls-lx2160ardb DEBUG=1
...
LD out/arm-plat-l

core: use adr_l to allow bigger data sections

Compiling for NXP lx2160ardb with debug enabled fails with:

$ make -j32 CFG_ARM64_core=y PLATFORM=ls-lx2160ardb DEBUG=1
...
LD out/arm-plat-ls/core/all_objs.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_sync_a64':
core/arch/arm/kernel/thread_a64.S:271:(.text.thread_excp_vect+0x424): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:271:(.text.thread_excp_vect+0x43c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_irq_a64':
core/arch/arm/kernel/thread_a64.S:283:(.text.thread_excp_vect+0x4a4): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:283:(.text.thread_excp_vect+0x4bc): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_fiq_a64':
core/arch/arm/kernel/thread_a64.S:290:(.text.thread_excp_vect+0x524): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:290:(.text.thread_excp_vect+0x53c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_sync_a32':
core/arch/arm/kernel/thread_a64.S:306:(.text.thread_excp_vect+0x624): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:306:(.text.thread_excp_vect+0x63c): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_irq_a32':
core/arch/arm/kernel/thread_a64.S:318:(.text.thread_excp_vect+0x6a4): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kcode_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
core/arch/arm/kernel/thread_a64.S:318:(.text.thread_excp_vect+0x6bc): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `thread_user_kdata_sp_offset' defined in COMMON section in out/arm-plat-ls/core/arch/arm/kernel/thread.o
out/arm-plat-ls/core/arch/arm/kernel/thread_a64.o: in function `el0_fiq_a32':
core/arch/arm/kernel/thread_a64.S:325:(.text.thread_excp_vect+0x724): additional relocation overflows omitted from the output

So let's replace adr with adr_l and apply a similar fix as
commit 82d398c0e05c ("core: generic_entry_a64.S: use adr_l to allow
bigger data sections") suggests.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
[jf: reformat commit description]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: save_panic_stack(): make sure tsd is initialized

If a TA fails to load due to an assertion failure in ldelf, the user
stack might be inaccessible. save_panic_stack() detects this situation
but

core: save_panic_stack(): make sure tsd is initialized

If a TA fails to load due to an assertion failure in ldelf, the user
stack might be inaccessible. save_panic_stack() detects this situation
but fails to set abort information in the thread specific data (tsd).
As a result, the stack unwinding code can erroneously execute kernel
unwinding code and trigger an assertion:

E/TC:? 0 assertion 'thread_get_exceptions() & THREAD_EXCP_FOREIGN_INTR' failed at core/arch/arm/include/kernel/misc.h:22 <get_core_pos>

The fix consists in moving the tsd initialization above the user stack
accessibility check.

Suggested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: exclude generic_boot_init_primary() from unpaged part

Excludes generic_boot_init_primary() from unpaged part and makes sure
it's still in the init part.

Reviewed-by: Jerome Forissier <jerome@

core: exclude generic_boot_init_primary() from unpaged part

Excludes generic_boot_init_primary() from unpaged part and makes sure
it's still in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: exclude core_init_mmu_map() from unpaged part

Excludes core_init_mmu_map() from unpaged part and makes sure it's still
in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
S

core: exclude core_init_mmu_map() from unpaged part

Excludes core_init_mmu_map() from unpaged part and makes sure it's still
in the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...