core: exclude get_aslr_seed() from unpaged part

Excludes get_aslr_seed() from unpaged part and makes sure it's still in
the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-of

core: exclude get_aslr_seed() from unpaged part

Excludes get_aslr_seed() from unpaged part and makes sure it's still in
the init part.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: se

drivers: caam: RNG: provide plat_rng_init symbol

Not doing so calls the default implementation which generates
misleading RNG trace information (sample below)

E/TC:0 0 plat_rng_init:354 Warning: seeding RNG with zeroes

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers

ldelf, ta: add support for DT_INIT_ARRAY and DT_FINI_ARRAY

Adds support for running initialization and finalization functions in
TA ELF files. Such functions are used, for instance, by C++ compilers
to construct and destruct global objects. They can also be used in C
thanks to __attribute__((constructor)) and __attribute__((destructor)).

A global structure is added to libutee. ldelf is responsible for
filling it with the addresses of the functions pointer arrays present
in the ELF files whenever such a file is loaded. Since the number of
arrays is unknown at compile time (it depends on how many ELF files are
loaded, and whether they have constructors or destructors), memory is
allocated on the TA heap.

Two helper functions are introduced: __utee_call_elf_init_fn() and
__utee_call_elf_fini_fn(). They are used when the TA instance is
created and torn down, as well as by dlopen().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8, HiKey960 32/64)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree_fs_ta: fix bootstrap header size check

This change fix bootstrap header size check. Before it use
sizeof(bs_hdr) but bs_hdr is a struct pointer. Correct it
to sizeof(*bs_hdr)

Fixes: 18339

core: ree_fs_ta: fix bootstrap header size check

This change fix bootstrap header size check. Before it use
sizeof(bs_hdr) but bs_hdr is a struct pointer. Correct it
to sizeof(*bs_hdr)

Fixes: 183398139c9c ("core: enable rollback protection for REE-FS TAs")
Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: fix check of memory physical end address

Correct test on memory physical end address that was not consistent
in use of core_mmu_check_end_pa().

This change fixes core_mmu_set_discovered_

core: mmu: fix check of memory physical end address

Correct test on memory physical end address that was not consistent
in use of core_mmu_check_end_pa().

This change fixes core_mmu_set_discovered_nsec_ddr() where
core_mmu_check_end_pa() was called with a byte length argument
decreased by one whereas it should provide the effective byte size
of the memory area.

This change fixes core_mmu_check_end_pa() so that it computes
the end address as start address plus byte size minus one to
obtain the inclusive end address core_mmu_check_max_pa() expects
as input argument.

Fixes: 4518cdc1ff64 ("core: arm64: introduce CFG_CORE_ARM64_PA_BITS")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add plat_rpmb_ready for i.MX6/7

For i.MX6/7 RPMB key writes should only be allowed if the device is in
the closed configuration and in the trusted or secure state.

Signed-off-by: Rouven

core: imx: add plat_rpmb_ready for i.MX6/7

For i.MX6/7 RPMB key writes should only be allowed if the device is in
the closed configuration and in the trusted or secure state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

rpmb: function to block rpmb write per platform

Often the RPMB should only be written if the platform is in the correct
state where the Hardware Unique Key (HUK) for the platform works
correctly. As

rpmb: function to block rpmb write per platform

Often the RPMB should only be written if the platform is in the correct
state where the Hardware Unique Key (HUK) for the platform works
correctly. As an example on imx platforms with HUK derivation from the
OTPMK, the OTPMK is only accessible from the secure or trusted state.
Add a function and weak implementation for platforms to indicate that
the device is in the correct state to allow RPMB key writes.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signe

imx: snvs: rework snvs driver

Remove the unused SRTC functionality which is not wired up anywhere.
Instead add a function to read the device configuration and system
security monitor instead.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

ta: pkcs11: report PKCS11 return code to client

For the PKCS11 TA to provide client a meaningful return code as per
PKCS#11 specification, the GPD TEE command invocation return code
is forced to TEE

ta: pkcs11: report PKCS11 return code to client

For the PKCS11 TA to provide client a meaningful return code as per
PKCS#11 specification, the GPD TEE command invocation return code
is forced to TEE_SUCCESS and client is expected to read effective
PKCS11 return code (which can report a success or a failure) from
invocation parameter #0 that must be a input/output memory
reference. The status is return as a 32bit value in the output
buffer.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store

ta: pkcs11: change TA API to mandate param#0 as in/out memref

Change TA API so that invocation parameter #0 is always used as
an input/output memory reference. Output buffer is always used to
store a PKCS#11 compliant status to the client.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the call

ta: pkcs11: define pkcs11 return codes

This change introduces PKCS11 return codes used internally in the
TA to get a PKCS#11 compliant status of the requested operation
and also reported to the caller client providing a cryptoki
compliant return value for the client API functions.

There are PCSK11 TA specific return values that are defined and
used only internally in the TA: PKCS11_RVçNOT_FOUND and
PKCS11_RV_NOT_IMPLEMENTED.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with sha

symbolize.py: add -L option to the "file" command

The symbolize script uses the "file" command to identify the
architecture of ELF binaries. If the file is a symbolic link (which can
happen with shared libraries typically), the command may fail to return
the expected output and print "symbolic link to <some path>" instead.

This behavior of the "file" command depends on the environment variable
POSIXLY_CORRECT. In order to not depend on this, this commit adds the
-L option (follow symlinks).

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: remove utee_misc.h and utee_misc.c

utee_misc.{h,c} contain an unused function: utee_get_ta_exec_id(), and
nothing else. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>

libutee: remove utee_misc.h and utee_misc.c

utee_misc.{h,c} contain an unused function: utee_get_ta_exec_id(), and
nothing else. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

clang: use llvm-objdump

Clang version 9.0.0 has a llvm-objdump tool that provides equivalent
output to the binutils version. Let's use it and remove the hack in
mk/clang.mk.

With this, it is possib

clang: use llvm-objdump

Clang version 9.0.0 has a llvm-objdump tool that provides equivalent
output to the binutils version. Let's use it and remove the hack in
mk/clang.mk.

With this, it is possible to build OP-TEE with Clang and without a GCC
toolchain.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) en

get_maintainer.py: add --release-to

Adds an option to scripts/get_maintainer.py showing the email addresses
to be used for release announcements. All addresses in Maintainer (M:)
or Reviewer (R:) entries are shown.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Revert "ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk"

This reverts commit 59e8ef0dcb3773964fd133d0a9360989cb86108f.

The default value for CFG_FTRACE_BUF_SIZE needs to be in the TA link
script

Revert "ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk"

This reverts commit 59e8ef0dcb3773964fd133d0a9360989cb86108f.

The default value for CFG_FTRACE_BUF_SIZE needs to be in the TA link
script ta.ld.S, because this file is *not* pre-processed before being
added to the TA dev kit. Replacement of CFG_* values only happens when
the TA is built, at which point mk/config.mk is irrelevant. It makes
sense of course, since it allows to change TA settings and re-build
only the TA.

Fixes the following TA link error:

$ make CFLAGS_ta_arm32=-pg
[...]
bin/arm-linux-gnueabihf-ld.bfd:out/ta.lds:57: undefined symbol `CFG_FTRACE_BUF_SIZE' referenced in expression

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

MAINTAINERS: fix my email address

An extra dot is present in my email address in the "Hisilicon
Hi3519AV100 family" subsystem. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Revi

MAINTAINERS: fix my email address

An extra dot is present in my email address in the "Hisilicon
Hi3519AV100 family" subsystem. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to e

core: Add support to access a TPM event log in secure memory.

Support for OPTEE to be able to receive a TPM event log through
a DTB so it can forward it to a TA (such as a TPM service)
in order to extend the measurements.

CFG_CORE_TPM_EVENT_LOG enables this feature.
CFG_TPM_LOG_BASE_ADDR hardcodes the phys address of the event log
in case CFG_DT is not set.
CFG_TPM_MAX_LOG_SIZE harcodes the size of the event log in case
CFG_DT is not set.

When this feature is enabled, the PTA_SYSTEM_GET_TPM_EVENT_LOG
command is available to any TA.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

imx: enable CFG_TZC380 for supported SoCs

Enable the region autoconfiguration for supported SoCs by default.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faur

imx: enable CFG_TZC380 for supported SoCs

Enable the region autoconfiguration for supported SoCs by default.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

imx: tzc380: move to driver_init() initcall

Instead of configuring the tzc380 in plat_primary_init_early, handle the
configuration similar to all other drivers by using a driver_init()
initcall.

Si

imx: tzc380: move to driver_init() initcall

Instead of configuring the tzc380 in plat_primary_init_early, handle the
configuration similar to all other drivers by using a driver_init()
initcall.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

imx: tzc380: dump state

Instead of only showing the access register, dump the whole
configuration state of the TZC380.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Cl

imx: tzc380: dump state

Instead of only showing the access register, dump the whole
configuration state of the TZC380.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

imx: tzc380: perform a region lockdown

Lockdown the region configuration after the auto configuration of
regions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement

imx: tzc380: perform a region lockdown

Lockdown the region configuration after the auto configuration of
regions.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

tzc380: add lockdown and action to tzc_dump_state

Also dump the lockdown and action configuration while dumping the TZC380
configuration state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengut

tzc380: add lockdown and action to tzc_dump_state

Also dump the lockdown and action configuration while dumping the TZC380
configuration state.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

tzc380: add function to lockdown regions

The TZC380 allows a lockdown of the region configuration to prevent
unintended or malicious configuration changes. Add a function which
locks down all region

tzc380: add function to lockdown regions

The TZC380 allows a lockdown of the region configuration to prevent
unintended or malicious configuration changes. Add a function which
locks down all regions of the current configuration

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Reviewed-by: Clement Faure <clement.faure@nxp.com>

show more ...

ta: pkcs11: set TA version property mandated by GPD

Set version property "gpd.ta.version" of the TA to the version
information set in TA API through macros PKCS11_TA_VERSION_MAJOR,
PKCS11_TA_VERSION

ta: pkcs11: set TA version property mandated by GPD

Set version property "gpd.ta.version" of the TA to the version
information set in TA API through macros PKCS11_TA_VERSION_MAJOR,
PKCS11_TA_VERSION_MINOR and PKCS11_TA_VERSION_PATCH.

This change also adds a short description in "gpd.ta.description".

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...