core: panic(): don't lose the message in non-debug mode

When CFG_TEE_CORE_DEBUG != y, panic("Some text") prints no file/line/
function information (which is expected in non-debug mode) but it also
i

core: panic(): don't lose the message in non-debug mode

When CFG_TEE_CORE_DEBUG != y, panic("Some text") prints no file/line/
function information (which is expected in non-debug mode) but it also
ignores its parameter. As a result, the console simply shows "Panic"
which is not very helpful.

There is no reason not to print the panic message, so add it.
Note that it is still possible to build a fully silent OP-TEE by
setting the log level to zero.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: plat-ls: Fix gic offsets for platform LS1046ARDB

Fix GIC offsets for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@n

core: plat-ls: Fix gic offsets for platform LS1046ARDB

Fix GIC offsets for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: plat-ls: Enable caam support for platform LS1046ARDB

Enable CAAM support for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.ma

core: plat-ls: Enable caam support for platform LS1046ARDB

Enable CAAM support for platform LS1046ARDB

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

plat-stm32mp1: fix platform regarding ASLR

Remove assertion on MMU disable state in console_init() since
the function can be called from generic_boot.c after MMU is
enabled when ASLR support in Core

plat-stm32mp1: fix platform regarding ASLR

Remove assertion on MMU disable state in console_init() since
the function can be called from generic_boot.c after MMU is
enabled when ASLR support in Core is enabled.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: enable dynamic shared memory

Register dynamic shared memory allowed by the platform that is
the DRAM address ranges below and above the secure DRAM (TZDRAM).

Signed-off-by: Etienne C

plat-stm32mp1: enable dynamic shared memory

Register dynamic shared memory allowed by the platform that is
the DRAM address ranges below and above the secure DRAM (TZDRAM).

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: aslr: fix cached_mem_end update

Fix update of cache_mem_end that corrupts CPU register R4 used to
store a boot argument in Aarch32.

Fixes: 487fd6828322 ("core: aslr: apply load offset to cach

core: aslr: fix cached_mem_end update

Fix update of cache_mem_end that corrupts CPU register R4 used to
store a boot argument in Aarch32.

Fixes: 487fd6828322 ("core: aslr: apply load offset to cached_mem_end")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: fix aarch32 lpae mmu configuration

Correct configuration of the MMU registers TTBR0/TTBR1 for
Aarch32/LPAE that omitted to load a zero value in the 32bit upper
part of the regis

core: generic_entry: fix aarch32 lpae mmu configuration

Correct configuration of the MMU registers TTBR0/TTBR1 for
Aarch32/LPAE that omitted to load a zero value in the 32bit upper
part of the registers.

Fixes: 520860f658be ("core: generic_entry: add enable_mmu()")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

drivers: CAAM: Fix caam_desc_pop() function for 64bit platforms

Fix caam_desc_pop() function for reading the output CAAM job ring
entry for 64-bit platforms.

Signed-off-by: Priyanka Singh <priyanka

drivers: CAAM: Fix caam_desc_pop() function for 64bit platforms

Fix caam_desc_pop() function for reading the output CAAM job ring
entry for 64-bit platforms.

Signed-off-by: Priyanka Singh <priyanka.singh@nxp.com>
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Cedric Neveux <cedric.neveux@nxp.com>

show more ...

core: RPMB FS: Make N_ENTRIES a config variable

Allows to configure the number of FAT fs entries to be read from RPMB
storage in one chunk. Increasing this number makes functions that
traverse the F

core: RPMB FS: Make N_ENTRIES a config variable

Allows to configure the number of FAT fs entries to be read from RPMB
storage in one chunk. Increasing this number makes functions that
traverse the FAT fs read in more entries within a single RPMB read
operation. While this potentially improves RPMB I/O, it comes at the
cost of additional memory required to be allocated on the heap.
Determining an optimal size is platform- and use-case-dependent.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: aslr: set tee_svc_uref_base to VCORE_START_VA

tee_svc_uref_base was using hardcoded TEE_TEXT_VA_START define value.
This value isn't valid after TEE core relocation. Switch to use
VCORE_START_

core: aslr: set tee_svc_uref_base to VCORE_START_VA

tee_svc_uref_base was using hardcoded TEE_TEXT_VA_START define value.
This value isn't valid after TEE core relocation. Switch to use
VCORE_START_VA which is linker variable that should get update after
relocation code executed.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: aslr: apply load offset to cached_mem_end

cached_mem_end was calculated before relocation and use later for D$
flush. Add code to update cached_mem_end with ASLR load offset.

Signed-off-by: K

core: aslr: apply load offset to cached_mem_end

cached_mem_end was calculated before relocation and use later for D$
flush. Add code to update cached_mem_end with ASLR load offset.

Signed-off-by: Khoa Hoang <admin@khoahoang.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

symbolize.py: fix analysis of mixed 32/64 bit ftrace dumps

When an ftrace file that contains both user space and kernel space
calls is analyzed by symbolize.py, any address can be 32 or 64 bits.
For

symbolize.py: fix analysis of mixed 32/64 bit ftrace dumps

When an ftrace file that contains both user space and kernel space
calls is analyzed by symbolize.py, any address can be 32 or 64 bits.
For each address, the resolve() function first obtains the path to the
proper ELF file, then calls spawn_addr2line() to make sure we have a
process that is capable of resolving the address (i.e., either
arm-linux-gnueabihf-addr2line or aarch64-linux-gnu-addr2line).
spawn_addr2line() then calls arch_prefix() to obtain the tool's prefix.
Unfortunately, the ELF file is not supplied, so arch_prefix() assumes
that the first entry in the global list of files is suitable. While this
is true when symbolizing homogeneous dumps (i.e., kernel stacks or
TA + multiple libraries), it does not work for mixed ftrace logs.

This patch addresses the issue by adding the ELF file as an argument to
spawn_addr2line().

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: add line removed by mistake

Commit c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with
pager") has mistakenly removed a line which caches the name of the ELF
file for which ad

symbolize.py: add line removed by mistake

Commit c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with
pager") has mistakenly removed a line which caches the name of the ELF
file for which addr2line was last spawned. As a result, processes keep
being killed and re-started, resulting in a much slower execution.

This commit restores the missing line.

Fixes: c0c57c8fa583 ("symbolize.py: fix stack dump of TEE core with pager")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Empty body for dump_fat() unless log level set to TRACE_FLOW

This patch improves RPMB performance. When called, dump_fat()
traverses the whole list of FAT entries and prints them out using
FMSG(). d

Empty body for dump_fat() unless log level set to TRACE_FLOW

This patch improves RPMB performance. When called, dump_fat()
traverses the whole list of FAT entries and prints them out using
FMSG(). dump_fat() is currently called by write_fat_entry() and
rpmb_fs_setup(). With this commit, dump_fat() is only active when
debugging/tracing, and empty for productive builds.

Signed-off-by: Manuel Huber <mahuber@microsoft.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: introduce CFG_FTRACE_BUF_WHEN_FULL

Function tracing can become extremely slow in case a big buffer size is
used (say, CFG_FTRACE_BUF_SIZE=6000000 instead of the default 2048
bytes). This is

ftrace: introduce CFG_FTRACE_BUF_WHEN_FULL

Function tracing can become extremely slow in case a big buffer size is
used (say, CFG_FTRACE_BUF_SIZE=6000000 instead of the default 2048
bytes). This is because of the "shifting" algorithm used when the buffer
is full, which copies almost the full buffer before inserting a new
line.

In order to mitigate this problem, this patch introduces two new
methods to handle the buffer full condition:

1. Discard existing data and write new lines to the beginning of the
buffer.
2. Stop adding new lines.

The method can be selected at build time with CFG_FTRACE_BUF_WHEN_FULL.
Supported values are "shift", "wrap" and "stop".

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

checkconf.mk: add cfg-check-value

Adds a function to check if a configuration variable has a valid value.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wikla

checkconf.mk: add cfg-check-value

Adds a function to check if a configuration variable has a valid value.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk

The main configuration file is a better place to define the size of the
ftrace buffer than the TA linker script.

Signed-off-by: Jerome Forissier <

ftrace: define CFG_FTRACE_BUF_SIZE in mk/config.mk

The main configuration file is a better place to define the size of the
ftrace buffer than the TA linker script.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add imx6ulzevk platform flavor

Add imx6ulzevk platform flavor.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

drivers: tzc: set maximum region size for tzc_auto_configure()

According to the TZC380 documentation, the AXI address width controls
the upper limit value of the region size.
This fix makes sure tha

drivers: tzc: set maximum region size for tzc_auto_configure()

According to the TZC380 documentation, the AXI address width controls
the upper limit value of the region size.
This fix makes sure that tzc_auto_configure() function will not
allocated a region bigger that the AXI address width.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

core: imx: add default UART for sabreauto boards

Board imx6*sabreauto default UART is UART4 and not UART1.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@fo

core: imx: add default UART for sabreauto boards

Board imx6*sabreauto default UART is UART4 and not UART1.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

ci: travis: Use proper construct for full clone

As per the Travis docs at
https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth to
avoid performing git clones with limited depth, the

ci: travis: Use proper construct for full clone

As per the Travis docs at
https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth to
avoid performing git clones with limited depth, the depth should be set
to "false", not to a large magic number.

Signed-off-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE sho

core: arm32: fix out-of-sync SPSR

On some platforms that use OP-TEE built as ARM32, asynchronous data
aborts are causing innocent TAs to be killed non-deterministically
upon invocations.

OP-TEE should not be trapping asynchronous data aborts by default
(unless for bringups) because they usually indicate memory errors
outside the control of PE's MMU and thus better handled by the normal
world OS. Trapping async data aborts also force-unloads keep-alive TAs,
which defeats the feature.

This (masking async data aborts) turns out to be indeed the expected
behavior as `CPSR.A` is set upon SMC entry. The bit is however mistakenly
cleared upon transitioning from SVC mode (OP-TEE) to user mode (TA) due
to a typo introduced in the following commit:

commit a702f5e71e79 ("core: split thread_enter_user_mode")

where `get_spsr()` should be calling `read_cpsr()` instead of
`read_spsr()` in order to save important bits in CPSR to SPSR prior to
switching to user mode.

More general background at the risk of being pedantic:

Invoking a TA from the REE-OS triggers a series of exception level
transitions: NS.EL1-->[NS.EL2-->]EL3-->[S.EL2-->]S.EL1-->S.EL0.

During each transtion the SPSR of each level except EL0 should be kept
in sync with the level's PSTATE(ARM64) or CPSR(ARM32).

The PSTATE/CPSR is initialized by target level's software when
transitioning from a high level to a lower level. For example OP-TEE
initializes the PSTATE/CPSR upon SMC entry.

The PSTATE/CPSR is saved to the current level SPSR by software prior
to transitioning out to a lower level. The PSTATE/CPSR is restored
from SPSR automatically (without software intervention) upon
"returning" to a highlevel from a lower level.

Fixes: https://github.com/OP-TEE/optee_os/issues/3576

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Ali Zhang <alizhang@google.com>

show more ...

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_

core: protect syscall table lookup from speculation

In user_ta_handle_svc() as part of handling a syscall there's a lookup
in the syscall table which can be subject to a speculation attack.
load_no_speculate() is used to protect the sensitive lookup.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by

Remove libmpa in favor of libmbedtls

We currently have two "big numbers" library, Mbed TLS and MPA. Both can
be used by libutee to implement the TEE Internal Core API Arithmetical
functions, and by the TEE core or pseudo-TAs. This situation is
reflected by two configuration variables allowing to choose between
libmbedtls and libmpa:

- CFG_TA_MBEDTLS_MPI (default y) configures libutee,
- CFG_CORE_MBEDTLS_MPI (default y) configures the TEE core/PTAs.

In addition there is CFG_TA_MBEDTLS (default y, mandatory when
CFG_TA_MBEDTLS_MPI is y) to build libmbedtls and install it into the
SDK for direct use by TAs (libmbedtls also has function to deal with
certificates for instance).

MBed TLS has been supported and used by default for just over a year;
and we have recently found an issue with the MPA implementation of the
integer multiplication with modulus (mpa_mulmod()) [1] [2]. Therefore,
now is a good time to remove libmpa and use libmbedtls instead.

Link: [1] https://github.com/OP-TEE/optee_os/pull/3541#issuecomment-577592381
Link: [2] https://github.com/OP-TEE/optee_test/pull/389
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

core: vm_unmap(): remove length alignment requirement

Removes the requirement that length of memory area to unmap must be page
aligned. The supplied length is instead rounded up to the nearest page.

This fixes a regression with CFG_FTRACE_SUPPORT=y:
E/TC:? 0 assertion '!res' failed at core/arch/arm/kernel/user_ta.c:571 <user_ta_dump_ftrace>

Fixes: cffe74d2446b ("core: fix assigned size of struct mobj_reg_shm")
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...