core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the n

core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the needed
information to troubleshoot the issue. But when the crash occurs on a
remote host (CI for instance), it is sometimes inconvenient or even
impossible to retrieve files other than the console logs. As a result,
it is equally inconvenient or impossible to obtain a symbolized crash
dump (scripts/symbolize.py needs the dump message but also tee.elf).
If the exact build configuration is known, then it is possible to
reproduce the build locally (assuming the same toolchain is also used
which is not a problem in practice) and proceed with debugging.
Unfortunately the values of the CFG_ flags are not always shown in the
logs and omitting only one flag can significantly change the TEE
binary.

This commit introduces CFG_SHOW_CONF_ON_BOOT (default n). When enabled,
the contents of the build configuration file $O/conf.mk is printed
to the secure console during initialization with TRACE_INFO severity.
The file is compressed to reduce memory usage and space used in the
logs, and it is encoded into printable text.

To obtain the conf.mk file, one needs to copy and paste the encoded
text into 'base64 -d | xz -d'. These two commands are also required at
build time when CFG_SHOW_CONF_ON_BOOT is y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/bin_to_c.py: add support for text files

bin_to_c.py may be useful to generate a C file from a text file, not
only from a binary file. This patch adds the --text argument for that
purpose. Wi

scripts/bin_to_c.py: add support for text files

bin_to_c.py may be useful to generate a C file from a text file, not
only from a binary file. This patch adds the --text argument for that
purpose. With --text, the script will:
- define a "const char []" variable,
- error out if a null byte is encountered,
- terminate the input string with a null byte.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Makefile: add .DELETE_ON_ERROR

Adds the special recipe .DELETE_ON_ERROR. As per the GNU make
documentation:

.DELETE_ON_ERROR

If .DELETE_ON_ERROR is mentioned as a target anywhere in the
makefil

Makefile: add .DELETE_ON_ERROR

Adds the special recipe .DELETE_ON_ERROR. As per the GNU make
documentation:

.DELETE_ON_ERROR

If .DELETE_ON_ERROR is mentioned as a target anywhere in the
makefile, then make will delete the target of a rule if it has
changed and its recipe exits with a nonzero exit status, just as it
does when it receives a signal.
[...]
This is almost always what you want make to do, but it is not
historical practice; so for compatibility, you must explicitly
request it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerom

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: build some platforms with Clang

Adds new builds with Clang to the Shippable configuration: QEMU,
QEMUv8, HiKey960 (32 and 64 bits). The docker image is
jforissier/optee_os_ci_clangbui

ci: shippable: build some platforms with Clang

Adds new builds with Clang to the Shippable configuration: QEMU,
QEMUv8, HiKey960 (32 and 64 bits). The docker image is
jforissier/optee_os_ci_clangbuilt (Docker Hub repository [1],
Dockerfile [2]). It contains the previous jforissier/optee_os_ci plus
the Clang compiler and tools built from master and installed in
/usr/local.

Link: [1] https://cloud.docker.com/repository/docker/jforissier/optee_os_ci_clangbuilt
Link: [2] https://github.com/jforissier/docker_optee_os_ci_clangbuilt
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-

Experimental Clang support

Allows building with Clang with "make COMPILER=clang [other flags...]".
The clang command has to be in the $PATH, as well as the associated
tools (clang-cpp, ld.lld, llvm-ar, llvm-nm, llvm-objcopy and
llvm-readelf).

Tested with Clang built from the master branch of [1] (development
version for 9.0):

mkdir build; cd build
cmake -G Ninja -DCMAKE_BUILD_TYPE=Release \
-DCMAKE_INSTALL_PREFIX=~/llvm-install \
-DLLVM_ENABLE_PROJECTS="clang;lld" \
-DLLVM_TARGETS_TO_BUILD="AArch64;ARM" \
~/llvm-project/llvm
ninja && ninja install

Limitations:

- CFG_CORE_SANITIZE_KADDRESS=y is not supported.
- CFG_WITH_PAGER is supported, but requires that the TEE core be
linked with the GNU linker. The reason is documented in
mk/clang.mk.

Bug:

- ldelf assertion failure in xtest 1019 when CFG_ULIBS_SHARED=y (QEMU)
E/LD: assertion 'maps[map_idx].sz == sz' failed at ldelf/ta_elf.c:1114 in ta_elf_print_mappings()
Prevents ldelf from displaying the TA mappings on abort or panic, but
does not seem to cause any other problem.

Link: [1] https://github.com/llvm/llvm-project/commits/8351c327647
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8, pager/no pager)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, 32/64, GP)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat/rcar: fix core numbering for M3 flavor

R-car Gen3 SoCs have consistent core numbering across all
variations: CA57 cluster have core numbers 0-3 and CA53 have
numbers 4-7.

M3 flavor have 6 core

plat/rcar: fix core numbering for M3 flavor

R-car Gen3 SoCs have consistent core numbering across all
variations: CA57 cluster have core numbers 0-3 and CA53 have
numbers 4-7.

M3 flavor have 6 cores: two CA57s and four CA53s. Taking
into account consistent numbering, M3 will have the following
core ids: 0, 1, 3, 5, 6, 7. To fix this, we need to set
CFG_CORE_CLUSTER_SHIFT to 1.

This somewhat abuses implementation of get_core_pos_mpidr(),
but it is not expected, that it will change in the future.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

build: cfg-depends-one, cfg-depends-all: disable variable with ':= n'

Update cfg-depends-one and cfg-depends-all to use ':= n' to disable a
variable instead of setting it to an empty string. Functio

build: cfg-depends-one, cfg-depends-all: disable variable with ':= n'

Update cfg-depends-one and cfg-depends-all to use ':= n' to disable a
variable instead of setting it to an empty string. Functionally
equivalent but looks better.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissie

build: make cfg-one-enabled return 'n' instead of an empty string

Modify cfg-one-enabled in the same way the parent commit modified
cfg-all-enabled.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: make cfg-all-enabled return 'n' instead of an empty string

cfg-all-enabled returns either 'y' or an empty string. Since it is
often used to derive a configuration variable from other ones, it

build: make cfg-all-enabled return 'n' instead of an empty string

cfg-all-enabled returns either 'y' or an empty string. Since it is
often used to derive a configuration variable from other ones, it would
be better to return 'n' instead of an empty string for consistency
(most boolean variables in $O/conf.mk are either 'y' or 'n').

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

symbolize.py: fix exception when stdin is not a terminal

Commit 6b4fc6752b3c ("symbolize.py: disable terminal local echo") uses
termios functions on stdin unconditionally. Unfortunately, this will
c

symbolize.py: fix exception when stdin is not a terminal

Commit 6b4fc6752b3c ("symbolize.py: disable terminal local echo") uses
termios functions on stdin unconditionally. Unfortunately, this will
cause an exception when stdin is not a terminal, for instance:

$ echo Hello | ./script/symbolize.py
Traceback (most recent call last):
File "./scripts/symbolize.py", line 497, in <module>
main()
File "./scripts/symbolize.py", line 484, in main
old = termios.tcgetattr(fd)
termios.error: (25, 'Inappropriate ioctl for device')

Fix the issue by making sure stdin is a TTY before using the termios
functions.

Fixes: 6b4fc6752b3c ("symbolize.py: disable terminal local echo")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Revert "hikey: increase core heap size to 192 kB"

This reverts commit 28c75dbebc49 ("hikey: increase core heap size to
192 kB") which increased the core heap size in order to pass the AOSP
VTS. Unfo

Revert "hikey: increase core heap size to 192 kB"

This reverts commit 28c75dbebc49 ("hikey: increase core heap size to
192 kB") which increased the core heap size in order to pass the AOSP
VTS. Unfortunately, this bigger value does not work well when the pager
is enabled: it causes lots of page faults and a massive slowdown (for
instance, 'xtest 1013' on HiKey620 completes in ~ 1.7 s with the
default heap size of 64 kB but takes ~ 53 s with 192 kB).

Therefore, revert to the previous configuration. A bigger value can
always be set on the command line or by other means when building for
AOSP.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE FS TAs: disable CFG_REE_FS_TA_BUFFERED by default

Now that the TA loader is in user space [1], the main reason why we had
introduced CFG_REE_FS_TA_BUFFERED [2] does not exist anymore. Ther

core: REE FS TAs: disable CFG_REE_FS_TA_BUFFERED by default

Now that the TA loader is in user space [1], the main reason why we had
introduced CFG_REE_FS_TA_BUFFERED [2] does not exist anymore. Therefore
we can set it to 'n' by default, thus saving some time and memory.

[1] commit d1911a85142d ("core: load TAs using ldelf")
[2] commit 7db24ad625b9 ("core: REE FS TAs: add option to verify
signature before processing")

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

symbolize.py: disable terminal local echo

When scripts/symbolize.py is used interactively and the input data is
copied and pasted into the terminal, both the input and output text are
displayed on t

symbolize.py: disable terminal local echo

When scripts/symbolize.py is used interactively and the input data is
copied and pasted into the terminal, both the input and output text are
displayed on the same screen. There is nothing preventing both text
streams from mixing up because it depends on buffering and how Python
reads and flushes its buffers.

Things usually go well with Python 2, but I have observed that Python 3
is more problematic. So the issue needs to be properly addressed. This
patch temporarily disables local echo so that only the processed text is
shown.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix configuration check for CFG_PAGED_USER_TA

The cfg-depends-all function from mk/checkconf.mk has to be enclosed
in a $(eval ...) statement. Fix core/core.mk accordingly.

Signed-off-by: Jer

core: fix configuration check for CFG_PAGED_USER_TA

The cfg-depends-all function from mk/checkconf.mk has to be enclosed
in a $(eval ...) statement. Fix core/core.mk accordingly.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts: convert remainging scripts to python3

Convert the remaining scripts to python3. Mostly done with 2to3 and
manual adjustements to the code afterwards.

Signed-off-by: Rouven Czerwinski <r.cz

scripts: convert remainging scripts to python3

Convert the remaining scripts to python3. Mostly done with 2to3 and
manual adjustements to the code afterwards.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)

show more ...

libutils: relax noreturn label

Replaces attribute label identifier noreturn with __noreturn__ to
prevent conflicts when importing code which defines label noreturn
itself as a macro. This change app

libutils: relax noreturn label

Replaces attribute label identifier noreturn with __noreturn__ to
prevent conflicts when importing code which defines label noreturn
itself as a macro. This change applies suggestion from the GCC
documentation [1], applicable even prio GCC 4.x.x, cited below.

> You may optionally specify attribute names with ‘__’ preceding
> and following the name. This allows you to use them in header
> files without being concerned about a possible macro of the same
> name. For example, you may use the attribute name __noreturn__
> instead of noreturn.

Link: [1] https://gcc.gnu.org/onlinedocs/gcc-8.3.0/gcc/Attribute-Syntax.html#Attribute-Syntax
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey: increase core heap size to 192 kB

To pass VTS in AOSP builds.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

libutee,libdl: remove 0ms timeouts in TA invocations

TEE_OpenTASession(), TEE_InvokeTACommand() calls using 0ms timeout
are replaced with TEE_INFINITE_TIMEOUT to avoid risk of being cancelled.

Sign

libutee,libdl: remove 0ms timeouts in TA invocations

TEE_OpenTASession(), TEE_InvokeTACommand() calls using 0ms timeout
are replaced with TEE_INFINITE_TIMEOUT to avoid risk of being cancelled.

Signed-off-by: Cedric Auger <cauger@provenrun.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

build: prevent produce-* from being forced built before current submodule

Problem:

$ make -s out/arm-plat-vexpress/core/mm/fobj.o
$ rm out/arm-plat-vexpress/ldelf/ldelf.elf
$ rm out/arm-plat-vex

build: prevent produce-* from being forced built before current submodule

Problem:

$ make -s out/arm-plat-vexpress/core/mm/fobj.o
$ rm out/arm-plat-vexpress/ldelf/ldelf.elf
$ rm out/arm-plat-vexpress/core/mm/fobj.o
$ make out/arm-plat-vexpress/core/mm/fobj.o
CHK out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
LD out/arm-plat-vexpress/ldelf/ldelf.elf
GEN out/arm-plat-vexpress/core/ldelf_hex.c
CC out/arm-plat-vexpress/core/mm/fobj.o

Why would fobj.o depend on ldelf.elf and ldelf_hex.c? Answer is: it
shouldn't. This behavior is caused by FORCE-GENSRC$(sm) depending on
all the produce-<something> targets. In fact, such a dependency is
rarely needed. It makes sense for include files for instance; but
certainly not for C source files which are pulled in the build by other
means.

This patch introduces force-gensrc-<something> to prevent the generated
file $(produce-<something>) from being added to FORCE-GENSRC$(sm)
unless $(force-gensrcs-<something>) is "y". The test case above works
as expected:

$ make -s out/arm-plat-vexpress/core/mm/fobj.o
$ rm out/arm-plat-vexpress/ldelf/ldelf.elf
$ rm out/arm-plat-vexpress/core/mm/fobj.o
$ make out/arm-plat-vexpress/core/mm/fobj.o
CHK out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
CC out/arm-plat-vexpress/core/mm/fobj.o

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move sockets PTA to core/tee

The sockets pseudo-TA is architecture-independent. Move it to
core/tee and drop the pta_ prefix which is not really useful.

Signed-off-by: Jerome Forissier <jerom

core: move sockets PTA to core/tee

The sockets pseudo-TA is architecture-independent. Move it to
core/tee and drop the pta_ prefix which is not really useful.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move PTAs from core/arch/arm/pta to core/pta

All pseudo-TAs in core/arch/arm/pta are not architecture-
specific so move them out of the arch directory.

sdp_pta.c is renamed sdp.c since _pta i

core: move PTAs from core/arch/arm/pta to core/pta

All pseudo-TAs in core/arch/arm/pta are not architecture-
specific so move them out of the arch directory.

sdp_pta.c is renamed sdp.c since _pta is redundant.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move test PTAs to core/pta/tests

Moves the test PTAs out of the arch-dependent tree into core/pta/tests.
File names are shortened a bit since the full paths make the purpose
clear.

Signed-off

core: move test PTAs to core/pta/tests

Moves the test PTAs out of the arch-dependent tree into core/pta/tests.
File names are shortened a bit since the full paths make the purpose
clear.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: prepare to move PTAs under core/pta and core/pta/tests

Most pseudo-TAs are currently under core/arch/arm/pta. This is wrong
since none of those are architecture-dependent. This patch creates
c

core: prepare to move PTAs under core/pta and core/pta/tests

Most pseudo-TAs are currently under core/arch/arm/pta. This is wrong
since none of those are architecture-dependent. This patch creates
core/pta and core/pta/tests to prepare for the following scheme:
- PTAs that implement a GP TEE API (sockets, for example) should be in
core/tee
- PTAs that implement other system services should be in /core/pta
- Test PTAs should be in core/pta/tests
- Platform-specific PTAs belong in the platform's directory
- Architecture-specific (but not platform-specific) PTAs should go
in core/arch/$(ARCH)/pta (there are none currently)

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta/gprof.c: remove <arm.h> include

The gprof pseudo-TA does not need <arm.h> so remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@

core: pta/gprof.c: remove <arm.h> include

The gprof pseudo-TA does not need <arm.h> so remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...