shippable: generate deprecated v1 images

Modifies two targets to also generate the deprecated v1 images.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklan

shippable: generate deprecated v1 images

Modifies two targets to also generate the deprecated v1 images.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: re

core: fix generation of tee.bin

Prior to this patch generation of tee.bin (CFG_WITH_PAGER=n) fails with:
GEN out/core/tee.bin
Cannot find symbol __init_end
core/arch/arm/kernel/link.mk:183: recipe for target 'out/core/tee.bin' failed

Introduce a special __get_tee_init_end to fix this and also avoid
confusion with __init_end used in the code for the pager case.

Fixes: 5dd1570ac5b0 ("core: add embedded data region")
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linar

core: imx: fix CFG_DRAM_BASE for imx8qm/qxp

The CFG_DRAM_BASE on imx8qm and imx8qxp is 0x80000000

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open

core: remove unreachable code from tee_tadb_ta_open()

Prior to this patch tee_tadb_ta_open() had some unreachable code. With
this patch remove that code, but retain the behaviour of
tee_tadb_ta_open().

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

core: add description of struct tadb_entry

Adds description of the fields in struct tadb_entry.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <j

core: add description of struct shdr_bootstrap_ta

Adds a description of the fields in struct shdr_bootstrap_ta.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of

mem_usage.py: stop parsing file when _end_of_ram is reached

Since commit 5966660c02b3 ("core: move relocation to embedded data
region"), when ASLR is enabled, some sections are stored at the end of
tee.elf for use by gen_tee_bin.py which then discards them. As a
result, they are not present in the final binary and should not be
reported by the memory usage script.

By ignoring any section past the _end_of_ram symbol, we avoid reporting
those discarded sections as well as a hole before them.

Before:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E301E04 size 00201E04 2056 KiB 514 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB
*hole* 0E176B80 - 0E300000 size 00189480 1573 KiB
.dynamic 0E300000 - 0E300098 size 00000098 0 KiB
.hash 0E300098 - 0E3000B0 size 00000018 0 KiB
.dynsym 0E3000B0 - 0E3000E0 size 00000030 0 KiB
.dynstr 0E3000E0 - 0E3000E1 size 00000001 0 KiB
*hole* 0E3000E1 - 0E3000E4 size 00000003 0 KiB
.rel 0E3000E4 - 0E301E04 size 00001D20 7 KiB

After:

$ make -s CFG_CORE_ASLR=y
$ scripts/mem_usage.py out/arm-plat-vexpress/core/tee.elf
RAM Usage 0E100000 - 0E176B80 size 00076B80 475 KiB 119 pages
.text 0E100000 - 0E12FA68 size 0002FA68 190 KiB
*hole* 0E12FA68 - 0E130000 size 00000598 1 KiB
.rodata 0E130000 - 0E140598 size 00010598 65 KiB
.gnu.hash 0E140598 - 0E1405B0 size 00000018 0 KiB
.got 0E1405B0 - 0E1406F8 size 00000148 0 KiB
.ARM.exidx 0E1406F8 - 0E142B78 size 00002480 9 KiB
.ARM.extab 0E142B78 - 0E143274 size 000006FC 1 KiB
*hole* 0E143274 - 0E144000 size 00000D8C 3 KiB
.data 0E144000 - 0E145410 size 00001410 5 KiB
.bss 0E145410 - 0E1509A8 size 0000B598 45 KiB
.heap1 0E1509A8 - 0E164000 size 00013658 77 KiB
.nozi 0E164000 - 0E176B80 size 00012B80 74 KiB

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissie

scripts/sign_encrypt.py: remove pycrypto workaround

Removes workaround for a difference in how the size of a RSA key is
determined in pycrypto compared to pycryptodome.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulne

scripts/sign_encrypt.py: Sign TA using PSS

Switches from the algorithm TEE_ALG_RSASSA_PKCS1_V1_5_SHA256 to
TEE_ALG_RSASSA_PKCS1_PSS_MGF1_SHA256 when signing TAs. Even though there
are no known vulnerabilities in PCKS#1 RSASSA V1.5 at this date there
has been issues in the past (for instance Bleichenbacher).

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
cr

core: shdr_verify_signature() supply hash length for salt length

In order to support the TEE_ALG_RSASSA_PKCS1_PSS_MGF1_* group of
algorithms supply the size of the hash as the size of the salt to
crypto_acipher_rsassa_verify().

A salt is something introduced by PCKS1_PSS, PKCS1_V1.5 does not have a
salt and the parameter will be ignored by crypto_acipher_rsassa_verify()
for the latter.

With the PCKS1_PSS algorithm it is common practice to use a salt with
the same size as the hash, but it is not a requirement. The
implementation here depends on using a salt with the same size as the
hash. This is a compromise to avoid extending the signed header with a
salt length field.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.ga

core: ftrace: dump core load address to support ASLR

Additionally dump core address in ftrace buffer to support syscall
tracing in case TEE core ASLR is enabled.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: s/Load address @/TEE load address @/]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

symbolize.py: fix decoding of ftrace dumps containing syscalls

When decoding an ftrace file with syscall tracing enabled [1], the
kernel functions are not resolved and show question marks instead.

[1] $ make CFG_FTRACE_SUPPORT=y CFG_SYSCALL_FTRACE=y CFG_ULIBS_MCOUNT=y \
CFLAGS_ta_arm32=-pg
[run test and copy content of /tmp/ftrace*]
$ optee_os/scripts/symbolize.py -d optee_os/out/arm/core \
-d out-br/build/optee_test-1.0/ta/*/out
[paste ftrace log here]

Fixes: 105e09c24479 ("symbolize.py: add support for TEE core ASLR")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Sumit Garg <sumit.garg@linaro.org>

show more ...

Update Broadcom DRAM2 base and size

Update Broadcom DRAM2 base and size
Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into s

pta: bcm: Add PTA to handle Broadcom error logs

Add PTA to handle Broadcom error logs.
The PTA supports following ops:
- Obtaining error logs
- Obtaining crash dumps and
- Loading firmware into secure ddr memory region

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gp

pta: bcm: Add Broadcom gpio PTA

Add Broadcom gpio PTA
The PTA supports below operations on the GPIO pin:
- Configure gpio pin to input/output
- Set value on output gpio pin
- Get value from gpio pin

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jero

drivers: Add func to config gpio pin for secure access

Add func to config gpio pin for secure access

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier

drivers: Update Broadcom gpio base and num gpios

Update Broadcom gpio base and num gpios

Signed-off-by: Sheetal Tigadoli <sheetal.tigadoli@broadcom.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not

scripts/gen_tee_bin.py: convert symbol and section name to strings

Older versions of pyelftools return symbol and section names as byte
arrays rather than plain strings. As a result, symbols are not found:

$ make
...
GEN out/arm/core/tee-header_v2.bin
Cannot find symbol _start
core/arch/arm/kernel/link.mk:191: recipe for target 'out/arm/core/tee-header_v2.bin' failed
make[1]: *** [out/arm/core/tee-header_v2.bin] Error 1

(This error was observed when building on Ubuntu 16.04.)

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to

Remove script/llvm-objcopy-wrapper

The llvm-objcopy-wrapper script was introduced in commit 98d863a5c0b2
("Experimental Clang support") because llvm-objcopy would not support
some options needed to produce the final TEE binaries from tee.elf or
cause errors when building them. However, since commit 1a9edabc0ed4
("core: link.mk: use gen_tee_bin.py"), objcopy is not used for this
purpose anymore. Thus we can safely use llvm-objcopy.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The defa

TA dev kit: add support for TA encryption

Add CFG_ENCRYPT_TA as TA build time configuration option to enable
encryption of TA using encryption key provided via TA_ENC_KEY build
time option. The default value of TA_ENC_KEY is derived from 16 zero
bytes default hardware unique key.

Also rename scripts/sign.py to scripts/sign_encrypt.py to reflect
optional encryption support along with signing of TAs.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encry

core: add framework to load REE-FS encrypted TAs

Add framework to support loading of encrypted TAs from REE-FS using
symmetric authenticated encryption scheme supported by OP-TEE.

The default encryption key is derived from hardware unique key which
can be overridden via platform specific encryption key.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere

core: arm32: bugfix booting second cpu with ASLR

Fixes crashing second cpu when booting with ASLR enabled.

Fixes: 170e9084a84f ("core: add support for CFG_CORE_ASLR")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called o

core: add plat_primary_init_early()

Adds plat_primary_init_early() which replaces plat_cpu_reset_late().
plat_cpu_reset_late() was called for each cpu, but
plat_primary_init_early() is only called on the primary cpu.

In practice that's not a problem (except for plat-stm, more on that
later) since all the platform specific plat_cpu_reset_late() only does
something if get_core_pos() returns 0, that is on the primary cpu.

On plat-stm SCR is now updated in plat_cpu_reset_early() instead.

This patch is needed because ASLR may relocate OP-TEE to a virtual base
address which differs from the physical base address. This means that
it's not possible to execute C code before MMU has been enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix gen_tee_bin.py to handle STB_LOCAL symbols

Prior to this patch scripts/gen_tee_bin.py only looked for global
symbols (STB_GLOBAL). The linker in some older versions of the gcc
toolchain ma

core: fix gen_tee_bin.py to handle STB_LOCAL symbols

Prior to this patch scripts/gen_tee_bin.py only looked for global
symbols (STB_GLOBAL). The linker in some older versions of the gcc
toolchain makes some of the symbols local (STB_LOCAL) instead. This
patch fixes that by falling back to a local symbol in case a global
cannot be found.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reported-by: Victor Chong <victor.chong@linaro.org>
Fixes: 3c51966baa03 ("core: add scripts/gen_tee_bin.py for boot binaries")
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome

core: remove unused user_ta_ctx::load_addr

Since commit d1911a85142d ("core: load TAs using ldelf"), the load_addr
field in struct user_ta_ctx is not used anymore. Remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...