MAINTAINERS: Add entry for ftrace support

Update MAINTAINERS file with entry for ftrace support and myself as
reviewer.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Joakim Bech <j

MAINTAINERS: Add entry for ftrace support

Update MAINTAINERS file with entry for ftrace support and myself as
reviewer.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: Enable build with ftrace config options

Enable ci build with ftrace config options enabled for both arm and
arm64 platforms.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-b

ci: shippable: Enable build with ftrace config options

Enable ci build with ftrace config options enabled for both arm and
arm64 platforms.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are in

ftrace: Add support for syscall function tracer

This patch adds support for syscall tracing in TEE core. It complements
existing ftrace support for user TAs via adding trace for syscalls that
are invoked by user TAs into the TEE core.

And after this patch ftrace will cover both TA and TEE core code. So lets
rename config option from CFG_TA_FTRACE_SUPPORT to CFG_FTRACE_SUPPORT.

It is optional to enable syscall trace via CFG_SYSCALL_FTRACE=y config
option in addition to CFG_FTRACE_SUPPORT=y config option.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: core: prepare support for syscall ftrace

Enable compilation of ftrace library code for TEE core.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@fori

ftrace: core: prepare support for syscall ftrace

Enable compilation of ftrace library code for TEE core.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

ftrace: move ftrace code from libutee to libutils

Since TEE core and TA can share most of ftrace library code, so move
ftrace code from libutee to libutils library which is shared among TEE
core and

ftrace: move ftrace code from libutee to libutils

Since TEE core and TA can share most of ftrace library code, so move
ftrace code from libutee to libutils library which is shared among TEE
core and TA.

Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is n

core: Add support for multi-threaded MPIDR values

If the MT bit is set the affinities are shifted in the MPIDR register
so the get_core_pos_mpidr function needs to be modified accordingly.
This is necessary to make OP-TEE to be able to run on multi-threaded
systems. The number of threads/core can be modified by the
CFG_CORE_THREAD_SHIFT makefile parameter. The default value is the
existing single threaded mode.

Signed-off-by: Imre Kis <imre.kis@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update CHANGELOG for 3.7.0

Update CHANGELOG for 3.7.0

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Akshay Bhat <akshay.bhat@timesys.com> (Atmel SAM)
Tested-by: Andrew F. Davis <af

Update CHANGELOG for 3.7.0

Update CHANGELOG for 3.7.0

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Akshay Bhat <akshay.bhat@timesys.com> (Atmel SAM)
Tested-by: Andrew F. Davis <afd@ti.com> (plat-k3, plat-ti)
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> WaRP7
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6sxsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulevk, mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mm, mx8mn, mx8mq)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960, GP)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey, GP)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (FVP)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (Rpi3b)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (Rpi3b with NFS)
Tested-by: Michael Grand <michael.grand.mg@gmail.com> ZynqMP (zcu102, ultra96v1)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-imx8mqevk)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (Developerbox)
Tested-by: Victor Chong <victor.chong@linaro.org> (Hikey620 AOSP)

show more ...

scripts: add update_changelog.py

Add a simple helper script that makes the tedious and slightly error
prone update process easier and more stable.

Usage example:
$ ./scripts/update_changelog.py -

scripts: add update_changelog.py

Add a simple helper script that makes the tedious and slightly error
prone update process easier and more stable.

Usage example:
$ ./scripts/update_changelog.py --changelog-file CHANGELOG.md \
--release-version 3.7.0 --previous-release-version 3.6.0 \
--release-date 2019-10-18

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add suppor

core: fix null terminator in PTA dlsym

Correct misplaced null terminator character in PTA system when invoking
ldelf entry to look for a target symbol.

Fixes: ebef121c1f5c ("core, ldelf: add support for runtime loading of shared libraries")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
[jf: edit subject line]
Signed-off-by: Jerome Forissier <jerome@forissier.org>

show more ...

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number cor

ltc: check range in _rijndael_ecb_ functions

There is no check that the 'skey' structure has been properly
initialized. For example, the skey->rijndael.Nr is assumed to contain a
positive number corresponding to the number of AES rounds to perform. In
_rijndael_ecb_encrypt the skey->rijndael.Nr is subtracted by two, which
can result in an integer underflow if the structure hasn't been
initialized correctly.

By clamping the value for skey->rijndael.Nr into the valid rounds for
AES we can return an error instead of ending up reading outside the
boundaries (of skey->rijndael.eK).

Patch manually picked from [1].

Link: [1] https://github.com/libtom/libtomcrypt/commit/7b4a5c1dcf2803e9c6cbcbc2458db9317e6fb8ca
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

Fixes #507 in LTC - vulnerability in der_decode_utf8_string()

Fix a vulnerability in der_decode_utf8_string as specified here:
https://github.com/libtom/libtomcrypt/issues/507

Patch manually picked

Fixes #507 in LTC - vulnerability in der_decode_utf8_string()

Fix a vulnerability in der_decode_utf8_string as specified here:
https://github.com/libtom/libtomcrypt/issues/507

Patch manually picked from:
https://github.com/libtom/libtomcrypt/commit/25c26a3b7a9ad8192ccc923e15cf62bf0108ef94

Signed-off-by: Luigi Coniglio <werew@ret2libc.com>
[Joakim Bech: Extended commit message]
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU v7)
Acked-by: Jerome Forissier <jerome@forissier.org>

show more ...

core: early_ta: fix tag hash calculation

Previously correct output due to the order of execution (tag is
calculated before any reads) and crypto_hash_final taking the minimum
of digest length and bu

core: early_ta: fix tag hash calculation

Previously correct output due to the order of execution (tag is
calculated before any reads) and crypto_hash_final taking the minimum
of digest length and buffer length, but this will be more reliable.

Signed-off-by: Daniel McIlvaney <damcilva@microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: prevent direct calls to update and final functions

With inconsistent or malformed data it has been possible to call
"update" and "final" crypto functions directly. Using a fuzzer tool [1]
we h

cryp: prevent direct calls to update and final functions

With inconsistent or malformed data it has been possible to call
"update" and "final" crypto functions directly. Using a fuzzer tool [1]
we have seen that this results in asserts, i.e., a crash that
potentially could leak sensitive information.

By setting the state (initialized) in the crypto context (i.e., the
tee_cryp_state) at the end of all syscall_*_init functions and then add
a check of the state at the beginning of all update and final functions,
we prevent direct entrance to the "update" and "final" functions.

[1] https://github.com/MartijnB/optee_fuzzer

Fixes: OP-TEE-2019-0021

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: ensure that mode is cipher in syscall_cipher_init

When calling syscall_cipher_init there is no check being done that the
state coming from the TA has been initialized to a valid cipher state.

cryp: ensure that mode is cipher in syscall_cipher_init

When calling syscall_cipher_init there is no check being done that the
state coming from the TA has been initialized to a valid cipher state.
By checking the class we prevent an assert in cipher_ops.

Fixes: OP-TEE-2019-0020

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cryp: ensure that mode is AE in syscall_authenc_ functions

When doing calls to syscall_authenc_xyz functions (all of them except
syscall_authenc_init) there is no check being done that the state com

cryp: ensure that mode is AE in syscall_authenc_ functions

When doing calls to syscall_authenc_xyz functions (all of them except
syscall_authenc_init) there is no check being done that the state coming
from the TA has been initialized to a valid authenticated encryption
state. As a consequence of that it's possible to redirect execution to
other functions. Doing like that will make TEE core end up with a data
abort.

Fixes: OP-TEE-2019-0019

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Martijn Bogaard <bogaard@riscure.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ldelf: increase heap size from 8 to 12 KiB

The ldelf heap is not big enough to load some 64-bit TAs with several
shared libraries such as xtest 1006 when CFG_ULIBS_SHARED=y:

* regression_1006 Test

ldelf: increase heap size from 8 to 12 KiB

The ldelf heap is not big enough to load some 64-bit TAs with several
shared libraries such as xtest 1006 when CFG_ULIBS_SHARED=y:

* regression_1006 Test Basic OS features
E/LD: copy_section_headers:766 malloc
E/TC:? 0 init_with_ldelf:229 ldelf failed with res: 0xffff000c
E/TC:? 0 tee_ta_open_session:727 Failed. Return error 0xffff000c
regression_1006 FAILED

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey, hikey960: set CFG_TEE_RAM_VA_SIZE to 2 MiB

Commit 8fd4d26f6e22 ("plat-hikey: support generic RAM layout") has
inadvertently removed the platform-specific definition of
TEE_RAM_VA_SIZE for HiK

hikey, hikey960: set CFG_TEE_RAM_VA_SIZE to 2 MiB

Commit 8fd4d26f6e22 ("plat-hikey: support generic RAM layout") has
inadvertently removed the platform-specific definition of
TEE_RAM_VA_SIZE for HiKey platforms. It was 2 MiB before, and became
1 MiB (the default). This commit restores the proper value.

Fixes the following panic on boot (HiKey960, 32-bit TEE core with pager
enabled):

I/TC: Pager is enabled. Hashes: 1824 bytes
I/TC: Pager pool size: 252kB
I/TC: OP-TEE version: 3.6.0-182-g2d7a8964df-dev (gcc version 6.2.1 20161016 (Linaro GCC 6.2-2016.11)) #5 Mon 07 Oct 2019 08:22:21 AM UTC arm
E/TC:0 0 Panic at core/lib/libtomcrypt/mpi_desc.c:39 <get_mp_scratch_memory_pool>
E/TC:0 0 Call stack:
E/TC:0 0 0x3f003a4d

Fixes: 8fd4d26f6e22 ("plat-hikey: support generic RAM layout")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Ca

driver: implement CAAM driver

Add the NXP CAAM drivers:
- Random generator (instantiation and random generation)
- Hash

Signed-off-by: Cedric Neveux <cedric.neveux@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: add imx7ulp CRM registers

Add imx7ulp CRM registers in a header file.

Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic

core: tadb.c: get rid of atomic reference counting

This commit changes the way the tadb_db global variable is protected
against concurrent access on creation and deletion. Instead of using an
atomic reference counter (struct refcount) and a mutex, only the mutex
is used and taken unconditionally. The reference count becomes a global
integer protected by the same mutex.

Using a struct refcount was apparently an optimization to avoid taking
the lock unless actual creation or deletion of the tadb_db was needed.
Unfortunately this implementation was causing occasional crashes of the
TEE core (easily reproducible on HiKey running 'xtest 1013' in a loop).
The new implementation is simpler and appears to be rock solid with no
measurable difference in performance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the n

core: add support for dumping build configuration info on boot

During development, we occasionally experience crashes within the TEE
core. When the tests are run locally, the developer has all the needed
information to troubleshoot the issue. But when the crash occurs on a
remote host (CI for instance), it is sometimes inconvenient or even
impossible to retrieve files other than the console logs. As a result,
it is equally inconvenient or impossible to obtain a symbolized crash
dump (scripts/symbolize.py needs the dump message but also tee.elf).
If the exact build configuration is known, then it is possible to
reproduce the build locally (assuming the same toolchain is also used
which is not a problem in practice) and proceed with debugging.
Unfortunately the values of the CFG_ flags are not always shown in the
logs and omitting only one flag can significantly change the TEE
binary.

This commit introduces CFG_SHOW_CONF_ON_BOOT (default n). When enabled,
the contents of the build configuration file $O/conf.mk is printed
to the secure console during initialization with TRACE_INFO severity.
The file is compressed to reduce memory usage and space used in the
logs, and it is encoded into printable text.

To obtain the conf.mk file, one needs to copy and paste the encoded
text into 'base64 -d | xz -d'. These two commands are also required at
build time when CFG_SHOW_CONF_ON_BOOT is y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

scripts/bin_to_c.py: add support for text files

bin_to_c.py may be useful to generate a C file from a text file, not
only from a binary file. This patch adds the --text argument for that
purpose. Wi

scripts/bin_to_c.py: add support for text files

bin_to_c.py may be useful to generate a C file from a text file, not
only from a binary file. This patch adds the --text argument for that
purpose. With --text, the script will:
- define a "const char []" variable,
- error out if a null byte is encountered,
- terminate the input string with a null byte.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Makefile: add .DELETE_ON_ERROR

Adds the special recipe .DELETE_ON_ERROR. As per the GNU make
documentation:

.DELETE_ON_ERROR

If .DELETE_ON_ERROR is mentioned as a target anywhere in the
makefil

Makefile: add .DELETE_ON_ERROR

Adds the special recipe .DELETE_ON_ERROR. As per the GNU make
documentation:

.DELETE_ON_ERROR

If .DELETE_ON_ERROR is mentioned as a target anywhere in the
makefile, then make will delete the target of a rule if it has
changed and its recipe exits with a nonzero exit status, just as it
does when it receives a signal.
[...]
This is almost always what you want make to do, but it is not
historical practice; so for compatibility, you must explicitly
request it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerom

TA dev kit: Clang support

Updates ta/mk/ta_dev_kit.mk and other makefiles so that the COMPILER
variable can be used when building TAs: make COMPILER=clang ...

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: build some platforms with Clang

Adds new builds with Clang to the Shippable configuration: QEMU,
QEMUv8, HiKey960 (32 and 64 bits). The docker image is
jforissier/optee_os_ci_clangbui

ci: shippable: build some platforms with Clang

Adds new builds with Clang to the Shippable configuration: QEMU,
QEMUv8, HiKey960 (32 and 64 bits). The docker image is
jforissier/optee_os_ci_clangbuilt (Docker Hub repository [1],
Dockerfile [2]). It contains the previous jforissier/optee_os_ci plus
the Clang compiler and tools built from master and installed in
/usr/local.

Link: [1] https://cloud.docker.com/repository/docker/jforissier/optee_os_ci_clangbuilt
Link: [2] https://github.com/jforissier/docker_optee_os_ci_clangbuilt
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...