Fix signing libraries

Libraries are signed if OP-TEE is compiled with the non-default
CFG_ULIBS_SHARED=y configuration option.

With 1cdd95a2a46d ("Support offline signing of TAs.") the sign.py scri

Fix signing libraries

Libraries are signed if OP-TEE is compiled with the non-default
CFG_ULIBS_SHARED=y configuration option.

With 1cdd95a2a46d ("Support offline signing of TAs.") the sign.py script
no longer supports the --version switch and instead gives an error like:
SIGN ../out-os-qemu/ta_arm32-lib/libutee/527f1a47-b92c-4a74-95bd-72f19f4a6f74.ta
usage:
sign.py command [ arguments ]

command:
sign Generate signed loadable TA image file.
Takes arguments --uuid, --in, --out and --key.
digest Generate loadable TA binary image digest for offline
signing. Takes arguments --uuid, --in and --dig.
stitch Generate loadable signed TA binary image file from
TA raw image and its signature. Takes arguments
--uuid, --in, --out, and --sig.

sign.py --help show available commands and arguments
sign.py: error: argument command: invalid choice: '0' (choose from 'sign', 'digest', 'stitch', 'generate-digest', 'stitch-ta')
mk/lib.mk:83: recipe for target '../out-os-qemu/ta_arm32-lib/libutee/527f1a47-b92c-4a74-95bd-72f19f4a6f74.ta' failed

With this patch the switch "--version 0" is removed when signing
libraries.

Fixes: 1cdd95a2a46d ("Support offline signing of TAs.")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

build: fix TA signing offline signing script

The script now exits with a return value of 1 instead of 0 if the
key is not usable for signing.
A typo in regenerating the digest during stitching was f

build: fix TA signing offline signing script

The script now exits with a return value of 1 instead of 0 if the
key is not usable for signing.
A typo in regenerating the digest during stitching was fixed.
Command dispatching was simplified.

Fixes: 1cdd95a2a46d ("Support offline signing of TAs.")
Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

rpmb: fix parsing of op_result

From the eMMC spec, the "Operation result" (Table 19) -- 7 bit quantity
-- is the LSB of "Operation Results data structure" -- 16-bit quantity
-- minus the high order

rpmb: fix parsing of op_result

From the eMMC spec, the "Operation result" (Table 19) -- 7 bit quantity
-- is the LSB of "Operation Results data structure" -- 16-bit quantity
-- minus the high order bit. In other words it is
'rpmb_data_frame::op_result[1] & 0x7F' which is probably what we should
be doing here instead of bytes_to_u16().

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: Convert comment about error into EMSG

This will give users more details without having to sift through the
code.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Fori

rpmb: Convert comment about error into EMSG

This will give users more details without having to sift through the
code.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: verify key: change DMSG to EMSG

Rather than printing all results with DMSG, it's more suitable to
print only errors with EMSG.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-b

rpmb: verify key: change DMSG to EMSG

Rather than printing all results with DMSG, it's more suitable to
print only errors with EMSG.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: print error if derive key fails

Let users know if an RPMB key fails to be generated during RPMB
initializations instead of just exiting the function quietly.

Signed-off-by: Victor Chong <vict

rpmb: print error if derive key fails

Let users know if an RPMB key fails to be generated during RPMB
initializations instead of just exiting the function quietly.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: dump key if CFG_RPMB_WRITE_KEY=y

If we want to write key, then we'd want to write it down as well, so
print it for records.

Note that the key is printed with severity TRACE_DEBUG hence a rele

rpmb: dump key if CFG_RPMB_WRITE_KEY=y

If we want to write key, then we'd want to write it down as well, so
print it for records.

Note that the key is printed with severity TRACE_DEBUG hence a release
build will not leak it.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

rpmb: write key only if not yet programmed

An RPMB key should only be written if the device returns
RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED, not on any RPMB_RESULT* that is
not RPMB_RESULT_OK.

Signed-o

rpmb: write key only if not yet programmed

An RPMB key should only be written if the device returns
RPMB_RESULT_AUTH_KEY_NOT_PROGRAMMED, not on any RPMB_RESULT* that is
not RPMB_RESULT_OK.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: imx: add imx6sll evk board support

Add i.MX6SLL EVK board support.
Add mx6sllevk platform flavor.

Signed-off-by: Bai Ping <ping.bai@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.co

core: imx: add imx6sll evk board support

Add i.MX6SLL EVK board support.
Add mx6sllevk platform flavor.

Signed-off-by: Bai Ping <ping.bai@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: add imx6sl evk board support

Add i.MX6SL EVK board support.
Add mx6slevk platform flavor.

Signed-off-by: Bai Ping <ping.bai@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>

core: imx: add imx6sl evk board support

Add i.MX6SL EVK board support.
Add mx6slevk platform flavor.

Signed-off-by: Bai Ping <ping.bai@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: move SRC functions to a dedicated file

Move SRC functions from imx-common.c to a dedicated file imx_src.c

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Etienne Carr

core: imx: move SRC functions to a dedicated file

Move SRC functions from imx-common.c to a dedicated file imx_src.c

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: split registers declaration

Split imx registers declaration into separate files for imx6, imx7 and
imx8m.
Move it to a separate registers folder.

Signed-off-by: Silvano di Ninno <silvano

core: imx: split registers declaration

Split imx registers declaration into separate files for imx6, imx7 and
imx8m.
Move it to a separate registers folder.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Alessandro Di Chiara <alessandro.dichiara@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: imx: update PL310 settings for mx6sx

Update and fix PL310 settings for mx6sx.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: imx: fix mx7swarp7 build

Split mx7 flavor list into two flavor lists:
* mx7s-flavorlist
* mx7d-flavorlist

Fix build error for mx7swarp7 platforms:
core/arch/arm/plat-imx/conf.mk:150: *** CF

core: imx: fix mx7swarp7 build

Split mx7 flavor list into two flavor lists:
* mx7s-flavorlist
* mx7d-flavorlist

Fix build error for mx7swarp7 platforms:
core/arch/arm/plat-imx/conf.mk:150: *** CFG_TEE_CORE_NB_CORE is set
to '2' (from file) but its value must be '1'. Stop.

Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Signed-off-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Remove unnecessary __aeabi functions

Some of the aeabi functions provided are undocumented and are not called
from anywhere. This patch removes them entirely.

Reviewed-by: Jens Wiklander <jens.wikl

Remove unnecessary __aeabi functions

Some of the aeabi functions provided are undocumented and are not called
from anywhere. This patch removes them entirely.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>

show more ...

gen_ldelf_hex.py: print how to obtain elftools module

There is recurring problem when OP-TEE build fails with cryptic
message from this python script. It occurs when user forgets to
install elftools

gen_ldelf_hex.py: print how to obtain elftools module

There is recurring problem when OP-TEE build fails with cryptic
message from this python script. It occurs when user forgets to
install elftools python module.

Print human-readable error message with instructions how to install
it.

This is mere convenience, with no functional changes to the script
itself.

Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Support offline signing of TAs.

Add generate-digest and stitch-ta support to script sign.py. One can
generate a digest for the loadable TA file, sign it offline and later
stitch the generated signat

Support offline signing of TAs.

Add generate-digest and stitch-ta support to script sign.py. One can
generate a digest for the loadable TA file, sign it offline and later
stitch the generated signature to the loadable TA binary file.

For this purpose sign.py gets an extra initial command argument to select
between sign/digest/stitch operations. If no command is provided, `sign`
is assumed, preserving previous usage.

Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

plat-ls: add LS1028ARDB platform

Adds support for the The Layerscape® LS1028A reference
design board (LS1028ARDB) from NXP.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Joaki

plat-ls: add LS1028ARDB platform

Adds support for the The Layerscape® LS1028A reference
design board (LS1028ARDB) from NXP.

Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

In-tree TAs: avoid recompiling when a library changes

When a library is changed (libutee.a, libutils.a, etc.) the in-tree TAs
are re-built from scratch. We can easily avoid recompilation and only
re

In-tree TAs: avoid recompiling when a library changes

When a library is changed (libutee.a, libutils.a, etc.) the in-tree TAs
are re-built from scratch. We can easily avoid recompilation and only
re-link instead.

For example, without this patch:
$ make -s -j10
$ touch out/arm-plat-vexpress/export-ta_arm32/lib/libutee.a
$ make out/arm-plat-vexpress/ta/avb/023f8f1a-292a-432b-8fc4-de8471358067.elf
CHK out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
CHK out/arm-plat-vexpress/conf.cmake
CC out/arm-plat-vexpress/ta/avb/entry.o
CC out/arm-plat-vexpress/ta/avb/user_ta_header.o
AS out/arm-plat-vexpress/ta/avb/ta_entry_a32.o
LD out/arm-plat-vexpress/ta/avb/023f8f1a-292a-432b-8fc4-de8471358067.elf

With this patch applied:
$ make -s -j10
$ touch out/arm-plat-vexpress/export-ta_arm32/lib/libutee.a
$ make out/arm-plat-vexpress/ta/avb/023f8f1a-292a-432b-8fc4-de8471358067.elf
CHK out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
LD out/arm-plat-vexpress/ta/avb/023f8f1a-292a-432b-8fc4-de8471358067.elf

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove user_ta_map() and friends

Removes the functions user_ta_map(), user_ta_unmap(), user_ta_set_prot()
and user_ta_remap() since what was left of them was just thin wrappers
around the vm_*

core: remove user_ta_map() and friends

Removes the functions user_ta_map(), user_ta_unmap(), user_ta_set_prot()
and user_ta_remap() since what was left of them was just thin wrappers
around the vm_* counterpart.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct load_seg

Removes struct load_seg, the mobj stored in struct load_seg is already
stored in struct vm_region. A flag VM_FLAG_EXCLUSIVE_MOBJ is added to
indicate that the mobj in st

core: remove struct load_seg

Removes struct load_seg, the mobj stored in struct load_seg is already
stored in struct vm_region. A flag VM_FLAG_EXCLUSIVE_MOBJ is added to
indicate that the mobj in struct vm_region should be freed instead of
just ignored when removing a region.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: store file pointer in struct mobj_with_fobj

Stores the file pointer in struct mobj_with_fobj instead of in struct
load_seg. When the mobj is freed the stored file pointer has its
reference cou

core: store file pointer in struct mobj_with_fobj

Stores the file pointer in struct mobj_with_fobj instead of in struct
load_seg. When the mobj is freed the stored file pointer has its
reference counter decreased instead of relying on free_seg() to do it
when the struct load_seg is freed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add VM_FLAG_READONLY

Adds VM_FLAG_READONLY which is used to enforce that read-only parts of a
TA binary shared between TAs cannot be mapped read/write.

Reviewed-by: Jerome Forissier <jerome.f

core: add VM_FLAG_READONLY

Adds VM_FLAG_READONLY which is used to enforce that read-only parts of a
TA binary shared between TAs cannot be mapped read/write.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_ta_remap() use vm_remap()

user_ta_remap() switches to use vm_remap() instead of vm_unmap() and
vm_map_pad().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Je

core: user_ta_remap() use vm_remap()

user_ta_remap() switches to use vm_remap() instead of vm_unmap() and
vm_map_pad().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add vm_get_flags()

Adds vm_get_flags() which returns the flags of a mapped region.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@li

core: add vm_get_flags()

Adds vm_get_flags() which returns the flags of a mapped region.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...