libutee: support dynamic memory mapping

Adds tee_map_zi() and tee_unmap() as wrappers for PTA_SYSTEM_MAP_ZI and
PTA_SYSTEM_UNMAP respectively.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro

libutee: support dynamic memory mapping

Adds tee_map_zi() and tee_unmap() as wrappers for PTA_SYSTEM_MAP_ZI and
PTA_SYSTEM_UNMAP respectively.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: user_ta_entry.c: {to,from}_utee_params()

Use local implementation of to_utee_params() and from_utee_params().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jen

libutee: user_ta_entry.c: {to,from}_utee_params()

Use local implementation of to_utee_params() and from_utee_params().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when th

core: pta_system: support dynamic memory mapping

Adds PTA_SYSTEM_MAP_ZI and PTA_SYSTEM_UNMAP to dynamically map and unmap
user space memory from user space. The memory is automatically freed
when the context of the TA is freed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_system: set TA_FLAG_CONCURRENT

The system pseudo TA is used instead of adding new syscalls. To ensure
concurrent execution and more importantly avoid dead-lock due to
interference with the

core: pta_system: set TA_FLAG_CONCURRENT

The system pseudo TA is used instead of adding new syscalls. To ensure
concurrent execution and more importantly avoid dead-lock due to
interference with the single instance lock and for instance waiting for
page tables when adding new mappings.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix access flags in system_derive_ta_unique_key()

Updates the access flags used to test that the supplied TA buffer is
indeed secure.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.or

core: fix access flags in system_derive_ta_unique_key()

Updates the access flags used to test that the supplied TA buffer is
indeed secure.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add user_ta_set_prot()

Adds user_ta_set_prot() which allows changing protection bits read,
write and execute as long as they don't conflict with page sharing.

Acked-by: Jerome Forissier <jero

core: add user_ta_set_prot()

Adds user_ta_set_prot() which allows changing protection bits read,
write and execute as long as they don't conflict with page sharing.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add user_ta_map() and user_ta_unmap()

Adds user_ta_map() and user_ta_unmap() to create/remove new maps from
user space.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by:

core: add user_ta_map() and user_ta_unmap()

Adds user_ta_map() and user_ta_unmap() to create/remove new maps from
user space.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add TEE_MATTR_SHAREABLE

Adds TEE_MATTR_SHAREABLE to tag mappings that may be shared by other TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <je

core: add TEE_MATTR_SHAREABLE

Adds TEE_MATTR_SHAREABLE to tag mappings that may be shared by other TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_ta: keep load segs in linked list

Keeps the load segments of an ELF in a singly linked list instead of an
array.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by

core: user_ta: keep load segs in linked list

Keeps the load segments of an ELF in a singly linked list instead of an
array.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add vm_map_pad()

Adds vm_map_pad() which allows specifying how much free memory should be
available before and after the map.

This allows mapping the first part of for instance an ELF file wh

core: add vm_map_pad()

Adds vm_map_pad() which allows specifying how much free memory should be
available before and after the map.

This allows mapping the first part of for instance an ELF file while
knowing that the next part which has to be of a certain offset from the
first part also will succeed.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: vm_map changes, only on active context

For easier cache maintenance vm_set_prot() and vm_unmap() requires the
supplied context to be active.

Calls to tee_mmu_set_ctx() is added in vm_set_prot

core: vm_map changes, only on active context

For easier cache maintenance vm_set_prot() and vm_unmap() requires the
supplied context to be active.

Calls to tee_mmu_set_ctx() is added in vm_set_prot() and vm_unmap() as
needed for the changes in mappings to take effect.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wi

core: add vm_unmap()

Adds vm_unmap() to simplify removing mappings previously added with
vm_map().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag(

core: file: refactor interface to be thread safe

Adds file_lock() and file_unlock() to change the lock state of a file.

file_new() is removed, the only way to create a file is with
file_get_by_tag() which will return an empty newly allocated file if
none can be found.

file_add_slice() is added to add slices to a file, one by one.

With this can multiple threads try to load a TA at once, the first one
taking the lock will add all the slices to the file.

The code in user_ta.c and elf_load.c using the <file.h> interface can
be optimized to allow more operations in parallel.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex i

core: lockdep: support lock destroy

With lockdep enabled (CFG_LOCKDEP=y), additional cleanup is needed when
a mutex is destroyed. This patch adds mutex_destroy_check() which is
called when a mutex is destroyed with mutex_destroy(). From
mutex_destroy_check() the corresponding lockdep node and all edges
referring to it are removed.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: sys/queue.h: add STAILQ_REMOVE_AFTER()

Import macro STAILQ_REMOVE_AFTER from FreeBSD.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklande

libutils: sys/queue.h: add STAILQ_REMOVE_AFTER()

Import macro STAILQ_REMOVE_AFTER from FreeBSD.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add SLIST_HEAD() and SLIST_ENTRY() to typedefs.checkpatch

When using BSD queues from <sys/queues.h>, a simple list entry is declared
with a macro:

SLIST_ENTRY(type) var;

This makes checkpatch.pl u

Add SLIST_HEAD() and SLIST_ENTRY() to typedefs.checkpatch

When using BSD queues from <sys/queues.h>, a simple list entry is declared
with a macro:

SLIST_ENTRY(type) var;

This makes checkpatch.pl unhappy because the type is unknown:

WARNING: Missing a blank line after declarations
+ struct file *file;
+ SLIST_ENTRY(load_seg) link;

Checkpatch has the same problem with the macro SLIST_HEAD().

This patch adds a regular expression to typedefs.chackpatch that
matches the macro part, thus fixing the warning.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_

core: introduce OPTEE_SMC_SEC_CAP_VIRTUALIZATION

We need some way to tell normal world if OP-TEE does support
virtualization. Prior to this patch NW had to probe for virtualization by
calling OPTEE_SMC_VM_DESTROYED which is not reliable.

New capability flag OPTEE_SMC_SEC_CAP_VIRTUALIZATION solves this issue.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pem_to_pub_c.py: Rework code to be more pythonic

Instances of open() were wrapped in with statements to ensure proper
closing of files even in the case of errors. This also improves
the readability

pem_to_pub_c.py: Rework code to be more pythonic

Instances of open() were wrapped in with statements to ensure proper
closing of files even in the case of errors. This also improves
the readability of the code.

Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
[jf: add file name to commit subject and use imperative mood]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

pem_to_pub_c.py: Add sanity check for public exponent of TA signing key

This change fixes a potential security vulnerability.

The public exponent of the TA signing key is stored by OP-TEE OS as an

pem_to_pub_c.py: Add sanity check for public exponent of TA signing key

This change fixes a potential security vulnerability.

The public exponent of the TA signing key is stored by OP-TEE OS as an
unsigned 32-bit integer. While rarely seen in the wild, public exponents
that overflow this storage field exist. Although the C compiler usually
generates an overflow warning when such an exponent would be set, this
happens only once after the key was changed and is easily overlooked.
With this change the script throws an exception, notifying the user of the
unsuitable key.

Without the sanity check, such an unsuitable key would simply lead to
TA signature verification failures. However, if the public exponent e
is close to a multiple of 2^32, a small exponent attack to forge a
signature might be feasible.

Signed-off-by: Markus S. Wamser <markus.wamser@mixed-mode.de>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
[jf: add file name to commit subject]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much

core: elf_load_dyn.c: use DT_HASH to lookup symbols faster

Use the ELF hash table to lookup symbols rather than iterating over
the whole symbol table. With this change, relocations are applied
much more quickly. For instance, with QEMU and CFG_ULIBS_SHARED=y, the
average time for the relocation loop in tee_ta_init_user_ta_session()
is reduced from 60-70 ms to 2-3 ms (tested with xtest).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

user_ta: fix spelling mistake in debug message

Fixes a spelling mistake.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by

plat-k3: Add J721E device support

The only difference from AM65x that OP-TEE cares about currently is the
GICC offset and size. Update the same.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: fix enum restart with syscall_storage_start_enum()

According to the GlobalPlatform specification it should be possible to
call TEE_StartPersistentObjectEnumerator(..) on an enumerator that
alr

core: fix enum restart with syscall_storage_start_enum()

According to the GlobalPlatform specification it should be possible to
call TEE_StartPersistentObjectEnumerator(..) on an enumerator that
already has been started. When doing that we trigged an assert and ended
up with a panic. This patch fixes that issue by ensuring that we are
closing the currently open directory before re-opening or opening
another directory in those cases where
TEE_StartPersistentObjectEnumerator(..) are called again and again with
no reset done in-between.

Fixes: https://github.com/OP-TEE/optee_os/issues/3093

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reported-by: Daniel McIlvaney <damcilva@microsoft.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)

show more ...

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused

tee: entry_fast: reduce verbosity of dynamic shared memory message

Outside of the initial boot or error cases OP-TEE is quiet, this
is a notable exception that dirties up the boot log and has caused
confusion during kernel boot by users. It is only needed for
debug purposes.

Reduce this message to only debug verbosity.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)

plat-ti: fix build errors

Fixes build error with PLATFORM=ti-dra7xx and PLATFORM=ti-am43xx:

error: conflicting types for ‘sm_platform_handler’
bool sm_platform_handler(struct sm_ctx *ctx)
^~~~~~~~~~~~~~~~~~~

Fixes: aea0999e2360 ("core: explicit return value for sm_platform_handler()")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...