core: ltc: move rsa wrappers to separate file

Moves the RSA wrappers in tee_ltc_provider.c to its own file, rsa.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: move rsa wrappers to separate file

Moves the RSA wrappers in tee_ltc_provider.c to its own file, rsa.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move ecc wrappers to separate file

Moves the ECC wrappers in tee_ltc_provider.c to its own file, ecc.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: move ecc wrappers to separate file

Moves the ECC wrappers in tee_ltc_provider.c to its own file, ecc.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: move dsa wrappers to separate file

Moves the DSA wrappers in tee_ltc_provider.c to its own file, dsa.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikla

core: ltc: move dsa wrappers to separate file

Moves the DSA wrappers in tee_ltc_provider.c to its own file, dsa.c.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto.c: don't use _CFG_CRYPTO_WITH_ACIPHER

Uses CFG_CRYPTO_RSA, CFG_CRYPTO_DSA, CFG_CRYPTO_DH and CFG_CRYPTO_ECC to
tell if bignum functions needs to be stubbed instead of relying on
_CFG_CR

core: crypto.c: don't use _CFG_CRYPTO_WITH_ACIPHER

Uses CFG_CRYPTO_RSA, CFG_CRYPTO_DSA, CFG_CRYPTO_DH and CFG_CRYPTO_ECC to
tell if bignum functions needs to be stubbed instead of relying on
_CFG_CRYPTO_WITH_ACIPHER which is about to be removed.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move CFG_CORE_MBEDTLS_MPI init to mk/config.mk

Moves default assignment of CFG_CORE_MBEDTLS_MPI into mk/config.mk

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklan

Move CFG_CORE_MBEDTLS_MPI init to mk/config.mk

Moves default assignment of CFG_CORE_MBEDTLS_MPI into mk/config.mk

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move CFG_CRYPTOLIB_{NAME,DIR} init to mk/config.mk

Moves default initialization of CFG_CRYPTOLIB_NAME and CFG_CRYPTOLIB_DIR
to mk/config.mk.

Only assigns default y to CFG_CRYPTO_RSASSA_NA1 in case

Move CFG_CRYPTOLIB_{NAME,DIR} init to mk/config.mk

Moves default initialization of CFG_CRYPTOLIB_NAME and CFG_CRYPTOLIB_DIR
to mk/config.mk.

Only assigns default y to CFG_CRYPTO_RSASSA_NA1 in case
CFG_CRYPTOLIB_NAME == tomcrypt.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: link tee.elf with lib archives

Links tee.elf with the library archives instead of -llibname in order to
detect multiply defined symbols in several libraries.

Acked-by: Jerome Forissier <

core: arm: link tee.elf with lib archives

Links tee.elf with the library archives instead of -llibname in order to
detect multiply defined symbols in several libraries.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: dsa_import() use inlen instead of MAX_RSA_SIZE

Upstream has changed dsa_import() to use inlen instead of MAX_RSA_SIZE.
This is needed when compiling LTC with DSA but without RSA support.

core: ltc: dsa_import() use inlen instead of MAX_RSA_SIZE

Upstream has changed dsa_import() to use inlen instead of MAX_RSA_SIZE.
This is needed when compiling LTC with DSA but without RSA support.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add encrypt key length in AES encrypt API

Adds size of expanded AES encryption key to crypto_aes_expand_enc_key()
and crypto_aes_enc_block() to make the functions more safe to call.

Reviewed-

core: add encrypt key length in AES encrypt API

Adds size of expanded AES encryption key to crypto_aes_expand_enc_key()
and crypto_aes_enc_block() to make the functions more safe to call.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Summer Qin <summer.qin@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: compile only libmpa with libtomcrypt

Only compile libmpa if libtomcrypt is selected as crypto library and is
configured to use libmpa instead of MPI.

Reviewed-by: Jerome Forissier <jerome.for

core: compile only libmpa with libtomcrypt

Only compile libmpa if libtomcrypt is selected as crypto library and is
configured to use libmpa instead of MPI.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Only clear base-prefix for crypto libraries in core

If the crypto library selected with CFG_CRYPTOLIB_NAME and
CFG_CRYPTOLIB_DIR resides under core it's OK to clear base-prefix.
However, if it can b

Only clear base-prefix for crypto libraries in core

If the crypto library selected with CFG_CRYPTOLIB_NAME and
CFG_CRYPTOLIB_DIR resides under core it's OK to clear base-prefix.
However, if it can be compiled for user space too we need to keep
base-prefix in order to avoid output conflicts.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add CFG_CRYPTOLIB_NAME_$(CFG_CRYPTOLIB_NAME)

Adds CFG_CRYPTOLIB_NAME_$(CFG_CRYPTOLIB_NAME) := y for easy testing of
which cryptolib currently is in use.

Mbedtls is a bit tricky since it can be comp

Add CFG_CRYPTOLIB_NAME_$(CFG_CRYPTOLIB_NAME)

Adds CFG_CRYPTOLIB_NAME_$(CFG_CRYPTOLIB_NAME) := y for easy testing of
which cryptolib currently is in use.

Mbedtls is a bit tricky since it can be compiled either as a support lib
with the bignum routines or as a complete crypto lib.
CFG_CRYPTOLIB_NAME_$(CFG_CRYPTOLIB_NAME) can be used to select optimal
configuration.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: move AES-CTS wrappers from libtomcrypt/ to crypto/

Moves the AES-CTS implementation from LTC wrapper to core/crypto.

The AES-CTS implementation can be overridden in a crypto library b

core: crypto: move AES-CTS wrappers from libtomcrypt/ to crypto/

Moves the AES-CTS implementation from LTC wrapper to core/crypto.

The AES-CTS implementation can be overridden in a crypto library by
setting CFG_CRYPTO_CTS_FROM_CRYPTOLIB:=y

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Squashed commit upgrading to mbedtls-2.16.0

Squash merging branch import/mbedtls-2.16.0

9ee2a92de51f ("libmbedtls: compile new files added with 2.16.0")
9b0818d48d29 ("mbedtls: fix memory leak in m

Squashed commit upgrading to mbedtls-2.16.0

Squash merging branch import/mbedtls-2.16.0

9ee2a92de51f ("libmbedtls: compile new files added with 2.16.0")
9b0818d48d29 ("mbedtls: fix memory leak in mpi_miller_rabin()")
2d6644ee0bbe ("libmedtls: mpi_miller_rabin: increase count limit")
d831db4c238a ("libmbedtls: add mbedtls_mpi_init_mempool()")
df0f4886b663 ("libmbedtls: make mbedtls_mpi_mont*() available")
7b0792062b65 ("libmbedtls: refine mbedtls license header")
2616e2d9709f ("mbedtls: configure mbedtls to reach for config")
d686ab1c51b7 ("mbedtls: remove default include/mbedtls/config.h")
50a57cfac892 ("Import mbedtls-2.16.0")

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_ta: implement ASLR for TAs

Introduces CFG_TA_ASLR to enable Address Space Layout Randomization of
Trusted Applications. ASLR makes the exploitation of memory corruption
vulnerabilities ha

core: user_ta: implement ASLR for TAs

Introduces CFG_TA_ASLR to enable Address Space Layout Randomization of
Trusted Applications. ASLR makes the exploitation of memory corruption
vulnerabilities harder.
The feature is disabled by default except for the configurations I
could test (QEMU and HiKey960).
When CFG_TA_ASLR=y, the stack and subsequent ELF file(s) needed by the
TA are mapped into the user VA space with a random offset comprised
between CFG_TA_ASLR_MIN_OFFSET_PAGES and CFG_TA_ASLR_MAX_OFFSET_PAGES
pages (that is between 0 and 128 pages by default).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, HiKey960)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: user_ta: use consistent formatting for addresses in TA dump

Improve the layout of the TA dump message by using fixed width for
physical and virtual addresses: 0x + 8 or 16 characters, dependin

core: user_ta: use consistent formatting for addresses in TA dump

Improve the layout of the TA dump message by using fixed width for
physical and virtual addresses: 0x + 8 or 16 characters, depending on
the address size (32 or 64 bits). This makes the output more
consistent, more readable, and nicer overall.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: export PRIxVA_WIDTH and add PRIxPA_WIDTH

Export two macros that are useful to print virtual or physical addresses
with the full width required by the native type, that is, 0x + 8
character

libutils: export PRIxVA_WIDTH and add PRIxPA_WIDTH

Export two macros that are useful to print virtual or physical addresses
with the full width required by the native type, that is, 0x + 8
characters when the pointer size is 32 bits, and 0x + 16 characters when
it is 64 bits.

Example:

vaddr_t va = 0x1234;

DMSG("va=0x%0*" PRIxVA, PRIxVA_WIDTH, va);

The above code will print "va=0x00001234" if vaddr_t is 32 bits, and
"va=0x0000000000001234" if vaddr_t is 64 bits.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix off-by-one errors in base64_dec()

There is a possible buffer overflow in base64_dec(). Since the output
buffer size is *blen, the last byte of the buffer is buf[*blen - 1] and
therefore

libutee: fix off-by-one errors in base64_dec()

There is a possible buffer overflow in base64_dec(). Since the output
buffer size is *blen, the last byte of the buffer is buf[*blen - 1] and
therefore the buffer must not be written to when the current index m is
such that (m >= *blen), not (m > *blen).

Reported-by: Naveen Thenkani <tnaveenmca@gmail.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

libutee: lessen dependency on mbedtls internals

Until now tee_api_arith_mpi.c assumed that for instance
TEE_BigIntConvertFromOctetString() wouldn't do a
mbedtls_mpi_free(mpi);
mbedtls_mpi_init(mpi);

libutee: lessen dependency on mbedtls internals

Until now tee_api_arith_mpi.c assumed that for instance
TEE_BigIntConvertFromOctetString() wouldn't do a
mbedtls_mpi_free(mpi);
mbedtls_mpi_init(mpi);
sequence on the supplied mpi argument. Doing so replaces the special
allocation type MBEDTLS_MPI_ALLOC_TYPE_STATIC with
MBEDTLS_MPI_ALLOC_TYPE_MALLOC. This results in the value of the mpi
argument isn't propagated further to the dest argument of
TEE_BigIntConvertFromOctetString().

With this patch we're instead explicitly copying the value of
mbedtls_mpi to a TEE_BigInt when the value should be returned.

This patch is also needed when upgrading to mbedtls-2.16 or there will
be errors.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU, GP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add mbed TLS types to typedefs.checkpatch

Adds a couple of mbed TLS types to typedefs.checkpatch to avoid the
following warning:

WARNING: Missing a blank line after declarations
#100: FILE: lib/l

Add mbed TLS types to typedefs.checkpatch

Adds a couple of mbed TLS types to typedefs.checkpatch to avoid the
following warning:

WARNING: Missing a blank line after declarations
#100: FILE: lib/libutee/tee_api_arith_mpi.c:105:
+ const struct bigint_hdr *hdr = (struct bigint_hdr *)bigInt;
+ const mbedtls_mpi_uint *p = (const mbedtls_mpi_uint *)(hdr + 1);

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

generic_boot: reserve optee_tzdram memory

Aside from reserving the shared memory, also reserve the TZDRAM OP-TEE
memory.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: R

generic_boot: reserve optee_tzdram memory

Aside from reserving the shared memory, also reserve the TZDRAM OP-TEE
memory.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

generic_boot: retrieve address-cells and size-cells from root

If the reserved-memory subnode does not exist, retrieve address-cells
and size-cells from the root node.

The linux kernel checks whethe

generic_boot: retrieve address-cells and size-cells from root

If the reserved-memory subnode does not exist, retrieve address-cells
and size-cells from the root node.

The linux kernel checks whether these properties match between the root
and reserved-memory nodes and discards non-matching nodes.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

generic_boot: rename shared reserved memory node

Rename the shared reserved memory node from "optee" to "optee_shm".
This should avoid confusion when we introduce the "optee_core" reserved
memory no

generic_boot: rename shared reserved memory node

Rename the shared reserved memory node from "optee" to "optee_shm".
This should avoid confusion when we introduce the "optee_core" reserved
memory node in later commits.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...

zynqmp: fix UART1 base for zcu102, zc1751_dc1, zc1751_dc2 flavors

Fix UART1 base address for zcu102, zc1751_dc1, zc1751_dc2 flavors.
More information provided p226 of UG1085 [1].

Link: [1] https://

zynqmp: fix UART1 base for zcu102, zc1751_dc1, zc1751_dc2 flavors

Fix UART1 base address for zcu102, zc1751_dc1, zc1751_dc2 flavors.
More information provided p226 of UG1085 [1].

Link: [1] https://www.xilinx.com/support/documentation/user_guides/ug1085-zynq-ultrascale-trm.pdf
Signed-off-by: Michael Grand <michael.grand.mg@gmail.com>
[jf: move URL to a Link: tag]
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

scripts/symbolize.py: accept several spaces after "region"

User TA crash dumps were slightly modified to better align region
numbers. scripts/symbolize.py needs to be updated accordingly.

Fixes: db

scripts/symbolize.py: accept several spaces after "region"

User TA crash dumps were slightly modified to better align region
numbers. scripts/symbolize.py needs to be updated accordingly.

Fixes: dba5a1eab8af1 ("core: better align output of TA dump with many or big regions")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>

show more ...