scripts/symbolize.py: ignore undefined symbols

With the introduction of dynamically linked TAs, symbolize.py may
encounter undefined (external) symbols when it parses the output of the nm
command lo

scripts/symbolize.py: ignore undefined symbols

With the introduction of dynamically linked TAs, symbolize.py may
encounter undefined (external) symbols when it parses the output of the nm
command looking for a symbol's address. The current code is not prepared
for that and will raise an exception. Fix the issue by ignoring lines that
have an unexpected format.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@l

core: support for global shared buffers

Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

core: tee: update objectSize/keySize for ECDSA/ECDH Objects

objectSize/keySize was not getting updated when an ECDSA/ECDH
object was imported.
Updating the ObjectSize/keySize based on the EC Curve.

core: tee: update objectSize/keySize for ECDSA/ECDH Objects

objectSize/keySize was not getting updated when an ECDSA/ECDH
object was imported.
Updating the ObjectSize/keySize based on the EC Curve.

Fixes: https://github.com/OP-TEE/optee_os/issues/2386
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: build stm32mp1

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.or

ci: shippable: build stm32mp1

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: reformat OP-TEE images to stm32 format

OP-TEE core images are reformatted into a STM32 compliant format
expected by the platform flashing tools.

Signed-off-by: Etienne Carriere <etie

plat-stm32mp1: reformat OP-TEE images to stm32 format

OP-TEE core images are reformatted into a STM32 compliant format
expected by the platform flashing tools.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: stm32_uart driver

Used by platform stm32mp1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <je

core: stm32_uart driver

Used by platform stm32mp1.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-stm32mp1: add initial support

Introduce platform stm32mp1 with board stm32mp1-stm32mp157c-ev1 based
on stm32mp1 SoC family integrating Arm Cortex-A7 technology. In its
default configuration, st

plat-stm32mp1: add initial support

Introduce platform stm32mp1 with board stm32mp1-stm32mp157c-ev1 based
on stm32mp1 SoC family integrating Arm Cortex-A7 technology. In its
default configuration, stm32mp1 OP-TEE core operates in a 256kB secure
RAM with pager support enabled.

Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@lina

Remove get_rng_array()

Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmpa: remove mpa_set_random_generator()

MPA is used in two configurations, either in kernel mode or in user mode.

In kernel mode random is always drawn with crypto_rng_read() and in
user mode ute

libmpa: remove mpa_set_random_generator()

MPA is used in two configurations, either in kernel mode or in user mode.

In kernel mode random is always drawn with crypto_rng_read() and in
user mode utee_cryp_random_number_generate() is used instead.

This patch makes the code easier to follow by replacing the call via a
function pointer to a normal function call instead.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation repla

core: add new RNG implementation

Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.

Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.

plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.

The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.

plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.

[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: split tee_pager_init()

Splits tee_pager_init() into tee_pager_set_alias_area() and
tee_pager_generate_authenc_key(). The former function is called where
tee_pager_init() used to be called and

core: split tee_pager_init()

Splits tee_pager_init() into tee_pager_set_alias_area() and
tee_pager_generate_authenc_key(). The former function is called where
tee_pager_init() used to be called and the latter function is called
after the crypto API and RNG has been initialized.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: don't divide by sizeof(*mem) for ddr nsec memory

Since the two addresses are already of type struct core_mmu_phys_mem, do
not divide by sizeof(struct core_mmu_phys_mem). This broke dynamic sha

core: don't divide by sizeof(*mem) for ddr nsec memory

Since the two addresses are already of type struct core_mmu_phys_mem, do
not divide by sizeof(struct core_mmu_phys_mem). This broke dynamic shared
memory on Juno r0, since nelem would be zero for two slots.

Tested on Juno r0.

Fixes: 2f82082fada3 ("core: add ddr overall register")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>

show more ...

ci: shippable: Add sunxi-bpi_zero

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu

ci: shippable: Add sunxi-bpi_zero

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

MAINTAINERS: Add MAINTAINERS entry for AllWinner H2+

This commit adds maintainer for this board.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.foriss

MAINTAINERS: Add MAINTAINERS entry for AllWinner H2+

This commit adds maintainer for this board.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

plat-sunxi: Add plat-sunxi

Initial version support for Allwinner H2+ platform. Specific to Banana Pi
M2 zero board currently.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Je

plat-sunxi: Add plat-sunxi

Initial version support for Allwinner H2+ platform. Specific to Banana Pi
M2 zero board currently.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

core: add mdelay() function

checkpatch will check if udelay value is too large. Use udelay() to
implement mdelay() when we want to delay more than 10000 us.

Reviewed-by: Jens Wiklander <jens.wiklan

core: add mdelay() function

checkpatch will check if udelay value is too large. Use udelay() to
implement mdelay() when we want to delay more than 10000 us.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>

show more ...

core: drivers: serial8250_uart: Add DT support

Add DT support for serial8250 uart driver. The matchtable currently
supports allwinner H2+ SoC.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org

core: drivers: serial8250_uart: Add DT support

Add DT support for serial8250 uart driver. The matchtable currently
supports allwinner H2+ SoC.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>

show more ...

Add new platform for the TI K3 class of SoCs

Add platform 'k3' for the TI K3 family. These are ARMv8 devices
and are quite different from our line of existing ARMv7 OMAP style
SoCs, hence the new pl

Add new platform for the TI K3 class of SoCs

Add platform 'k3' for the TI K3 family. These are ARMv8 devices
and are quite different from our line of existing ARMv7 OMAP style
SoCs, hence the new platform.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: arm64 ce: update AES CBC routines

Update the Aarch64 Crypto Extension accelerated CBC encryption/decryption
routines to the latest upstream implementation in the Linux kernel
(v4.17-rc

core: crypto: arm64 ce: update AES CBC routines

Update the Aarch64 Crypto Extension accelerated CBC encryption/decryption
routines to the latest upstream implementation in the Linux kernel
(v4.17-rc7).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2355
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: travis: cleanup for Ubuntu Trusty container-based environment

Now that the Travis container-based environment is running Ubuntu Trusty
(14.04), some downloads and build steps are not needed anym

ci: travis: cleanup for Ubuntu Trusty container-based environment

Now that the Travis container-based environment is running Ubuntu Trusty
(14.04), some downloads and build steps are not needed anymore. Use the
tools that come with the distribution instead.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: travis: set buildroot ccache directory to ~/.ccache

The default ccache directory used by buildroot is ~/.buildroot-ccache [1],
which is outside the paths saved by the Travis caching mechanism [2

ci: travis: set buildroot ccache directory to ~/.ccache

The default ccache directory used by buildroot is ~/.buildroot-ccache [1],
which is outside the paths saved by the Travis caching mechanism [2]. Fix
that by adding BR2_CCACHE_DIR=~/.ccache to the make command.

Link: [1] https://buildroot.org/downloads/manual/manual.html#ccache
Link: [2] https://docs.travis-ci.com/user/caching/#ccache-cache
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: Fix the keepalive condition on last session close

Keepalive condition check should involve single instance flag too, since
the keepalive flag is meaningless if the TA is not single instance

libutee: Fix the keepalive condition on last session close

Keepalive condition check should involve single instance flag too, since
the keepalive flag is meaningless if the TA is not single instance.
The same fix was done earlier in the core by commit f9a64f12b542 ("core:
fix the keepalive condition in close session").

Fixes: b7ea03ff2963 ("libutee: fix TA_CreateEntryPoint() and TA_DestroyEntryPoint()")
Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mbedtls_config_uta.h: enable check key usage

Defines MBEDTLS_X509_CHECK_KEY_USAGE to enable checking key usage of a
certificate.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-o

mbedtls_config_uta.h: enable check key usage

Defines MBEDTLS_X509_CHECK_KEY_USAGE to enable checking key usage of a
certificate.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix syscall_cryp_obj_get_attr() with null buffer

Prior to this patch when syscall_cryp_obj_get_attr() is called with a
NULL buffer to query buffer size the function returns
TEE_ERROR_ACCESS_DE

core: fix syscall_cryp_obj_get_attr() with null buffer

Prior to this patch when syscall_cryp_obj_get_attr() is called with a
NULL buffer to query buffer size the function returns
TEE_ERROR_ACCESS_DENIED while TEE_ERROR_SHORT_BUFFER is expected. This
patch fixes syscall_cryp_obj_get_attr() to return TEE_ERROR_SHORT_BUFFER
if supplied buffer parameter is NULL.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

aosp_optee.mk: allow dependency builds for TAs

Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissi

aosp_optee.mk: allow dependency builds for TAs

Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...