Generate conf.cmake for TA dev kit

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: lower debug verbosity on short buffer errors

TEE_ERROR_SHORT_BUFFER is likely to be an expected error code returned
by a trusted application or a core service. Therefore this change
prevents d

core: lower debug verbosity on short buffer errors

TEE_ERROR_SHORT_BUFFER is likely to be an expected error code returned
by a trusted application or a core service. Therefore this change
prevents debug "Error: " in short buffer case at completion the
invoke_command request.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Force ARCH to arm

It is the only value used for now. No other value works, not even
aarch64.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@li

Force ARCH to arm

It is the only value used for now. No other value works, not even
aarch64.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

smc: extend protocol to support virtualization

In order to support multiple guests, OP-TEE should be able to track
guest lifecycle. Idea is that hypervisor informs OP-TEE when it
wants to create a n

smc: extend protocol to support virtualization

In order to support multiple guests, OP-TEE should be able to track
guest lifecycle. Idea is that hypervisor informs OP-TEE when it
wants to create a new virtual machine. OP-TEE allocates resources
for it or returns an error, if there are not enough resources available.
When virtual machine is being destroyed OP-TEE frees any resources
that was allocated previously.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: add pager constraint on mobj get_pa method

On user TA crash or panic the core may dump the TA state
among which the physical address of the memory area mapped
in the TA space which are referen

core: add pager constraint on mobj get_pa method

On user TA crash or panic the core may dump the TA state
among which the physical address of the memory area mapped
in the TA space which are referenced by the mobj layer.
Therefore the get_pa method for such mobj shall have a
KEEP_PAGER constraint.

This change adds such constraint for static shm and registered
shm memory objects.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

compiler.h: Avoid macro redefinition

__packed, __noreturn, __unused and __used are already defined in
certain environtments, e.g. bionic, so avoid redefining them here.

Signed-off-by: Victor Chong

compiler.h: Avoid macro redefinition

__packed, __noreturn, __unused and __used are already defined in
certain environtments, e.g. bionic, so avoid redefining them here.

Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: include meta in root hash

Includes the meta data when calculating the hash of the root node to
detect changes in file length while number of blocks is unchanged.

Signed-off-by: Jens

core: fs_htree: include meta in root hash

Includes the meta data when calculating the hash of the root node to
detect changes in file length while number of blocks is unchanged.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2094
Reported-by: Kevin Peng <kevinp@marvell.com>
Tested-by: Kevin Peng <kevinp@marvell.com>
[jf: add Fixes:, Reported-by: and Tested-by: tags]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: REE FS: ree_fs_truncate() commit dirh writes

To commit the changes done by ree_fs_truncate() in the dirfile, call
commit_dirh_writes() before closing the dirh.

Signed-off-by: Jens Wiklander <

core: REE FS: ree_fs_truncate() commit dirh writes

To commit the changes done by ree_fs_truncate() in the dirfile, call
commit_dirh_writes() before closing the dirh.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: REE FS: make sure dirty flag is set when object is truncated

When an object is truncated but the number of blocks is unchanged, only
the metadata's length field is modified. The hash tree laye

core: REE FS: make sure dirty flag is set when object is truncated

When an object is truncated but the number of blocks is unchanged, only
the metadata's length field is modified. The hash tree layer has to be
notified so that it knows it has to flush the data before closing the
object, otherwise the truncation is lost.
Add a function for that purpose: tee_fs_htree_meta_set_dirty(), and
call it whenever meta->length is updated.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: REE FS: ree_fs_truncate(): fix reversed error checks

Reported-by: Kevin Peng <kevinp@marvell.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen

core: REE FS: ree_fs_truncate(): fix reversed error checks

Reported-by: Kevin Peng <kevinp@marvell.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: sm_a32: add missing isb after scr change

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <

core: sm_a32: add missing isb after scr change

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

bget: use struct bpoolset instead of global variables

Move all global variables that are used by bget into struct bpoolset.
"poolset" choosed because term "pool" already used by bget
itself. bget ca

bget: use struct bpoolset instead of global variables

Move all global variables that are used by bget into struct bpoolset.
"poolset" choosed because term "pool" already used by bget
itself. bget can use multiple pools to allocate memory. Now it is
posible to use number of pool sets simultaneosly.

Such feature is needed for virtualization support, because we want
to use separate allocator for OP-TEE kernel memory allocations
and separate allocator for client memory allocations.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

cscope: skip in tree out directory

By default if nothing is specified OP-TEE is built keeping the output under
the directory "out" in the source tree. With this patch the cscope database
will not in

cscope: skip in tree out directory

By default if nothing is specified OP-TEE is built keeping the output under
the directory "out" in the source tree. With this patch the cscope database
will not include those files.

Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

arm32: enable ACTLR_CA8_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA8_ENABLE_INVALIDATE_BTB (ACTLR[6]) in generic boot if
compiled with CFG_CORE_WORKAROUND_SPECTRE_BP or
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC

arm32: enable ACTLR_CA8_ENABLE_INVALIDATE_BTB

Enables ACTLR_CA8_ENABLE_INVALIDATE_BTB (ACTLR[6]) in generic boot if
compiled with CFG_CORE_WORKAROUND_SPECTRE_BP or
CFG_CORE_WORKAROUND_SPECTRE_BP_SEC and the cpu is discovered to be
Cortex-A8.

Fixes CVE-2017-5715
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: protect global asid field with a lock

Protects the global ASID bitfield (g_asid) with a spinlock.

Fixes: 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")
Reviewed-by: Volodymyr B

core: mmu: protect global asid field with a lock

Protects the global ASID bitfield (g_asid) with a spinlock.

Fixes: 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

core: fix handling of NULL memory references by Internal Client API

GlobalPlatform TEE Internal Core API v1.1.2 section 4.9.4 states that
parameters of type *_MEMREF_* can have memref.buffer == NULL

core: fix handling of NULL memory references by Internal Client API

GlobalPlatform TEE Internal Core API v1.1.2 section 4.9.4 states that
parameters of type *_MEMREF_* can have memref.buffer == NULL, provided
that memref.size is zero.

The corresponding test in tee_svc_copy_param() is backwards, so reverse
it.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Kevin Peng <kevinp@marvell.com>
Link: https://github.com/OP-TEE/optee_os/issues/2105
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Tested-by: Kevin Peng <kevinp@marvell.com>

show more ...

Update CHANGELOG.md for 3.0.0

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome.forissier

Update CHANGELOG.md for 3.0.0

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> (RPi3)
Tested-by: Akshay Bhat <akshay.bhat@timesys.com> (Atmel SAM)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Tested-by: Andrew F. Davis <afd@ti.com> (plat-ti)
Tested-by: Volodymyr Babchuk <vlad.babchuk@gmail.com> (RCAR M3)
Tested-by: Peng Fan <peng.fan@nxp.com> (mx6ulevk mx7dsabresd)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (mtk8173)
Tested-by: Kevin Peng <kevinp@marvell.com> (Armada 7K, 8K, 3700)
Tested-by: Victor Chong <victor.chong@linaro.org> (hikey aosp)
Tested-by: Joseph Chen <chenjh@rock-chips.com> (RK322X)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMUv8)

show more ...

Revert "core: fine grained tee_ta_mutex locking"

Commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking") fixes a
deadlock that can occur if a TA is loaded while not enough page tables
are av

Revert "core: fine grained tee_ta_mutex locking"

Commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking") fixes a
deadlock that can occur if a TA is loaded while not enough page tables
are available in pgt_cache to map the context. But it also splits up a
big critical section and there's obviously a few hidden dependencies
towards tee_ta_mutex causing stability issues with the pager. Running
'while xtest 1013; do true; done' in AArch64 with at least three
threads running in parallel will ultimately fail.

Therefore, revert the fine grained locking commit until the race
conditions are sorted out.

Reported-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

secstor: fix memory leak in install_ta()

If signature check failed, we need to close tadb session first.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jer

secstor: fix memory leak in install_ta()

If signature check failed, we need to close tadb session first.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: prevent crash in tee_mmu_final() on TA loading error

If the creation of the TA execution context fails before the mapping
directives are initialized, tee_mmu_final() will be called with the TA

core: prevent crash in tee_mmu_final() on TA loading error

If the creation of the TA execution context fails before the mapping
directives are initialized, tee_mmu_final() will be called with the TA
context field mmu being NULL.

This change allows tee_mmu_final() to be called with uninitialized
mapping resources without crashing the core.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix reference counting in tee_tadb_open()

Fixes reference counting error in tee_tadb_open() that was exposed by
commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")

Fixes: 5baee69a

core: fix reference counting in tee_tadb_open()

Fixes reference counting error in tee_tadb_open() that was exposed by
commit 99f969dd6c99 ("core: fine grained tee_ta_mutex locking")

Fixes: 5baee69a0140 ("core: add tadb")
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU v7)
Reported-by: Andrew Davis <andrew.davis@linaro.org>
Tested-by: Andrew F. Davis <afd@ti.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Update revision for release tag 3.0.0-rc1

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

hikey: Enable cache APIs for hikey platform.

When decrypting into SDP buffers TA's like Playready
and Widevine need to be able to flush the cache.

Signed-off-by: Peter Griffin <peter.griffin@linaro

hikey: Enable cache APIs for hikey platform.

When decrypting into SDP buffers TA's like Playready
and Widevine need to be able to flush the cache.

Signed-off-by: Peter Griffin <peter.griffin@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

ltc: ctr: update pt and ct after acceleration

Problem occurs in the condition of the following case:

1st decryption:
Decrypt a ciphertext whose length is a multiple of the block size (16B)
(len = n

ltc: ctr: update pt and ct after acceleration

Problem occurs in the condition of the following case:

1st decryption:
Decrypt a ciphertext whose length is a multiple of the block size (16B)
(len = n * block_size)
2nd decryption:
Decrypt the continuing ciphertext whose length is not a multiple of the
block size
(len = m * block_size + l)

In this case accel_ctr_encrypt() is firstly used at the 2nd decryption.
If pt and ct are not updated, the top (l = len % block_size) bytes of
decryption result are sometimes destroyed.

Signed-off-by: Tetsuya Yoshizaki <yoshizaki.tetsuya@socionext.com>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Link: https://github.com/libtom/libtomcrypt/commit/d1d3ae2d1e70

show more ...

ci: shippable: build hikey960 with CFG_SECURE_DATA_PATH=n

Add a configuration that was found to cause a compile error in our
multi-platform Travis build [1] but was not detected by Shippable [2].

L

ci: shippable: build hikey960 with CFG_SECURE_DATA_PATH=n

Add a configuration that was found to cause a compile error in our
multi-platform Travis build [1] but was not detected by Shippable [2].

Link: [1] https://travis-ci.org/OP-TEE/build/jobs/330150659#L996-L1003
Link: [2] https://app.shippable.com/github/OP-TEE/optee_os/runs/534/summary/console
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...