core: remove CFG_ prefix from TA_RAM_START/TA_RAM_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be config

core: remove CFG_ prefix from TA_RAM_START/TA_RAM_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configuration directive with the CFG_ prefix.

This change renames these macros so that they do not mess with the
platform configuration directives.

Old macro label New macro label
CFG_TA_RAM_START TA_RAM_START
CFG_TA_RAM_SIZE TA_RAM_SIZE

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove CFG_ prefix from TEE_RAM_START/VA_SIZE/PH_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be c

core: remove CFG_ prefix from TEE_RAM_START/VA_SIZE/PH_SIZE

Almost platform currently define these directives from within the
source code, through platform_config.h. These values do not need to
be configuration directive with the CFG_ prefix.

This change renames these macros so that they do not mess with the
platform configuration directives.

Old macro label New macro label
CFG_TEE_RAM_START TEE_RAM_START
CFG_TEE_RAM_VA_SIZE TEE_RAM_VA_SIZE
CFG_TEE_RAM_PH_SIZE TEE_RAM_PH_SIZE

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-poplar: fix comments layout that hurts checkpatch

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

core: split SDP memory CFG_ and non-CFG_ configuration directives

This change aim at removing definition of CFG_ directive (here related
to SDP) from the platform_config.h files.

CFG_TEE_SDP_MEM_BA

core: split SDP memory CFG_ and non-CFG_ configuration directives

This change aim at removing definition of CFG_ directive (here related
to SDP) from the platform_config.h files.

CFG_TEE_SDP_MEM_BASE/_SIZE is a generic configuration directive to
register a SDP memory.

Some platforms define a SDP test memory when SDP is enable. This SDP
memory is located at the end of the TA_RAM. Introduce platform settings
TEE_SDP_TEST_MEM_BASE/_SIZE to register a SDP test buffer, independently
from the generic CFG_TEE_SDP_MEM_BASE/_SIZE.

Platforms marvel, stm, ti and vexpress updated.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: remove redundant malloc() layers

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.

libutee: remove redundant malloc() layers

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: TEE_Malloc() and friend: skips layers

Prior to this patch TEE_Malloc(), TEE_Realloc() and TEE_Free() were using
two extra layers implemented on top of the well known malloc(),
realloc(), calloc(

ta: TEE_Malloc() and friend: skips layers

Prior to this patch TEE_Malloc(), TEE_Realloc() and TEE_Free() were using
two extra layers implemented on top of the well known malloc(),
realloc(), calloc() and free() functions. With this patch the extra layers
are skipped.

When compiled for user TAs realloc() clears all memory that otherwise
would be uninitialized memory since it's required by the spec [1] if
TEE_Malloc() is called with the hint TEE_MALLOC_FILL_ZERO. Since that's
the only recognized hint in the spec realloc() assumes that it's always
needed.

[1] GP TEE Internal Core API Specification v1.1

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

TEE_Realloc(): fix invalid declaration

Prior to this was TEE_Realloc() declared as:

void *TEE_Realloc(const void *buffer, uint32_t newSize);

This does not make sense as the argument buffer can and

TEE_Realloc(): fix invalid declaration

Prior to this was TEE_Realloc() declared as:

void *TEE_Realloc(const void *buffer, uint32_t newSize);

This does not make sense as the argument buffer can and will be changed
as a result of calling this function. Instead fix the declaration to be:

void *TEE_Realloc(void *buffer, uint32_t newSize);

This is also more in line with realloc().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: mmu: lpae: copy table of actual primary core

SOC has configurable core settings (e.g., Juno) does not
take core-0 as primary core. Copying mapping table of core-0
to other cores causes boot fa

core: mmu: lpae: copy table of actual primary core

SOC has configurable core settings (e.g., Juno) does not
take core-0 as primary core. Copying mapping table of core-0
to other cores causes boot failure on such configured SOC.
Fix this problem by taking mapping table of actual primary
core as copy source.

Signed-off-by: Ken Liu <ken.liu@arm.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: DSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: DSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, TEE_ERROR_SIGNATURE_INVALID will never
happen with the DSA algorithms. Fix that by properly checking the
return code and signature status of the LibTomCrypt function.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: ECC signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: ECC signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, TEE_ERROR_SIGNATURE_INVALID will never
happen with the ECC algorithms. Fix that by properly checking the
return code and signature status of the LibTomCrypt function.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: RSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_

core: ltc: RSA signature verification: fix return code

The GP TEE Internal Core specification mandates that
TEE_AsymmetricVerifyDigest() must return TEE_SUCCESS if the signature
is valid, TEE_ERROR_SIGNATURE_INVALID if it is invalid, or panic if any
other error oocurs.

In the current implementation, all errors returned by the LibTomCrypt
RSA signature verification function are translated to
TEE_ERROR_SIGNATURE_INVALID. It is incorrect. Fix that by introducing
a helper function to properly handle both the return code and the
signature verification status.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu: discard legacy bios mailbox and support arm-tf boot scheme

Replace the unused bios_qemu_tz_arm mailbox for waking secondary boot
cores with the mailbox used by the Arm trusted firmware.

Signe

qemu: discard legacy bios mailbox and support arm-tf boot scheme

Replace the unused bios_qemu_tz_arm mailbox for waking secondary boot
cores with the mailbox used by the Arm trusted firmware.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

qemu_virt: move core location to match qemu_armv8

Moving qemu_virt core to the same location as the core for qemu_armv8
allows to use the same arm-trusted-firmware configuration for ARMv7
and ARMv8

qemu_virt: move core location to match qemu_armv8

Moving qemu_virt core to the same location as the core for qemu_armv8
allows to use the same arm-trusted-firmware configuration for ARMv7
and ARMv8 Qemu support.

Qemu_virt Kasan offset is updated since new memory layout.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: 32bit generic entry executes in cpu Supervisor mode.

This change aims at supporting some bootloaders as the Aarch32
Arm trusted firmware that may boot cores in Monitor mode.

Signed-off-by: Et

core: 32bit generic entry executes in cpu Supervisor mode.

This change aims at supporting some bootloaders as the Aarch32
Arm trusted firmware that may boot cores in Monitor mode.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: export CFG_CACHE_API and CFG_SECURE_DATA_PATH

Exports CFG_CACHE_API and CFG_SECURE_DATA_PATH to the dev kit conf.mk,
making them available for compiled TAs.

Reviewed-by: Jerome Forissier <jerom

ta: export CFG_CACHE_API and CFG_SECURE_DATA_PATH

Exports CFG_CACHE_API and CFG_SECURE_DATA_PATH to the dev kit conf.mk,
making them available for compiled TAs.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: pass CFG_ variables as defines

Pass all CFG_ variables as -D<varname>=<value> command line parameters
for the C preprocessor. Variables set to "n" are not passed and
variables set to "y" are sup

ta: pass CFG_ variables as defines

Pass all CFG_ variables as -D<varname>=<value> command line parameters
for the C preprocessor. Variables set to "n" are not passed and
variables set to "y" are supplied with the value "1" instead. This is
the same translation as done for conf.h when compiling OP-TEE OS.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: only export variables containing a value

Only exports variables containing a value to the dev kit conf.mk

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jerome Foriss

ta: only export variables containing a value

Only exports variables containing a value to the dev kit conf.mk

Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: rework how CFG_TA_FLOAT_SUPPORT is passed

Reworks how CFG_TA_FLOAT_SUPPORT is passed to the exported conf.mk

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikl

ta: rework how CFG_TA_FLOAT_SUPPORT is passed

Reworks how CFG_TA_FLOAT_SUPPORT is passed to the exported conf.mk

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta: rework how ENABLE_MDBG=1 is passed

Reworks how ENABLE_MDBG=1 is passed when compiling the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wik

ta: rework how ENABLE_MDBG=1 is passed

Reworks how ENABLE_MDBG=1 is passed when compiling the TA.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ta/ta.mk: make sure exported conf.mk is updated

Makes sure that conf.mk exported to TA dev kit is updated even if the
change isn't due to a change in mk/config.mk

Reviewed-by: Jerome Forissier <jer

ta/ta.mk: make sure exported conf.mk is updated

Makes sure that conf.mk exported to TA dev kit is updated even if the
change isn't due to a change in mk/config.mk

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

crypto: Make name and path of crypto library configurable

Allows for platform dependent implementations of exported crypto API

Signed-off-by: Darren Roche <darren.broche@gmail.com>
Reviewed-by: Jen

crypto: Make name and path of crypto library configurable

Allows for platform dependent implementations of exported crypto API

Signed-off-by: Darren Roche <darren.broche@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: generic_entry_a64.S: use adr_l to allow bigger data sections

Fixes the following linker errors which happens when adding a big
global array of data:

.../generic_entry_a64.o: In function `_sta

core: generic_entry_a64.S: use adr_l to allow bigger data sections

Fixes the following linker errors which happens when adding a big
global array of data:

.../generic_entry_a64.o: In function `_start`:
.../generic_entry_a64.S:95:(.text._start+0x30): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `__bss_start` defined in .bss.__malloc_spinlock section in all_objs.o
.../generic_entry_a64.S:96:(.text._start+0x34): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `__bss_end` defined in .bss.__malloc_spinlock section in all_objs.o
.../generic_entry_a64.o: In function `clear_bss`:
.../generic_entry_a64.S:108:(.text._start+0x84): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `__text_start` defined in .bss.__malloc_spinlock section in all_objs.o
.../generic_entry_a64.S:139:(.text._start+0xc4): relocation truncated to fit: R_AARCH64_ADR_PREL_LO21 against symbol `__text_start` defined in .bss.__malloc_spinlock section in all_objs.o

The root cause is the 'adr x0, symbol' instructions. They generate a
relocation of type R_AARCH64_ADR_PREL_LO21, therefore 'symbol' can
only be +/-1MB away from the current PC (otherwise the linker emits the
above error). The problem is, in _start() and clear_bss() there is no
guarantee that the referenced symbols are in the allowed range.

The linker script core/arch/arm/kernel/link_dummy.ld, which is used
to generate all_objs.o, places __bss_start, __bss_end, __text_start
etc. at the end of the binary. The _start() and clear_bss() functions,
on the other hand, are near the start. If the total size of the binary
is sufficiently increased (for instance by adding global data), the
error will occur.

The __text_start error could probably be avoided by modifying
link_dummy.ld -- the actual location of the __* symbols does not matter
much in this phase of the build. However, the references to __bss_start
and __bss_end are still likely to be problematic in the final link
phase, because .bss can very well be more than 1MB away from .text
(with .rodata and .data between them).

So, let's use the adr_l macro which splits 'adr x0, symbol' in two
steps: 'adrp x0, symbol' (which generates a relocation of type
R_AARCH64_ADR_PREL_PG_HI21 for the 4K page offset) followed by
'add x0, x0, :lo12:symbol' (which generates a R_AARCH64_ADD_ABS_LO12
relocation for the offset into the page). The accessible range becomes
+/- 4GB.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reported-by: Guanchao Liang <liangguanchao1@huawei.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: add adr_l assembly macro

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Use mempool API from libutils for bignum allocations

Uses the Use mempool API from libutils for bignum allocations.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissie

Use mempool API from libutils for bignum allocations

Uses the Use mempool API from libutils for bignum allocations.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add mempool API

Adds mempool.h with an API suitable for allocating short-lived object.
Based on the internal counterpart in libmpa. This is needed to integrate
other bignum implementations

libutils: add mempool API

Adds mempool.h with an API suitable for allocating short-lived object.
Based on the internal counterpart in libmpa. This is needed to integrate
other bignum implementations.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...