Describe Secure Storage TA

Adds a section describing the new Secure Storage TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.o

Describe Secure Storage TA

Adds a section describing the new Secure Storage TAs.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

documentation: clarify PTA

Clarifies that Pseudo TAs are implemented direction in the OP-TEE core
tree.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <je

documentation: clarify PTA

Clarifies that Pseudo TAs are implemented direction in the OP-TEE core
tree.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add management pseudo TA for secstor TAs

Adds a pseudo TA for management of Trusted Applications and Security
Domains. The pseudo TA only provides a minimal interface, a more
advanced interfac

core: add management pseudo TA for secstor TAs

Adds a pseudo TA for management of Trusted Applications and Security
Domains. The pseudo TA only provides a minimal interface, a more
advanced interface is supposed to be provided by a user TA using this
pseudo TA. Such a TA could for instance implement Global Platforms TEE
Management Framework or OTrP.

The management TA currently only supports installing bootstrap packaged
TAs in secure storage.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add ta storage based on tadb

Adds ta storage based on tadb. The TAs has to be installed in tadb
before they can be loaded.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by:

core: add ta storage based on tadb

Adds ta storage based on tadb. The TAs has to be installed in tadb
before they can be loaded.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add tadb

Adds tadb which is a database in which TAs can be stored leveraging
secure storage for anti-rollback, key storage and list of TAs.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.

core: add tadb

Adds tadb which is a database in which TAs can be stored leveraging
secure storage for anti-rollback, key storage and list of TAs.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Sign TAs as bootstrap TAs

Changes to TA sign script to sign TAs as Bootstrap TAs
(img_type == SHDR_BOOTSTRAP_TA) instead of the legacy
TA format (img_type == SHDR_TA).

Reviewed-by: Volodymyr Babchu

Sign TAs as bootstrap TAs

Changes to TA sign script to sign TAs as Bootstrap TAs
(img_type == SHDR_BOOTSTRAP_TA) instead of the legacy
TA format (img_type == SHDR_TA).

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree fs ta store: support bootstrap TA format

Adds support for the new bootstrap TA format to the REE FS TA storage.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome

core: ree fs ta store: support bootstrap TA format

Adds support for the new bootstrap TA format to the REE FS TA storage.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ree fs ta store: use new shdr_*() helpers

Uses the new shdr_*() helper functions to verify a signed header.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissi

core: ree fs ta store: use new shdr_*() helpers

Uses the new shdr_*() helper functions to verify a signed header.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add struct shdr helper functions

Adds struct shdr helper functions to allocate and verify a struct shdr.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Fo

core: crypto: add struct shdr helper functions

Adds struct shdr helper functions to allocate and verify a struct shdr.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add shdr type SHDR_BOOTSTRAP_TA

Adds a signed header type for bootstrap TA. This type is used when there
isn't any security domains installed yet.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk

core: add shdr type SHDR_BOOTSTRAP_TA

Adds a signed header type for bootstrap TA. This type is used when there
isn't any security domains installed yet.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: provide tee_svc_storage_file_ops()

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wikla

core: provide tee_svc_storage_file_ops()

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fs_htree: bugfix creating empty file

Fixes problem with creating an empty htree file.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@lina

core: fs_htree: bugfix creating empty file

Fixes problem with creating an empty htree file.

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add refcount routines

Adds refcount_inc() and refcount_dec()

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by:

core: add refcount routines

Adds refcount_inc() and refcount_dec()

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutils: add atomic load, store and cas

* Adds atomic_load_uint() and atomic_load_u32()
* Adds atomic_store_uint() and atomic_store_u32()
* Adds atomic_cas_uint() and atomic_cas_u32(), compare and

libutils: add atomic load, store and cas

* Adds atomic_load_uint() and atomic_load_u32()
* Adds atomic_store_uint() and atomic_store_u32()
* Adds atomic_cas_uint() and atomic_cas_u32(), compare and store

Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: imx: add i.MX6SX Sabreauto support

Add i.MX6SX Sabreauto support.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander

core: imx: add i.MX6SX Sabreauto support

Add i.MX6SX Sabreauto support.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Document early TAs

Document early TAs introduced by commit d0c636148b3a ("Add support for
early Trusted Applications") and slightly rework the section about normal
TAs.

Signed-off-by: Jerome Foriss

Document early TAs

Document early TAs introduced by commit d0c636148b3a ("Add support for
early Trusted Applications") and slightly rework the section about normal
TAs.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: remove redundant build configurations

Apply the proposal made by Jens in PR 1616 to the Shippable
configuration:

"Removes build configurations that doesn't add much additional
c

ci: shippable: remove redundant build configurations

Apply the proposal made by Jens in PR 1616 to the Shippable
configuration:

"Removes build configurations that doesn't add much additional
coverage. The two QEMU based ports are used to test most build
configuration, the other ports are only built in basic
configuration(s)."

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
CC: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: shippable: run only platform builds

This is the second of two commits to split the CI work in two.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen

ci: shippable: run only platform builds

This is the second of two commits to split the CI work in two.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: travis: run only code check and QEMU regression

This is the first of two commits to split the CI work in two: Travis
should run checkpatch and the QEMU regression (xtest), while Shippable
should

ci: travis: run only code check and QEMU regression

This is the first of two commits to split the CI work in two: Travis
should run checkpatch and the QEMU regression (xtest), while Shippable
should run the platform builds. By doing so, we better utilize the
resources and hopefully minimize build timeouts.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add negative tests for htree

Adds negative test for htree.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-

core: add negative tests for htree

Adds negative test for htree.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core/crypto/crypto.c: fix compile errors when _CFG_CRYPTO_WITH_CIPHER=n

Although _CFG_CRYPTO_WITH_CIPHER=n does not seem to be a valid
configuration (both the REE and RPMB FS use AES and at least on

core/crypto/crypto.c: fix compile errors when _CFG_CRYPTO_WITH_CIPHER=n

Although _CFG_CRYPTO_WITH_CIPHER=n does not seem to be a valid
configuration (both the REE and RPMB FS use AES and at least one has to
be enabled currently), fix build errors triggered by:

make _CFG_CRYPTO_WITH_CIPHER=n \
out/arm-plat-vexpress/core/crypto/crypto.o

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: use new aes-gcm implementation

Pager switches to use the new internal accelerated AES-GCM
implementation instead of the old software only implementation.

Reviewed-by: Jerome Forissier

core: pager: use new aes-gcm implementation

Pager switches to use the new internal accelerated AES-GCM
implementation instead of the old software only implementation.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, Hikey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: AES-GCM: internal_aes_gcm_{enc,dec}()

Adds internal_aes_gcm_enc() and internal_aes_gcm_dec() for
encrypting/decrypting a complete message with an external expanded
key.

Acked-by: Jero

core: crypto: AES-GCM: internal_aes_gcm_{enc,dec}()

Adds internal_aes_gcm_enc() and internal_aes_gcm_dec() for
encrypting/decrypting a complete message with an external expanded
key.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: AES-GCM: separate encryption key

Separates the AES (CTR) encryption key from the rest of the context
to allow more efficient key handling.

Acked-by: Jerome Forissier <jerome.forissier

core: crypto: AES-GCM: separate encryption key

Separates the AES (CTR) encryption key from the rest of the context
to allow more efficient key handling.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm64: crypto: AES-GCM: add internal key expansion

Adds internal encryption key expansion when internal AES-GCM uses AES
crypto extensions. This avoids a dependency on the crypto library to us

core: arm64: crypto: AES-GCM: add internal key expansion

Adds internal encryption key expansion when internal AES-GCM uses AES
crypto extensions. This avoids a dependency on the crypto library to use
the same endian on the expanded encryption key.

Copies code from core/lib/libtomcrypt/src/ciphers/ aes_armv8a_ce.c and
aes_modes_armv8a_ce_a64.S and makes some small changes to make it fit
in the new place.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...