core: crypto: AES-GCM: remove tomcrypt.h dependency

Removes tomcrypt.h dependency by replacing the "symmetric_key skey"
field in struct internal_aes_gcm_ctx with a raw key. Replaces calls to
the LTC

core: crypto: AES-GCM: remove tomcrypt.h dependency

Removes tomcrypt.h dependency by replacing the "symmetric_key skey"
field in struct internal_aes_gcm_ctx with a raw key. Replaces calls to
the LTC functions aes_setup() and aes_ecb_encrypt() with calls to
crypto_aes_expand_enc_key() and crypto_aes_enc_block() respectively.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: LTC provide some AES primitives

Provides crypto_aes_expand_enc_key() and crypto_aes_enc_block(). These
functions are needed to avoid exposing the type symmetric_key outside of
LTC.

Reviewed-b

core: LTC provide some AES primitives

Provides crypto_aes_expand_enc_key() and crypto_aes_enc_block(). These
functions are needed to avoid exposing the type symmetric_key outside of
LTC.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: AES-GCM: import table based GF-mult

Imports table based GF multiplication from mbed TLS.

Sets CFG_AES_GCM_TABLE_BASED to default y unless CFG_CRYPTO_WITH_CE is
y, then CFG_AES_GCM_TABLE_BASED

core: AES-GCM: import table based GF-mult

Imports table based GF multiplication from mbed TLS.

Sets CFG_AES_GCM_TABLE_BASED to default y unless CFG_CRYPTO_WITH_CE is
y, then CFG_AES_GCM_TABLE_BASED forced n.

With tables performance is on HiKey960 (CFG_CRYPTO_WITH_CE=n):
xtest --aes-perf -m GCM
(CFG_AES_GCM_TABLE_BASED=n)
min=69.27us max=86.458us mean=70.5695us stddev=0.955826us (cv 1.35445%) (13.8383MiB/s)
(CFG_AES_GCM_TABLE_BASED=y)
min=41.666us max=53.646us mean=42.138us stddev=0.621345us (cv 1.47455%) (23.1753MiB/s)

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm32: enable NEON with .fpu directive rather than compile flag

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU CF

core: arm32: enable NEON with .fpu directive rather than compile flag

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU CFG_WITH_VFP=y)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960 AArch32 {,pager})
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Remove useless .section directive

The FUNC macro has a .section so any previous occurrence is useless.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jen

Remove useless .section directive

The FUNC macro has a .section so any previous occurrence is useless.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Use -mfpu-neon for assembly files in TEE core only

Some platforms set arm32-platform-aflags += -mfpu-neon, which causes
NEON to be selected when building any assembly files. TEE core, user-mode
libr

Use -mfpu-neon for assembly files in TEE core only

Some platforms set arm32-platform-aflags += -mfpu-neon, which causes
NEON to be selected when building any assembly files. TEE core, user-mode
libraries and TAs are all affected by this setting.

This is most likely incorrect because user-mode libraries do not use
NEON instructions (only some core files do). And, it does not make much
sense to set it by default for TAs either.

So, core_arm32-platform-aflags should be set instead.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Documentation: update description of platform conf.mk

The content of plat-xxx/conf.mk has changed a bit since the
documentation was written. Therefore, remove the inline example,
explain the main th

Documentation: update description of platform conf.mk

The content of plat-xxx/conf.mk has changed a bit since the
documentation was written. Therefore, remove the inline example,
explain the main things that should appear in conf.mk, and link
to an example (plat-hikey/conf.mk).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

docs: add status icons indicating supported platforms

This adds a set of new icons (svg-files) used to tell the current status
of platforms that are officially supported in OP-TEE (found in
README.m

docs: add status icons indicating supported platforms

This adds a set of new icons (svg-files) used to tell the current status
of platforms that are officially supported in OP-TEE (found in
README.md). Green means that they are up-to-date and has been tested
on the latest OP-TEE release. Orange means that it was not tested on the
latest release and red are the ones who has not been tested for quite a
while (for the red ones we are also adding the last known release they
where tested against).

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: se: fix potential use after free

The freed `proxy` will be used again on the incremental part of the for
loop, it leaves potential risk of UAF crashing, replace `TAILQ_FOREACH()`
with `TAILQ_F

core: se: fix potential use after free

The freed `proxy` will be used again on the incremental part of the for
loop, it leaves potential risk of UAF crashing, replace `TAILQ_FOREACH()`
with `TAILQ_FOREACH_SAFE()` to avoid second use of freed memory.

Fixes: https://github.com/OP-TEE/optee_os/issues/1965
Signed-off-by: Alex CHEN <viennadd@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: add 'se:' to subject, don't capitalize "use", capitalize 'Fixes:']
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: drivers: imx_wdog: fix register access

The registers's base address are 16bits aligned, so read32/write32
should be replaced with read16/write16.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Ac

core: drivers: imx_wdog: fix register access

The registers's base address are 16bits aligned, so read32/write32
should be replaced with read16/write16.

Signed-off-by: Peng Fan <peng.fan@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libfdt: fix undefined behaviour in fdt_offset_ptr()

Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").

Using pointer arithmetic to generate a pointer outside a kn

libfdt: fix undefined behaviour in fdt_offset_ptr()

Upstream commit d0b3ab0a0f46 ("libfdt: Fix undefined behaviour in
fdt_offset_ptr()").

Using pointer arithmetic to generate a pointer outside a known object is,
technically, undefined behaviour in C. Unfortunately, we were using that
in fdt_offset_ptr() to detect overflows.

To fix this we need to do our bounds / overflow checking on the offsets
before constructing pointers from them.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/1967
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix potential double free in ta_open()

ta_open() relies on the local variable shdr to be NULL unless it's a valid
pointer. alloc_and_copy_shdr() can in one code path update shdr and then
free

core: fix potential double free in ta_open()

ta_open() relies on the local variable shdr to be NULL unless it's a valid
pointer. alloc_and_copy_shdr() can in one code path update shdr and then
free it before returning.

The fix is in alloc_and_copy_shdr() to only set the returned shdr once
the pointer is to be returned.

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/1968
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

tee_fs_rpc_opendir(): avoid potential memory leak after early return

Fixes: https://github.com/OP-TEE/optee_os/issues/1960
Signed-off-by: Alex CHEN <viennadd@gmail.com>
Reviewed-by: Jerome Forissier

tee_fs_rpc_opendir(): avoid potential memory leak after early return

Fixes: https://github.com/OP-TEE/optee_os/issues/1960
Signed-off-by: Alex CHEN <viennadd@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: ltc: fix double free in dsa_import()

Upstream commit 1e260eeaae43 ("fir coverity finding: dsa_import double
free").

Fixes: https://github.com/OP-TEE/optee_os/issues/1962
Signed-off-by: Jerome

core: ltc: fix double free in dsa_import()

Upstream commit 1e260eeaae43 ("fir coverity finding: dsa_import double
free").

Fixes: https://github.com/OP-TEE/optee_os/issues/1962
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: GET_OS_REVISION: return SHA1 of current Git commit

When processing an OPTEE_SMC_CALL_GET_OS_REVISION request, return the
abbreviated SHA1 of the current Git commit as the third parameter (a2).

core: GET_OS_REVISION: return SHA1 of current Git commit

When processing an OPTEE_SMC_CALL_GET_OS_REVISION request, return the
abbreviated SHA1 of the current Git commit as the third parameter (a2).

If the SHA1 cannot be determined or CFG_OS_REV_REPORTS_GIT_SHA1 is
disabled, set a2 to zero meaning "not specified".

This allows the TEE driver to report more precise information about the
TEE at probe time.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: GET_OS_REVISION: document a2 as a build identifier

In the OPTEE_SMC_CALL_GET_OS_REVISION request, the previously reserved
parameter a2 is now documented as being an optional build identif

core: arm: GET_OS_REVISION: document a2 as a build identifier

In the OPTEE_SMC_CALL_GET_OS_REVISION request, the previously reserved
parameter a2 is now documented as being an optional build identifier
(such as an SCM revision or commit ID, for instance).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-marvell: Add initial support for ARMADA3700

Only test 64bit mode with default configuration

1. Build command
make PLATFORM=marvell-armada3700
2. Pass xtest

Signed-off-by: wangwen <wangwen

plat-marvell: Add initial support for ARMADA3700

Only test 64bit mode with default configuration

1. Build command
make PLATFORM=marvell-armada3700
2. Pass xtest

Signed-off-by: wangwen <wangwen@marvell.comi>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Kevin Peng <kevinp@marvell.com>

show more ...

mem_usage.py: fix error with ccache

Fix the following error:

make mem_usage CROSS_COMPILE="ccache arm-linux-gnueabihf-"
...
GEN out/arm-plat-vexpress/core/tee.mem_usage
Traceback (most recent

mem_usage.py: fix error with ccache

Fix the following error:

make mem_usage CROSS_COMPILE="ccache arm-linux-gnueabihf-"
...
GEN out/arm-plat-vexpress/core/tee.mem_usage
Traceback (most recent call last):
File "./scripts/mem_usage.py", line 162, in <module>
main()
File "./scripts/mem_usage.py", line 94, in main
universal_newlines=True)
File "/usr/lib/python3.5/subprocess.py", line 947, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.5/subprocess.py", line 1551, in _execute_child
raise child_exception_type(errno_num, err_msg)
FileNotFoundError: [Errno 2] No such file or directory: 'ccache arm-linux-gnueabihf-readelf'
core/arch/arm/kernel/link.mk:255: recipe for target 'out/arm-plat-vexpress/core/tee.mem_usage' failed
make: *** [out/arm-plat-vexpress/core/tee.mem_usage] Error 1

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta_socket: add TA_FLAG_CONCURRENT

Adds flag TA_FLAG_CONCURRENT to PTA socket used by the socket
implementation. This avoids one TA blocking another unrelated TA both
doing socket operations.

core: pta_socket: add TA_FLAG_CONCURRENT

Adds flag TA_FLAG_CONCURRENT to PTA socket used by the socket
implementation. This avoids one TA blocking another unrelated TA both
doing socket operations.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: crypto: fix AES-GCM counter increase

In pmull_gcm_encrypt() and pmull_gcm_decrypt() it was assumed that it's
enough to only increase the least significant 64-bits of the counter fed
to th

core: arm: crypto: fix AES-GCM counter increase

In pmull_gcm_encrypt() and pmull_gcm_decrypt() it was assumed that it's
enough to only increase the least significant 64-bits of the counter fed
to the block cipher. This can hold for 96-bit IVs, but not for IVs of
any other length as the number stored in the least significant 64-bits
of the counter can't be easily predicted.

In this patch pmull_gcm_encrypt() and pmull_gcm_decrypt() are updated to
increase the entire counter, at the same time is the interface changed
to accept the counter in little endian format instead.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, Hikey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: crypto: add new AES-GCM implementation

Adds a new AES-GCM implementation optimized for hardware acceleration.

This implementation is enabled by default, to use the implementation in
libTomCry

core: crypto: add new AES-GCM implementation

Adds a new AES-GCM implementation optimized for hardware acceleration.

This implementation is enabled by default, to use the implementation in
libTomCrypt instead set CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB=y.

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB

Adds CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB which if y will enable AES-GCM in
the crypto library and use that as the implementation used by
crypto_authen_*() f

core: add CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB

Adds CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB which if y will enable AES-GCM in
the crypto library and use that as the implementation used by
crypto_authen_*() functions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add core/crypto.mk with CFG_CRYPTO* flags

Moves CFG_CRYPTO* and _CFG_CRYPTO flags in core/lib/libtomcrypt/sub.mk
to core/crypto.mk.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Si

core: add core/crypto.mk with CFG_CRYPTO* flags

Moves CFG_CRYPTO* and _CFG_CRYPTO flags in core/lib/libtomcrypt/sub.mk
to core/crypto.mk.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: Juno: CFG_HWSUPP_PMULL=y

Takes full advantage of LTC GHASH acceleration by using the pmull
instruction.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens W

plat-vexpress: Juno: CFG_HWSUPP_PMULL=y

Takes full advantage of LTC GHASH acceleration by using the pmull
instruction.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

hikey{,960}: CFG_HWSUPP_PMULL=y

Takes full advantage of LTC GHASH acceleration by using the pmull
instruction.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander

hikey{,960}: CFG_HWSUPP_PMULL=y

Takes full advantage of LTC GHASH acceleration by using the pmull
instruction.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...