LTC: add GHASH acceleration

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: import GHASH acceleration routines

Imports assembly code for accelerated GHASH computations and provides an
interface for using these low level functions.

The assembly code relies on features

core: import GHASH acceleration routines

Imports assembly code for accelerated GHASH computations and provides an
interface for using these low level functions.

The assembly code relies on features now available in all ARM cores. No
assembly code is enabled at all unless CFG_CRYPTO_WITH_CE = y. Code
using the PMULL/PMULL2 instruction is enabled with CFG_HWSUPP_PMULL = y.

The assembly code is written by Ard Biesheuvel
<ard.biesheuvel@linaro.org> and modified slightly here to fit better
into OP-TEE.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: io.h: add {get,put}_be{16,32,64}()

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: arm64: add mov_imm assembly macro

Implement a macro mov_imm that can be used to move an immediate constant
into a 64-bit register, using between 2 and 4 movz/movk instructions
(depending on th

core: arm64: add mov_imm assembly macro

Implement a macro mov_imm that can be used to move an immediate constant
into a 64-bit register, using between 2 and 4 movz/movk instructions
(depending on the operand)

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add pager options to mem_usage.py

Adds options to report the size of the init, paged and unpaged areas
in pager builds (CFG_WITH_PAGER=y). This is helpful to monitor the
evolution of the code size,

Add pager options to mem_usage.py

Adds options to report the size of the init, paged and unpaged areas
in pager builds (CFG_WITH_PAGER=y). This is helpful to monitor the
evolution of the code size, and identify issues such as when useless
functions get pulled into the unpaged area by mistake.
For instance, here is what we can get with 'mem_usage.py -nUr' and a
few lines of script (shows changes in the size of unpaged code and
data for a non-debug qemu_virt build since 2.5.0):

2.5.0 67600
2.5.0-2-g0b8e6e78 67632 +32 core: abort: fix get_fault_type()
2.5.0-11-g87d96185 67728 +96 core: pager: avoid page faults with pager lock held
2.5.0-37-g0073c9a8 67792 +64 core: pager: optimize tee_pager_handle_fault()
2.5.0-40-g935ac3ec 67888 +96 core: arm32: handle aborts in system mode
2.5.0-53-g2e4e94bf 67920 +32 core: default enable program flow prediction on ARMv7 cores
2.5.0-57-ge84e1fec 67704 -216 core: clean and unwind arm32_aeabi_[l]divmod_a32.S
2.5.0-63-g23346f16 67736 +32 Add support for several user TA stores
2.5.0-76-gb2087a20 67608 -128 core: pager: deal with large CFG_TEE_RAM_VA_SIZE
2.5.0-77-g00aa47a4 67688 +80 core: plat-vexpress: increase CFG_TEE_RAM_VA_SIZE
2.5.0-112-g86e50a60 67696 +8 core: arm: psci: add suspend resume common functions
2.5.0-120-g13b3ee90 67768 +72 core: print rwx flags for each MMU region when a user TA aborts
2.5.0-122-ge61644fb 83408 +15640 core: make reset_secondary() unpaged
2.5.0-123-g1506eb6f 83424 +16 core: plat-vexpress: init gic on secondary cores
2.5.0-124-ge2b68c87 91368 +7944 core: plat-vextpress-qemu_virt: update num cores
2.5.0-126-g5402a9fe 92808 +1440 qemu_virt: enable smp boot
2.5.0-132-gda51216b 92840 +32 dts: pass PA of reserved region
2.5.0-173-gb4121bfb 92848 +8 pl011: prevent putc() and flush() function from blocking indefinitely
2.5.0-176-g55d6853c 92912 +64 core: add registered shared memory support
2.5.0-182-g93d3c451 163936 +71024 core: pager: ltc: prng: add entropy to the AE key for paged TAs
2.5.0-202-ga71af55e 163984 +48 core: mobj: add mobj_get_phys_offs()
2.5.0-203-g5c7a19bb 163968 -16 core: mobj: remove double physical offset
2.5.0-205-g430dcbd8 163944 -24 core: reimplement mobj_mapped_shm_alloc()
2.5.0-208-gbbed97b6 163976 +32 core:mmu: fix userland va2pa conversion
2.5.0-209-g42d91b4b 164040 +64 core:mmu: fix userland pa2va conversion
2.6.0-rc1-1-gb6449075 164136 +96 thread.c: free rpc arg mobj during cache disabling
2.6.0-7-g8473540d 77144 -86992 Keep assembly functions in separate sections
2.6.0-8-g64113fca 77112 -32 core: arm32: replace _start with reset() function
2.6.0-9-g486754e8 77176 +64 core: arm32: reset_secondary() set reset vector

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Rewrite mem_usage.awk in Python

Rewrite the memory usage script in Python. No functional change, except
that the script now takes tee.elf as an argument instead of processing
the output of readelf.

Rewrite mem_usage.awk in Python

Rewrite the memory usage script in Python. No functional change, except
that the script now takes tee.elf as an argument instead of processing
the output of readelf. The makefile (make mem_usage) is adjusted
accordingly.

This makes the script shorter and easier to call, and it is now
possible to add command line options.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: avoid warning in wq_wake_next()

avoid:
core/arch/arm/kernel/wait_queue.c: In function 'wq_wake_next':
core/arch/arm/kernel/wait_queue.c:155:7: error: 'wake_read' may be used uninitialized in t

core: avoid warning in wq_wake_next()

avoid:
core/arch/arm/kernel/wait_queue.c: In function 'wq_wake_next':
core/arch/arm/kernel/wait_queue.c:155:7: error: 'wake_read' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (wqe->wait_read != wake_read)

When building with gcc 5.3.1

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pta: add PTA_INVOKE_TESTS_CMD_MUTEX

Adds test functions PTA_INVOKE_TESTS_CMD_MUTEX the invoke tests PTA
(PTA_INVOKE_TESTS_UUID). The PTA_INVOKE_TESTS_CMD_MUTEX function is used
to test in part

core: pta: add PTA_INVOKE_TESTS_CMD_MUTEX

Adds test functions PTA_INVOKE_TESTS_CMD_MUTEX the invoke tests PTA
(PTA_INVOKE_TESTS_UUID). The PTA_INVOKE_TESTS_CMD_MUTEX function is used
to test in particular read and write mutex, but also mutex over all.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: extend mutex to support read locks

Extends mutex implementation to support read locks in addition to the
default lock which has write lock semantics.

With read locks multiple threads can simu

core: extend mutex to support read locks

Extends mutex implementation to support read locks in addition to the
default lock which has write lock semantics.

With read locks multiple threads can simultaneously acquire a read lock,
typically used for read only access to a shared resource.

The default mutex_lock behaves as a write lock with only a single thread
at a time able to acquire the write lock, typically used for exclusive
access to a shared resource.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: allow multithreaded pseudo TAs

Introduces TA_FLAG_CONCURRENT valid for pseudo TAs only which allows
concurrent execution of the TA.

With this change a pseudo TA configured with TA_FLAG_CONCUR

core: allow multithreaded pseudo TAs

Introduces TA_FLAG_CONCURRENT valid for pseudo TAs only which allows
concurrent execution of the TA.

With this change a pseudo TA configured with TA_FLAG_CONCURRENT would
accept multiple sessions where each can be used concurrently with the
other sessions.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: .shippable.yml: disable parallel build

We get random build failures with Shippable CI. First kind is [1]:

/bin/bash: out/arm-plat-imx/conf.mk.tmp: No such file or directory
core/core.mk:69: r

ci: .shippable.yml: disable parallel build

We get random build failures with Shippable CI. First kind is [1]:

/bin/bash: out/arm-plat-imx/conf.mk.tmp: No such file or directory
core/core.mk:69: recipe for target 'out/arm-plat-imx/conf.mk' failed
make: *** [out/arm-plat-imx/conf.mk] Error 1
make: *** Waiting for unfinished jobs....

Second kind is [2]:

mkdir: cannot create directory 'out/arm-plat-ti/core': No such file or directory
mk/subdir.mk:151: recipe for target 'out/arm-plat-ti/core/ta_pub_key.c' failed
make: *** [out/arm-plat-ti/core/ta_pub_key.c] Error 1
make: *** Waiting for unfinished jobs....

Sometimes both bash and mkdir fail with 'No such file or directory' [3]

I cannot see any mistake in our Makefile or anything that could explain
these errors. I have opened a support request with Shippable [4].

In the mean time, let's disable the parallel build (make -jN) since I
could not reproduce the issue with a purely sequential build. Hopefully
it will not slow things down too much (we already need a reasonably
up-to-date cache anyway).

Link: [1] https://app.shippable.com/github/OP-TEE/optee_os/runs/347/1/console
Link: [2] https://app.shippable.com/github/OP-TEE/optee_os/runs/332/1/console
Link: [3] https://app.shippable.com/github/OP-TEE/optee_os/runs/342/1/console
Link: [4] https://github.com/Shippable/support/issues 3953
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

optee: use correct type to hold exceptions state

cpu_spin_lock_xsave() returns exceptions state in uin32_t, not
in unsigned int.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-b

optee: use correct type to hold exceptions state

cpu_spin_lock_xsave() returns exceptions state in uin32_t, not
in unsigned int.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-ls: Add support for armv8 platform flavour

Added support for armv8 platform flavour.
- PLATFORM = ls-ls1012ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Sumit Garg <sum

plat-ls: Add support for armv8 platform flavour

Added support for armv8 platform flavour.
- PLATFORM = ls-ls1012ardb

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Reviewed-by: Sumit Garg <sumit.garg@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pager can use memory between SRAM start and core load address

If core is loaded some 4kB pages above the start of the physical
internal ram, some 4kB memory block will not be used by the pager

core: pager can use memory between SRAM start and core load address

If core is loaded some 4kB pages above the start of the physical
internal ram, some 4kB memory block will not be used by the pager.

This situation can occur if the beginning of the internal ram is
used by a bootloader. Bootloader must load op-tee above its own
used memory. Such bootloader memory is freely available to op-tee
core (pager).

This change adds the physical memory between TEE RAM base address
and the op-tee entry point address to the pager page pool. This
change also default maps this area so that pager identifies physical
pages as valid page addresses.

This changes fixes the plat-vexpress against CFG_TEE_RAM_START being
different from CFG_TEE_LOAD_ADDR.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

ci: .shippable.yml: enable RPMB FS during "make check"

For better test coverage, run xtest in QEMU with RPMB FS enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens

ci: .shippable.yml: enable RPMB FS during "make check"

For better test coverage, run xtest in QEMU with RPMB FS enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: fix asan build error

Fixes the build error:
kern.ld:153: undefined symbol `__asan_shadow_start' referenced in expression

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, G

core: fix asan build error

Fixes the build error:
kern.ld:153: undefined symbol `__asan_shadow_start' referenced in expression

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, GP)
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Documentation: sync with new crypto.h

Update documentation of the Crypto API with the new <crypto/crypto.h>
replacing the old crypto_ops based API.

Acked-by: Jerome Forissier <jerome.forissier@lina

Documentation: sync with new crypto.h

Update documentation of the Crypto API with the new <crypto/crypto.h>
replacing the old crypto_ops based API.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: move crypto_authenc_*() from LTC

* Moves crypto_authenc_*() from LTC to core/crypto/crypto.c
* Defines <crypto/aes-gcm.h> and <crypto/aes-ccm.h> and
implements the functions in
core/lib/li

core: move crypto_authenc_*() from LTC

* Moves crypto_authenc_*() from LTC to core/crypto/crypto.c
* Defines <crypto/aes-gcm.h> and <crypto/aes-ccm.h> and
implements the functions in
core/lib/libtomcrypt/src/tee_ltc_provider.c based on the
old implementations of crypto_authenc_*().

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere

core: rename to <crypto/crypto.h>

Renames core/include/tee/tee_cryp_provider.h to
core/include/crypto/crypto.h

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove struct crypto_ops

Removes struct crypto_ops and adds crypto_init()

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

core: remove struct crypto_ops

Removes struct crypto_ops and adds crypto_init()

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct acipher_ops with function interface

Adds crypto_acipher_*() replacing struct acipher_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

Replace struct acipher_ops with function interface

Adds crypto_acipher_*() replacing struct acipher_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct bignum_ops with function interface

Adds crypto_bignum_*() replacing struct bignum_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Car

Replace struct bignum_ops with function interface

Adds crypto_bignum_*() replacing struct bignum_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct authenc_ops with function interface

Adds crypto_authenc_*() replacing struct authenc_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne

Replace struct authenc_ops with function interface

Adds crypto_authenc_*() replacing struct authenc_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerom

Replace struct mac_ops with function interface

Adds mac_cipher_get_ctx_size(), mac_cipher_init(), mac_cipher_update()
and mac_cipher_final() replacing struct mac_ops in crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing

Replace struct cipher_ops with function interface

Adds crypto_cipher_get_ctx_size(), crypto_cipher_init(),
crypto_cipher_update(), crypto_cipher_final() and
crypto_cipher_get_block_size() replacing struct cipher_ops in
crypto_ops.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...