core: mobj: add mobj_get_phys_offs()

Adds mobj_get_phys_offs() which returns the physical offset into the
first physical page/section of a MOBJ.

Reviewed-by: Etienne Carriere <etienne.carriere@lina

core: mobj: add mobj_get_phys_offs()

Adds mobj_get_phys_offs() which returns the physical offset into the
first physical page/section of a MOBJ.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add Marvell platform with initial support for ARMADA A7K & A8K

Only tested 64-bit mode with default configurations:

1. build command
make PLATFORM=marvell-armada7080 CFG_ARM64_core=y
2. Passed

Add Marvell platform with initial support for ARMADA A7K & A8K

Only tested 64-bit mode with default configurations:

1. build command
make PLATFORM=marvell-armada7080 CFG_ARM64_core=y
2. Passed xtest

Signed-off-by: Kevin Peng <kevinp@marvell.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Util: add ASM version ROUNDDOWN and ROUNDUP definitions

Add ROUNDDOWN and ROUNDUP definitions for ASM version which are
different from C versions

Signed-off-by: Kevin Peng <kevinp@marvell.com>
Revi

Util: add ASM version ROUNDDOWN and ROUNDUP definitions

Add ROUNDDOWN and ROUNDUP definitions for ASM version which are
different from C versions

Signed-off-by: Kevin Peng <kevinp@marvell.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

Util: add some useful SIZE definitions

Add some useful SIZE_XX definitions like 4k, 1M, etc...

Signed-off-by: Kevin Peng <kevinp@marvell.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

Util: add some useful SIZE definitions

Add some useful SIZE_XX definitions like 4k, 1M, etc...

Signed-off-by: Kevin Peng <kevinp@marvell.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-stm: support registered shm buffers

CFG_DDR_SECURE_BASE/_SIZE can be used to define the DDR range reserved
to secure side. This can be larger than the TEETZ reserved memory.
If CFG_DDR_SECURE_B

plat-stm: support registered shm buffers

CFG_DDR_SECURE_BASE/_SIZE can be used to define the DDR range reserved
to secure side. This can be larger than the TEETZ reserved memory.
If CFG_DDR_SECURE_BASE/_SIZE is defined, plat-stm registers the
non-secure external memory to support dynamic shm registering.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core:sdp: fix SDP test pseudo-TA against dynamic shm

Physical memory typed CORE_MEM_NSEC_SHM belong to the default
contiguous shm memory. Since dynamic SHM, now non secure memory
reference can be ou

core:sdp: fix SDP test pseudo-TA against dynamic shm

Physical memory typed CORE_MEM_NSEC_SHM belong to the default
contiguous shm memory. Since dynamic SHM, now non secure memory
reference can be outside the default NSEC_SHM, hence check
non secure reference using CORE_MEM_NON_SEC type instead of
CORE_MEM_NSEC_SHM.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rcar: add non-secure DDR configuration

This patch adds non-secure DDR ranges for salvator-h3 and
salvator-m3 boards.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wi

plat-rcar: add non-secure DDR configuration

This patch adds non-secure DDR ranges for salvator-h3 and
salvator-m3 boards.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rcar: add initial support for salvator-m3 board

Prior to this patch OP-TEE was able to run only at salvator-h3 board
(but it worked on salvator-m3 too, only by coincidence).

Signed-off-by: Vol

plat-rcar: add initial support for salvator-m3 board

Prior to this patch OP-TEE was able to run only at salvator-h3 board
(but it worked on salvator-m3 too, only by coincidence).

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-rcar: force CFG_CORE_LARGE_PHYS_ADDR

On RCAR3 platform most of the DRAM is mapped over 4GB, so it needs
LPE enabled with 32-bit builds.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com

plat-rcar: force CFG_CORE_LARGE_PHYS_ADDR

On RCAR3 platform most of the DRAM is mapped over 4GB, so it needs
LPE enabled with 32-bit builds.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

pager: allow TA unwind when cause of unwind is not abort

It is perfectly safe to run the call stack unwinding code on a paged TA
as long as we're not processing an abort. Adjust __abort_print()
acco

pager: allow TA unwind when cause of unwind is not abort

It is perfectly safe to run the call stack unwinding code on a paged TA
as long as we're not processing an abort. Adjust __abort_print()
accordingly.
Prior to this patch, the call stack was missing from TA panics if pager
was enabled.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

plat-vexpress: juno: add missing DRAM1

Defines missing DRAM1 base 0x880000000 size 0x180000000 for Juno.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wik

plat-vexpress: juno: add missing DRAM1

Defines missing DRAM1 base 0x880000000 size 0x180000000 for Juno.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add comment about CFG_UNWIND

Update the comment in the main configuration file to state that
CFG_UNWIND should be disabled in production builds.

Signed-off-by: Jerome Forissier <jerome.forissier@li

Add comment about CFG_UNWIND

Update the comment in the main configuration file to state that
CFG_UNWIND should be disabled in production builds.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-vexpress: fvp: add missing DRAM1

Defines missing DRAM1 base 0x880000000 size 0xa00000000 for FVP.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wi

plat-vexpress: fvp: add missing DRAM1

Defines missing DRAM1 base 0x880000000 size 0xa00000000 for FVP.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add register_phys_mem_ul()

Adds register_phys_mem_ul() which must be used (for compatibility with
CFG_CORE_LARGE_PHYS_ADDR=y) when input address and size is based on
symbols generated in the l

core: add register_phys_mem_ul()

Adds register_phys_mem_ul() which must be used (for compatibility with
CFG_CORE_LARGE_PHYS_ADDR=y) when input address and size is based on
symbols generated in the link script.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: trivial large paddr_t fixes

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

Add CFG_CORE_LARGE_PHYS_ADDR for 64bit paddr_t

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

core: fix gic_init() prototype

Prior to this patch gic_init() incorrectly had paddr_t as type for the
GIC base addresses while the implementation used vaddr_t. The correct
type is vaddr_t which we'r

core: fix gic_init() prototype

Prior to this patch gic_init() incorrectly had paddr_t as type for the
GIC base addresses while the implementation used vaddr_t. The correct
type is vaddr_t which we're changing to here.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: lpae: take nsec DDR ranges into account

Takes nsec DDR ranges into account when setting TCR.PS field.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander

core: lpae: take nsec DDR ranges into account

Takes nsec DDR ranges into account when setting TCR.PS field.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: core.mk: make platform specific link.mk optional

Most platform do not need any special linker targets and so most
just link back to the default. Lets just have core.mk use the default
when a p

core: core.mk: make platform specific link.mk optional

Most platform do not need any special linker targets and so most
just link back to the default. Lets just have core.mk use the default
when a platform does not have this file. Also remove this from the
porting guidelines as it is now optional and only needed for advanced
use.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: link.mk: make platform specific kern.ld.S optional

Most platform do not need any special linker scripting and so most
just link back to the default. Lets just have link.mk use the default
when

core: link.mk: make platform specific kern.ld.S optional

Most platform do not need any special linker scripting and so most
just link back to the default. Lets just have link.mk use the default
when a platform does not have this file. Also remove this from the
porting guidelines as it is now optional and only needed for advanced
use.

Signed-off-by: Andrew F. Davis <afd@ti.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: pager: ltc: prng: add entropy to the AE key for paged TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
pla

core: pager: ltc: prng: add entropy to the AE key for paged TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still
vulnerable, unless they provide an implementation of
plat_prng_add_jitter_entropy_norpc().

Adds some entropy to the PRNG used to generate the AE key for paged
user TAs.

Link: https://op-tee.org/security-advisories/
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

core: ltc: prng: make sure some entropy is used immediately

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platfor

core: ltc: prng: make sure some entropy is used immediately

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still
vulnerable, unless they provide an implementation of
plat_prng_add_jitter_entropy_norpc().

The LibTomCrypt API is not used properly in the current PRNG
initialization code (tee_ltc_prng_init()). We have:

prng->start();
prng->ready();
plat_prng_add_jitter_entropy_norpc();

...and at this point, the PRNG is assumed to be ready to provide random
data through rng->read().

That is broken, because there is no guarantee that the added entropy
will have an immediate effect on the output of rng->read(). In fact, it
usually will NOT. For instance, the default software PRNG used in
OP-TEE (Fortuna) re-seeds its PRNG generator from the entropy pools
only once every ten reads. So we're effectively using an un-seeded
generator for the first ten calls to prng->read(). Practically it means
that the same byte sequences are generated after each boot and, for the
Fortuna PRNG, until the 11th call to the PRNG read function. At the
Internal Core API level, this affects TEE_GenerateRandom() and
TEE_GenerateKey().

The fix is simple: prng->ready() seeds the generator from the pools, so
by moving plat_prng_add_jitter_entropy_norpc() before prng->ready(), we
can ensure that some amount of entropy is used immediately.

Fixes: https://github.com/OP-TEE/optee_os/issues/1730
Link: https://op-tee.org/security-advisories
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

scripts/symbolize.py: reset state when a (new) abort message is found

The symbolize script may not process correctly several dumps in a row.
For instance, if you pipe a TA abort followed by a TEE co

scripts/symbolize.py: reset state when a (new) abort message is found

The symbolize script may not process correctly several dumps in a row.
For instance, if you pipe a TA abort followed by a TEE core abort, the
later is not decoded properly because the script still uses the TA
binary to interpret the core stack. Fix this by resetting the state of
the decoder each time an abort line is encountered.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testi

build: add CFG_DYN_SHM_CAP config variable

This variable can disable reported capability
OPTEE_SMC_SEC_CAP_DYNAMIC_SHM.

But dynamic SHM remains fully operational, though. This can be used
for testing and debugging to emulate system, where dynamic SHM is not
supported.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

entry_std.c: comment fixes in assign_mobj_to_param_mem()

- removed spaces before "?" in comments
- Capitalized first letter in first words

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com

entry_std.c: comment fixes in assign_mobj_to_param_mem()

- removed spaces before "?" in comments
- Capitalized first letter in first words

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...