ltc: Enable RSA_CRT_HARDENING and RSA_CRT_BLINDING

Enable the hardening flags by default. This should make it robust to the
Bellcore attack when using RSA with CRT.

Fixes: OP-TEE-2016-0003 which wa

ltc: Enable RSA_CRT_HARDENING and RSA_CRT_BLINDING

Enable the hardening flags by default. This should make it robust to the
Bellcore attack when using RSA with CRT.

Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand()
function, which isn't implemented for the mpa_desc descriptor. Implement
it as rand() in mpa_d

ltc: Implement mp_rand for mpa_desc

When enabling the flag LTC_RSA_BLINDING the code uses the mp_rand()
function, which isn't implemented for the mpa_desc descriptor. Implement
it as rand() in mpa_desc and mpa_get_random_digits() in libmpa.

Fixes: OP-TEE-2016-0003 which was reported by Applus+ Laboratories.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: fix formatting related to exptmod

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@lin

ltc: fix formatting related to exptmod

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

ltc: remove LTC_LINARO_FIX_RSAWITHOUTCRT

LTC_LINARO_FIX_RSAWITHOUTCRT is used to handle the case where the CRT
optimized algorithm cannot be used because the optimized parameters are
missing. In the

ltc: remove LTC_LINARO_FIX_RSAWITHOUTCRT

LTC_LINARO_FIX_RSAWITHOUTCRT is used to handle the case where the CRT
optimized algorithm cannot be used because the optimized parameters are
missing. In the official LibTomCrypt tree, there is an official fix for
this.

Please see commits (official LibTomCrypt tree):
01f184540232 ("harden RSA CRT by implementing the proposed
countermeasure from ch. 1.3 of [1]")
a6e89d58d4fb ("RSA in CRT optimization parameters are empty")
2bb3f0246f65 ("RSA in case CRT optimization parameters are not
populated")

Those patches were brought into OP-TEE with this patch
a50cb361d9e5 ("ltc: sync from official develop branch")

And therefore there is no need to keep the LTC_LINARO_FIX_RSAWITHOUTCRT
any longer, hence this patch removes the flag and the code related to
that particular flag.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260, GP)

show more ...

core: fix listing of init resources in linker file

Fix the missing space character to separate entries at generation of
init_entries.txt file. This file content is used as an argument list
string fo

core: fix listing of init resources in linker file

Fix the missing space character to separate entries at generation of
init_entries.txt file. This file content is used as an argument list
string for the linker tool.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

msg_param.h: add `const` qualifier for read-only functions

msg_param_get_buf_size() and msg_param_attr_is_tmem() only read
from their parameter, so that parameter can be declared as `const`

Signed

msg_param.h: add `const` qualifier for read-only functions

msg_param_get_buf_size() and msg_param_attr_is_tmem() only read
from their parameter, so that parameter can be declared as `const`

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

mobj: mobj_reg_shm: fix bug in offset calculation

Wrong variable was used to calculate offset.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@

mobj: mobj_reg_shm: fix bug in offset calculation

Wrong variable was used to calculate offset.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: clarify end of static mapping table

Move remaining code relying on null size value for detecting end
of static mapping table with a test on type value. This is made
consistent between lpae and

core: clarify end of static mapping table

Move remaining code relying on null size value for detecting end
of static mapping table with a test on type value. This is made
consistent between lpae and non-lpae implementations.

Rename MEM_AREA_NOTYPE into MEM_AREA_END as it is dedicated to this
specific purpose.

Faulty core_mmu_get_type_by_pa() can return MEM_AREA_MAXTYPE on invalid
cases.

Add a comment highlighting null sized entry are not filled in the static
mapping directives table.

Forgive the trick on level_index_m'sk to fit in the 80 chars/line.

Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-sunxi: provide .bss section initialization before usage

BSS initialization is executed AFTER the initialization of the
MMU table (global variable array "static_memory_map[]"), so
the table is o

plat-sunxi: provide .bss section initialization before usage

BSS initialization is executed AFTER the initialization of the
MMU table (global variable array "static_memory_map[]"), so
the table is overwritten.
Change this so that BSS initialization executes BEFORE
static_memory_map[] is initialized by core_init_mmu_map().

Signed-off-by: Victor Signaevskyi <piligrim2007@meta.ua>
Fixes: https://github.com/OP-TEE/optee_os/issues/1607
Fixes: 236601217f7e ("core: remove __early_bss")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: minor edits to the commit message, add Fixes:]
Signed-off-by: Jerome Forissier <jeorme.forissier@linaro.org>

show more ...

benchmark: add initial documentation

Add initial benchmark framework documentation. Describe implementation
details, usage, current limitations and further steps (what features should be
added in th

benchmark: add initial documentation

Add initial benchmark framework documentation. Describe implementation
details, usage, current limitations and further steps (what features should be
added in the nearest future)

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>

show more ...

plat-ti: Reserve first page of SRAM for secure boot software

The first 4KB of SRAM is used by the initial secure software and
OP-TEE should not be loaded to this address. Adjust the TEE_LOAD_ADDR
to

plat-ti: Reserve first page of SRAM for secure boot software

The first 4KB of SRAM is used by the initial secure software and
OP-TEE should not be loaded to this address. Adjust the TEE_LOAD_ADDR
to reflect this.

Signed-off-by: Andrew F. Davis <afd@ti.com>

show more ...

core: fix core_init_mmu_tables() loop

Fixes the terminating condition of the for loop in
core_init_mmu_tables() to rely on mm[n].type instead of mm[n].size.

Fixes: https://github.com/OP-TEE/issue/1

core: fix core_init_mmu_tables() loop

Fixes the terminating condition of the for loop in
core_init_mmu_tables() to rely on mm[n].type instead of mm[n].size.

Fixes: https://github.com/OP-TEE/issue/1602
Signed-off-by: Victor Signaevskyi <piligrim2007@meta.ua>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jf: wrap commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: use mobjs for all shared buffers

To ease usage of REE-originated shared memory, all code that uses shared
buffer is moved to mobjs. That means that TA loader, fs_rpc, sockets, etc
all use mobj

core: use mobjs for all shared buffers

To ease usage of REE-originated shared memory, all code that uses shared
buffer is moved to mobjs. That means that TA loader, fs_rpc, sockets, etc
all use mobjs to represent shared buffers instead of simple paddr_t.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

mobj: added new mobj type: mobj_shm

mobj_shm represents buffer in predefined SHM region.
It can be used to pass allocated shm regions instead of [paddr,size] pair.

Signed-off-by: Volodymyr Babchuk

mobj: added new mobj type: mobj_shm

mobj_shm represents buffer in predefined SHM region.
It can be used to pass allocated shm regions instead of [paddr,size] pair.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

msg_param: add msg_param.c with helper functions

This patch adds various helper functions to manipulate with parameters
passed to/from normal world.

Also it introduces new optee_param type which is

msg_param: add msg_param.c with helper functions

This patch adds various helper functions to manipulate with parameters
passed to/from normal world.

Also it introduces new optee_param type which is used to pass long
lists of parameters.

Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Hikey)

show more ...

trace.c: show file/line info for flow, debug and error messages

Since commit f4aa5b11f9a3 ("Update trace format to be less verbose in
INFO and ERROR levels"), INFO and ERROR messages don't show sour

trace.c: show file/line info for flow, debug and error messages

Since commit f4aa5b11f9a3 ("Update trace format to be less verbose in
INFO and ERROR levels"), INFO and ERROR messages don't show source file
and line information by default, while message with lower severity
(DEBUG and FLOW) do contain such information. While it is OK for INFO,
it turns out to be inconvenient for ERRORs during development, because
one typically wants to be able to quickly locate the source of errors.
This patch fixes the problem by introducing a mask rather than a level
to control the long output format. This allows individual selection of
which level should use a long vs. short format.
The compile-time setting CFG_MSG_LONG_PREFIX_THRESHOLD is replaced by
CFG_MSG_LONG_PREFIX_MASK with default value 0x1a (= BIT(TRACE_ERROR) |
BIT(TRACE_DEBUG) | BIT(TRACE_FLOW)).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-d02: Use LPAE, increase pager TZSRAM size to 512K and TEE_RAM to 2M

Fixes a boot error when CFG_WITH_PAGER=y:

INFO: TEE-CORE:
INFO: TEE-CORE: Pager is enabled. Hashes: 512 bytes
INFO:

plat-d02: Use LPAE, increase pager TZSRAM size to 512K and TEE_RAM to 2M

Fixes a boot error when CFG_WITH_PAGER=y:

INFO: TEE-CORE:
INFO: TEE-CORE: Pager is enabled. Hashes: 512 bytes
INFO: TEE-CORE: OP-TEE version: 2.4.0-136-g4ec2358 #25 Tue Jun 13 13:32:21 UTC 2017 arm
INFO: TEE-CORE: Shared memory address range: 50500000, 50f00000
ERROR: TEE-CORE: Panic at core/lib/libtomcrypt/src/tee_ltc_provider.c:500 <get_mpa_scratch_memory_pool>

Panic occurs because tee_pager_alloc() fails to allocate memory from
tee_mm_vcore. Fix this by increasing CFG_TEE_RAM_VA_SIZE from 1 to
2 MiB. This implies to enable LPAE, otherwise the TEE core panics with:

ERROR: TEE-CORE: Panic 'Unsupported page size in translation table' at core/arch/arm/mm/tee_pager.c:219 <set_alias_area>

Finally, CFG_CORE_TZSRAM_EMUL_SIZE has to be increased to at least
416 KiB to avoid:

LD out/arm-plat-d02/core/tee.elf
/usr/bin/arm-linux-gnueabihf-ld: OP-TEE can't fit init part into available physical memory

We choose 512 KiB because smaller values cause horrible performance.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

plat-hikey: enable 64-bit paging

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

travis: compile QEMU v8 with CFG_WITH_PAGER=y

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

plat-vexpress: enable 64-bit paging

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (Hikey GP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno AArch64)
Tested-by: Jens Wiklande

plat-vexpress: enable 64-bit paging

Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (Hikey GP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno AArch64)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP AArch64)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU AArch64)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: increase emulated SRAM

Increases emulated TrustZone protected SRAM to 448 kB to increase
the pager performance especially for 64-bit mode.

Reviewed-by: Etienne Carriere <etienne.carriere

core: arm: increase emulated SRAM

Increases emulated TrustZone protected SRAM to 448 kB to increase
the pager performance especially for 64-bit mode.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: update 64-bit copy_init from 32-bit version

Updates the copy_init part in generic_entry_a64.S from
generic_entry_a32.S

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-b

core: update 64-bit copy_init from 32-bit version

Updates the copy_init part in generic_entry_a64.S from
generic_entry_a32.S

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: 64-bit update release_unused_kernel_stack()

release_unused_kernel_stack() is called when the pager is enabled when
the state of a thread is saved in order to release unused stack pages.

Updat

core: 64-bit update release_unused_kernel_stack()

release_unused_kernel_stack() is called when the pager is enabled when
the state of a thread is saved in order to release unused stack pages.

Update release_unused_kernel_stack() for 64-bit mode.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix tee_pager_release_phys()

Fixes the case where less than a page is to be released by ignoring the
request.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jen

core: bugfix tee_pager_release_phys()

Fixes the case where less than a page is to be released by ignoring the
request.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: link script: .bss alignment

.bss may need a larger alignment than 8. Instead of trying to guess let
the linker chose it and to avoid having an unaccounted hole before .bss
set __data_end first

core: link script: .bss alignment

.bss may need a larger alignment than 8. Instead of trying to guess let
the linker chose it and to avoid having an unaccounted hole before .bss
set __data_end first thing inside the .bss section. This makes sure that
the data section is properly padded out when assembling a paged tee.bin.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...