core: RPMB FS: nullify fops when resetting an enumerator

According to the GP spec, TEE_ResetPersistentObjectEnumerator() "resets
an object enumerator handle to its initial state after allocation".
T

core: RPMB FS: nullify fops when resetting an enumerator

According to the GP spec, TEE_ResetPersistentObjectEnumerator() "resets
an object enumerator handle to its initial state after allocation".
Therefore, syscall_storage_reset_enum() should set e->fops = NULL.

This fixes a regression introduced when the FOP interface was reworked.
I'm not simply reverting the return code from TEE_ERROR_GENERIC back to
TEE_ERROR_ITEM_NOT_FOUND, because the new code makes sense and it is
more sane to properly reset the state of the enumerator.

Consequently, tee_svc_close_enum() is updated to accept e->fops == NULL
which is valid when the enum has just been allocated or reset but not
started. We should not return an error status in this case.

Tested on HiKey using xtest with GP tests (all 3 filesystems: REE, SQL,
RPMB).

Fixes: b86c18ecc7d3 ("core: RPMB FS: prepare for new FOP interface")
Fixes: https://github.com/OP-TEE/optee_os/issues/1332
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: API: add 'const' qualifiers

As per the GlobalPlatform Internal Core API Specification v1.1,
section 3.4 Parameter Annotations: "[...] the [in], [inbuf],
[instring], [instringopt], and [ctx]

libutee: API: add 'const' qualifiers

As per the GlobalPlatform Internal Core API Specification v1.1,
section 3.4 Parameter Annotations: "[...] the [in], [inbuf],
[instring], [instringopt], and [ctx] annotations can make use of the
const C keyword [...] the C header file of a compliant Implementation
SHOULD use the const keyword when these annotations appear."

Note that the TA entry points: TA_OpenSessionEntryPoint(),
TA_CloseSessionEntryPoint() and TA_InvokeCommandEntryPoint() are
unchanged to avoid breaking existing code (not worth it).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: ltc: fix undefined left shift

Fixes left shift out of bounds (undefined behavior) in twoexpt().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens

core: ltc: fix undefined left shift

Fixes left shift out of bounds (undefined behavior) in twoexpt().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libmpa: fix undefined left shift

Fixes left shift out of bounds (undefined behavior) in mpa_shift_right().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander

libmpa: fix undefined left shift

Fixes left shift out of bounds (undefined behavior) in mpa_shift_right().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix tee_uuid_from_octets()

Fixes undefined behavior (shift out of bounds) in tee_uuid_from_octets().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wikland

core: bugfix tee_uuid_from_octets()

Fixes undefined behavior (shift out of bounds) in tee_uuid_from_octets().

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: preserve error code when calling TEE_Panic()

On many occasions, libutee calls TEE_Panic(0) to kill a TA. When an
error status from a lower layer is available, it is much more helpful
to pas

libutee: preserve error code when calling TEE_Panic()

On many occasions, libutee calls TEE_Panic(0) to kill a TA. When an
error status from a lower layer is available, it is much more helpful
to pass it instead of zero, because the code is shown in the debug
traces.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: AES CTS fix

Ad-hoc fix for regressions introduced by [1].
Tested on HiKey using latest optee_test including GlobalPlatform tests
(32/64-bit TEE core, 32/64-bit libutee, with/without ARMv8 C

libutee: AES CTS fix

Ad-hoc fix for regressions introduced by [1].
Tested on HiKey using latest optee_test including GlobalPlatform tests
(32/64-bit TEE core, 32/64-bit libutee, with/without ARMv8 CE
acceleration).

Fixes: b1ecda78bab4 ("libutee: fix off-by-one error in tee_buffer_update()") [1]
Fixes: https://github.com/OP-TEE/optee_os/issues/1305
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

RPMB: fix tee_rpmb_free()

Don't call thread_rpc_free_payload() unless thread_rpc_alloc_payload()
was successful, which is when the physical address is non-zero.

Fixes: https://github.com/OP-TEE/opt

RPMB: fix tee_rpmb_free()

Don't call thread_rpc_free_payload() unless thread_rpc_alloc_payload()
was successful, which is when the physical address is non-zero.

Fixes: https://github.com/OP-TEE/optee_os/issues/1319
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Travis: add compile tests for gprof

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Add documentation for gprof support

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG

Add support for user TA profiling with gprof (-pg)

Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG_TA_GPROF_SUPPORT=y.

Profiling support in itself adds no significant performance overhead.
Instrumented applications however may run 1.3x - 2x slower, and have a
larger .bss section (+1.36 times .text size for 32-bit TAs, +1.77 times
.text size for 64-bit ones).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This featu

Add options to build user libraries with profiling enabled (-pg)

Set CFG_TA_GPROF=y to build libutee and the user-mode versions of
libutils and libmpa with the -pg flag (gprof profiling).
This feature depends on TA profiling support in OP-TEE core which will
be introduced in a later commit.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant comm

Move definitions from optee_msg.h to optee_msg_supplicant.h

Commands that are specific to tee-supplicant belong in their own file.
This allows optee_msg.h to remain untouched as more supplicant commands
are added. With this change:
- optee_msg.h is used by the driver and OP-TEE OS (note: there are two
slightly different versions of the file adapted to each environment but
they define the same things)
- optee_msg_supplicant.h is used by OP-TEE OS and tee-supplicant

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

Rename optee_msg_fs.h to optee_msg_supplicant.h

The file contains the definition of the RPC interface with
tee-supplicant, not limited to filesystem functions.

Signed-off-by: Jerome Forissier <jero

Rename optee_msg_fs.h to optee_msg_supplicant.h

The file contains the definition of the RPC interface with
tee-supplicant, not limited to filesystem functions.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

docs: explain static and dynamic TAs

Go into detail about the effective differences between Static
and Dynamic TAs, including how they are treated differently
when they are loaded.

Explain syscalls

docs: explain static and dynamic TAs

Go into detail about the effective differences between Static
and Dynamic TAs, including how they are treated differently
when they are loaded.

Explain syscalls and how they apply to Dynamic TAs.

Explain how the Malloc size is set in Dynamic TAs.

Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[Rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: remove tee_dispatch_* functions

Prior to this patch the tee_dispatch_* functions where called when invoking
TAs from normal world.

The tee_dipatch_* functions provided little value and has no

core: remove tee_dispatch_* functions

Prior to this patch the tee_dispatch_* functions where called when invoking
TAs from normal world.

The tee_dipatch_* functions provided little value and has now been
collapsed into the architecture specific entry_std.c reducing the stack
usage.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: generic_entry: fix copy_init assembly warning

Fixes assembly warning:
Warning: duplicated register (r13) in register list
in the copy_init loop used when pager is enabled.

Reviewed-by: Etienn

core: generic_entry: fix copy_init assembly warning

Fixes assembly warning:
Warning: duplicated register (r13) in register list
in the copy_init loop used when pager is enabled.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: pager: fix warning with CFG_PAGED_USER_TA=n

Fixes warning when using pager with CFG_PAGED_USER_TA=n.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander

core: pager: fix warning with CFG_PAGED_USER_TA=n

Fixes warning when using pager with CFG_PAGED_USER_TA=n.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

storage: RPMB: don't try to program the RPMB key by default

Prevent leakage of the RPMB security key by never programming it,
unless a special build option is set (CFG_RPMB_WRITE_KEY=y).

Signed-off

storage: RPMB: don't try to program the RPMB key by default

Prevent leakage of the RPMB security key by never programming it,
unless a special build option is set (CFG_RPMB_WRITE_KEY=y).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

libutee: fix off-by-one error in tee_buffer_update()

Makes the ROUNDUP() call in the "feeding from src" case consistent with
the "feeding from buffer" case a few lines earlier. Without this fix,
AES

libutee: fix off-by-one error in tee_buffer_update()

Makes the ROUNDUP() call in the "feeding from src" case consistent with
the "feeding from buffer" case a few lines earlier. Without this fix,
AES CTR encryption or decryption could fail because update would feed
blocks too soon, leaving less than two blocks in the internal buffer
thus causing utee_cipher_final() (called from TEE_CipherDoFinal()) to
fail and panic the TA.

Fixes: https://github.com/OP-TEE/optee_os/issues/1203
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: optimize cache handling in load_elf_segments()

Prior to this patch the entire TA code was dcache cleaned and icache invalided
resulting in many unneeded paged faults when the pager is enabled.

core: optimize cache handling in load_elf_segments()

Prior to this patch the entire TA code was dcache cleaned and icache invalided
resulting in many unneeded paged faults when the pager is enabled.

With this patch the pager is taken into account. When pager is enabled
only clean dcache and invalide icache for mapped pages.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (HiKey)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: remove obsolete mobj_is_unsafe()

Removes obsolete mobj_is_unsafe(). As a consequence some tee_ta_manager code
can be removed too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
T

core: remove obsolete mobj_is_unsafe()

Removes obsolete mobj_is_unsafe(). As a consequence some tee_ta_manager code
can be removed too.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: static ta: bugfix copy_in_param()

Prior to this patch copy_in_param() for static TA mistook the size of
the mobj as the size of the parameter. This patches fixes that.

Fixes: 0dcfa5686d02 ("c

core: static ta: bugfix copy_in_param()

Prior to this patch copy_in_param() for static TA mistook the size of
the mobj as the size of the parameter. This patches fixes that.

Fixes: 0dcfa5686d02 ("core: introduce MOBJ abstraction")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: bugfix mobj_virt

Prior to this patch is mobj_virt using mobj_phys_ops instead of the
expected mobj_virt_ops. This patch fixes mobj_virt to use mobj_virt_ops.

Fixes: 0dcfa5686d02 ("core: intro

core: bugfix mobj_virt

Prior to this patch is mobj_virt using mobj_phys_ops instead of the
expected mobj_virt_ops. This patch fixes mobj_virt to use mobj_virt_ops.

Fixes: 0dcfa5686d02 ("core: introduce MOBJ abstraction")
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

doc: Add a section on paging of user TAs

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklan

doc: Add a section on paging of user TAs

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...