Refactored version of cache_maintenance_l2() functions

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand

Refactored version of cache_maintenance_l2() functions

Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>

show more ...

Add CHANGELOG.md for release notes

Add a new file containing release notes and wrote the first release
notes for tag 0.1.0.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal B

Add CHANGELOG.md for release notes

Add a new file containing release notes and wrote the first release
notes for tag 0.1.0.

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

setup_qemu_optee.sh: add support for GlobalPlatform tests

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Br

setup_qemu_optee.sh: add support for GlobalPlatform tests

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

setup_fvp_optee.sh: add support for GlobalPlatform tests

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Bra

setup_fvp_optee.sh: add support for GlobalPlatform tests

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Setup test environment for Secure Element API

To enable this feature, uncomment the following in setup_qemu_optee.sh

Please note you should install the following packages first
(on Ubuntu 14.04)
$

Setup test environment for Secure Element API

To enable this feature, uncomment the following in setup_qemu_optee.sh

Please note you should install the following packages first
(on Ubuntu 14.04)
$ sudo apt-get install libtool autoconf automake help2man
$ sudo apt-get install pcscd libpcsclite-dev default-jdk

After environment setup is done, you should install vpcd manually, by
$ cd virtualsmartcard/src/vpcd
$ sudo make install

Open another terminal, and enable Java Card Simulator(jcardsim)
$ java -cp jcardsim.jar org.linaro.seapi.VpcdClient

Then run the qemu, input the following command on the linux console
$ modprobe optee
$ tee-supplicant &
(test SE API in API level)
$ se_api_test
(test SE API internal selftest)
$ se_api_test -s

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Ubuntu 14.04)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU + jcardsim)

show more ...

Disable TEX Remap before enable MMU

- Add write_ats1cpw() and read_par() for page description debug
- Clear TEX bit beofre enable MMU

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens W

Disable TEX Remap before enable MMU

- Add write_ats1cpw() and read_par() for page description debug
- Clear TEX bit beofre enable MMU

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

mk/compile.mk: GNU make 4.0 compatibility

Fixes issue https://github.com/OP-TEE/optee_os/issues/179 (GNU make 4.0
rebuilds everything each time it is run).

GNU make 4.0 includes a fix for bug http:

mk/compile.mk: GNU make 4.0 compatibility

Fixes issue https://github.com/OP-TEE/optee_os/issues/179 (GNU make 4.0
rebuilds everything each time it is run).

GNU make 4.0 includes a fix for bug http://savannah.gnu.org/bugs/?16051
which breaks the C compilation rule in mk/compile.mk. Previous versions
of make would not add the FORCE target to $?, whereas version 4.0 does.
Therefore, one must explicitly exclude FORCE from $? to properly detect
if dependencies have changed.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

sunxi: fix parallel build errors

Fixes https://github.com/OP-TEE/optee_os/issues/181.

plat-sunxi/link.mk uses CPP to generate its core linker script.
Commit a3911433960a ("core: get value of CFG_ v

sunxi: fix parallel build errors

Fixes https://github.com/OP-TEE/optee_os/issues/181.

plat-sunxi/link.mk uses CPP to generate its core linker script.
Commit a3911433960a ("core: get value of CFG_ variables directly from
generated/conf.h") has modified the core CPP flags to include conf.h
automatically, so one must make sure that this file exists when the linker
script is generated. This is done by adding a dependency on $(conf-file).

The vexpress platforms also lack the dependency, but the bug won't show
because of other dependencies which cause conf.h to be generated anyways.

PLATFORM=stm is fine because it does not use CPP.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

SE API: Change configuration to be prefixed with CFG_*

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

SE API: hide private interfaces

- Split each headers into module.h and module_priv.h, move the methods that
is only used internally by SE implementation to module_priv.h, and export
module_priv.

SE API: hide private interfaces

- Split each headers into module.h and module_priv.h, move the methods that
is only used internally by SE implementation to module_priv.h, and export
module_priv.h to rest of TEE Core
- Added new include path to se_api_self_tests.c for which needs to include
private headers
- Split aid.c and apdu.c from iso7816.c. Originally they have to be wriiten in
the same file since they share some private data structures. Now, the
private data structure can be shared via private headers.
- Split reader.c from manager.c for the same reason above.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h)

SE API: implment lubutee and svc handler

- Implemented tee_se_service
- Rename tee_se_reader_handle to tee_se_reader_proxy
to avoid confuse with libutee
- Implemented SE API(tee_internal_se_api.h) in libutee
- Implemented svc handler for SE API
- rename protocol.[ch] to iso7816.[ch]
- prefix aid_* with "tee_se_"
- add an option to enable/disable se_api_self_tests

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

SE API: Add design document

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

SE API: Session, Protocol and Channel implementation

- Implement Session which maintains the connection between TA and a
specific SE Reader
- Implement ISO7816 transport layer protocol, and Channe

SE API: Session, Protocol and Channel implementation

- Implement Session which maintains the connection between TA and a
specific SE Reader
- Implement ISO7816 transport layer protocol, and Channel management
- Implement Utilities to handle AID(ISO7816-3) and APDU(ISO7816-4)
- Brunch of self tests to velidate functionality of each module

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

SE API: SE Manager and Reader implementation

- Introduce an interface for developers to write reader driver
(core/include/tee/se/reader/interface.h)
- A sample reader driver implementation: PC/SC

SE API: SE Manager and Reader implementation

- Introduce an interface for developers to write reader driver
(core/include/tee/se/reader/interface.h)
- A sample reader driver implementation: PC/SC passthru reader
(core/tee/se/reader/passthru_reader)
- Currently supported machine is qemu-virt (compile with --with-pcsc-passthru)
- A selftest STA is included to test the functionality of SE Reader
(core/arch/arm32/sta/se_api_self_tests.c)
- To enable SE API, add "WITH_SE_API := y" in your platform config

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (Modified QEMU + jcardsim)

show more ...

Introduce a Linux style initcall mechanism

To use it, simply add something like:

service_init(server_init_callback);

The callback regsitered will be invoked at the end of init_teecore().
Now we ha

Introduce a Linux style initcall mechanism

To use it, simply add something like:

service_init(server_init_callback);

The callback regsitered will be invoked at the end of init_teecore().
Now we have 2 priority service_init and driver_init. The callback
regsitered in service level will be invoked first.

Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)

show more ...

SHA-1 ARMv8 crypto extension implementation

* Adds a ARMv8 crypto extension based SHA-1 implementation for LTC.
* Crypto extension based SHA-1 implementation is enabled for
plat-vexpress-juno.

Si

SHA-1 ARMv8 crypto extension implementation

* Adds a ARMv8 crypto extension based SHA-1 implementation for LTC.
* Crypto extension based SHA-1 implementation is enabled for
plat-vexpress-juno.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

SHA-256 ARMv8 crypto extension implementation

* Adds a ARMv8 crypto extension based SHA-256 implementation for LTC.
* Crypto extension based SHA-256 implementation is enabled for
plat-vexpress-ju

SHA-256 ARMv8 crypto extension implementation

* Adds a ARMv8 crypto extension based SHA-256 implementation for LTC.
* Crypto extension based SHA-256 implementation is enabled for
plat-vexpress-juno.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

arm32: support for VFP/NEON operations.

CFG_WITH_VFP=y enables use of VFP/NEON by context switching VFP state on
demand.

plat-vexpress: specific initialization of CPACR to allow CP10 and CP11
acces

arm32: support for VFP/NEON operations.

CFG_WITH_VFP=y enables use of VFP/NEON by context switching VFP state on
demand.

plat-vexpress: specific initialization of CPACR to allow CP10 and CP11
access to allow usage of VFP/NEON operations.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

plat-vexpress: config nsacr

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2

Add PKCS #5 v2.0 key derivation function 2 (PBKDF2)

This commit implements a crypto extension to support the key derivation
function defined in section 5.2 of RFC 2898
(https://www.ietf.org/rfc/rfc2898.txt), which is a re-publish of PKCS #5 v2.0.
The underlying pseudorandom function is HMAC-SHA1, which is the default PRF
specified in the RFC. It would be trivial to support the other HMAC functions
already implemented in OP-TEE.

See documentation/extensions/crypto_pbkdf2.md for details.

Tested on PLATFORM=vexpress-qemu_virt with the test vectors from RFC 6070
(https://www.ietf.org/rfc/rfc6070.txt).

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a bas

Add HMAC-based extract-and-expand key derivation function (HKDF)

HKDF (http://tools.ietf.org/html/rfc5869) is a key derivation algorithm.
As per the RFC:

A key derivation function (KDF) is a basic and essential component of
cryptographic systems. Its goal is to take some source of initial
keying material and derive from it one or more cryptographically
strong secret keys.
[...]
HKDF follows the "extract-then-expand" paradigm, where the KDF
logically consists of two modules.
[...]
The goal of the "extract" stage is to "concentrate" the possibly
dispersed entropy of the input keying material into a short, but
cryptographically strong, pseudorandom key.
[...]
The second stage "expands" the pseudorandom key to the desired
length; the number and lengths of the output keys depend on the
specific cryptographic algorithms for which the keys are needed.

Since HKDF is not covered by the GlobalPlatform Internal API specification
v1.0/v1.1, this commit introduces extensions to the specification.
More specifically: it defines new algorithms, a new object type and new
object attributes. This implementation supports all the usual hash
functions (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512) and may
produce output keys of length up to 4096 bits (currently limited only by
the maximum size allowed for an object of type TEE_TYPE_GENERIC_SECRET).
Aside from minor updates to object manipulation functions to support
the new data, the function TEE_DeriveKey() is mostly impacted.

The file documentation/extensions/crypto_hkdf.md contains the modifications
to the GP Internal API v1.0 spec in order to support HKDF.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>

show more ...

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Reco

Add Concat KDF (Concatenation Key Derivation Function, NIST SP 800-56A R1)

Concat KDF is a key derivation algorithm defined in section 5.8.1 of
the NIST Special Publication 800-56A Revision 1, "Recommendation for Pair-Wise
Key Establishment Schemes Using Discrete Logarithm Cryptography"
(http://csrc.nist.gov/publications/nistpubs/800-56A/SP800-56A_Revision1_Mar08-2007.pdf)

This is a TEE implementation of the function, which supports the following
hash algorithms: SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512.
The actual key derivation is implemented in TEE_DeriveKey() thanks to
custom extensions to the GlobalPlatform API v1.0. Please refer to
documentation/extensions/crypto_concat_kdf.md for details.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Xiaoqiang Du <xiaoqiang.du@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)

show more ...

Add A80 platform support to .travis.yml

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Revie

Add A80 platform support to .travis.yml

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: sunny <sunny@allwinnertech.com> (Allwinner A80 platform)

show more ...

Add Allwinner a80 board description to README.md

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.o

Add Allwinner a80 board description to README.md

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...

Add plat-sunxi

Initial version support for Allwinner A80 platform.
Allwinner A80 is big.little archtecture with 4*A7 + 4*A15,
Support Trustzone tech and secureboot inside hardware.
plat-sunxi suppor

Add plat-sunxi

Initial version support for Allwinner A80 platform.
Allwinner A80 is big.little archtecture with 4*A7 + 4*A15,
Support Trustzone tech and secureboot inside hardware.
plat-sunxi support features:
1.Clone plat-sunxi from plat-vexpress;
2.Secure bootloader reserved 64MB secure DRAM for optee_os;
3.Support SMP secondary cpu secure stage bootup;
4.Add uart driver to core/driver/*;
5.Support GIC driver initialization.
The porting work test on Optimus board, with allwinner A80 chip.

Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>

show more ...