optee_os - OpenGrok history log for /optee

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
14754b93	26-Aug-2024	Ed Tubbs <ectubbs@gmail.com>	plat-rockchip: add support for Rockchip rk3588 Enables support for NanoPC-T6 Based on support for ROCK 4 Signed-off-by: Ed Tubbs <ectubbs@gmail.com> Acked-by: Jerome Forissier <jerome.forissier@lin plat-rockchip: add support for Rockchip rk3588 Enables support for NanoPC-T6 Based on support for ROCK 4 Signed-off-by: Ed Tubbs <ectubbs@gmail.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Heiko Stuebner <heiko.stuebner@cherry.de> (BSD-3) Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/plat-rockchip/conf.mk core/arch/arm/plat-rockchip/platform_config.h core/arch/arm/plat-rockchip/platform_rk3588.c core/arch/arm/plat-rockchip/sub.mk
5b01685a	27-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	dts: stm32: add RCC RIF configuration for the stm32mp257f-ev1 board Add the RIF configuration for the stm32mp257f-ev1 board. Some clocks are in semaphore mode with only CID1 authorized. This is a tr dts: stm32: add RCC RIF configuration for the stm32mp257f-ev1 board Add the RIF configuration for the stm32mp257f-ev1 board. Some clocks are in semaphore mode with only CID1 authorized. This is a trick to benefit from a hardware synchronization in low-power sequences. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi
b5f8fc36	27-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	clk: stm32mp25: add support for RIF configuration application This driver now implements RIF configuration for RCC, which is a RIF aware IP. It means that the RCC driver is in charge of configuring clk: stm32mp25: add support for RIF configuration application This driver now implements RIF configuration for RCC, which is a RIF aware IP. It means that the RCC driver is in charge of configuring its own RIF restrictions and that the RCC has dedicated RIF configuration registers. To avoid issues when manipulating clocks during OP-TEE boot or low-power sequences, apply the RIF configuration for RCC resources at driver_init_late level. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Gabriel Fernandez <gabriel.fernandez@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/drivers/clk/clk-stm32mp25.c
ca5bd0a2	05-Dec-2024	Huang Borong <huangborong@bosc.ac.cn>	core: riscv: Improve macros for set/clear bits CSR operations Rename `set_csr` to `read_set_csr` and `clear_csr` to `read_clear_csr` because they perform atomic reads and set/clear bits in the CSR. core: riscv: Improve macros for set/clear bits CSR operations Rename `set_csr` to `read_set_csr` and `clear_csr` to `read_clear_csr` because they perform atomic reads and set/clear bits in the CSR. These two macros will return the previous value of the CSR. Introduce new macros `set_csr` and `clear_csr`: `set_csr` uses the RISC-V `csrs` assembler pseudoinstruction to set bits in the CSR when the old value is not needed, while `clear_csr` uses the `csrc` pseudoinstruction to clear bits in the CSR, also discarding the old value. Signed-off-by: Huang Borong <huangborong@bosc.ac.cn> Reviewed-by: Alvin Chang <alvinga@andestech.com> show more ... core/arch/riscv/include/riscv.h
eaa924ef	02-Dec-2024	Matej Zachar <zachar.matej@gmail.com>	core: ltc: Ed25519 sign correctly returns TEE_ERROR_SHORT_BUFFER Returns TEE_ERROR_SHORT_BUFFER when there is not enough space to hold signature so applications using the API can determine the requi core: ltc: Ed25519 sign correctly returns TEE_ERROR_SHORT_BUFFER Returns TEE_ERROR_SHORT_BUFFER when there is not enough space to hold signature so applications using the API can determine the required buffer size when supplying 0 sized signature buffer. This is happening from PKCS#11 TA when client library uses 1. method from "5.2 Conventions for functions returning output in a variable-length buffer" defined in PKCS#11 v3.0 spec. Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> Signed-off-by: Matej Zachar <zachar.matej@gmail.com> show more ... core/lib/libtomcrypt/ed25519.c
f2b91a03	28-Oct-2024	Yannic Moog <y.moog@phytec.de>	plat-imx: Add phyBOARD-Pollux support phyBOARD-Pollux i.MX 8M Plus is an SBC based on the i.MX 8M Plus SoC. Add the board to the mx8mp-flavorlist and set board specific configs. Signed-off-by: Yann plat-imx: Add phyBOARD-Pollux support phyBOARD-Pollux i.MX 8M Plus is an SBC based on the i.MX 8M Plus SoC. Add the board to the mx8mp-flavorlist and set board specific configs. Signed-off-by: Yannic Moog <y.moog@phytec.de> Acked-by: Sahil Malhotra <sahil.malhotra@nxp.com> show more ... core/arch/arm/plat-imx/conf.mk
a1a90747	03-Dec-2024	Jens Wiklander <jens.wiklander@linaro.org>	ci: split QEMUv8_check job Split the QEMUv8_check job into two smaller jobs to allow them to run in parallel. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier ci: split QEMUv8_check job Split the QEMUv8_check job into two smaller jobs to allow them to run in parallel. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... .github/workflows/ci.yml
74fd6ea2	29-Nov-2024	Jens Wiklander <jens.wiklander@linaro.org>	ci: check EL3 SPMC in QEMUv8_check Add a test for EL3 SPMC with SPMC_AT_EL=3 in the QEMUv8_check target. Note that the TF-A build must be removed before building with SPMC_AT_EL=3 since TF-A doesn't ci: check EL3 SPMC in QEMUv8_check Add a test for EL3 SPMC with SPMC_AT_EL=3 in the QEMUv8_check target. Note that the TF-A build must be removed before building with SPMC_AT_EL=3 since TF-A doesn't rebuild due to changed configuration flags. Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... .github/workflows/ci.yml
59a0f5d0	01-Nov-2023	Akshay Belsare <akshay.belsare@amd.com>	plat-versal2: add support for AMD Versal Gen 2 Add support for AMD Versal Gen 2 platform. AMD Versal Gen 2 is a new SoC based on ARM A78AE with GICv3 and UART over pl011. Signed-off-by: Akshay Bels plat-versal2: add support for AMD Versal Gen 2 Add support for AMD Versal Gen 2 platform. AMD Versal Gen 2 is a new SoC based on ARM A78AE with GICv3 and UART over pl011. Signed-off-by: Akshay Belsare <akshay.belsare@amd.com> Signed-off-by: Amey Avinash Raghatate <ameyavinash.raghatate@amd.com> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... MAINTAINERS core/arch/arm/plat-versal2/conf.mk core/arch/arm/plat-versal2/main.c core/arch/arm/plat-versal2/platform_config.h core/arch/arm/plat-versal2/sub.mk
9f34db38	25-Jun-2024	Ayoub Zaki <ayoub.zaki@embetrix.com>	VSCode : Enable Development inside Docker Container This will enable seamless Development of optee_os Project with VSCode inside Docker container. The VSCode Container provides: * Automatic Mappin VSCode : Enable Development inside Docker Container This will enable seamless Development of optee_os Project with VSCode inside Docker container. The VSCode Container provides: * Automatic Mapping of the host user UID/GID inside the container * GCC Cross-Compilers (aarch64/armhf/riscv64) * GDB Multiarch for Debugging * Remote SSH on the Target with seamless ssh mapping of the Host inside the container (Linux/Windows WSL) * Git and Git Extensions to work and send Patches Note: This require Docker installation for Linux/or Windows : [1] https://docs.docker.com/engine/install VSCode Extensions (extensions.json) will be recommended for the installation For more Information : [2] https://code.visualstudio.com/docs/devcontainers/containers [3] https://www.youtube.com/watch?v=C_5tDWsWSj0 [4] https://www.youtube.com/watch?v=b1RavPr_878 Signed-off-by: Ayoub Zaki <ayoub.zaki@embetrix.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> show more ... .devcontainer/Dockerfile.vscode .devcontainer/devcontainer.json .gitignore .vscode/extensions.json
461cf006	20-Jun-2024	Sahil Malhotra <sahil.malhotra@nxp.com>	drivers: caam: sm: fix SM partition permission in SMAG registers SM partition SMAG1 permissions were wrongly set for generating DEK blob which results in error while decapsulating DEK blob during HA drivers: caam: sm: fix SM partition permission in SMAG registers SM partition SMAG1 permissions were wrongly set for generating DEK blob which results in error while decapsulating DEK blob during HAB encrypted boot. Setting the permissions correctly fix this issue. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Fixes: 2a12ae237796 ("drivers: caam: add CAAM secure memory driver") show more ... core/drivers/crypto/caam/caam_sm.c core/drivers/crypto/caam/hal/common/hal_sm.c
b8125477	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	plat-stm32mp2: default enable TAMP peripheral support Default enable TAMP peripheral support for stm32mp2x platforms. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: E plat-stm32mp2: default enable TAMP peripheral support Default enable TAMP peripheral support for stm32mp2x platforms. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/plat-stm32mp2/conf.mk
92ab6535	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	drivers: stm32_tamp: configure the backup registers when driver is probing Update the driver to be able to configure the backup registers when the driver is probing and remove call to stm32_tamp_set drivers: stm32_tamp: configure the backup registers when driver is probing Update the driver to be able to configure the backup registers when the driver is probing and remove call to stm32_tamp_set_secure_bkpregs() in plat-stm32mp1 main.c. Remove old implementation of stm32_bkpregs_conf structure and rename stm32_bkpregs_conf_new to stm32_bkpregs_conf. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/plat-stm32mp1/main.c core/arch/arm/plat-stm32mp1/platform_config.h core/drivers/stm32_tamp.c
1ea5250c	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	dts: stm32: add TAMP RIF configuration for stm32mp257f-ev1 board Add a TAMP RIF configuration for stm32mp257f-ev1 board to configure backup registers and TAMP resources. Signed-off-by: Gatien Cheva dts: stm32: add TAMP RIF configuration for stm32mp257f-ev1 board Add a TAMP RIF configuration for stm32mp257f-ev1 board to configure backup registers and TAMP resources. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/dts/stm32mp257f-ev1-ca35tdcid-rif.dtsi
de77cc9a	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	dts: stm32: add TAMP peripheral node in stm32mp251.dtsi Add TAMP peripheral node in stm32mp251.dtsi. The TAMP peripheral manages monotonic counters, tamper events and backup registers. Signed-off-b dts: stm32: add TAMP peripheral node in stm32mp251.dtsi Add TAMP peripheral node in stm32mp251.dtsi. The TAMP peripheral manages monotonic counters, tamper events and backup registers. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/dts/stm32mp251.dtsi
461e8793	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	drivers: stm32_tamp: add stm32mp25 support for RIF configuration Add support for the RIF configuration of the TAMP peripheral. It covers the TAMP resources such as monotonic counters but also backup drivers: stm32_tamp: add stm32mp25 support for RIF configuration Add support for the RIF configuration of the TAMP peripheral. It covers the TAMP resources such as monotonic counters but also backup registers regions and sub-regions. Create a stm32_tamp_platdata structure to hold platform data. Add temporary stm32_bkpregs_conf_new structure that will be used by the new implementation and renamed to stm32_bkpregs_conf when the old one disappear. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/drivers/stm32_tamp.c
854c98ee	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	dts: stm32: add st,backup-zones property in TAMP node in stm32mp151.dtsi Add st,backup-zones property in TAMP node in stm32mp151.dtsi. It defines the topology of the backup registers zones. The numb dts: stm32: add st,backup-zones property in TAMP node in stm32mp151.dtsi Add st,backup-zones property in TAMP node in stm32mp151.dtsi. It defines the topology of the backup registers zones. The number of zones on stm32mp13x platforms is 3. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/dts/stm32mp151.dtsi
b2b767d5	14-Nov-2024	Gatien Chevallier <gatien.chevallier@foss.st.com>	dts: stm32: add st,backup-zones property in TAMP node in stm32mp131.dtsi Add st,backup-zones property in TAMP node in stm32mp131.dtsi. It defines the topology of the backup registers zones. The numb dts: stm32: add st,backup-zones property in TAMP node in stm32mp131.dtsi Add st,backup-zones property in TAMP node in stm32mp131.dtsi. It defines the topology of the backup registers zones. The number of zones on stm32mp13x platforms is 3. Signed-off-by: Gatien Chevallier <gatien.chevallier@foss.st.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> show more ... core/arch/arm/dts/stm32mp131.dtsi
cb034002	25-Nov-2024	Jerome Forissier <jerome.forissier@linaro.org>	Squashed commit upgrading to mbedtls-3.6.2 Squash merging branch import/mbedtls-3.6.2. 85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MEBDTLS_UNSAFE_MODEXP") 1e9c6f15ef0f ("libm Squashed commit upgrading to mbedtls-3.6.2 Squash merging branch import/mbedtls-3.6.2. 85df256c4a67 ("libmbedtls: add CFG_CORE_UNSAFE_MODEXP and CFG_TA_MEBDTLS_UNSAFE_MODEXP") 1e9c6f15ef0f ("libmbedtls: allow inclusion of arm_neon.h") fab5313d7598 ("libmbedtls: fix cipher_wrap.c for NIST AES Key Wrap mode") 58c8b24bac04 ("libmbedtls: fix cipher_wrap.c for chacha20 and chachapoly") 50e013c6c306 ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pkcs1_v15_verify()") c363a3c7e7e1 ("libmbedtls: add fault mitigation in mbedtls_rsa_rsassa_pss_verify_ext()") 91d9fe4fad38 ("libmbedtls: add SM2 curve") b03fbd7006aa ("libmbedtls: fix no CRT issue") bed9eb0c5209 ("libmbedtls: add interfaces in mbedtls for context memory operation") 65e7ec82d894 ("libmedtls: mpi_miller_rabin: increase count limit") 5e0191a043cb ("libmbedtls: add mbedtls_mpi_init_mempool()") bf7ce25bb90f ("libmbedtls: make mbedtls_mpi_mont*() available") 04a9845a09b4 ("mbedtls: configure mbedtls to reach for config") 3f98104bba82 ("mbedtls: remove default include/mbedtls/config.h") 4d211f365152 ("Import mbedtls-3.6.2") Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... .github/workflows/ci.yml lib/libmbedtls/mbedtls/ChangeLog lib/libmbedtls/mbedtls/include/mbedtls/bignum.h lib/libmbedtls/mbedtls/include/mbedtls/build_info.h lib/libmbedtls/mbedtls/include/mbedtls/check_config.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_crypto.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_legacy_from_psa.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_from_legacy.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_psa_superset_legacy.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_ssl.h lib/libmbedtls/mbedtls/include/mbedtls/config_adjust_x509.h lib/libmbedtls/mbedtls/include/mbedtls/config_psa.h lib/libmbedtls/mbedtls/include/mbedtls/ctr_drbg.h lib/libmbedtls/mbedtls/include/mbedtls/ecdh.h lib/libmbedtls/mbedtls/include/mbedtls/ecp.h lib/libmbedtls/mbedtls/include/mbedtls/pk.h lib/libmbedtls/mbedtls/include/mbedtls/ssl.h lib/libmbedtls/mbedtls/include/psa/crypto.h lib/libmbedtls/mbedtls/include/psa/crypto_adjust_auto_enabled.h lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_dependencies.h lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_key_pair_types.h lib/libmbedtls/mbedtls/include/psa/crypto_adjust_config_synonyms.h lib/libmbedtls/mbedtls/include/psa/crypto_extra.h lib/libmbedtls/mbedtls/include/psa/crypto_struct.h lib/libmbedtls/mbedtls/include/psa/crypto_types.h lib/libmbedtls/mbedtls/library/bignum.c lib/libmbedtls/mbedtls/library/bignum_core.c lib/libmbedtls/mbedtls/library/bignum_core.h lib/libmbedtls/mbedtls/library/bignum_internal.h lib/libmbedtls/mbedtls/library/block_cipher.c lib/libmbedtls/mbedtls/library/cipher.c lib/libmbedtls/mbedtls/library/common.h lib/libmbedtls/mbedtls/library/ctr_drbg.c lib/libmbedtls/mbedtls/library/entropy.c lib/libmbedtls/mbedtls/library/entropy_poll.c lib/libmbedtls/mbedtls/library/error.c lib/libmbedtls/mbedtls/library/lmots.c lib/libmbedtls/mbedtls/library/lms.c lib/libmbedtls/mbedtls/library/md.c lib/libmbedtls/mbedtls/library/net_sockets.c lib/libmbedtls/mbedtls/library/nist_kw.c lib/libmbedtls/mbedtls/library/pem.c lib/libmbedtls/mbedtls/library/pk.c lib/libmbedtls/mbedtls/library/pkwrite.c lib/libmbedtls/mbedtls/library/platform_util.c lib/libmbedtls/mbedtls/library/psa_crypto.c lib/libmbedtls/mbedtls/library/psa_crypto_cipher.c lib/libmbedtls/mbedtls/library/psa_crypto_core.h lib/libmbedtls/mbedtls/library/psa_crypto_driver_wrappers.h lib/libmbedtls/mbedtls/library/psa_crypto_random_impl.h lib/libmbedtls/mbedtls/library/psa_crypto_rsa.c lib/libmbedtls/mbedtls/library/psa_crypto_rsa.h lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.c lib/libmbedtls/mbedtls/library/psa_crypto_slot_management.h lib/libmbedtls/mbedtls/library/psa_util.c lib/libmbedtls/mbedtls/library/rsa.c lib/libmbedtls/mbedtls/library/sha256.c lib/libmbedtls/mbedtls/library/ssl_cookie.c lib/libmbedtls/mbedtls/library/ssl_debug_helpers_generated.c lib/libmbedtls/mbedtls/library/ssl_misc.h lib/libmbedtls/mbedtls/library/ssl_msg.c lib/libmbedtls/mbedtls/library/ssl_ticket.c lib/libmbedtls/mbedtls/library/ssl_tls.c lib/libmbedtls/mbedtls/library/ssl_tls12_client.c lib/libmbedtls/mbedtls/library/ssl_tls12_server.c lib/libmbedtls/mbedtls/library/ssl_tls13_client.c lib/libmbedtls/mbedtls/library/ssl_tls13_generic.c lib/libmbedtls/mbedtls/library/ssl_tls13_server.c lib/libmbedtls/mbedtls/library/version_features.c lib/libmbedtls/mbedtls/library/x509_crt.c lib/libmbedtls/mbedtls/library/x509write_crt.c lib/libmbedtls/mbedtls/library/x509write_csr.c mk/config.mk
0ccf6468	21-Nov-2024	Sahil Malhotra <sahil.malhotra@nxp.com>	core: mm: check return value from tee_mm_init() Check return value from tee_mm_init() function. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Reviewed-by: Etienne Carriere <etienne.carrier core: mm: check return value from tee_mm_init() Check return value from tee_mm_init() function. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Fixes: c596d8359eb3 ("core: add phys_mem allocation functions") show more ... core/mm/phys_mem.c
ba7db6e0	14-Nov-2024	Sahil Malhotra <sahil.malhotra@nxp.com>	drivers: caam: enable/disable prediction resistance based on CONFIG flag With prediction resistance enabled, on every random number request CAAM is forced to do reseeding of DRBG, which is time taki drivers: caam: enable/disable prediction resistance based on CONFIG flag With prediction resistance enabled, on every random number request CAAM is forced to do reseeding of DRBG, which is time taking process which leads to lower Random number generation performance. So to give user the flexibility to enable/disable this feature a flag CFG_CAAM_RNG_RUNTIME_PR is introduced. By default it will be disabled and user can enable it as per its requirement. Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/drivers/crypto/caam/caam_rng.c core/drivers/crypto/caam/crypto.mk
cbb7d5e5	29-May-2024	Sahil Malhotra <sahil.malhotra@nxp.com>	driver: caam: disable RNG buffering Previous design of keeping RNG data in a buffer and giving random number to user from that buffer is vulnerable to attacks and also not NIST/FIPS compliant. So to driver: caam: disable RNG buffering Previous design of keeping RNG data in a buffer and giving random number to user from that buffer is vulnerable to attacks and also not NIST/FIPS compliant. So to make it more secure and NIST/FIPS compliant, will get random number from CAAM on each user request. Reference: Section 2.7 of NIST SP 800-90C Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... core/drivers/crypto/caam/caam_rng.c
b7abff72	06-Sep-2024	Etienne Carriere <etienne.carriere@foss.st.com>	ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne ta: pkcs11: add CKM_RSA_X_509 ciphering Add support for CKM_RSA_X_509 mechanism for encrypt/decrypt operations. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... ta/pkcs11/src/processing_asymm.c ta/pkcs11/src/token_capabilities.c
e02f17f3	24-Jul-2024	Alexandre Marechal <alexandre.marechal@st.com>	ta: pkcs11: add CKM_RSA_X_509 authentication Add support for CKM_RSA_X_509 mechanism for sing/verify operations. Sign and verify operations are processed using TEE decrypt/encrypt operation since G ta: pkcs11: add CKM_RSA_X_509 authentication Add support for CKM_RSA_X_509 mechanism for sing/verify operations. Sign and verify operations are processed using TEE decrypt/encrypt operation since GP TEE Internal Core API specification only allows these modes for TEE_ALG_RSA_NOPAD algorithm. The pkcs11 TA only support sign operation when the provided payload is exactly of the same size as the RSA key used and checks the generate signature is of right size. This mechanism can be needed to support CKM_RSA_X_509 for TLSv1.2 connections. Add CFG_PKCS11_TA_RSA_X_509 to allow configuring the pkcs11 TA with or without raw RSA crypto support. The config switch is default enabled. Signed-off-by: Alexandre Marechal <alexandre.marechal@st.com> Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> show more ... ta/pkcs11/include/pkcs11_ta.h ta/pkcs11/src/pkcs11_attributes.c ta/pkcs11/src/pkcs11_helpers.c ta/pkcs11/src/processing.h ta/pkcs11/src/processing_asymm.c ta/pkcs11/src/processing_rsa.c ta/pkcs11/src/token_capabilities.c ta/pkcs11/sub.mk
b505a58f	11-Oct-2024	Yuichi Sugiyama <yuichis@ricsec.co.jp>	ci: build with CFG_VERAISON_ATTESTATION_PTA=y Add a build configuration CFG_VERAISON_ATTESTATION_PTA=y. Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp> Reviewed-by: Jerome Forissier <jerome.f ci: build with CFG_VERAISON_ATTESTATION_PTA=y Add a build configuration CFG_VERAISON_ATTESTATION_PTA=y. Signed-off-by: Yuichi Sugiyama <yuichis@ricsec.co.jp> Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@foss.st.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> show more ... .github/workflows/ci.yml
1...<<31 32 33 343536 37 38 39 40 >>...341