user_ta_header.h: update TA_FLAGS_MASK for RPMB support

TA_FLAG_DEVICE_ENUM_RPMB 12 is a valid flag now. Fixes usage of
this new flag at runtime in TAs.

Signed-off-by: Mikko Rapeli <mikko.rapeli@li

user_ta_header.h: update TA_FLAGS_MASK for RPMB support

TA_FLAG_DEVICE_ENUM_RPMB 12 is a valid flag now. Fixes usage of
this new flag at runtime in TAs.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ci: build with CFG_RPMB_WRITE_KEY=y

Add a build configuration CFG_RPMB_WRITE_KEY=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.

ci: build with CFG_RPMB_WRITE_KEY=y

Add a build configuration CFG_RPMB_WRITE_KEY=y.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add flag to enumerate TAs when secure storage is ready

Add TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE with similar usage as
TA_FLAG_DEVICE_ENUM_SUPP except that it is used to add an enumeration
p

core: add flag to enumerate TAs when secure storage is ready

Add TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE with similar usage as
TA_FLAG_DEVICE_ENUM_SUPP except that it is used to add an enumeration
point when secure storage is ready.

The new TA function PTA_CMD_GET_DEVICES_RPMB is added to the device PTA
to report TAs depending on RPMB.

PTA_CMD_GET_DEVICES_RPMB will if CFG_REE_FS!=y and CFG_RPMB_FS=y first
try to initialize RPMB and only if successful will it return eventual
TAs with the TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE flag set.

PTA_CMD_GET_DEVICES_SUPP will if CFG_REE_FS=y include TAs with the
TA_FLAG_DEVICE_ENUM_TEE_STORAGE_PRIVATE flag set in the list of TAs to
return.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTE

core: rpmb: probe for kernel RPMB driver

Three RPC functions are added to support RPMB probing and properly align
RPMB frames, OPTEE_RPC_CMD_RPMB_PROBE_RESET,
OPTEE_RPC_CMD_RPMB_PROBE_NEXT, and OPTEE_RPC_CMD_RPMB_FRAMES.

OPTEE_RPC_CMD_RPMB_PROBE_RESET resets probing to a well known state and
returns the shared memory type needed when allocating shared memory for
communication with later RPMB functions.

OPTEE_RPC_CMD_RPMB_PROBE_NEXT selects the next RPMB device and returns
its device information. Later calls to OPTEE_RPC_CMD_RPMB will use this
selected device.

OPTEE_RPC_CMD_RPMB_FRAMES sends the raw RPMB frames to normal world for
further routing to the RPMB device.

tee_rpmb_reinit() is added to allow re-initializing the RPMB FS if a
boot stage has used RPMB.

Backwards compatibility is maintained by falling back to the old type of
initialization if OPTEE_RPC_CMD_RPMB_PROBE_RESET returns
TEE_ERROR_NOT_SUPPORTED.

Whether RPMB devices are probed by the kernel or tee-supplicant is
decided by the kernel driver where the shared memory type returned by
OPTEE_RPC_CMD_RPMB_PROBE_RESET plays a vital role.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: use thread_rpc_shm_cache_alloc()

Use thread_rpc_shm_cache_alloc() to cache shared memory allocations to
simplify and make the code slightly more efficient.

Signed-off-by: Jens Wiklander

core: rpmb: use thread_rpc_shm_cache_alloc()

Use thread_rpc_shm_cache_alloc() to cache shared memory allocations to
simplify and make the code slightly more efficient.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add THREAD_SHM_CACHE_USER_RPMB

Add an enum to cache RPMB shared memory allocations.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@l

core: add THREAD_SHM_CACHE_USER_RPMB

Add an enum to cache RPMB shared memory allocations.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rpmb: set device ID in tee_rpmb_init()

Until now, when initializing RPMB the devices ID has been passed to
tee_rpmb_init(), but there isn't any flexibility since it's always
CFG_RPMB_FS_DEV_ID

core: rpmb: set device ID in tee_rpmb_init()

Until now, when initializing RPMB the devices ID has been passed to
tee_rpmb_init(), but there isn't any flexibility since it's always
CFG_RPMB_FS_DEV_ID passed along. So simplify the code a bit and
use CFG_RPMB_FS_DEV_ID directly in tee_rpmb_init().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

ta: pkcs11: fix memory leak

On update_persistent_object_attributes failure, head_new (stored in
obj->attributes) is not freed, causing a memory leak.

Reported-by: Christian Zoia <czoia@amazon.es>
C

ta: pkcs11: fix memory leak

On update_persistent_object_attributes failure, head_new (stored in
obj->attributes) is not freed, causing a memory leak.

Reported-by: Christian Zoia <czoia@amazon.es>
Closes: https://github.com/OP-TEE/optee_os/issues/7023
Fixes: 6959626e1621 ("ta: pkcs11: preserve object when set attribute fails")
Signed-off-by: Georges Savoundararadj <savoundg@amazon.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

drivers: rstctrl: Fix function description

Fix the description of functions rstctrl_dt_get_func() and
rstctrl_register_provider() and rstctrl_get_exclusive().

By the way, append parentheses ("()")

drivers: rstctrl: Fix function description

Fix the description of functions rstctrl_dt_get_func() and
rstctrl_register_provider() and rstctrl_get_exclusive().

By the way, append parentheses ("()") to function names in
inline description comment for consistency in core header files.

Signed-off-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@foss.st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: riscv: Let platform choose native and foreign interrupts

Platform may want to choose different types of native and foreign
interrupts. This commit adds two definitions for the platforms:
1. PL

core: riscv: Let platform choose native and foreign interrupts

Platform may want to choose different types of native and foreign
interrupts. This commit adds two definitions for the platforms:
1. PLAT_THREAD_EXCP_FOREIGN_INTR: to define platform specific foreign
interrupts
2. PLAT_THREAD_EXCP_NATIVE_INTR: to define platform specific native
interrupts.

For RISC-V virt machine, we define all external/mtimer/software
interrupts as foreign interrupts. For RISC-V spike platform, we define
external interrupts as foreign interrupts, and mtimer/software
interrupts as native interrupts.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Update thread core local flags for native interrupts

Record the type of stack and the type of interrupt into thread core
local flags before handling the native interrupts. Once we finis

core: riscv: Update thread core local flags for native interrupts

Record the type of stack and the type of interrupt into thread core
local flags before handling the native interrupts. Once we finish the
handling of the native interrupts, we clear the previous flags.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Determine foreign interrupts during interrupt handling

The foreign interrupts are defined in THREAD_EXCP_FOREIGN_INTR, whose
bit fields are corresponding to RISC-V MIP/SIP CSR. Thus, we

core: riscv: Determine foreign interrupts during interrupt handling

The foreign interrupts are defined in THREAD_EXCP_FOREIGN_INTR, whose
bit fields are corresponding to RISC-V MIP/SIP CSR. Thus, we can
determine whether the coming interrupt is foreign interrupt or not by
THREAD_EXCP_FOREIGN_INTR.

However, the trap information is encoded in XCAUSE CSR. Thus, we must
translate the value of XCAUSE to XIP first, and then compare the XIP
with THREAD_EXCP_FOREIGN_INTR. For example, if the coming interrupt is
supervisor timer interrupt, the value of SCAUSE will be
0x8000000000000005 on RV64 system. We need to translate it to be
sip.STIP, which is 0x20. Then, we can further compare 0x20 with
THREAD_EXCP_FOREIGN_INTR. If 0x20 is subset of THREAD_EXCP_FOREIGN_INTR,
it is determined as a foreign interrupt. Finally, we call
thread_foreign_interrupt_handler() to further handle it.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Implement foreign interrupt handler

In SMP based OP-TEE system, the foreign interrupts, which are handled
outside OP-TEE, might be injected during the execution of OP-TEE. When
OP-TEE r

core: riscv: Implement foreign interrupt handler

In SMP based OP-TEE system, the foreign interrupts, which are handled
outside OP-TEE, might be injected during the execution of OP-TEE. When
OP-TEE receives such foreign interrupts, it should suspend current
thread and yield the execution to the foreign domains to handle those
foreign interrupts.

This commit implements thread_foreign_interrupt_handler(), which is
expected to be called during trap handling. The job of this function are
suspending the current thread, and returning to the other domain to let
them handle the foreign interrupts.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: riscv: Rename and re-order parameters of the interrupt handlers

Rename thread_interrupt_handler() to thread_native_interrupt_handler(),
since we are going to support the foreign interrupt hand

core: riscv: Rename and re-order parameters of the interrupt handlers

Rename thread_interrupt_handler() to thread_native_interrupt_handler(),
since we are going to support the foreign interrupt handler.

The native interrupts are handled in OP-TEE side, while the foreign
interrupts are handled outside OP-TEE.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech

core: arm: Remove duplicated sp assignment for ARM64 in set_ctx_regs()

There are two lines of code to assign value of sp for ARM64. Remove one
of them.

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Ac

driver: crypto: hisilicon: add montgomery algorithm

add operation of X25519 and X448 algorithm, including alloc_keypair,
gen_keypar and shared_secret

Signed-off-by: yuzexi <yuzexi@hisilicon.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

checkpatch: add ignore=STRLCPY

Checkpatch complains over strlcpy:
WARNING: Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89

However, OP-TEE doesn't have a strscpy() functi

checkpatch: add ignore=STRLCPY

Checkpatch complains over strlcpy:
WARNING: Prefer strscpy over strlcpy - see: https://github.com/KSPP/linux/issues/89

However, OP-TEE doesn't have a strscpy() function to use, so silence the
warning until one is available.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org

core: rename to core_mmu_init_phys_mem()

Rename core_mmu_init_ta_ram() to core_mmu_init_phys_mem() for a more
accurate name of the function.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander

core: replace tee_mm_sec_ddr with phys_mem functions

Replace the tee_mm_sec_ddr mm pool with the phys_mem functions. This
doesn't change the behaviour.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: add phys_mem allocation functions

Add nex_phys_mem and phys_mem allocation functions. These functions are
intended to replace the previous calls to tee_mm functions on with the
virt_mapper_poo

core: add phys_mem allocation functions

Add nex_phys_mem and phys_mem allocation functions. These functions are
intended to replace the previous calls to tee_mm functions on with the
virt_mapper_pool or tee_mm_sec_ddr as arguments.

The pool of physical memory is divided into two parts, core and ta. All
physical TA memory allocations are done from the core pool if a ta pool
isn't added. This might be the case if core and ta physical memory
resides in the same physical memory range.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: riscv: Simplify SP setup in setup_unwind_user_mode()

The parameter "regs" is the stack pointer which is allocated to store
system call registers when calling thread_scall_handler(). Thus, we c

core: riscv: Simplify SP setup in setup_unwind_user_mode()

The parameter "regs" is the stack pointer which is allocated to store
system call registers when calling thread_scall_handler(). Thus, we can
simply get the original stack pointer by "regs + 1" equation, and use it
to exit user mode.

The code is referenced from ARM's setup_unwind_user_mode().

Signed-off-by: Alvin Chang <alvinga@andestech.com>
Reviewed-by: Yu Chien Peter Lin <peterlin@andestech.com>

show more ...

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in c

core: open-code thread_init_stack()

The implementations of thread_init_stack() are identical and trivial for
both arm and riscv. So simplify code further and open-code it where it's
called from in core/kernel/thread.c.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Alvin Chang <alvinga@andestech.com>
Tested-by: Alvin Chang <alvinga@andestech.com>

show more ...

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander

core: virt: initialize heap from virt_guest_created()

Replace the preinit_early() guest heap initialization with function call
in virt_guest_created().

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

libutils: malloc.h: add nex_malloc_buffer_overlaps_heap()

Add the macros nex_malloc_buffer_overlaps_heap() and
nex_malloc_buffer_is_within_alloced() as aliases for
malloc_buffer_overlaps_heap() and

libutils: malloc.h: add nex_malloc_buffer_overlaps_heap()

Add the macros nex_malloc_buffer_overlaps_heap() and
nex_malloc_buffer_is_within_alloced() as aliases for
malloc_buffer_overlaps_heap() and malloc_buffer_is_within_alloced() when
virtualization isn't enabled.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

libutils: add PADDR_MAX and PADDR_SIZE_MAX

Add defines for the maximum values of paddr_t and paddr_size_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <j

libutils: add PADDR_MAX and PADDR_SIZE_MAX

Add defines for the maximum values of paddr_t and paddr_size_t.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...