6 years agotee-supplicant: REE fs open file with O_SYNC flag 2.6.0 2.6.0-rc1 ti2017.05 ti2017.05-rc4 ti2017.06 ti2017.06-rc1 ti2017.06-rc2 ti2017.06-rc3 ti2017.06-rc4
tee-supplicant: REE fs open file with O_SYNC flag
CFG_RPMB_FS=y and RPMB_EMU=0(use EMMC RPMB device). Power down when
writing file without the O_SYNC flag, dirf.db was cached by kernel,
some very old (more than two generations) version was in the file
system. If dirf.db and dirfile.db.hash (residing in RPMB) differ by
two versions, it will cause TEE_ERROR_SECURITY, and the file data
will lost.
Add O_SYNC flag in open file to fix this issue.
(fixed by Jens Wiklander)
Signed-off-by: Jianhui Li <airbak.li@hisilicon.com>
Tested-by: Jianhui Li <airbak.li@hisilicon.com> (Hisilicon)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
CFG_RPMB_FS=y and RPMB_EMU=0(use EMMC RPMB device). Power down when
writing file without the O_SYNC flag, dirf.db was cached by kernel,
some very old (more than two generations) version was in the file
system. If dirf.db and dirfile.db.hash (residing in RPMB) differ by
two versions, it will cause TEE_ERROR_SECURITY, and the file data
will lost.
Add O_SYNC flag in open file to fix this issue.
(fixed by Jens Wiklander)
Signed-off-by: Jianhui Li <airbak.li@hisilicon.com>
Tested-by: Jianhui Li <airbak.li@hisilicon.com> (Hisilicon)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee_supplicant: add register memory feature
If OP-TEE and kernel support registereted shared memory,
then supplicant will use this feature instead of using
shared memory pool.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
If OP-TEE and kernel support registereted shared memory,
then supplicant will use this feature instead of using
shared memory pool.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee_client_api: register user memory
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
6 years agotee-supplicant: move TEEC_LOAD_PATH to Makefile ti2017.05-rc1 ti2017.05-rc2 ti2017.05-rc3
tee-supplicant: move TEEC_LOAD_PATH to Makefile
TEEC_LOAD_PATH default value is "/lib", it could be changed by
CFG_TEE_CLIENT_LOAD_PATH in tee_supplicant_android.mk.
As "/lib" could not meet all the scenes, it should be able to be
changed in Makefile for Linux.
* Add -DTEEC_LOAD_PATH in Makefile
* Remove the #ifndef TEEC_LOAD_PATH block in teec_ta_load.c
* Set CFG_TEE_CLIENT_LOAD_PATH ?= /lib in config.mk
(instead of /system/lib)
* In Android.mk, set CFG_TEE_CLIENT_LOAD_PATH ?= /system/lib
before config.mk is included
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Yongqin Liu yongqin.liu@linaro.org
Tested-by: Yongqin Liu yongqin.liu@linaro.org (Hikey with AOSP master)
Signed-off-by: Jianhui Li <airbak.li@hisilicon.com>
TEEC_LOAD_PATH default value is "/lib", it could be changed by
CFG_TEE_CLIENT_LOAD_PATH in tee_supplicant_android.mk.
As "/lib" could not meet all the scenes, it should be able to be
changed in Makefile for Linux.
* Add -DTEEC_LOAD_PATH in Makefile
* Remove the #ifndef TEEC_LOAD_PATH block in teec_ta_load.c
* Set CFG_TEE_CLIENT_LOAD_PATH ?= /lib in config.mk
(instead of /system/lib)
* In Android.mk, set CFG_TEE_CLIENT_LOAD_PATH ?= /system/lib
before config.mk is included
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Yongqin Liu yongqin.liu@linaro.org
Tested-by: Yongqin Liu yongqin.liu@linaro.org (Hikey with AOSP master)
Signed-off-by: Jianhui Li <airbak.li@hisilicon.com>
tee_client_api: support calling libteec from cplusplus
The tee client api has got no restriction for cplusplus program,
simplely add extern "c" in this patch to support this feature.
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
The tee client api has got no restriction for cplusplus program,
simplely add extern "c" in this patch to support this feature.
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@hisilicon.com>
rpi3: fix unsupported exclusive access issue
Fix unsupported exclusive issue , which occurs when using gcc builtin
atomic
__sync_fetch_and_add();, which is unfolded into LDXR/STLXR pair
(aarch64).
Currently, __sync_fetch_and_add() is used in bm_timestamp() for updating
head/tail
of timestamp per-cpu ringbuffers.
Fixes: https://github.com/OP-TEE/optee_client/issues/99
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Fix unsupported exclusive issue , which occurs when using gcc builtin
atomic
__sync_fetch_and_add();, which is unfolded into LDXR/STLXR pair
(aarch64).
Currently, __sync_fetch_and_add() is used in bm_timestamp() for updating
head/tail
of timestamp per-cpu ringbuffers.
Fixes: https://github.com/OP-TEE/optee_client/issues/99
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
6 years agolibteec/Makefile: create relative links to shared library instead of absolute ones 2.5.0 2.5.0-rc2 ti2017.03 ti2017.03-rc1 ti2017.03-rc2 ti2017.03-rc3 ti2017.03-rc4 ti2017.04 ti2017.04-rc1 ti2017.04-rc2 ti2017.04-rc3 ti2017.04-rc4
libteec/Makefile: create relative links to shared library instead of absolute ones
Absolute paths in link targets are ugly and there is always a risk that
they may be packaged incorrectly. Further the *.so* files are always
expected to reside in the same directory. This patch fixes this problem.
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Absolute paths in link targets are ugly and there is always a risk that
they may be packaged incorrectly. Further the *.so* files are always
expected to reside in the same directory. This patch fixes this problem.
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Makefile: preserve links to libraries during make copy_export
During "make copy_export" and "make install" the shared library is
copied into the LIBDIR. However "cp" is used, thus the links to the
shared library are not preserved. This patch fixes the problem by using
"cp -a" instead.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
During "make copy_export" and "make install" the shared library is
copied into the LIBDIR. However "cp" is used, thus the links to the
shared library are not preserved. This patch fixes the problem by using
"cp -a" instead.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
libteec: benchmark cleanup
Some cleanup which should also fix a build error on Android:
external/optee_client/libteec/src/tee_client_api.c:556: error: undefined reference to 'bm_timestamp'
external/optee_client/libteec/src/tee_client_api.c:592: error: undefined reference to 'bm_timestamp'
clang.real: error: linker command failed with exit code 1 (use -v to see invocation)
- Move include/linux/teec_benchmark.h up one level, because this file
is not related to the Linux TEE driver
- Make bm_timestamp() a no-op static inline if CFG_TEE_BENCHMARK != y
- Remove conditional compilation in teec_benchmark.c, instead, add the
file to the build only when CFG_TEE_BENCHMARK = y
- Declare benchmark_check_mode() static in teec_benchmark.c, since it
is not used anywhere else
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Igor Opaniuk <igor.opaniuk@linaro.org>
Some cleanup which should also fix a build error on Android:
external/optee_client/libteec/src/tee_client_api.c:556: error: undefined reference to 'bm_timestamp'
external/optee_client/libteec/src/tee_client_api.c:592: error: undefined reference to 'bm_timestamp'
clang.real: error: linker command failed with exit code 1 (use -v to see invocation)
- Move include/linux/teec_benchmark.h up one level, because this file
is not related to the Linux TEE driver
- Make bm_timestamp() a no-op static inline if CFG_TEE_BENCHMARK != y
- Remove conditional compilation in teec_benchmark.c, instead, add the
file to the build only when CFG_TEE_BENCHMARK = y
- Declare benchmark_check_mode() static in teec_benchmark.c, since it
is not used anywhere else
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Igor Opaniuk <igor.opaniuk@linaro.org>
tee-supplicant: Report error on short buffer when loading TA
Signed-off-by: Yves Lefloch <YvesMarie_Lefloch@sigmadesigns.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Yves Lefloch <YvesMarie_Lefloch@sigmadesigns.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fix incorrect share memory size
Accroding to TEE Client API Spec section 4.3.8 TEEC_RegisteredMemoryReference,
when handling a TEEC_RegisteredMemoryReference parameter of TEEC_MEMREF_WHOLE
type, the memory region size should read from its parent TEEC_SharedMemory
structure instead of the size described in TEEC_RegisteredMemoryReference
structure.
Signed-off-by: James Kung <kong1191@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMUs, GP)
Accroding to TEE Client API Spec section 4.3.8 TEEC_RegisteredMemoryReference,
when handling a TEEC_RegisteredMemoryReference parameter of TEEC_MEMREF_WHOLE
type, the memory region size should read from its parent TEEC_SharedMemory
structure instead of the size described in TEEC_RegisteredMemoryReference
structure.
Signed-off-by: James Kung <kong1191@gmail.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (QEMUs, GP)
Storage: Added CFG_TEE_FS_PARENT_PATH config option
tee-supplicant needs to create folder which will contain secure files.
In case folder can not be created, tee-supplicant exits.
Sometimes developers have to change this location to another.
For example, Android OS can not use /data folder, because tee-supplicant
is needed for decrypt userdata.img (which is mounted in /data folder).
* Add CFG_TEE_FS_PARENT_PATH config option
* Cleanup secure storage init logic
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: fix typo in commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
tee-supplicant needs to create folder which will contain secure files.
In case folder can not be created, tee-supplicant exits.
Sometimes developers have to change this location to another.
For example, Android OS can not use /data folder, because tee-supplicant
is needed for decrypt userdata.img (which is mounted in /data folder).
* Add CFG_TEE_FS_PARENT_PATH config option
* Cleanup secure storage init logic
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
[jf: fix typo in commit message]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Replace file permission symbolic values by octal numbers
Octal numbers are prefered over symbolic values for file access modes.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Octal numbers are prefered over symbolic values for file access modes.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
OP-TEE Benchmark
OP-TEE Benchmark feature provides timestamp data for the roundtrip time
from libteec to OP-TEE OS core.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
OP-TEE Benchmark feature provides timestamp data for the roundtrip time
from libteec to OP-TEE OS core.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
tee-supplicant: FS: remove unused legacy RPC functions
Since commit 129360332591 ("core: FS: remove unused legacy RPC
functions"), OP-TEE OS does not use a number of filesystem-related
commands anymore. Remove them from tee-supplicant.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Since commit 129360332591 ("core: FS: remove unused legacy RPC
functions"), OP-TEE OS does not use a number of filesystem-related
commands anymore. Remove them from tee-supplicant.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Remove leftovers of SQL FS
Fixes: 403c9a175794 ("Remove SQL-FS")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes: 403c9a175794 ("Remove SQL-FS")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
supplicant: use public rpc command ids
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
supplicant: define/describe reserved Ids for supplicant commands
Add missing macros OPTEE_MSG_RPC_CMD_SHM_ALLOC/_SHM_FREE/_GPROF.
Move OPTEE_MSG_RPC_CMD_SQL_FS_RESERVED to a better place.
Remove deprecated reference to optee_msg.h.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Add missing macros OPTEE_MSG_RPC_CMD_SHM_ALLOC/_SHM_FREE/_GPROF.
Move OPTEE_MSG_RPC_CMD_SQL_FS_RESERVED to a better place.
Remove deprecated reference to optee_msg.h.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
client api: fix ULONG_MAX dependency
ULONG_MAX depends on limits.h.
Fixes: 9faeb1b6b023 ("tee_client_api: Correct max shared memory size define")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
ULONG_MAX depends on limits.h.
Fixes: 9faeb1b6b023 ("tee_client_api: Correct max shared memory size define")
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee_client_api: Correct max shared memory size define
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: correct block device path for android
ueventd create block devices under /dev/block/.
Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
ueventd create block devices under /dev/block/.
Signed-off-by: Zhizhou Zhang <zhizhouzhang@asrmicro.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Remove SQL-FS
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
7 years agoAndroid.mk: fix CFG_TEE_CLIENT_LOG_FILE checking ti2017.01 ti2017.01-rc1 ti2017.01-rc2 ti2017.01-rc3 ti2017.01-rc4 ti2017.02 ti2017.02-rc1 ti2017.02-rc2 ti2017.02-rc3 ti2017.02-rc4 ti2017.02-rc5 ti2017.02-rc6
Android.mk: fix CFG_TEE_CLIENT_LOG_FILE checking
CFG_TEE_CLIENT_LOG_FILE variable contains the client library log file
path. The correct way to check if the variable is not empty is using
ifneq operator.
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
CFG_TEE_CLIENT_LOG_FILE variable contains the client library log file
path. The correct way to check if the variable is not empty is using
ifneq operator.
Signed-off-by: Ruslan Piasetskyi <ruslan.piasetskyi@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
ree_fs_new_opendir(): ignore empty directory
The behavior of ree_fs_new_opendir() should be the same when a TA
directory does not exist, or when it is empty: return
TEEC_ERROR_ITEM_NOT_FOUND in both cases.
Currently, ree_fs_new_opendir() returns TEE_SUCCESS when the TA
directory exists. This causes an issue with REE FS, when the data
directory is mounted over NFS. "xtest 6009 6010" fails with
TEE_StartPersistentObjectEnumerator() returning TEE_SUCCESS instead of
TEE_ERROR_ITEM_NOT_FOUND.
This is because test 6009 does not properly clean up. The test creates
persistent objects, closes them, opens them again with the meta accesss
flag and deletes them by calling TEE_CloseAndDeletePersistentObject1().
It turns out that tee-supplicant *does* attempt to remove the directory
but receives error ENOTEMPTY when the filesystem is NFS-mounted. The
reason is that when it removes the file, as a consequence of
syscall_storage_obj_del() calling o->pobj->fops->remove(o->pobj),
tee-supplicant still has an open file descriptor to the object. This
causes the NFS server to keep a hidden file (.nfsXXX) in the directory,
causing the subsequent rmdir() to fail. Then, when
syscall_storage_obj_del() calls tee_obj_close(), the fd is closed and
the .nfsXXX file disappears. We're left with an empty TA directory, and
when TEE_StartPersistentObjectEnumerator() invokes ree_fs_new_opendir()
it ends up with TEE_SUCCESS instead of TEE_ERROR_ITEM_NOT_FOUND.
One option to fix the issue is to fix the directory cleanup sequence,
i.e., make sure that the file descriptor is closed before the file is
unlinked and the directory removed. But we choose to adjust
ree_fs_new_opendir() instead, because it is less intrusive in OP-TEE OS
and also because the secure storage code is being reworked anyway for
other reasons.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
The behavior of ree_fs_new_opendir() should be the same when a TA
directory does not exist, or when it is empty: return
TEEC_ERROR_ITEM_NOT_FOUND in both cases.
Currently, ree_fs_new_opendir() returns TEE_SUCCESS when the TA
directory exists. This causes an issue with REE FS, when the data
directory is mounted over NFS. "xtest 6009 6010" fails with
TEE_StartPersistentObjectEnumerator() returning TEE_SUCCESS instead of
TEE_ERROR_ITEM_NOT_FOUND.
This is because test 6009 does not properly clean up. The test creates
persistent objects, closes them, opens them again with the meta accesss
flag and deletes them by calling TEE_CloseAndDeletePersistentObject1().
It turns out that tee-supplicant *does* attempt to remove the directory
but receives error ENOTEMPTY when the filesystem is NFS-mounted. The
reason is that when it removes the file, as a consequence of
syscall_storage_obj_del() calling o->pobj->fops->remove(o->pobj),
tee-supplicant still has an open file descriptor to the object. This
causes the NFS server to keep a hidden file (.nfsXXX) in the directory,
causing the subsequent rmdir() to fail. Then, when
syscall_storage_obj_del() calls tee_obj_close(), the fd is closed and
the .nfsXXX file disappears. We're left with an empty TA directory, and
when TEE_StartPersistentObjectEnumerator() invokes ree_fs_new_opendir()
it ends up with TEE_SUCCESS instead of TEE_ERROR_ITEM_NOT_FOUND.
One option to fix the issue is to fix the directory cleanup sequence,
i.e., make sure that the file descriptor is closed before the file is
unlinked and the directory removed. But we choose to adjust
ree_fs_new_opendir() instead, because it is less intrusive in OP-TEE OS
and also because the secure storage code is being reworked anyway for
other reasons.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
7 years agotee_supplicant_android.mk: Add missing configs for sockets ti2017.00 ti2017.00-c4 ti2017.00-rc3 ti2017.00-rc4 ti2017.00-rc5 ti2017.00-rc6
tee_supplicant_android.mk: Add missing configs for sockets
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
tee-supplicant: fix variable is used unitialized error
Fixes build error below:
tee_socket.c:393:7: error: variable 'to' is used uninitialized whenever
'if' condition is false [-Werror,-Wsometimes-uninitialized]
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Fixes build error below:
tee_socket.c:393:7: error: variable 'to' is used uninitialized whenever
'if' condition is false [-Werror,-Wsometimes-uninitialized]
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Use the mode also in open_wrapper
When source code is built with FORTIFY, it will give an error if you're
doing an open syscall without specifing the mode parameter.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
When source code is built with FORTIFY, it will give an error if you're
doing an open syscall without specifing the mode parameter.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: Add support for TCP/UDP iSocket interface
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2260)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: spawn threads as needed
* Spawns threads as needed, but only if the kernel supports asynchronous
supplicant requests.
* Adds mutex protecting RPMB
* Adds mutex protecting SQL_FS
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
* Spawns threads as needed, but only if the kernel supports asynchronous
supplicant requests.
* Adds mutex protecting RPMB
* Adds mutex protecting SQL_FS
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: support asynchronous supplicant requests
Adds support for asynchronous supplicant requests, meaning that the
supplicant can process several requests in parallel or block in a
request for some time. This is not yet taken advantage of.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds support for asynchronous supplicant requests, meaning that the
supplicant can process several requests in parallel or block in a
request for some time. This is not yet taken advantage of.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: Update TEEC_TEST_LOAD_PATH for Android
Match TA_TEST_DIR in optee_test/blob/master/host/xtest/xtest_1000.c
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Match TA_TEST_DIR in optee_test/blob/master/host/xtest/xtest_1000.c
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
ree fs rpc: open with best-effort allowing RO data fs
The REE handler for open always uses flags O_RDWR at the moment.
This breaks the possibility to use read-only operations on a
read-only mounted filesystem at /data.
Change it to try to open with O_RDWR, if not possible fall back
to O_RDONLY and only fail if that isn't workable either.
If O_RDONLY isn't enough, then the TA should use another means
to get the fs mounted rw for the duration of his write activity.
He will get failures on the write action if not, but that is
fair enough.
Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
The REE handler for open always uses flags O_RDWR at the moment.
This breaks the possibility to use read-only operations on a
read-only mounted filesystem at /data.
Change it to try to open with O_RDWR, if not possible fall back
to O_RDONLY and only fail if that isn't workable either.
If O_RDONLY isn't enough, then the TA should use another means
to get the fs mounted rw for the duration of his write activity.
He will get failures on the write action if not, but that is
fair enough.
Signed-off-by: Andy Green <andy@warmcat.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Add support for TA profiling (gprof)
Enable with: CFG_TA_GPROF_SUPPORT=y.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Enable with: CFG_TA_GPROF_SUPPORT=y.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Rename optee_msg_fs.h to optee_msg_supplicant.h
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: disable warnings only for sql_fs.c
sql_fs.c includes an API header (sqlfs.h in libsqlfs) which generates
warnings when built with our default flags. Silence them only for this
particular file, so that we won't miss potential issues in new code.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
sql_fs.c includes an API header (sqlfs.h in libsqlfs) which generates
warnings when built with our default flags. Silence them only for this
particular file, so that we won't miss potential issues in new code.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Add backward compatibility with older TA UUID format
Fixes: ce5fefe6cba ("Format UUID strings correctly")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes: ce5fefe6cba ("Format UUID strings correctly")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Allow O to be an absolute path
Update so that absolute as well as relative paths are accepted by the
Makefile.
Tested with:
$ export CFG_WITH_SQLFS=y
$ make
$ make O=build
$ make O=/tmp/build
$ make O=~/build
Note that tilde expansion is supposed to be done by the calling shell.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Zeng Tao <prime.zeng@hisilicon.com>
Acked-by: Zeng Tao <prime.zeng@hisilicon.com>
Update so that absolute as well as relative paths are accepted by the
Makefile.
Tested with:
$ export CFG_WITH_SQLFS=y
$ make
$ make O=build
$ make O=/tmp/build
$ make O=~/build
Note that tilde expansion is supposed to be done by the calling shell.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Zeng Tao <prime.zeng@hisilicon.com>
Acked-by: Zeng Tao <prime.zeng@hisilicon.com>
7 years agoFormat UUID strings correctly ti2016.06 ti2016.06-rc1 ti2016.06-rc2 ti2016.06-rc3 ti2016.06-rc4
Format UUID strings correctly
Prior to this patch although GlobalPlatform specifies that TAs and such
are identified with UUIDs, we don't format them quite right when turning
them into strings. Per https://www.ietf.org/rfc/rfc4122.txt, there
should be another hyphen after the first two bytes of clockSeqAndNode.
Unfortunately, fixing this breaks compatibility between how TAs are
built, and when the OS loads them.
With this patch UUID string are formated with the additional hyphen as
for instance: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/857
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Prior to this patch although GlobalPlatform specifies that TAs and such
are identified with UUIDs, we don't format them quite right when turning
them into strings. Per https://www.ietf.org/rfc/rfc4122.txt, there
should be another hyphen after the first two bytes of clockSeqAndNode.
Unfortunately, fixing this breaks compatibility between how TAs are
built, and when the OS loads them.
With this patch UUID string are formated with the additional hyphen as
for instance: f81d4fae-7dec-11d0-a765-00a0c91e6bf6
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/857
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Encode UUID big endian
When encoding a UUID as a sequence of bytes, the spec
(https://www.ietf.org/rfc/rfc4122.txt) says that the u32, and two u16s
should be represented big endian.
Before this patch OPTEE always treated them natively. With this patch
UUIDs are always converted to/from big endian when communicating with
the kernel.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/858
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
When encoding a UUID as a sequence of bytes, the spec
(https://www.ietf.org/rfc/rfc4122.txt) says that the u32, and two u16s
should be represented big endian.
Before this patch OPTEE always treated them natively. With this patch
UUIDs are always converted to/from big endian when communicating with
the kernel.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/858
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: add missing unistd.h in tee_fs.h
R_OK, W_OK are defined by uninstd.h. This change ensures
the project can be compiled with Android Bionic
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[Rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
R_OK, W_OK are defined by uninstd.h. This change ensures
the project can be compiled with Android Bionic
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[Rebase on top of master]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
README: Replace toolchain URL with reference to toolchain.mk
This is to avoid hard coding toolchain URL which tends to change and
require constant updates.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
This is to avoid hard coding toolchain URL which tends to change and
require constant updates.
Signed-off-by: Victor Chong <victor.chong@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Update clean rules
Do not use rm -rf, it's unsafe. Instead, remove only the files created
by the build and the output directories if they're empty. This allows
to specify the source directory as an output location:
$ make O=.
$ make O=. clean
Without this fix the clean step would remove the source files too.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Do not use rm -rf, it's unsafe. Instead, remove only the files created
by the build and the output directories if they're empty. This allows
to specify the source directory as an output location:
$ make O=.
$ make O=. clean
Without this fix the clean step would remove the source files too.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Introduce BINDIR, LIBDIR, INCLUDEDIR and DESTDIR
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3)
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3)
libteec: sync tee.h with the linux kernel header file
This changes is about cleanup. No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
This changes is about cleanup. No functional change.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
libteec extension: TEEC_RegisterSharedMemoryFileDescriptor()
Create a shared memory object in system out of a file descriptor.
libteec relays the request to the tee driver and returns a shared
memory structure referring to the shared memory object.
Driver provides a file descriptor for the newly created tee_shm object.
TEE Client API library closes this fd when the shared memory object
is released from API TEEC_ReleaseSharedMemory().
None of the APIs TEEC_RegisterSharedMemoryFromFileDescriptor() and
TEEC_ReleaseSharedMemory() do close the initial file descriptor that
gets registered. It remains the responsibility of the called to
handle its file descriptor.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Create a shared memory object in system out of a file descriptor.
libteec relays the request to the tee driver and returns a shared
memory structure referring to the shared memory object.
Driver provides a file descriptor for the newly created tee_shm object.
TEE Client API library closes this fd when the shared memory object
is released from API TEEC_ReleaseSharedMemory().
None of the APIs TEEC_RegisterSharedMemoryFromFileDescriptor() and
TEEC_ReleaseSharedMemory() do close the initial file descriptor that
gets registered. It remains the responsibility of the called to
handle its file descriptor.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Add new RPC FS functions with useful error codes
As the interface is changed to use proper error codes, the way
parameters are passed is also updated.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
As the interface is changed to use proper error codes, the way
parameters are passed is also updated.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
build: print 'LINK' rather than 'LD' when $(LD) is not used directly
When $(CC) is called to link object files, it makes little sense to
print 'LD <executable>'. Reserve this for when $(LD) is called
directly. Using 'CC <executable>' on the other hand would make it hard
to distinguish compile from link steps. So, print 'LINK <executable>'
instead. This is similar to what the Linux kernel build system does.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
When $(CC) is called to link object files, it makes little sense to
print 'LD <executable>'. Reserve this for when $(LD) is called
directly. Using 'CC <executable>' on the other hand would make it hard
to distinguish compile from link steps. So, print 'LINK <executable>'
instead. This is similar to what the Linux kernel build system does.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Travis: unset CC
The CC environment variable must not be set, otherwise our Makefiles
will use it instead of $(CROSS_COMPILE)gcc.
What it means is: we have been compiling for x86_64 until now.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
The CC environment variable must not be set, otherwise our Makefiles
will use it instead of $(CROSS_COMPILE)gcc.
What it means is: we have been compiling for x86_64 until now.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee-supplicant: link with -lpthread
tee-supplicant uses pthread functions so it should link with -lpthread
(except for Android which provides the pthread functions a part of the
C library).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee-supplicant uses pthread functions so it should link with -lpthread
(except for Android which provides the pthread functions a part of the
C library).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Travis: build with CFG_SQL_FS=y
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Add Android build for SQL FS
Compile-tested with:
$ ../toolchains/android-ndk-r10e/ndk-build -j NDK_PROJECT_PATH=. \
APP_BUILD_SCRIPT=Android.mk APP_ABI=arm64-v8a CFG_SQL_FS=y
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Compile-tested with:
$ ../toolchains/android-ndk-r10e/ndk-build -j NDK_PROJECT_PATH=. \
APP_BUILD_SCRIPT=Android.mk APP_ABI=arm64-v8a CFG_SQL_FS=y
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee-supplicant: implement SQL FS file operations
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee-supplicant: add missing flags in conversion function
Adding TEE_FS_O_TRUNC and TEE_FS_S_IXUSR.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Adding TEE_FS_O_TRUNC and TEE_FS_S_IXUSR.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
tee-supplicant: move file operations and flags to their own header
The flags and conversion functions will be re-used by the SQL
filesystem, so move them to a common header: tee_fs.h.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
The flags and conversion functions will be re-used by the SQL
filesystem, so move them to a common header: tee_fs.h.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
libsqlfs: fix sqlfs_proc_read()
sqlfs_proc_read() should return 0 when reading an empty file or past
EOF. Upstream: https://github.com/guardianproject/libsqlfs/pull/10.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
sqlfs_proc_read() should return 0 when reading an empty file or past
EOF. Upstream: https://github.com/guardianproject/libsqlfs/pull/10.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Import libsqlfs
Import libsqlfs from //github.com/guardianproject/libsqlfs.git commit
effc5bc58161 ("Fix parallel build errors...").
From http://www.nongnu.org/libsqlfs/:
"The libsqlfs library implements a POSIX style file system on top of an
SQLite database. It allows applications to have access to a full
read/write file system in a single file, complete with its own file
hierarchy and name space. [...] This brings the benefits of a real
database, such as transactions and concurrency control"
Note that libsqlfs is distributed under the GNU LGPL version 2 or later,
which has its own implications on how the library may be used in this
project. In short: do not link statically and do not break the
interface.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Import libsqlfs from //github.com/guardianproject/libsqlfs.git commit
effc5bc58161 ("Fix parallel build errors...").
From http://www.nongnu.org/libsqlfs/:
"The libsqlfs library implements a POSIX style file system on top of an
SQLite database. It allows applications to have access to a full
read/write file system in a single file, complete with its own file
hierarchy and name space. [...] This brings the benefits of a real
database, such as transactions and concurrency control"
Note that libsqlfs is distributed under the GNU LGPL version 2 or later,
which has its own implications on how the library may be used in this
project. In short: do not link statically and do not break the
interface.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Import SQLite
Import https://www.sqlite.org/2016/sqlite-amalgamation-3110100.zip.
This is the first of a series of commits enabling support for a
filesystem based on a SQLite database. Hence, this code is enabled
with CFG_SQL_FS=y.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Import https://www.sqlite.org/2016/sqlite-amalgamation-3110100.zip.
This is the first of a series of commits enabling support for a
filesystem based on a SQLite database. Hence, this code is enabled
with CFG_SQL_FS=y.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Add the missed login method
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@huawei.com>
Reviewed-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@huawei.com>
Remove the connection_method limit
Since we have to add support for login method other than TEE_LOGIN_PUBLIC
in the future, remove the limit now.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@huawei.com>
Since we have to add support for login method other than TEE_LOGIN_PUBLIC
in the future, remove the limit now.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@huawei.com>
Use "make V=1" for verbose build
Replace 'VERBOSE_BUILD' with 'V' for simplicity and consistency with
other projects.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Replace 'VERBOSE_BUILD' with 'V' for simplicity and consistency with
other projects.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Try loading TAs from another writable path
To allow testing of corrupt TA loading on systems where the TA
directory is read-only, try loading TAs first from an alternate
`TEEC_TEST_LOAD_PATH` before the regular path. This allows the test
to override the TA with one for testing purposes.
Although useful for testing, this should not be enabled for a
production system, since it facilitates replacing a TA with a corrupt
image. CFG_TA_TEST_PATH can be turned off in the `config.mk`.
Signed-off-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
To allow testing of corrupt TA loading on systems where the TA
directory is read-only, try loading TAs first from an alternate
`TEEC_TEST_LOAD_PATH` before the regular path. This allows the test
to override the TA with one for testing purposes.
Although useful for testing, this should not be enabled for a
production system, since it facilitates replacing a TA with a corrupt
image. CFG_TA_TEST_PATH can be turned off in the `config.mk`.
Signed-off-by: David Brown <david.brown@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Adjust error codes for TEEC_OpenSession() and TEEC_InvokeCommand()
When the ioctl() call inside TEEC_OpenSession() or TEEC_InvokeCommand()
fails, TEEC_ERROR_BAD_STATE is returned. Update the error path to
return more descriptive codes:
- TEEC_ERROR_OUT_OF_MEMORY if ioctl() has set errno to ENOMEM (with the
current driver, this can occur when the driver's private memory pool is
full).
- TEEC_ERROR_GENERIC otherwise.
This commit also removes <err.h> which is not needed and may cause a
compile warning ("declaration of ‘err’ shadows a global declaration").
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
When the ioctl() call inside TEEC_OpenSession() or TEEC_InvokeCommand()
fails, TEEC_ERROR_BAD_STATE is returned. Update the error path to
return more descriptive codes:
- TEEC_ERROR_OUT_OF_MEMORY if ioctl() has set errno to ENOMEM (with the
current driver, this can occur when the driver's private memory pool is
full).
- TEEC_ERROR_GENERIC otherwise.
This commit also removes <err.h> which is not needed and may cause a
compile warning ("declaration of ‘err’ shadows a global declaration").
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: David Brown <david.brown@linaro.org>
Check flags before allocating shared memory.
In TEEC_AllocateSharedMemory check if TEEC_MEM_INPUT, TEEC_MEM_OUTPUT
or both values are set in shm->flags before allocating shared memory.
Signed-off-by: Krzysztof Kwiatkowski <kris@amongbytes.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
In TEEC_AllocateSharedMemory check if TEEC_MEM_INPUT, TEEC_MEM_OUTPUT
or both values are set in shm->flags before allocating shared memory.
Signed-off-by: Krzysztof Kwiatkowski <kris@amongbytes.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Fix compiler missing-field-initializers warnings
Tested on AOSP 5.0
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I0817e4b7c772a25c0d7fe89e2e5c8bd891696fa7
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Tested on AOSP 5.0
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I0817e4b7c772a25c0d7fe89e2e5c8bd891696fa7
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Fix return-type warnings with CLang
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I322603a6857e27ebd4cc63abe0f00a1a3e7e6471
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I322603a6857e27ebd4cc63abe0f00a1a3e7e6471
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Android: fix makefile compatibility
Android always adds the gen/SHARED_LIBRARIES folder
from the product output folder to the include dirs, however,
this directory may be non-existing.
The target binary name tee-supplicant conflicts
with the source subfolder name tee-supplicant.
Android stores the build object files in a temporary
directory structure matching the tree structure of
the source folders.
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I9b24e61ccd757dedbfd4584ffa6fc9c09daeaccd
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Android always adds the gen/SHARED_LIBRARIES folder
from the product output folder to the include dirs, however,
this directory may be non-existing.
The target binary name tee-supplicant conflicts
with the source subfolder name tee-supplicant.
Android stores the build object files in a temporary
directory structure matching the tree structure of
the source folders.
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: I9b24e61ccd757dedbfd4584ffa6fc9c09daeaccd
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Android: export public include dir
We make sure that applications linking to libteec
are always pointed to the right include dir.
This is achieved by using:
LOCAL_EXPORT_C_INCLUDE_DIRS
Change-Id: I8170ed008da81bcbecbe7a00533932ca79ace8f1
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
We make sure that applications linking to libteec
are always pointed to the right include dir.
This is achieved by using:
LOCAL_EXPORT_C_INCLUDE_DIRS
Change-Id: I8170ed008da81bcbecbe7a00533932ca79ace8f1
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Android.mk cleanup
Change-Id: Ic5d86d39a7858b5da672f4108e01cc96239a6654
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Change-Id: Ic5d86d39a7858b5da672f4108e01cc96239a6654
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Use Android way for detecting Android builds
AOSP build system defines the __ANDROID__
constant. No need for another one.
Change-Id: I2ff302e902386d1894441f4a4fa3bc5304320e05
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
AOSP build system defines the __ANDROID__
constant. No need for another one.
Change-Id: I2ff302e902386d1894441f4a4fa3bc5304320e05
Signed-off-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Zoltan Kuscsik <zoltan.kuscsik@linaro.org>
Support OP-TEE in generic TEE subsystem
Replaces support for for the old OP-TEE driver with support for OP-TEE
in the generic TEE subsystem.
Uses id instead of fd to identify shared memory objects to let
tee-supplicant manage allocation and freeing of its memory shared with
secure world.
This change depends on corresponding abi change in the kernel.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Replaces support for for the old OP-TEE driver with support for OP-TEE
in the generic TEE subsystem.
Uses id instead of fd to identify shared memory objects to let
tee-supplicant manage allocation and freeing of its memory shared with
secure world.
This change depends on corresponding abi change in the kernel.
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
tee-supplicant: add TEE_RPC_LOAD_TA2
Adds new RPC function TEE_RPC_LOAD_TA2 which doesn't allocate a buffer
for the TA to load, instead secure world is responsible to allocate the
buffer when doing this RPC.
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Adds new RPC function TEE_RPC_LOAD_TA2 which doesn't allocate a buffer
for the TA to load, instead secure world is responsible to allocate the
buffer when doing this RPC.
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
RPMB: fix read_cid() and data access with a real eMMC device
Prior to this commit, the RPMB code was tested in emulation mode only
(RPMB_EMU=1). This fixes a couple of issues found when testing with a
real eMMC device on a HiKey board. The eMMC is a Hardkernel 8GB module
plugged into the microSD port. Kernel is from Linaro's 96boards
repository [1], slightly modified so that the RPMB can be used on the
microSD connector (MMC_CAP_CMD23 is added to the capability flags of
the second MMC controller).
[1] https://github.com/96boards/linux branch hikey commit 54e6524885a9
("Merge pull request #178 from xin3liang/hikey-3.18-720p-boot-issue").
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Prior to this commit, the RPMB code was tested in emulation mode only
(RPMB_EMU=1). This fixes a couple of issues found when testing with a
real eMMC device on a HiKey board. The eMMC is a Hardkernel 8GB module
plugged into the microSD port. Kernel is from Linaro's 96boards
repository [1], slightly modified so that the RPMB can be used on the
microSD connector (MMC_CAP_CMD23 is added to the capability flags of
the second MMC controller).
[1] https://github.com/96boards/linux branch hikey commit 54e6524885a9
("Merge pull request #178 from xin3liang/hikey-3.18-720p-boot-issue").
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
RPMB: add HMAC to emulation mode
Verify and generate HMAC values as required by the eMMC spec.
The HMAC SHA-256 implementation is from http://www.ouah.org/ogay/hmac/
which states "The code is distribued under the BSD license".
The code is also available from https://github.com/ogay/hmac.
I have kept only the SHA-256 variant and removed the loop unrolling
option.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Verify and generate HMAC values as required by the eMMC spec.
The HMAC SHA-256 implementation is from http://www.ouah.org/ogay/hmac/
which states "The code is distribued under the BSD license".
The code is also available from https://github.com/ogay/hmac.
I have kept only the SHA-256 variant and removed the loop unrolling
option.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Replay Protected Memory Block (RPMB) support
This commit adds support for the TEE_RPC_RPMB command, used by OP-TEE
to access the RPMB partition of an eMMC device (/dev/mmcblkXrpmb).
This is independent from the regular filesystem access (TEE_RPC_FS),
so the TEE can use either RPMB or the regular FS (or both) to implement
persistent storage.
RPMB operations are:
- Get device information (partition size, reliable write count)
- Read write counter
- Read and write data
- Program authentication key
The code relies on the ioctl() interface to implement the required
functions. In addition, an emulation layer is provided so that the RPMB
feature may be tested even if an actual eMMC chip is not available, or
if the kernel does not support it. Emulated mode is currently the
default. It can be disabled in the tee-supplicant Makefile
(-DRPMB_EMU=1).
The eMMC emulation layer does not yet perform any authentication, i.e.,
it will not check the MAC contained in the requests, and it will not
sign the responses with a MAC either. This feature will be added later.
Tested on HiKey using the extended xtest suite (including tests 6001 to
6011) and eMMC emulation only.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
This commit adds support for the TEE_RPC_RPMB command, used by OP-TEE
to access the RPMB partition of an eMMC device (/dev/mmcblkXrpmb).
This is independent from the regular filesystem access (TEE_RPC_FS),
so the TEE can use either RPMB or the regular FS (or both) to implement
persistent storage.
RPMB operations are:
- Get device information (partition size, reliable write count)
- Read write counter
- Read and write data
- Program authentication key
The code relies on the ioctl() interface to implement the required
functions. In addition, an emulation layer is provided so that the RPMB
feature may be tested even if an actual eMMC chip is not available, or
if the kernel does not support it. Emulated mode is currently the
default. It can be disabled in the tee-supplicant Makefile
(-DRPMB_EMU=1).
The eMMC emulation layer does not yet perform any authentication, i.e.,
it will not check the MAC contained in the requests, and it will not
sign the responses with a MAC either. This feature will be added later.
Tested on HiKey using the extended xtest suite (including tests 6001 to
6011) and eMMC emulation only.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Fix trace
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Add mutex to protect global variable shared_memory_list
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Fixes incorrectly built library and binary
The previous patch made it possible to override the CC variable.
However, when you don't assign anything at all, there will still be a
value assigned by the implicit variables and hence both libtee.so and
tee-supplicant will be built using the host compiler instead of the
(ARM) cross compiler and as a result of that other builds like xtest etc
will fail. We fix this by adding the argument "--no-builtin-variables"
when calling the individual makefile(s).
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
The previous patch made it possible to override the CC variable.
However, when you don't assign anything at all, there will still be a
value assigned by the implicit variables and hence both libtee.so and
tee-supplicant will be built using the host compiler instead of the
(ARM) cross compiler and as a result of that other builds like xtest etc
will fail. We fix this by adding the argument "--no-builtin-variables"
when calling the individual makefile(s).
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Make CC configurable via the environment.
Trying to build optee_client with yocto. Required to
override CC with CC set by yocto environment.
Signed-off-by: Sumit Garg <b49020@freescale.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Trying to build optee_client with yocto. Required to
override CC with CC set by yocto environment.
Signed-off-by: Sumit Garg <b49020@freescale.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Update .gitignore
Add the output directories created by the Android build.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Add the output directories created by the Android build.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Android.mk: s/tee_supplicant/tee-supplicant/
Fixes the name of the TEE supplicant binary in Android builds. Indeed,
the current driver expects current->comm to be "tee-supplicant", any
other name results in the process failing to start.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Fixes the name of the TEE supplicant binary in Android builds. Indeed,
the current driver expects current->comm to be "tee-supplicant", any
other name results in the process failing to start.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Restructure struct type to support 32-bit CA running with 64-bit linux kernel
The changes of data structure in this commit is to be aligned with the changes
in OP-TEE linux kernel driver.
This commit includes:
- Add padding member in struct
- Call pthread_mutex_init to initialize mutex
Signed-off-by: Aijun Sun <aijun.sun@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Aijun Sun <aijun.sun@linaro.org> (FVP platform: 32/64-bit xtest)
Tested-by: Aijun Sun <aijun.sun@linaro.org> (Qemu platform)
The changes of data structure in this commit is to be aligned with the changes
in OP-TEE linux kernel driver.
This commit includes:
- Add padding member in struct
- Call pthread_mutex_init to initialize mutex
Signed-off-by: Aijun Sun <aijun.sun@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Tested-by: Aijun Sun <aijun.sun@linaro.org> (FVP platform: 32/64-bit xtest)
Tested-by: Aijun Sun <aijun.sun@linaro.org> (Qemu platform)
Changing from old STM CLA to the new DCO
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Storage: Added create hard-link operation
To support atmoic rename operation in OP-TEE, we need to
add a create hard-link operation in tee-supplicant.
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Pascal Brand pascal.brand@linaro.org
To support atmoic rename operation in OP-TEE, we need to
add a create hard-link operation in tee-supplicant.
Signed-off-by: SY Chiu <sy.chiu@linaro.org>
Tested-by: SY Chiu <sy.chiu@linaro.org> (QEMU)
Reviewed-by: Pascal Brand pascal.brand@linaro.org
Remove unused ROOTFS installation
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Drop TEE_RPC_FREE_TA_WTH_FD, let it be TEE_RPC_FREE_TA
We don't need two versions of the command. Keep the one with the fd
parameter.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
We don't need two versions of the command. Keep the one with the fd
parameter.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Check for errors when using incomplete filename
Do error checking when an incomplete filename was returned from the
function tfs_get_absolute_filename(...).
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Do error checking when an incomplete filename was returned from the
function tfs_get_absolute_filename(...).
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
tee_supp_fs.c readability cleanup
- Shortened the prefix of static functions from "tee_supp_fs" to
"tee_fs" to make things more readable.
- Using a variable for filename, directory name etc instead of using
(char *)(fsrpc + 1) everywhere.
- Renamed the function called tee_supp_fs_create_fname(...) to
tee_fs_get_absolute_filename(...) to better reflect what it actually
does.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
- Shortened the prefix of static functions from "tee_supp_fs" to
"tee_fs" to make things more readable.
- Using a variable for filename, directory name etc instead of using
(char *)(fsrpc + 1) everywhere.
- Renamed the function called tee_supp_fs_create_fname(...) to
tee_fs_get_absolute_filename(...) to better reflect what it actually
does.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Fixes eventual buffer overrun in tee-supplicant
In the function tee_supp_fs_create_fname(...) you could overwrite the
out buffer. Now we take into account how much data the string
TEE_FS_PATH takes. To support this we let the caller tell the size of
the out buffer it provides instead of assuming that the parameter "out"
always has the size PATH_MAX.
Also did some minor clarifications in the tee_supp_fs_rename(...)
function to make it more understandable.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
In the function tee_supp_fs_create_fname(...) you could overwrite the
out buffer. Now we take into account how much data the string
TEE_FS_PATH takes. To support this we let the caller tell the size of
the out buffer it provides instead of assuming that the parameter "out"
always has the size PATH_MAX.
Also did some minor clarifications in the tee_supp_fs_rename(...)
function to make it more understandable.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
dma_buf support
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
GP Internal Core API v1.1 : add defines
Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM Cannes)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)
Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM Cannes)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)
Align TEEC_FinalizeContext with GP specifications
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Update nbr_bf when freeing the TA
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Kill supplicant in case of fatal error while reading
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Adding missing mutex_lock()
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Remove dependency on optee_linuxdriver/include/tee_ioc.h
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Updated related Linux Driver Refactoring
Update of the client part, related to the Linux Driver
Refactoring at https://github.com/OP-TEE/optee_linuxdriver/pull/17
Fix #16
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (Juno)
Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Update of the client part, related to the Linux Driver
Refactoring at https://github.com/OP-TEE/optee_linuxdriver/pull/17
Fix #16
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Tested-by: Pascal Brand <pascal.brand@linaro.org> (QEMU)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (FVP)
Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (Juno)
Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com>
Add Android.mk
1.add the Android.mk to support android system build;
2.add config options CFG_TEE_CLIENT_LOG_FILE/CFG_TEE_SUPP_LOG_FILE/
CFG_TEE_CLIENT_LOAD_PATH to common config.mk.
Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: sunny <sunny@allwinnertech.com> (Allwinner A80 platform)
1.add the Android.mk to support android system build;
2.add config options CFG_TEE_CLIENT_LOG_FILE/CFG_TEE_SUPP_LOG_FILE/
CFG_TEE_CLIENT_LOAD_PATH to common config.mk.
Signed-off-by: sunny <sunny@allwinnertech.com>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: sunny <sunny@allwinnertech.com> (Allwinner A80 platform)
Travis: use default arm-linux-gnueabihf- compiler
The download of the Linaro compiler as well as the installation of
its dependencies (including some 32-bit libraries) is replaced by
the installation of the default gcc-arm-linux-gnueabihf package.
This speeds up the build significantly.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
The download of the Linaro compiler as well as the installation of
its dependencies (including some 32-bit libraries) is replaced by
the installation of the default gcc-arm-linux-gnueabihf package.
This speeds up the build significantly.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Fixes on trace levels
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Align trace levels to the ones of optee_os
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>