optee/ti-optee-os.git
3 months agota: pkcs11: Add TEE Identity based authentication support master
Vesa Jääskeläinen [Wed, 21 Oct 2020 14:57:56 +0000 (17:57 +0300)]
ta: pkcs11: Add TEE Identity based authentication support

In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.

Once activated:

- When ever PIN is required client's TEE Identity will be used for
  authentication
- PIN failure counters are disabled
- If new PIN is given as input it is in form of PIN ACL string
- It can be disabled with C_InitToken with non-zero PIN

Internally protected authentication path will be used for mode
determination.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: set_pin: use token shortcut like in other pin functions
Vesa Jääskeläinen [Wed, 21 Oct 2020 14:40:34 +0000 (17:40 +0300)]
ta: pkcs11: set_pin: use token shortcut like in other pin functions

Use common shortcut variable 'token' as in check_so_pin and check_user_pin.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: entry_ck_token_initialize: reset SO flags on init
Vesa Jääskeläinen [Wed, 21 Oct 2020 14:36:56 +0000 (17:36 +0300)]
ta: pkcs11: entry_ck_token_initialize: reset SO flags on init

If successful token init has been performed and new PIN is set then reset
all pin change flags.

Call update_persistent_db() only once as a last step during the execution.

Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agopkcs11: persistent_token: Don't read token object UUIDs if we have none
Robin van der Gracht [Mon, 14 Dec 2020 13:08:31 +0000 (14:08 +0100)]
pkcs11: persistent_token: Don't read token object UUIDs if we have none

Do not call TEE_ReadObjectData() when there is no object data to read
because the function panics when reading 0 bytes.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
3 months agota: pkcs11: Change sizeof argument for consistency
Robin van der Gracht [Thu, 7 Jan 2021 07:50:07 +0000 (08:50 +0100)]
ta: pkcs11: Change sizeof argument for consistency

The bytes subtracted here were added a few lines ago. Since *db_objs
was used there we should also do this here for readability.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Robin van der Gracht <robin@protonic.nl>
3 months agocore: tee_rpmb_fs: Return error when block decryption fails
Robin van der Gracht [Mon, 30 Nov 2020 12:28:08 +0000 (13:28 +0100)]
core: tee_rpmb_fs: Return error when block decryption fails

When decrypt_block fails (although unlikely) it shouldn't be silently
ignored. In such case the data in the buffer pointed to by *out is
unmodified or bogus while the return code is TEE_SUCCESS.

Signed-off-by: Robin van der Gracht <robin@protonic.nl>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
3 months agocore: remove temporary external DT mapping
Jens Wiklander [Mon, 4 Jan 2021 07:34:53 +0000 (08:34 +0100)]
core: remove temporary external DT mapping

During boot the external DT is mapped while processing the DT. Once
OP-TEE is done with the DT it should be unmapped to avoid stale mappings
that might cause problems later. Fix this by calling
core_mmu_rem_mapping() from release_external_dt() just before jumping to
normal world.

Fixes: https://github.com/OP-TEE/optee_os/issues/4278
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: ifdef frag_id member in struct dt_descriptor
Jens Wiklander [Mon, 4 Jan 2021 07:34:53 +0000 (08:34 +0100)]
core: ifdef frag_id member in struct dt_descriptor

The frag_id member in struct dt_descriptor is only used if
CFG_EXTERNAL_DTB_OVERLAY is defined, so make it conditional.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: add core_mmu_remove_mapping()
Jens Wiklander [Mon, 4 Jan 2021 07:34:49 +0000 (08:34 +0100)]
core: add core_mmu_remove_mapping()

Adds core_mmu_remove_mapping() which removes mappings earlier added with
core_mmu_add_mapping().

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agoshippable: remove useless CFG_CORE_ASLR=y for QEMU
Jerome Forissier [Wed, 6 Jan 2021 14:41:53 +0000 (15:41 +0100)]
shippable: remove useless CFG_CORE_ASLR=y for QEMU

Since commit 87372da451d4 ("Enable ASLR by default"), most platforms
have ASLR turned on and do not need to explicitly set CFG_CORE_ASLR=y
at build time. Remove the redundant settings in .shippable.yml.
Note that CFG_CORE_ASLR=n is still build-tested by a few platforms
such as rcar, rzg and zynqmp.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: imx: remove security check for i.MX6SDL
Rouven Czerwinski [Tue, 24 Nov 2020 07:40:49 +0000 (08:40 +0100)]
core: imx: remove security check for i.MX6SDL

The i.MX6SDL SoCs do not expose the security configuration in the HPSR
registers correctly, they always return SNVS_SECURITY_CFG_FAB (000),
however the SSM information is still exposed correctly.
Remove the check for the security configuration, since the bits all read
zero on these SoCs, even if they are securely booted.

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
3 months agoplat-imx, plat-rzn1: remove redundant recipes to generate tee-raw.bin
Jerome Forissier [Wed, 6 Jan 2021 14:59:22 +0000 (15:59 +0100)]
plat-imx, plat-rzn1: remove redundant recipes to generate tee-raw.bin

Since commit 5ae0290f7f3b ("core: kernel: link.mk: Move rules to generate
tee-raw.bin and tee.srec from rcar platform"), the recipe to produce
tee-raw.bin is in the common makefile core/arch/arm/kernel/link.mk.
Therefore the recipes in core/arch/arm/plat-imx/link.mk and
core/arch/arm/plat-rzn1/link.mk are redundant and need to be removed.
Fixes the following build warning:

 $ make -s PLATFORM=imx-mx6ullevk
 core/arch/arm/plat-imx/link.mk:7: warning: overriding recipe for target 'out/arm-plat-imx/core/tee-raw.bin'
 core/arch/arm/kernel/link.mk:230: warning: ignoring old recipe for target 'out/arm-plat-imx/core/tee-raw.bin'

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
3 months agocore: rpmb fs uses mempool for temporary transfer buffers
Etienne Carriere [Sun, 13 Dec 2020 17:56:22 +0000 (18:56 +0100)]
core: rpmb fs uses mempool for temporary transfer buffers

RPMB FS driver may allocates a temporary buffer of size the one provided
by userland caller. These may be big buffer of dozens of kbytes and may
exhaust the heap capacities. Change the implementation to use a 4kByte
temporary buffer to update RPMB data instead of an allocated buffer of
the object target size. RPMB FAT entry data is updated by chunks of the
temporary buffer size, and RPMB FAT meta data is updated afterwards as
prior this change.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months ago.shippable: caam: explicitly enable CRYPTO_DRIVER
Jorge Ramirez-Ortiz [Tue, 5 Jan 2021 16:28:19 +0000 (17:28 +0100)]
.shippable: caam: explicitly enable CRYPTO_DRIVER

Enabling CAAM no longer enables CRYPTO_DRIVER. Maintain shippable code
coverage by explicitly enabling the CRYPTO_DRIVER on CAAM supported
platforms (except when the SE050 is a preferred CRYPTO_DRIVER
provider).

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
3 months ago.shippable: se050: use expressions
Jorge Ramirez-Ortiz [Tue, 22 Dec 2020 23:56:17 +0000 (00:56 +0100)]
.shippable: se050: use expressions

Improve readability by using expressions

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
3 months ago.shippable: imx8mmevk: se050: use RNG and HUK from CAAM
Jorge Ramirez-Ortiz [Tue, 22 Dec 2020 23:28:39 +0000 (00:28 +0100)]
.shippable: imx8mmevk: se050: use RNG and HUK from CAAM

Select a more standard configuration using the HUK and RNG from the
CAAM device.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
3 months agoplat-imx: do not enable CFG_CRYPTO_DRIVER with CFG_NXP_CAAM
Jorge Ramirez-Ortiz [Wed, 16 Dec 2020 13:48:19 +0000 (14:48 +0100)]
plat-imx: do not enable CFG_CRYPTO_DRIVER with CFG_NXP_CAAM

Some IMX users might choose a different crypto driver (like the SE050)
but still require CAAM to provide the hardware unique key and perhaps
the RNG - since reading the RNG over I2C can impact performance on
some platforms.

This commit allows for such configuration.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Clement Faure <clement.faure@nxp.com>
3 months agocore: ldelf: implement separate syscalls for ldelf
Balint Dobszay [Fri, 11 Dec 2020 15:25:47 +0000 (16:25 +0100)]
core: ldelf: implement separate syscalls for ldelf

Implements a separate syscall handler for ldelf to decouple it from user
TAs and enable using it for all TSs. The calling convention is the same
as for utee_* syscalls. To distinguish between the different SVCs, the
syscall handler pointer is updated before entering ldelf and restored
after returning. The step of opening a system PTA session and invoking
the commands there is eliminated, the necessary functionality is
implemented in the ldelf syscall functions.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: add handle_db_is_empty() function
Balint Dobszay [Wed, 23 Dec 2020 11:53:14 +0000 (12:53 +0100)]
core: add handle_db_is_empty() function

Implements a function that checks if a handle database is empty, i.e.
all pointers stored in the database are NULL.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: invoke SVC handler through struct ts_session
Balint Dobszay [Fri, 11 Dec 2020 15:25:37 +0000 (16:25 +0100)]
core: invoke SVC handler through struct ts_session

Store the current SVC handler function pointer in struct ts_session, and
invoke the handler through this. Enables changing the SVC handler for a
session without modifying the ts_ops defined in the session context.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: extract ldelf related code from system PTA
Balint Dobszay [Fri, 11 Dec 2020 15:25:25 +0000 (16:25 +0100)]
core: extract ldelf related code from system PTA

Various functions in the system PTA are only used in conjunction with
ldelf. They either implement a system service needed only by ldelf
(system_open_ta_binary(), etc.) or they provide an interface for TAs to
invoke services implemented in user space by ldelf (call_ldelf_dlopen(),
call_ldelf_dlsym()). Extract these to a separate file as a first step
towards converting the PTA system_*() calls into proper ldelf-specific
syscalls.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: move user_ctx field to struct ts_session
Balint Dobszay [Fri, 11 Dec 2020 15:25:12 +0000 (16:25 +0100)]
core: move user_ctx field to struct ts_session

The user_ctx field in struct tee_ta_session is used by PTAs to keep
track of session specific information. Move it to struct ts_session to
make it generic and reachable for all sessions, not just TAs. This
enables extracting ldelf related code from system PTA.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: prefer struct user_mode_ctx in system PTA
Balint Dobszay [Fri, 11 Dec 2020 15:24:52 +0000 (16:24 +0100)]
core: prefer struct user_mode_ctx in system PTA

Most functions in system PTA have struct ts_session as parameter, but
only use it for getting the pointer to user_mode_ctx. This commit
simplifies the code by doing the casting in a single place and passing
user_mode_ctx as an argument instead.

This also eliminates casting to user_ta_ctx as an intermediate step. It
is a preparation step for extracting ldelf related functions from system
PTA to an ldelf specific syscall handler.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
3 months agocore: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left
Stefan Schmidt [Sat, 5 Dec 2020 12:44:17 +0000 (13:44 +0100)]
core: rpmb: return TEE_ERROR_STORAGE_NO_SPACE if no space left

So far the error TEE_ERROR_OUT_OF_MEMORY was returned if no
free memory could be allocated in the RPMB to store new data.
According to TEE Internal Core API Specification the error
TEE_ERROR_STORAGE_NO_SPACE shall be returned if insufficient
space is available to create the persistent object.

Signed-off-by: Stefan Schmidt <snst@meek.de>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agoReintroduce memalign() and friends
Jens Wiklander [Mon, 28 Dec 2020 22:07:47 +0000 (23:07 +0100)]
Reintroduce memalign() and friends

memalign() and friends where removed with the
commit 8cd8a6296974 ("Remove memalign()").

At the time memalign() was unused and a bit buggy. This new memalign()
is believed to work correctly due to extensive testing.  Recently
memalign() has been needed by certain drivers so it makes sense to add
it again.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutil: add hdr_size parameter to bget
Jens Wiklander [Mon, 28 Dec 2020 21:29:50 +0000 (22:29 +0100)]
libutil: add hdr_size parameter to bget

Adds a hdr_size parameter to bget(), bgetz() and bgetr(). hdr_size must
be a multiple of BGET_HDR_QUANTUM. If hdr_size is larger than 0 the
buffer will be allocated so that the alignment constraints are fulfilled
after advancing hdr_size bytes into the returned buffer.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutil: add alignment parameter to bget
Jens Wiklander [Mon, 28 Dec 2020 20:52:33 +0000 (21:52 +0100)]
libutil: add alignment parameter to bget

Adds alignment parameter to bget(), bgetz() and bgetr(). If alignment is
larger then 0 the returned buffer is guaranteed to have an address which
is a multiple of this value.

The algorithm is basically unchanged, in the way that the memory is
still allocated from the end of a free memory block. The difference is
in the core implementation in bget() where now alignment of the returned
memory is taken into account. If only allocating with the minimum
alignment the memory blocks are expected to be allocated in the same
pattern.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agoIntroduce CFG_TA_BGET_TEST
Jens Wiklander [Sun, 27 Dec 2020 20:17:52 +0000 (21:17 +0100)]
Introduce CFG_TA_BGET_TEST

Introduces CFG_TA_BGET_TEST which compiles the integrated bget test
suite together with the rest of bget. When enabled, the test entry point
is bget_main_test() in libutils.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: introduce CFG_ENABLE_EMBEDDED_TESTS
Jens Wiklander [Tue, 29 Dec 2020 17:02:06 +0000 (18:02 +0100)]
core: introduce CFG_ENABLE_EMBEDDED_TESTS

Introduces CFG_ENABLE_EMBEDDED_TESTS disabled by default. This flag
is used to control the default value of all other embedded tests.

This changes the default value of CFG_TEE_CORE_EMBED_INTERNAL_TESTS to
'n' since CFG_ENABLE_EMBEDDED_TESTS defaults to 'n'.

A Shippable target is updated with CFG_ENABLE_EMBEDDED_TESTS=y to have
these tests compiled in some configuration.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agoqemu_v8: configure secure interrupts
Jens Wiklander [Mon, 4 Jan 2021 20:03:30 +0000 (21:03 +0100)]
qemu_v8: configure secure interrupts

Configures GIC and enable reception of interrupts from the secure uart.
This enables testing of secure interrupts on the QEMU v8 platform by
typing in the secure log.

Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocrypto: se050: build: elliptic curve
Jorge Ramirez-Ortiz [Tue, 15 Dec 2020 18:00:05 +0000 (19:00 +0100)]
crypto: se050: build: elliptic curve

Makefile changes to compile-in and enable elliptic curve support.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agocrypto: se050: core: elliptic curve implementation
Jorge Ramirez-Ortiz [Tue, 15 Dec 2020 17:59:30 +0000 (18:59 +0100)]
crypto: se050: core: elliptic curve implementation

Elliptic curve driver.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agocrypto: se050: adaptors: elliptic curve
Jorge Ramirez-Ortiz [Tue, 15 Dec 2020 17:58:53 +0000 (18:58 +0100)]
crypto: se050: adaptors: elliptic curve

APDU and utility functions required to support elliptic curve
cryptography.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agota: pkcs11: Add more checks before destroying object in a session
Ruchika Gupta [Tue, 29 Dec 2020 07:39:19 +0000 (13:09 +0530)]
ta: pkcs11: Add more checks before destroying object in a session

Few checks were missing in the implementaion of C_DestroyObject()
as per PKCS#11 Specification. These have been added now.
These checks are
- only session objects can be destroyed during a read only session
- only public objects can be destroyed unless the normal user is
logged in
- Certain objects may not be destroyed. Calling C_DestroyObject on
such objects will result in the CKR_ACTION_PROHIBITED error code.
An application can consult the object's CKA_DESTROYABLE
attribute to determine if an object may be destroyed or not.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agota: pkcs11: Fix return value when trying to open parallel session
Vesa Jääskeläinen [Thu, 31 Dec 2020 00:05:33 +0000 (02:05 +0200)]
ta: pkcs11: Fix return value when trying to open parallel session

It is mandatory to have CKF_SERIAL_SESSION set when invoking
C_OpenSession(). When omitted CKR_SESSION_PARALLEL_NOT_SUPPORTED must be
returned.

Specified in:
PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
Plus Errata 01
5.6 Session management functions
C_OpenSession

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agodrivers: crypto: se050: limitations to RSA crypto
Jorge Ramirez-Ortiz [Sun, 13 Dec 2020 20:59:25 +0000 (21:59 +0100)]
drivers: crypto: se050: limitations to RSA crypto

The supported algorithms for encryption/decryption are:
  PKCS1_OAEP
  PKCS1_V1_5

When using PKCS1_PSS_MGF1 the se050 also has some restrictions on the
hash algorithms that can be used depending on the RSA key size.

Source: Plug And Trust MW documentation, Release v02,14,00 (Apr 03,
2020)

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
3 months agota: pkcs11: Check for CKA_PRIVATE when creating objects
Ruchika Gupta [Thu, 24 Dec 2020 06:41:41 +0000 (12:11 +0530)]
ta: pkcs11: Check for CKA_PRIVATE when creating objects

PKCS#11 Specification[1] states that Private session/token objects
cannot be created in Public sessions. So, add a check for access
type when creating objects.

[1] PKCS #11 Cryptographic Token Interface Usage Guide Version 2.40
(Table 3 - ACCESS TO DIFFERENT TYPES OBJECTS BY DIFFERENT TYPES
OF SESSIONS)

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Fix error returned
Ruchika Gupta [Thu, 24 Dec 2020 06:39:34 +0000 (12:09 +0530)]
ta: pkcs11: Fix error returned

When trying to access an object of type CKA_PRIVATE without
logging in, the error returned should be
PKCS11_CKR_USER_NOT_LOGGED_IN.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agomk/compile.mk: Fix handling of '+' in path for generated include guards
Vesa Jääskeläinen [Sun, 27 Dec 2020 08:28:54 +0000 (10:28 +0200)]
mk/compile.mk: Fix handling of '+' in path for generated include guards

When building with bitbake with gitpkgv class git revision details have
'+' as delimeter.

Version details appears in path and this causes following warnings during
the OP-TEE OS build:

In file included from core/arch/arm/kernel/entry_a64.S:11:
/build/.../optee-os/devel+gitrAUTOINC+e97c83bd6f-r0/build.zcu102/core/include/generated/asm-defines.h:1:123: warning: extra tokens at end of #ifndef directive
    1 | #ifndef _build_..._optee_os_devel+gitrAUTOINC+e97c83bd6f_r0_build_zcu102_core_include_generated_asm_defines_h
      |                                  ^
/build/.../optee-os/devel+gitrAUTOINC+e97c83bd6f-r0/build.zcu102/core/include/generated/asm-defines.h:2:9: warning: missing whitespace after the macro name
    2 | #define _build_..._optee_os_devel+gitrAUTOINC+e97c83bd6f_r0_build_zcu102_core_include_generated_asm_defines_h
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Use get_attribute_ptr() instead of get_attribute()
Ruchika Gupta [Tue, 22 Dec 2020 09:24:02 +0000 (14:54 +0530)]
ta: pkcs11: Use get_attribute_ptr() instead of get_attribute()

When just trying to determine if an attribute is present in the
list or not withour requiring the actual value of the attribute,
using get_attribute_ptr() is better to use as it is more
light-weight than it's counterpart get_attribute().

Suggested-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Add class_id in create_attributes_from_template()
Ruchika Gupta [Mon, 21 Dec 2020 06:43:39 +0000 (12:13 +0530)]
ta: pkcs11: Add class_id in create_attributes_from_template()

Add a parameter to pass pkcs11_class_id. The parameter will be
used when attributes need to be created for a template
supporting public or private class key. It is unused for now.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Add class and type hint in sanitize_client_object()
Ruchika Gupta [Fri, 18 Dec 2020 07:49:10 +0000 (13:19 +0530)]
ta: pkcs11: Add class and type hint in sanitize_client_object()

Specification allows one to pass templates while genrating
key/keypair where class and type may be omitted from the template.
In such cases, pass class and type as hint in sanitize_client_object()
so that they can be added in the attribute list being prepared.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Fix for CKA_KEY_GEN_MECHANISM in create_attributes_from_template()
Ruchika Gupta [Thu, 17 Dec 2020 11:49:24 +0000 (17:19 +0530)]
ta: pkcs11: Fix for CKA_KEY_GEN_MECHANISM in create_attributes_from_template()

CKA_KEY_GEN_MECHANISM attribute is not added in the attribute list
(attrs) from the template (temp) when a key object is created as
it doesn't fall in mandatory/optional attribute. So, error checking for
this attribute should be done on the original source template(temp)
and not the attribute list(attrs) in create_attributes_from_template().

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Fix for CKA_LOCAL in create_attributes_from_template()
Ruchika Gupta [Thu, 17 Dec 2020 08:02:20 +0000 (13:32 +0530)]
ta: pkcs11: Fix for CKA_LOCAL in create_attributes_from_template()

CKA_LOCAL attribute is not added in the attribute list
(attrs) from the template (temp) when a key object is created as
it doesn't fall in mandatory/optional attribute. So, error checking for
this attribute should be done on the original source template(temp)
and not the attribute list(attrs) in create_attributes_from_template().

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Add support for Key Generation
Ruchika Gupta [Thu, 10 Dec 2020 09:47:50 +0000 (15:17 +0530)]
ta: pkcs11: Add support for Key Generation

Adds support of mechanisms PKCS11_CKM_GENERIC_SECRET_KEY_GEN,
PKCS11_CKM_AES_KEY_GEN for key generation API.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Define TA mechanisms for Key Generation
Ruchika Gupta [Mon, 7 Dec 2020 09:12:04 +0000 (14:42 +0530)]
ta: pkcs11: Define TA mechanisms for Key Generation

Adds the mechanisms PKCS11_CKM_GENERIC_SECRET_KEY_GEN
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agota: pkcs11: Define command for Key Generation
Ruchika Gupta [Mon, 7 Dec 2020 08:12:41 +0000 (13:42 +0530)]
ta: pkcs11: Define command for Key Generation

Add command PKCS11_CMD_GENERATE_KEY in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
3 months agoshippable: imx8mm/imx6ull: add plug and trust support
Jorge Ramirez-Ortiz [Fri, 18 Dec 2020 16:59:26 +0000 (17:59 +0100)]
shippable: imx8mm/imx6ull: add plug and trust support

Validates the different SE050 configuration options with the Plug And
Trust library on arm64 and arm.

This will be useful to avoid regressions when multiple crypto drivers
are enabled.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
3 months agota: pkcs11: Fix the error code returned
Ruchika Gupta [Fri, 11 Dec 2020 11:55:54 +0000 (17:25 +0530)]
ta: pkcs11: Fix the error code returned

While generating a key of type PKCS11_CKO_SECRET_KEY, if
CKA_VALUE_LEN field is not specified in the attribute
template, the error returned needs to be
PKCS11_CKR_TEMPLATE_INCOMPLETE.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
3 months agota: pkcs11: Temporary workaround in sanitize_indirect_attr()
Ruchika Gupta [Fri, 11 Dec 2020 10:25:07 +0000 (15:55 +0530)]
ta: pkcs11: Temporary workaround in sanitize_indirect_attr()

Since the type of key to be generated is implicit in the key generation
mechanism, the template does not need to supply a key type or class.
(CKA_CLASS and CKA_KEY_TYPE attributes). sanitize_indirect_attr()
expects these attributes to be available else gives an error.

The right way of handling this would be perhaps passing a hint
of the class and key type to this function if key is being generated
using key generated mechanisms. However, we don't have support for
wrap/derive key which uses the indirect attributes at present in the
code. So, we would not be able to test it. For now, just move the class
checking afer the attribute checking which helps avoid this error.

Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
3 months agoUse barrier_read_cntpct() to read CNTPCT
Jens Wiklander [Wed, 2 Dec 2020 17:29:41 +0000 (18:29 +0100)]
Use barrier_read_cntpct() to read CNTPCT

Arm ARM quite clearly mentions [1] [2] that such reads must be preceded
by an ISB to forbid re-ordering.

[1] https://developer.arm.com/documentation/ddi0487/fc/ page D13-2863
"Synchronization requirements for AArch64 System registers" and page
G8-6146 "Ordering of reads of System registers".
[2] https://developer.arm.com/documentation/ddi0406/cd/ page B3-1441
"Ordering of reads of system control registers"

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Olivier Deprez <Olivier.Deprez@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutee: add isb() and barrier_read_cntpct()
Jens Wiklander [Tue, 15 Dec 2020 08:09:59 +0000 (09:09 +0100)]
libutee: add isb() and barrier_read_cntpct()

Adds isb() and barrier_read_cntpct() to arm_user_sysreg.h, the latter to be
used as a helper when reading CNTPCT.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: add barrier_read_cntpct()
Jens Wiklander [Tue, 15 Dec 2020 08:20:08 +0000 (09:20 +0100)]
core: add barrier_read_cntpct()

Adds barrier_read_cntpct() to arm.h. To be used as a helper when reading
CNTPCT.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutee: fix TEE_BigIntInit() memset()
Jens Wiklander [Mon, 14 Dec 2020 22:42:48 +0000 (23:42 +0100)]
libutee: fix TEE_BigIntInit() memset()

The TEE_BigIntInit() supplied length is the number of words allocated
for the bigint, including headers. Prior to this patch it seems it was
assumed that length was number of bits given the call to
TEE_BigIntSizeInU32(). With this patch correct this by removing the
TEE_BigIntSizeInU32() call.

Fixes: 062e3d01c039 ("ta: switch to to mbedtls for bignum")
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutee: TEE_CopyOperation() copy info.digestLength
Jens Wiklander [Tue, 15 Dec 2020 07:33:24 +0000 (08:33 +0100)]
libutee: TEE_CopyOperation() copy info.digestLength

When copying an operation include info.digestLength in the copied fields
which is needed for the authenticated encryption algorithms AES-GCM and
AES-CCM.

Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
Suggested-by: Tony He <tony.he@armchina.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agolibutee: TEE_CopyOperation() check operation mode
Jens Wiklander [Mon, 14 Dec 2020 15:00:48 +0000 (16:00 +0100)]
libutee: TEE_CopyOperation() check operation mode

Adds a check in TEE_CopyOperation() to panic if operation mode doesn't
match in the source and destination operations.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: copy ctx_finalize in syscall_cryp_state_copy()
Jens Wiklander [Mon, 14 Dec 2020 12:15:43 +0000 (13:15 +0100)]
core: copy ctx_finalize in syscall_cryp_state_copy()

Copies the ctx_finalize() when a state is copied using
syscall_cryp_state_copy() in order to support proper cleanup of the
state once it's removed.

Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Suggested-by: Tony He <tony.he@armchina.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agocore: copy mode in cts_copy_state()
Jens Wiklander [Mon, 14 Dec 2020 11:57:36 +0000 (12:57 +0100)]
core: copy mode in cts_copy_state()

Fixes cts_copy_state() by copying the "mode" element also for the state
to be complete.

Fixes: 96098f011f7c ("core: crypto: introduce struct crypto_cipher_ops")
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reported-by: Tony He <tony.he@armchina.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agoplat-rockchip: mark parameters as __maybe_unused in platform_secure_ddr_region
Heiko Stuebner [Mon, 14 Dec 2020 15:41:27 +0000 (16:41 +0100)]
plat-rockchip: mark parameters as __maybe_unused in platform_secure_ddr_region

The weak variant of platform_secure_ddr_region() only emits a message
that the target region won't get protected due to missing platform-code.

Depending on the log-level this can result in the function parameters not
getting used at all, so mark them as __maybe_unused.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
3 months agocore: tzc380: restart search at full size
Rouven Czerwinski [Thu, 10 Dec 2020 11:01:49 +0000 (12:01 +0100)]
core: tzc380: restart search at full size

Restart the search at the biggest region size after finding a region.
This way we can use subregions for the first offset and use full regions
afterwards.

Fixes https://github.com/OP-TEE/optee_os/issues/4252

Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Tested-by: Robin van der Gracht <robin@protonic.nl>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agodrivers: crypto: se050: die_id generation
Jorge Ramirez-Ortiz [Mon, 14 Dec 2020 10:48:45 +0000 (11:48 +0100)]
drivers: crypto: se050: die_id generation

Guarantee the uniqueness of the die_id even when the requested length
is smaller than the se050 unique identifier.

Currently, tee_otp_get_die_id requests 12 bytes while the se050 unique
identifier is 18 bytes which is an issue as the uniqueness of the
device can be lost due to the truncation of the identifier.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
3 months agocore: fix user mode context reference in pager
Etienne Carriere [Sat, 12 Dec 2020 10:00:30 +0000 (11:00 +0100)]
core: fix user mode context reference in pager

Fix tee_pager_gpt_save_and_release_entries() to use to_user_mode_ctx()
to get current context user memory areas instead of to_user_ta_ctx()
since the former supports both SP and TA contexts.

Prior this change was pager asserting with an error trace like below:
E/TC:0 0 assertion 'is_user_ta_ctx(ctx)' failed at core/arch/arm/include/kernel/user_ta.h:56 <to_user_ta_ctx>
E/TC:0 0 Panic at core/kernel/assert.c:28 <_assert_break>

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
3 months agobuild: make 'force' macro more robust
Jerome Forissier [Fri, 11 Dec 2020 14:53:30 +0000 (15:53 +0100)]
build: make 'force' macro more robust

The 'force' macro can cause unexpected errors in some cases where
the name of the configuration variable is preceded by a space:
'$(call force, CFG_FOO,foo)' instead of '$(call force,CFG_FOO,foo)'.
For example:

 $ make PLATFORM=imx-mx8mmevk CFG_STACK_{TMP,THREAD}_EXTRA=8192 \
   CFG_CRYPTO_DRV_ACIPHER=y CFG_NXP_SE05X=y CFG_NXP_CAAM=y
 core/drivers/crypto/se050/crypto.mk:49: *** CFG_CRYPTO_DRV_ACIPHER is set to '' (from undefined) but its value must be 'y' [Mandated by CFG_NXP_SE05X_ACIPHER_DRV].  Stop.

Fixing the callers is certainly a good thing to do (if only for
consistency) but the current behavior is difficult to troubleshoot.
Therefore, make the 'force' macro more robust by stripping any space
around the variable name.

Reported-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
3 months agodrivers: crypto: se050: strip spaces from crypto.mk
Jorge Ramirez-Ortiz [Sun, 13 Dec 2020 09:26:41 +0000 (10:26 +0100)]
drivers: crypto: se050: strip spaces from crypto.mk

Some versions of the force function used in the makefile might produce
incorrect results when spaces are included in the parameter field.

In general is a better practice to strip spaces when invoking this
sort of functions.

To prevent issues (ie: in case of backport) make sure that the SE050
driver is not affected by that variability.

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
4 months agodrivers: imx_i2c: remove non-portable use of define
Jorge Ramirez-Ortiz [Fri, 11 Dec 2020 11:21:15 +0000 (12:21 +0100)]
drivers: imx_i2c: remove non-portable use of define

Fix the build error triggered when enabling
-Werror=expansion-to-defined

Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agoInitial support for Renesas RZ/G2{H,M,N,E} SoC's
Lad Prabhakar [Wed, 2 Dec 2020 11:14:31 +0000 (11:14 +0000)]
Initial support for Renesas RZ/G2{H,M,N,E} SoC's

This patch adds support for Renesas RZ/G2{H,M,N,E} SoC's.

* Compiled with:
    | make PLATFORM=rzg # Defaults to RZ/G2M SoC

Based on the work done from Huynh Thanh Hung for RZ/G2 internally and
similar work done for Renesas RCar-Gen3 SoC's in mainline OP-TEE OS.

Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Reviewed-by: Biju Das <biju.das.jz@bp.renesas.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
4 months agocore: kernel: link.mk: Move rules to generate tee-raw.bin and tee.srec from rcar...
Lad Prabhakar [Thu, 10 Dec 2020 17:21:19 +0000 (17:21 +0000)]
core: kernel: link.mk: Move rules to generate tee-raw.bin and tee.srec from rcar platform

Move the rules to generate tee-raw.bin and tee.srec from rcar platform to
core/arch/arm/kernel/link.mk so that similar platforms can re-use it.

Signed-off-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
4 months agota: pkcs11: rename argument bp to attrs for generic attributes
Etienne Carriere [Thu, 10 Dec 2020 14:19:07 +0000 (15:19 +0100)]
ta: pkcs11: rename argument bp to attrs for generic attributes

Rename input argument bp/bp_count to attrs/attrs_count in several
local functions in pkcs11_attributes.c since the reference cover
any kind of attribute, not only boolean attributes (bp stood for
boolean property).

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: fix initial value for return code
Etienne Carriere [Thu, 10 Dec 2020 14:30:00 +0000 (15:30 +0100)]
ta: pkcs11: fix initial value for return code

Fix initial value for enumerated variable of type enum pkcs11_rc.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: fix ordering in switch case
Etienne Carriere [Thu, 10 Dec 2020 14:29:01 +0000 (15:29 +0100)]
ta: pkcs11: fix ordering in switch case

Fix ordering switch/case block of get_key_min_max_sizes().

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: add missing header files
Etienne Carriere [Thu, 10 Dec 2020 14:22:17 +0000 (15:22 +0100)]
ta: pkcs11: add missing header files

Add missing header files inclusion in few source files.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: remove empty tee_release_ctr_operation()
Etienne Carriere [Thu, 10 Dec 2020 14:23:31 +0000 (15:23 +0100)]
ta: pkcs11: remove empty tee_release_ctr_operation()

Remove function tee_release_ctr_operation() that is empty since
the generic sequence already releases CTR operation extra context.

Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: release active process on session closure
Etienne Carriere [Thu, 10 Dec 2020 14:28:07 +0000 (15:28 +0100)]
ta: pkcs11: release active process on session closure

Release the possible active processing resources when closing a session.

Fixes: 512cbf1d30dd ("ta: pkcs11: adds support for symmetric AES cipher modes")
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: fix return code when parsing attribute templates
Etienne Carriere [Thu, 10 Dec 2020 14:21:08 +0000 (15:21 +0100)]
ta: pkcs11: fix return code when parsing attribute templates

Fix return code that was not set in few error cases in
create_attributes_from_template().

Fixes: 63f89caa9022 ("ta: pkcs11: attribute helper functions")
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: remove unused TEE_TIME_BOOT_TICKS_HZ
Jerome Forissier [Wed, 9 Dec 2020 14:17:13 +0000 (15:17 +0100)]
core: remove unused TEE_TIME_BOOT_TICKS_HZ

The TEE_TIME_BOOT_TICKS_HZ macro is not used, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agolibutee: user_ta_header.h: remove unused struct ta_func_head
Jerome Forissier [Mon, 7 Dec 2020 16:08:10 +0000 (17:08 +0100)]
libutee: user_ta_header.h: remove unused struct ta_func_head

struct ta_func_head is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agolibutee: user_ta_header.h: remove unused property strings
Jerome Forissier [Mon, 7 Dec 2020 16:10:28 +0000 (17:10 +0100)]
libutee: user_ta_header.h: remove unused property strings

user_ta_header.h defines a few macros with property names that are not
used anywhere and are not part of any specification. Remove them.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agolibutee: user_ta_header.h: remove unused enum user_ta_core_service_id
Jerome Forissier [Mon, 7 Dec 2020 16:08:10 +0000 (17:08 +0100)]
libutee: user_ta_header.h: remove unused enum user_ta_core_service_id

enum user_ta_core_service_id is unused, remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agospi: pl022: expose internal fifo flush API
Vahid Dukandar [Thu, 3 Dec 2020 00:58:38 +0000 (16:58 -0800)]
spi: pl022: expose internal fifo flush API

We identified that the caller of the pl022 driver needs to flush the
pl022's internal fifo to make sure next transaction starts clean.

This PR expose existing pl022_flush_fifo API to caller via spi_ops.

The validation is performed on bcm platform.

Signed-off-by: Vahid Dukandar <vahidd@microsoft.com>
Reviewed-by: Victor Chong <victor.chong@linaro.org>
4 months agota: pkcs11: Add support for big key sizes for HMAC hash Mechanisms
Ruchika Gupta [Mon, 30 Nov 2020 07:36:35 +0000 (13:06 +0530)]
ta: pkcs11: Add support for big key sizes for HMAC hash Mechanisms

Currently the support for maximum key size supported in HMAC hash
functions is limited by the underlying Global TEE implementation.
The RFC 2202 and 4231 specify some HMAC test vectors where key size
is greater than the sizes as supported in current TEE implementation.
For such key sizes, greater than the maximum key size supported by TEE,
first hash the key and then use the resultant as the actual key to
HMAC.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: Add minimum key size checking for HMAC Mechanisms
Ruchika Gupta [Fri, 27 Nov 2020 08:13:01 +0000 (13:43 +0530)]
ta: pkcs11: Add minimum key size checking for HMAC Mechanisms

For HMAC mechanisms for hash operations, if the size of the key object
is less than the minimum size supported by the implementation,
error PKCS11_CKR_KEY_SIZE_RANGE should be returned. If this check
is not done before TEE_AllocateOperation(), passing a key size not
supported by TEE results in a PKCS11_CKR_MECHANISM_INVALID error,
which is ambiguous as Mehcanism is supported here and the issue is
with key size.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions
Ruchika Gupta [Fri, 27 Nov 2020 07:53:17 +0000 (13:23 +0530)]
ta: pkcs11: Fix usage of CKK_GENERIC_SECRET for HMAC Functions

The use of CKK_GENERIC_SECRET is allowed with HMAC mechanisms.
In earlier implementation, CKK_GENERIC_SECRET was mapped to
TEE_GENERIC_KEY. TEE_AllocateOperation() would return an error
when TEE key of type TEE_GENERIC_KEY is used with HMAC algorithms.
So, special handling is required for such keys where the PKCS11
mechanism should be used to determine the corresponding TEE
KEY Type for CKK_GENERIC_SECRET when used with HMAC mechanisms.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: Add support for HMAC keys in get_key_min_max_sizes()
Ruchika Gupta [Thu, 26 Nov 2020 07:59:03 +0000 (13:29 +0530)]
ta: pkcs11: Add support for HMAC keys in get_key_min_max_sizes()

The PKCS11_CKK_<h>_HMAC key entries were missing in
get_key_min_max_sizes(). These have been added.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agota: pkcs11: Correct the key size for HMAC mechanisms
Ruchika Gupta [Thu, 19 Nov 2020 06:46:56 +0000 (12:16 +0530)]
ta: pkcs11: Correct the key size for HMAC mechanisms

The minimum and maximum key sizes supported by HMAC mechanism
should be in sync with the Global Platform API's used for
implementing them. The sizes are now in sync with the key
sizes as specified in TEE_AllocateTransientObjects() in [1].

[1] GlobalPlatform Technology TEE Internal Core API Specification
Version 1.1.2.50

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agoRemove unused file lib/libutee/errno.c
Jerome Forissier [Fri, 4 Dec 2020 15:22:36 +0000 (16:22 +0100)]
Remove unused file lib/libutee/errno.c

lib/libutee/errno.c is not built or used in any way so remove it.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agocore: kernel: link.mk: make path to kernel linker script generic
Marouene Boubakri [Fri, 4 Dec 2020 09:59:33 +0000 (10:59 +0100)]
core: kernel: link.mk: make path to kernel linker script generic

The path to kernel script is hard-coded. Despite it is in a arch specific
folder, it should use defined variables.
This is helpful in case of porting OP-TEE OS to a new architecture such we
make maximum reuse of existing sources.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
4 months agoplat-mediatek: add support for MT8183 SoC
Fabien Parent [Fri, 5 Jul 2019 08:56:42 +0000 (10:56 +0200)]
plat-mediatek: add support for MT8183 SoC

Add OP-TEE support for MT8183 SoC.

Signed-off-by: Fabien Parent <fparent@baylibre.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agoplat-mediatek: Add support for GIC
Fabien Parent [Thu, 13 Feb 2020 16:43:20 +0000 (17:43 +0100)]
plat-mediatek: Add support for GIC

Add the support for the GIC for the MediaTek platforms.

Signed-off-by: Fabien Parent <fparent@baylibre.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections
Jerome Forissier [Tue, 1 Dec 2020 17:53:41 +0000 (18:53 +0100)]
core: keep.h: set SHF_ALLOC flag in all __keep_meta_vars_pager sections

The DECLARE_KEEP_PAGER() and DECLARE_KEEP_INIT() macros create symbols
in a special section called __keep_meta_vars_pager. The behavior
differs slightly in C and assembler:

- In C, the section is of type SHT_PROGBITS and has (SHF_ALLOC |
  SHF_WRITE) flags,
- In assembler, the section is also SHT_PROGBITS but has no flags.

Enter the Clang linker, ld.lld. When used with --gc-sections, all
sections without the SHF_ALLOC flag (and a few other conditions) are
marked "live" in a first pass before dependencies on other sections
are considered. A side effect is that the reference to the symbol given
in DECLARE_KEEP_*() is ignored and the macro does not pull the desired
section in the link. That section is garbage collected instead.

Whether or not it is a bug in the linker is slightly above my level of
expertise. However, the DECLARE_KEEP_*() macros declare global symbols
that reference other symbols, so it really is allocatable stuff and
having the SHF_ALLOC flag does make sense. It is also consistent with
the C version. Note that adding the flag does not take more space in the
final executable since core/arch/arm/kernel/kern.ld.S discards the
__keep_meta_vars_pager output section anyways.

Therefore, add "a" to the .section command in DECLARE_KEEP_*().

Fixes a core crash which may be reproduced on QEMUv8 with xtest 1013
when OP-TEE is compiled with Clang 11 and CFG_WITH_PAGER=y.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
4 months agocore: arm: kern.ld.S: fix ROUNDUP() and ROUNDDOWN() for Clang
Jerome Forissier [Fri, 27 Nov 2020 10:01:56 +0000 (11:01 +0100)]
core: arm: kern.ld.S: fix ROUNDUP() and ROUNDDOWN() for Clang

Fixes exceptions on boot when CFG_WITH_ASLR=y CFG_WITH_PAGER=y and the
Clang toolchain is used (tested with QEMUv8 and Clang 11.0.0).

The Clang linker happens to generate non-relocatable references to
symbols defined by expressions in the linker script which involve
some arithmetic operations on another symbol. More specifically, when
rounding up or down addresses to page boundaries using the expressions
defined in <util.h>. This commit introduces different ways of doing
ROUNDUP() and ROUNDDOWN() which work with both Clang and GCC:
- ROUNDUP() is replaced with the linker ALIGN() built-in function,
- ROUNDDOWN() is rewritten as 'symbol - something'.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: arm: kern.ld.S: remove redundant line
Jerome Forissier [Thu, 26 Nov 2020 15:52:14 +0000 (16:52 +0100)]
core: arm: kern.ld.S: remove redundant line

__rodata_init_end is defined twice. Remove one instance.

Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: Add support to import external TA signing public key
Vesa Jääskeläinen [Sun, 22 Nov 2020 13:23:22 +0000 (15:23 +0200)]
core: Add support to import external TA signing public key

Build process requires that private key is present when signing TAs.

In order to support external HSM based re-signing of the TAs, add support
to import different TA signing public key into TEE OS binary by
introducing TA_PUBLIC_KEY.

By default TA_PUBLIC_KEY gets the value of TA_SIGN_KEY.

Re-signing of the TA's works by first signing TA during the build with
private key readily available during the build process (TA_SIGN_KEY).
Private key can in example be bundled key in keys/default_ta.pem.

Build will generate TA binary with signature embedded matching provided
private key.

This TA binary will be sent for HSM re-signing process where digest will
be calculated from the binary to get digest which will be signed with
private key protected by HSM. New signature will replaced the old
signature in the TA binary.

This re-signed TA will need to be deployed into the device for execution.

In order for OP-TEE OS to load the TA it needs to have the matching public
key from the HSM. Public key needs to be available during the build
process (TA_PUBLIC_KEY).

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
4 months agota: pkcs11: Remove unused function entry_verify_oneshot()
Ruchika Gupta [Tue, 10 Nov 2020 04:48:28 +0000 (10:18 +0530)]
ta: pkcs11: Remove unused function entry_verify_oneshot()

entry_verify_oneshot() is currently not used in any of the
flows. Hence remove it.

Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
4 months agota: pkcs11 : add support for HMAC modes for Sign/Verify
Ruchika Gupta [Thu, 29 Oct 2020 07:27:06 +0000 (12:57 +0530)]
ta: pkcs11 : add support for HMAC modes for Sign/Verify

Add support for HMAC modes for hash functions - MD5, SHA1,
SHA256, SHA224, SHA284 and SHA512 in Sign/Verify operations.

PKCS#11 offers 2 HMAC methods for each hash function <h>,
CKM_<h>_HMAC and CKM_<h>_HMAC_GENERAL. Fixed tag length of the
output size of hash function i.e CKM_h_HMAC is currently supported.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
4 months agota: pkcs11: define TA command for signing/verification
Ruchika Gupta [Thu, 29 Oct 2020 07:17:34 +0000 (12:47 +0530)]
ta: pkcs11: define TA command for signing/verification

Adds commands
- PKCS11_CMD_SIGN_INIT
- PKCS11_CMD_VERIFY_INIT
- PKCS11_CMD_SIGN_UPDATE
- PKCS11_CMD_VERIFY_UPDATE
- PKCS11_CMD_SIGN_FINAL
- PKCS11_CMD_VERIFY_FINAL
- PKCS11_CMD_SIGN_ONESHOT
- PKCS11_CMD_VERIFY_ONESHOT
in enum pkcs11_ta_cmd.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
4 months agota: pkcs11: define TA mechanisms for HMAC modes
Ruchika Gupta [Thu, 29 Oct 2020 07:11:39 +0000 (12:41 +0530)]
ta: pkcs11: define TA mechanisms for HMAC modes

Adds the mechanisms
- PKCS11_CKM_MD5_HMAC
- PKCS11_CKM_SHA_1_HMAC
- PKCS11_CKM_SHA256_HMAC
- PKCS11_CKM_SHA224_HMAC
- PKCS11_CKM_SHA384_HMAC
- PKCS11_CKM_SHA512_HMAC
in enum pkcs11_mechanism_id.

Co-developed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Ricardo Salveti <ricardo@foundries.io>
4 months agocore: stmm: remove useless return values to local svc handlers
Etienne Carriere [Thu, 12 Nov 2020 21:49:06 +0000 (22:49 +0100)]
core: stmm: remove useless return values to local svc handlers

Remove the boolean return value from local functions
stmm_handle_mem_mgr_service(), stmm_handle_storage_service(),
spm_eret_error() and spm_handle_direct_req() that all end
returning to secure partition (StMM) execution. Rename
return_helper() to return_from_sp_helper() and remove its
return value as it only prepare returning to SP caller.
No functional change.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: stmm: set panic flag when secure partition panics
Etienne Carriere [Tue, 17 Nov 2020 10:01:50 +0000 (11:01 +0100)]
core: stmm: set panic flag when secure partition panics

Set the panic flag, that is in struct ta_ctx of the ts_ctx
(trusted service context) instance, when the secure partition
panics. This allows generic sequence to possibly release resources
related to the secure partition instance.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: stmm: support 32bit execution
Etienne Carriere [Wed, 11 Nov 2020 16:52:31 +0000 (17:52 +0100)]
core: stmm: support 32bit execution

Add support for 32bit EL0 secure partition StMM when Core is 32bit.

Defines 32bit FFA identifiers FFA_SVC_*_32 and FFA_MSG_*_32.
Defines SVC_REGS_Ax() macros to wrap 32b/64b thread_svc_regs structure
fields in StMM secure partition driver.
Defines __FFA_* local macros to wrap 32b/64b service IDs.

Save usr_sp banked register in return_helper() has it shall be preserved
when we will enter again the secure partition.

Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
4 months agocore: stmm: fix storage syscalls return value
Etienne Carriere [Wed, 11 Nov 2020 16:52:31 +0000 (17:52 +0100)]
core: stmm: fix storage syscalls return value

Fix the return value for the RPMB storage service where syscalls
returned a TEE_Result value instead of a STMM_RET_* value.

Fixes: 42471ecf25b7 ("core: load stmm via secure partition")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>