| Age | Commit message (Collapse) | Author |
|---|
|
The upstream arm-trusted-firmware reserves 0x10100000-0x10300000 for
secure DRAM. Change the address according to the upstream A-T-F.
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
|
Adds a separate build with only CFG_TEE_CORE_LOG_LEVEL=0 set.
Needed to catch the error fixed in
https://github.com/OP-TEE/optee_os/pull/2454
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When CFG_TEE_CORE_LOG_LEVEL=0 to make, met build failure:
"
core/arch/arm/kernel/abort.c: In function '__print_stack_unwind_arm32':
core/arch/arm/kernel/abort.c:113:2: error: too many arguments to function 'print_stack_arm32'
print_stack_arm32(TRACE_ERROR, &state, exidx, exidx_sz, kernel_stack,
^~~~~~~~~~~~~~~~~
"
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
NOWERROR=1 has been made obsolete by commit beb065df6ee5 ("Do not set
-Werror by default"). Remove it.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
syscall_t is currently typedef'ed as TEE_Result (*)(void). It is used to
represent a pointer to any system call, in the syscall table for instance.
As such, the exact type behind syscall_t cannot reflect all the syscalls
since they have different prototypes. The current declaration with a
TEE_Result return type was probably chosen because it was a common
characteristic of all syscalls to return a TEE_Result.
However, this type causes compilation warnings with GCC 8.1:
core/arch/arm/tee/arch_svc.c:43:36: warning: cast between incompatible function types from ‘void (*)(long unsigned int)’ to ‘TEE_Result (*)(void)’ {aka ‘unsigned int (*)(void)’} [-Wcast-function-type]
#define SYSCALL_ENTRY(_fn) { .fn = (syscall_t)_fn }
^
core/arch/arm/tee/arch_svc.c:50:2: note: in expansion of macro ‘SYSCALL_ENTRY’
SYSCALL_ENTRY(syscall_sys_return),
^~~~~~~~~~~~~
The solution is to use 'void (*)(void)' instead, as explained in the GCC
documentation:
-Wcast-function-type
Warn when a function pointer is cast to an incompatible function
pointer. [...] The function type void (*) (void) is special and matches
everything, which can be used to suppress this warning. [...]
Link: [1] https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Uses inttypes.h over stdint.h on some .h files to be nice to U-boot.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The mutex in hw_get_random_byte() protects a very short section of code.
A spinlock is more lightweight and therefore better suited to the task.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
With this change it is possible to move tmp and abt stacks to kernel
memory area, while leaving thread stacks in tee memory.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
ASIDs will be allocated for individual virtrual guests, so
allocator should reside in more generic place.
Also, comment for MMU_NUM_ASIDS was updated.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
bufdump() function does not need poolset to work
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
If pa % PGDIR_SIZE == va % PGDIR_SIZE, then we can effectively map
large smallpage-aligned regions. Most of the region can be mapped
with super blocks and only ends will be mapped using small pages.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This enables more optimal memory usage, as there will be no unused
holes in memory mappings.
Signed-off-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Introduce CFG_SM_NO_CYCLE_COUNTING to intitialize PMCR.DP to 1 and
save/restore PMCR on world switch. Similar to what is done in ARM TF
commit 3e61b2b54336 ("Init and save / restore of PMCR_EL0 / PMCR") [1].
The purpose of this is to (hopefully) make attacks such as CLKSCREW [2]
harder to mount, although it is likely that timing information could be
obtained via other means.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Link: [1] https://github.com/ARM-software/arm-trusted-firmware/commit/3e61b2b54336
Link: [2] https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
struct sm_mode_regs will soon be used to store one non-banked register
other then the mode registers (PMCR). Rename it to sm_unbanked_regs.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
use WDT_WCR defined in watchdog specific imx_wdog.h
instead of WCR_OFF defined in the platform imx-regs.h
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Tested-by: Victor Chong <victor.chong@linaro.org> (hikey aosp)
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> (poplar)
Tested-by: Igor Opaniuk <igor.opaniuk@linaro.org> (rpi3)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (RCAR M3)
Tested-by: Joseph Chen <chenjh@rock-chips.com> (RK322X)
Tested-by: Kevin Peng <kevinp@marvell.com> (Armada 7K, 8K, 3700)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (NXP - LS1046A-RDB)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1, GP)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (b2120/b2260, GP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960, GP)
Tested-by: Andrew F. Davis <afd@ti.com> (TI platforms)
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Makes stack trace robust by checking addresses before copying data.
Kernel stack traces are a bit more relaxed as we have crashed already.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960 AArch32, Aarch64)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno, QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Prior to this patch assign_mobj_to_param_mem() stored the offset
supplied with a non-contiguous buffer in mem->offs. Since that offset
already is stored inside the resulting MOBJ that offset is added twice.
This patch fixes this by initializing mem->offs to 0 instead.
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Once non-secure DDR is discovered either via FDT or via register_ddr()
maximum output address is updated.
Note that is only has an effect in AArch64.
Fixes: https://github.com/OP-TEE/optee_os/issues/2402
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Suggested-by: Jean-Paul Etienne <jean-paul.etienne@arm.com>
Reported-by: Rouven Czerwinski <rouven@czerwinskis.de>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno, FVP)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Use MIN_UNSAFE/MAX_UNSAFE macros as MAX/MIN macros fail to build
from in current platform_config.h imaplement with the error trace
below:
In file included from core/arch/arm/include/arm.h:8:0,
from core/arch/arm/include/kernel/thread.h:11,
from core/arch/arm/kernel/asm-defines.c:7:
lib/libutils/ext/include/util.h:24:16: error: missing binary operator before token "("
(__extension__({ __typeof__(a) _a = (a); \
^
core/arch/arm/plat-stm/./platform_config.h:190:25: note: in expansion of macro ‘MAX’
#define STM_SECDDR_END MAX(TZSRAM_BASE + TZSRAM_SIZE, \
^~~
core/arch/arm/plat-stm/./platform_config.h:204:6: note: in expansion of macro ‘STM_SECDDR_END’
#if (STM_SECDDR_END < 0x80000000ULL)
^~~~~~~~~~~~~~
make: *** [out/core/include/generated/.asm-defines.s] Error 1
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This change allows one to use MAX_UNSAFE() and MIN_UNSAFE() macros
in particular conditions where MAX()/MIN() macros fail to build
from C source file implementation with error traces as below:
In file included from core/arch/arm/include/arm.h:8:0,
from core/arch/arm/include/kernel/thread.h:11,
from core/arch/arm/kernel/asm-defines.c:7:
lib/libutils/ext/include/util.h:24:16: error: missing binary operator before token "("
(__extension__({ __typeof__(a) _a = (a); \
^
core/arch/arm/plat-stm/./platform_config.h:190:25: note: in expansion of macro ‘MAX’
#define STM_SECDDR_END MAX(TZSRAM_BASE + TZSRAM_SIZE, \
^~~
core/arch/arm/plat-stm/./platform_config.h:204:6: note: in expansion of macro ‘STM_SECDDR_END’
#if (STM_SECDDR_END < 0x80000000ULL)
^~~~~~~~~~~~~~
make: *** [out/core/include/generated/.asm-defines.s] Error 1
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When a TA dump is processed, there is a list of ELF files just before the
call stack. However, when analyzing a TEE core dump, there is no such
list. Make sure this situation is properly handled to avoid displaying a
spurious message. This means fixing incorrect indentation in a
conditional.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Silvano di Ninno <silvano.dininno@nxp.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Having -Werror turned on by default can be annoying, because not everyone
uses the same compiler, and different compiler versions have different
warnings.
Therefore, provide CFG_WERROR to turn it on instead. Enable CFG_WERROR in
the CI scripts because we still don't want warnings with the officially
supported compilers.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Fixes: https://github.com/OP-TEE/optee_os/issues/2418
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
In case if timestamp buffer is allocated in userspace and new register
user memory API is used for its registering in OP-TEE (introduced in
optee_client commit 27888d73d156 ("tee_client_api: register user memory")),
there is no possibility to keep this mapping permanent among different
TEEC_InvokeCommand invocations, as all SHM are automatically unmapped from
OP-TEE VA space after TEEC_InvokeCommand is handled by OP-TEE.
Timestamp buffer is now allocated with thread_rpc_alloc_global_payload().
Fixes: https://github.com/OP-TEE/optee_os/issues/1979
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
|
|
With the introduction of dynamically linked TAs, symbolize.py may
encounter undefined (external) symbols when it parses the output of the nm
command looking for a symbol's address. The current code is not prepared
for that and will raise an exception. Fix the issue by ignoring lines that
have an unexpected format.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add support of allocating SHM shared with non-secure kernel
and exported to a non-secure userspace application.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
|
|
objectSize/keySize was not getting updated when an ECDSA/ECDH
object was imported.
Updating the ObjectSize/keySize based on the EC Curve.
Fixes: https://github.com/OP-TEE/optee_os/issues/2386
Signed-off-by: Sahil Malhotra <sahil.malhotra@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
OP-TEE core images are reformatted into a STM32 compliant format
expected by the platform flashing tools.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Used by platform stm32mp1.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Introduce platform stm32mp1 with board stm32mp1-stm32mp157c-ev1 based
on stm32mp1 SoC family integrating Arm Cortex-A7 technology. In its
default configuration, stm32mp1 OP-TEE core operates in a 256kB secure
RAM with pager support enabled.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Removes get_rng_array() in favor of crypto_rng_read() which always uses
the configured RNG implementation to draw random.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
MPA is used in two configurations, either in kernel mode or in user mode.
In kernel mode random is always drawn with crypto_rng_read() and in
user mode utee_cryp_random_number_generate() is used instead.
This patch makes the code easier to follow by replacing the call via a
function pointer to a normal function call instead.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds a new cryptographically secure pseudo random number generator known
as Fortuna. The implementation is based on the description in [0]. This
implementation replaces the implementation in LTC which was used until
now.
Gathering of entropy has been refined with crypto_rng_add_event() to
better match how entropy is added to Fortuna. A enum crypto_rng_src
identifies the source of the event. The source also controls how the
event is added. There are two options available, queue it in a circular
buffer for later processing or adding it directly to a pool. The former
option is suitable when being called from an interrupt handler or some
other place where RPC to normal world is forbidden.
plat_prng_add_jitter_entropy_norpc() is removed and
plat_prng_add_jitter_entropy() is updated to use this new entropy source
scheme.
The configuration of LTC is simplified by this, now PRNG is always drawn
via prng_mpa_desc.
plat_rng_init() takes care of initializing the PRNG in order to allow
platforms to override or enhance the Fortuna integration.
[0] Link:https://www.schneier.com/academic/paperfiles/fortuna.pdf
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Splits tee_pager_init() into tee_pager_set_alias_area() and
tee_pager_generate_authenc_key(). The former function is called where
tee_pager_init() used to be called and the latter function is called
after the crypto API and RNG has been initialized.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Since the two addresses are already of type struct core_mmu_phys_mem, do
not divide by sizeof(struct core_mmu_phys_mem). This broke dynamic shared
memory on Juno r0, since nelem would be zero for two slots.
Tested on Juno r0.
Fixes: 2f82082fada3 ("core: add ddr overall register")
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>
|
|
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
|
This commit adds maintainer for this board.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
|
Initial version support for Allwinner H2+ platform. Specific to Banana Pi
M2 zero board currently.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
|
checkpatch will check if udelay value is too large. Use udelay() to
implement mdelay() when we want to delay more than 10000 us.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org>
|
|
Add DT support for serial8250 uart driver. The matchtable currently
supports allwinner H2+ SoC.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
|
|
Add platform 'k3' for the TI K3 family. These are ARMv8 devices
and are quite different from our line of existing ARMv7 OMAP style
SoCs, hence the new platform.
Signed-off-by: Andrew F. Davis <afd@ti.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update the Aarch64 Crypto Extension accelerated CBC encryption/decryption
routines to the latest upstream implementation in the Linux kernel
(v4.17-rc7).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
CC: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Fixes: https://github.com/OP-TEE/optee_os/issues/2355
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Now that the Travis container-based environment is running Ubuntu Trusty
(14.04), some downloads and build steps are not needed anymore. Use the
tools that come with the distribution instead.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
