| Age | Commit message (Collapse) | Author |
|---|
|
OP-TEE is a reference implementation for developers and device
manufacturers, which implies that there always is a need to fill in
missing pieces that cannot be done generically. The chipmakers often
have additional security configurations those needs to be configured
according to the chipmakers security guidelines and security
specifications.
To reduce the likelihood of running a vanilla configured OP-TEE we
introduce the flag CFG_WARN_INSECURE that will give warning messages in
the boot saying that the OP-TEE runs a configuration that might be
insecure. The intention is that the device manufacturer making the end
products should change the flag to "n" after implementing stubbed
functionality in OP-TEE and configuring their device according to the
chipmakers security guidelines and security specifications.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Acked-by: Sumit Garg <sumit.garg@linaro.org>
Acked-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Acked-by: Clement Faure <clement.faure@nxp.com>
Acked-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
fixed-clock are a really common clock types used in device tree and
when there is a clock hierarchy, they are needed to query the clock
rate. This driver is build by default when CFG_DRIVERS_CLK_DT is
enabled.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
|
|
When using a devicetree, it is often useful to have clocks parsing.
This support adds clocks properties parsing and allow having clock
providers and users. Clocks drivers can also be declared with
CLK_DT_DECLARE. They will be probed automatically by the clock core.
On the user side, function clk_dt_get_by_name and clk_dt_get_by_idx
allows to retrieve a clock from the device tree description and match
it with the provider clocks. The core ensure the clocks are probed
hierarchically.
This support is enabled using CFG_DRIVERS_CLK_DT.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
|
|
In order to ease clock support in OP-TEE, add a generic clock framework
which allows to add clocks driver and handle clock hierarchy.
This clock framework provides various functions to enable/disable clock
and to get their rate. Some basic behavior are supported such as gating
when parent or rate is set. This option is enabled using
CFG_DRIVERS_CLK which is disabled by default.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
|
|
Update CHANGELOG for 3.15.0 and collect Tested-by tags.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qpsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6qsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6sxsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (imx-mx8qxpmek)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-157C_DK2 gp pkcs11)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-157C_EV1 gp pkcs11 StMM)
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> (Poplar)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jerome Forissier <jerome@forissier.org> (hikey-hikey)
Tested-by: Jerome Forissier <jerome@forissier.org> (hikey-hikey960)
Tested-by: Jerome Forissier <jerome@forissier.org> (vexpress-qemu_armv8a)
Tested-by: Jerome Forissier <jerome@forissier.org> (vexpress-qemu_virt)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-mx6qsabrelite barebox kernel 5.14.9)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-mx6ulccimx6ulsbcpro barebox kernel 5.14.9)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1012A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1028A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1043A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1046A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS1088A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LS2088A-RDB)
Tested-by: Sahil Malhotra <sahil.malhotra@nxp.com> (LX2160A-RDB)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (Developerbox)
Tested-by: Victor Chong <victor.chong@linaro.org> (QEMUv8 AOSP)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (rcar-salvator_m3_2x4g / virt)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (rcar-salvator_m3_2x4g)
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> (bpi0)
Tested-by: Ying-Chun Liu (PaulLiu) <paul.liu@linaro.org> (mx8mm_cl_iot_gate)
|
|
Move configuration switches CFG_DEBUG_INFO and CFG_CC_OPT_LEVEL
default values from arm.mk to config.mk and add a short description.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
CFG_PREALLOC_RPC_CACHE=y enables preallocation of an RPC shared memory
reference per secure thread. It is default enabled for backward
configuration compatibility.
Disabling CFG_PREALLOC_RPC_CACHE can be useful when CFG_WITH_PAGER=y
and the pager page pool is somewhat small as RPC cache shm consumes
several kByte of unpaged memory.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Ensure CFG_SYSTEM_PTA is disabled when CFG_WITH_USER_TA is disabled since
system PTA is designed to provide user TA extended system features.
Without this change, building with CFG_SYSTEM_PTA=y and CFG_WITH_USER_TA=n
may fails for error trace like:
core/pta/system.c:227: undefined reference to `ldelf_dlopen'
core/pta/system.c:260: undefined reference to `ldelf_dlsym'
Also fix reference to the GPD TEE Internal Core API in CFG_SYSTEM_PTA
description.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When using a memory persistent across reboots for external dtb overlay
(DRAM for instance) OP-TEE will reuse the existing dtb overlay if
CFG_EXTERNAL_DTB_OVERLAY is used. This will result in a big overlay
with duplicated nodes. In order to allow having a fresh DTB overlay
at boot, add CFG_GENERATE_DTB_OVERLAY to generate the DTB overlay at
OP-TEE boot time.
Both CFG_GENERATE_DTB_OVERLAY and CFG_EXTERNAL_DTB_OVERLAY will now
consider using the dtb address provided in r2 as well as CFG_DT_ADDR
to create the overlay if not existing.
Signed-off-by: Clément Léger <clement.leger@bootlin.com>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Change test for when both CFG_TA_GPROF_SUPPORT and CFG_ULIBS_SHARED
are enabled to be more strict on switches expected value. This change
better handles cases where, for examples, CFG_GENERATE_DTB_OVERLAY
is not defined and is malformed CFG_EXTERNAL_DTB_OVERLAY=yy. In such
case we expect both switch to be disabled and build should not fail
with error message:
"CFG_EXTERNAL_DTB_OVERLAY and CFG_GENERATE_DTB_OVERLAY are exclusive"
Reported-by: Clement Leger <clement.leger@bootlin.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
When OP-TEE is built outside of a Git repository, the implementation
version is shown as "Unknown" at boot time. For example:
I/TC: OP-TEE version: Unknown (gcc version 10.2.1 ...
Improve this a bit by appending the major/minor revision of OP-TEE,
which is hardcoded in mk/config.mk and thus always available.
The above example becomes:
I/TC: OP-TEE version: Unknown_3.14 (gcc version 10.2.1 ...
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Move PKCS#11 TA default configuration settings from mk/config.mk
to ta/pkcs11/sub.mk.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
|
Set CFG_EMBEDDED_TS when CFG_EARLY_TA or CFG_SECURE_PARTITION
is set even when no early_ta's or SPs are added to the system.
Fixes the following error:
$ make -s CFG_EARLY_TA=y
arm-linux-gnueabihf-ld.bfd: out/arm-plat-vexpress/core/kernel/early_ta.o: in function `early_ta_open':
/home/.../optee_os/core/kernel/early_ta.c:32: undefined reference to `emb_ts_open'
arm-linux-gnueabihf-ld.bfd: out/arm-plat-vexpress/core/kernel/early_ta.o:(.scattered_array_ta_stores_1_2+0x8): undefined reference to `emb_ts_get_size'
arm-linux-gnueabihf-ld.bfd: out/arm-plat-vexpress/core/kernel/early_ta.o:(.scattered_array_ta_stores_1_2+0xc): undefined reference to `emb_ts_get_tag'
arm-linux-gnueabihf-ld.bfd: out/arm-plat-vexpress/core/kernel/early_ta.o:(.scattered_array_ta_stores_1_2+0x10): undefined reference to `emb_ts_read'
arm-linux-gnueabihf-ld.bfd: out/arm-plat-vexpress/core/kernel/early_ta.o:(.scattered_array_ta_stores_1_2+0x14): undefined reference to `emb_ts_close'
make: *** [core/arch/arm/kernel/link.mk:45: out/arm-plat-vexpress/core/all_objs.o] Error 1
Github issue:
https://github.com/OP-TEE/optee_os/issues/4729#issuecomment-893308216
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
Signed-off-by: Jerome Forissier <jerome@forissier.org>
|
|
New boolean configuration switch CFG_REE_FS_ALLOW_RESET that, when
enabled, will make OP-TEE OS to allow REE FS content to be reset in
the Linux filesystem even when RPMB FS is enabled and already stores a
REE FS rollback protection hash. This switch is intended to test purpose
where REE FS can be wiped because the device flash memory was programmed
with brand new build artifacts.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Platforms that include hardware-based RNGs and implement
hw_get_random_byte() may benefit from already implemented bus framework
and rng driver [1].
For this reason the interface of rng.pta implemented for Developerbox
platform is re-used. Interface is generic and corresponds to in-kernel
optee-rng driver.
Pseudo TA interface is specifically used so that credible entropy is
available to REE early at boot, even before user-space is fully up.
[1] https://lwn.net/Articles/777260/
Signed-off-by: Sergiy Kibrik <Sergiy_Kibrik@epam.com>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add a short description for some CFG_RPMB_* configuration switches
not described anywhere.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update CHANGELOG for 3.13.0 and collect Tested-by tags.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6qpsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qxpmek)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1-ev1/dk2 gp pkcs11)
Tested-by: Igor Opaniuk <igor.opaniuk@foundries.io> (Poplar)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (imx-mx8mqevk)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey GP PKCS#11)
Tested-by: Jerome Forissier <jerome@forissier.org> (HiKey960 GP PKCS#11)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU GP PKCS#11)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8 GP PKCS#11)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (ccimx6ulsbcpro barebox upstream kernel)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx6qsabrelite barebox upstream kernel)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (RCAR M3)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (RCAR M3/virtualization)
|
|
Adds a PTA interface to REE SCMI agents to get SCMI message communication
channel for processing in OP-TEE SCMI server.
Currently implement supports for a SCMI server built with
CFG_SCMI_MSG_SMT=y. The implementation is made so that an alternate
SCMI server implementation can added.
Client gets SCMI channel capabilities with PTA_SCMI_CMD_CAPABILITIES.
Client gets a handle for an SCMI channel with command
PTA_SCMI_CMD_GET_CHANNEL_HANDLE.
Client pushes SCMI messages with command PTA_SCMI_CMD_PROCESS_SMT_CHANNEL
or PTA_SCMI_CMD_PROCESS_SMT_CHANNEL_MESSAGE.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Define CFG_EARLY_TA_COMPRESS configuration switch to
allow platform to disable early TAs compression at build time.
Disabling the compression drastically reduces the amount of the
core heap required in the embedded part.
Enable the configuration by default for backward compatibility.
Suggested-by: Arnaud Pouliquen <arnaud.pouliquen@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
Drops the -Waggregate-return warning since returning an aggregate type
from a function can be quite useful.
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Introduces CFG_CORE_PAGE_TAG_AND_IV which defaults to enabled if TA
paging is enabled. Can be used to disable tag and IV paging for paged
read-write pages.
Acked-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Define CFG_SCMI_MSG_VOLTAGE_DOMAIN in mk/config.mk next to the other
CFG_SCMI_MSG_* configuration switches.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
By default C_DigestKey() functions as specified in specifciation.
To disable the functionality:
CFG_PKCS11_TA_ALLOW_DIGEST_KEY = n
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
|
The header file <generated/asm-defines.h> is created at build time. It
contains macro definitions for various offsets in C structures and is
especially useful for use from assembler code. It is generated from
asm-defines.c, which includes a number of header files, of which two
are also generated at build time: <generated/arm32_sysreg.h> and
<generated/arm32_gicv3_sysreg.h>.
These dependencies are expressed nowhere in the makefiles and therefore
build errors can result. For example:
$ make out/arm-plat-vexpress/core/include/generated/.asm-defines.s
CHK out/arm-plat-vexpress/conf.mk
UPD out/arm-plat-vexpress/conf.mk
CHK out/arm-plat-vexpress/include/generated/conf.h
UPD out/arm-plat-vexpress/include/generated/conf.h
CC out/arm-plat-vexpress/core/include/generated/.asm-defines.s
In file included from core/arch/arm/include/arm.h:99,
from core/arch/arm/include/kernel/thread.h:12,
from core/arch/arm/kernel/asm-defines.c:8:
core/arch/arm/include/arm32.h:167:10: fatal error: generated/arm32_sysreg.h: No such file or directory
167 | #include <generated/arm32_sysreg.h>
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
compilation terminated.
The error in [1] is believed to have the same root cause: during
parallel build the generated header file might have been created by one
job but not yet written to when another job would open it. The compiler
would see an empty file, thus the missing declarations.
Add the missing dependencies via a new variable at the location where
asm-defines.c is added to the build.
Note that the other core .c files depending on these generated sysreg
headers are not affected because their .o files explicitly depend on
FORCE-GENSRCcore (which generates the headers).
Link: [1] https://ci.linaro.org/job/ledge-oe-premerge-ci/182/DISTRO=rpb,MACHINE=ledge-ti-am572x,label=docker-buster-amd64/console
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update CHANGELOG for 3.12.0 and collect Tested-by tags.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6dlsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6qpsabreauto)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6sllevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ullevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx6ulzevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7dsabresd)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx7ulpevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mmevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mnevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8mqevk)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qmmek)
Tested-by: Clement Faure <clement.faure@nxp.com> (mx8qxpmek)
Tested-by: Etienne Carriere <etienne.carriere@linaro.org> (stm32mp1)
Tested-by: Igor Opaniuk <igor.opaniuk@gmail.com> (Poplar)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (FVP)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (Juno)
Tested-by: Jerome Forissier <jerome@forissier.org> ((HiKey GP) # issue 4324)
Tested-by: Jerome Forissier <jerome@forissier.org> ((HiKey960 GP) # issue 4324)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU)
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMUv8)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B)
Tested-by: Joakim Bech <joakim.bech@linaro.org> (RPi3B-NFS)
Tested-by: Ricardo Salveti <ricardo@foundries.io> (ZynqMP)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-ccimx6ulsbcpro)
Tested-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> (imx-mx6qsabrelite)
Tested-by: Sumit Garg <sumit.garg@linaro.org> (Developerbox)
Tested-by: Victor Chong <victor.chong@linaro.org> (HiKey960 AOSP P)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (Rcar H3)
Tested-by: Volodymyr Babchuk <volodymyr_babchuk@epam.com> (Rcar H3/virtualization)
|
|
In C_InitToken() if PIN is NULL_PTR then it will activate TEE Identity
based authentication support for token.
Once activated:
- When ever PIN is required client's TEE Identity will be used for
authentication
- PIN failure counters are disabled
- If new PIN is given as input it is in form of PIN ACL string
- It can be disabled with C_InitToken with non-zero PIN
Internally protected authentication path will be used for mode
determination.
Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
|
Introduces CFG_TA_BGET_TEST which compiles the integrated bget test
suite together with the rest of bget. When enabled, the test entry point
is bget_main_test() in libutils.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Introduces CFG_ENABLE_EMBEDDED_TESTS disabled by default. This flag
is used to control the default value of all other embedded tests.
This changes the default value of CFG_TEE_CORE_EMBED_INTERNAL_TESTS to
'n' since CFG_ENABLE_EMBEDDED_TESTS defaults to 'n'.
A Shippable target is updated with CFG_ENABLE_EMBEDDED_TESTS=y to have
these tests compiled in some configuration.
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When building with bitbake with gitpkgv class git revision details have
'+' as delimeter.
Version details appears in path and this causes following warnings during
the OP-TEE OS build:
In file included from core/arch/arm/kernel/entry_a64.S:11:
/build/.../optee-os/devel+gitrAUTOINC+e97c83bd6f-r0/build.zcu102/core/include/generated/asm-defines.h:1:123: warning: extra tokens at end of #ifndef directive
1 | #ifndef _build_..._optee_os_devel+gitrAUTOINC+e97c83bd6f_r0_build_zcu102_core_include_generated_asm_defines_h
| ^
/build/.../optee-os/devel+gitrAUTOINC+e97c83bd6f-r0/build.zcu102/core/include/generated/asm-defines.h:2:9: warning: missing whitespace after the macro name
2 | #define _build_..._optee_os_devel+gitrAUTOINC+e97c83bd6f_r0_build_zcu102_core_include_generated_asm_defines_h
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
|
The 'force' macro can cause unexpected errors in some cases where
the name of the configuration variable is preceded by a space:
'$(call force, CFG_FOO,foo)' instead of '$(call force,CFG_FOO,foo)'.
For example:
$ make PLATFORM=imx-mx8mmevk CFG_STACK_{TMP,THREAD}_EXTRA=8192 \
CFG_CRYPTO_DRV_ACIPHER=y CFG_NXP_SE05X=y CFG_NXP_CAAM=y
core/drivers/crypto/se050/crypto.mk:49: *** CFG_CRYPTO_DRV_ACIPHER is set to '' (from undefined) but its value must be 'y' [Mandated by CFG_NXP_SE05X_ACIPHER_DRV]. Stop.
Fixing the callers is certainly a good thing to do (if only for
consistency) but the current behavior is difficult to troubleshoot.
Therefore, make the 'force' macro more robust by stripping any space
around the variable name.
Reported-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Build process requires that private key is present when signing TAs.
In order to support external HSM based re-signing of the TAs, add support
to import different TA signing public key into TEE OS binary by
introducing TA_PUBLIC_KEY.
By default TA_PUBLIC_KEY gets the value of TA_SIGN_KEY.
Re-signing of the TA's works by first signing TA during the build with
private key readily available during the build process (TA_SIGN_KEY).
Private key can in example be bundled key in keys/default_ta.pem.
Build will generate TA binary with signature embedded matching provided
private key.
This TA binary will be sent for HSM re-signing process where digest will
be calculated from the binary to get digest which will be signed with
private key protected by HSM. New signature will replaced the old
signature in the TA binary.
This re-signed TA will need to be deployed into the device for execution.
In order for OP-TEE OS to load the TA it needs to have the matching public
key from the HSM. Public key needs to be available during the build
process (TA_PUBLIC_KEY).
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
|
|
Commit 5510db0b9458 ("build: ld-option: handle any linker warning as an
error") fixed an issue when used with the GNU linker, but while doing
so it broke the Clang use case. The problem is, the exit status tested
by `|| echo "Not supported"' is the one from grep, not the one from the
link command.
The fix provided here is tested with GCC (ld) and Clang (ld.lld).
Fixes: 5510db0b9458 ("build: ld-option: handle any linker warning as an error")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Core work to support building the platform independent se050 crypto
driver.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
SPs need to be started as part of the initialisation process of the
OP-TEE kernel. The secure partition store uses the embedded_ts store to
load SPs
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
The current secure partition code is used for the stmm SP. Rename it so
we can start integrating the FF-A secure partitions.
Backwards compatibility is maintained when CFG_STMM_PATH is used to
enable support for STMM. The internal configuration flag
CFG_WITH_SECURE_PARTITION is renamed to CFG_WITH_STMM_SP.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
|
|
The purpose of the ld-option macro is to detect if the linker supports
a given command line option or not. It does so by invoking the linker
with the option and checking the exit status of the process. Some
options however may not cause an error but only generate a warning
message, and the linker exits with a success status. For example,
'-z unrecognized-option' does cause an error with Clang but triggers a
warning with GCC. As a result, $(call ld-option,-z unrecognized-option)
has a different behavior depending on the compiler.
Address this issue by loooking for the word 'warning' in the linker
output in addition to checking the exit status.
Fixes the following warning when building xtest shared libraries with
GCC:
path/to/bin/arm-linux-gnueabihf-ld.bfd: warning: -z separate-loadable-segments ignored
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Jerome Forissier <jerome@forissier.org>
|
|
Adds CFG_CORE_MAX_SYSCALL_RECURSION to define the limit for the number
of levels TAs may call each other. If this number is too high we may run
over the thread stack in OP-TEE Core.
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Update from GP 1.0 the parity bits are now included in the DES and DES3
key sizes. This is an incompatible change where 56, 112 and 168 key sizes
are replaced with 64, 128 and 192 respectively.
This changes the ABI in a way that it's not enough even to recompile the
TA. In order to maintain backwards compatibility the configuration flag
CFG_COMPAT_GP10_DES is introduced (default y). The presence of the
parity bits is autodetected and this update is transparent to a TA which
hasn't been updated.
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Enabling certain configuration options might increase the TMP and
THREAD stack requirements.
This commit defines CFG_ options so that the sizes of those two stacks
can be fine tuned at build time.
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jerome Forissier <jerome@forissier.org>
|
|
Checks that all the function parameters which are annotated in the
specification [1] are compliant with regards to memory access and memory
location. In case the check fails the TA panics to help debugging. The
more precise and expensive checks can be disabled with
CFG_TA_STRICT_ANNOTATION_CHECKS=n.
TEE_Realloc(), TEE_MemMove(), TEE_MemCompare(), TEE_MemFill() are
skipped for performance reasons. The TA will instead die with a fatal
exception if buffers supplied to these functions do not follow the
annotation rules.
[1]: GlobalPlatform TEE Internal Core API Specification v1.1
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Secure variable storage for EFI variables is critical for enabling and
protecting UEFI Secure Boot. Unfortunately due to the fact that SPD and
SPM are mutually exclusive, we can't run StMM from EDK2 and OP-TEE.
An advantage of doing so is that different firmware implementations
can leverage EDK2's StandAloneMM and in cooperation with OP-TEE RPMB
APIs can store UEFI variables in a secure storage.
This makes the variable storage quite generic in any device with an RPMB
partition.
Using a well debugged application is preferable over rewriting the whole
application as a TA. Another advantage is that this inherits the Fault
Tolerant Writes (FTW) functionality built-in on StMM to protect
variables against corruptions during writing. Considering the FFA
changes of the future Arm architectures using an SP that includes
everything seems like a better choice at the moment.
The 'SPM emulation' currently added into OP-TEE only supports
a single SP to be launched. This means that the StMM embedded
application has the RPMB driver built in at the moment. In the future we
can add code (evolving FFA) to launch multiple SPs. So the StMM variable
handling can be decoupled from the RPMB driver, which will reside in a
different SP.
So let's add a user mode secure partition context and support loading
"Standalone MM" of EDK2 into it. A separate syscall handling is added to
serve as different kind of ABI and syscall IDs. The secure partition has
a TA like interface towards normal world, but requests are routed into
the StMM partition instead.
CFG_STMM_PATH is assigned the path of BL32_AP_MM.fd, for instance:
CFG_STMM_PATH=...Build/QemuVirtMmStandalone/DEBUG_GCC5/FV/BL32_AP_MM.fd
Since this is quite tricky to compile and test you can use this [1].
Just clone the repo and run ./build.sh. The script will pick up edk2,
edk2-platforms, op-tee, atf and U-boot and compile all the necessary
binaries for QEMU. A patch (awful hack) has been added to U-boot to
allow RPMB emulation through it's supplicant, since QEMU RPMB emulation
is not yet available.
After compiling and launching QEMU the usual U-boot commands for EFI
variable management will store the variables on an RPMB device.
[1] https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Co-developed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Co-developed-by: Pipat Methavanitpong <pipat1010@gmail.com>
Signed-off-by: Pipat Methavanitpong <pipat1010@gmail.com>
Co-developed-by: Miklos Balint <Miklos.Balint@arm.com>
Signed-off-by: Miklos Balint <Miklos.Balint@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Signed-off-by: Jerome Forissier <jerome@forissier.org>
|
|
Adds proper handling of cxxflags-y, cxxflags-<file name>-y,
cxxflags-remove-y, cxxflags-remove-<file name>-y, cxxflags-lib-y in the
same way as for C flags.
Fixes: be3bc461c686 ("ta: experimental C++ support")
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This commit introduces CFG_CORE_DEBUG_CHECK_STACKS to check the stack
limits using compiler instrumentation (-finstrument-functions). When
enabled, the C compiler will insert entry and exit hooks in all
functions in the TEE core. On entry, the stack pointer is checked and
if an overflow is detected, panic() is called.
How is this helpful since we have stack canaries already?
1. When a dead canary is found, the call stack will give no indication
of the root cause of the corruption which may have happened quite some
time before. Running the test case again with a debugger attached and a
watchpoint on the canary is not always an option.
2. The system may corrupt the stack and hang in an exception handler
before the first canary check, for instance, during boot when the
temporary stack is used. This code will likely catch such issues, too.
The downside is increased stack usage and a significant runtime overhead
which is why this feature should be enabled only for troubleshooting.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Update the TA makefiles to support C++ (file extension: .cpp).
This allows the use of C++ in TA and libraries, with limitations (see
below). I consider this work experimental because it was only tested
with simple cases in xtest, introducing the required changes and
addressing issues one after another. Therefore, some features may be
missing for more complex use cases (additional relocation types or
runtime support...).
Tested with the arm-linux-gnueabihf- and aarch64-linux-gnu- toolchains
(GCC 8.3).
Limitations:
- Clang is not supported at the moment
- Exception handling: shared libraries cannot throw, catch or propagate
exceptions. Doing so would require linking the libraries and the main
program with the shared libgcc [1] which is not straightforward due
to the many dependencies on the GNU libc. Exceptions *can* be used in
the main program however, as well as in static libraries directly
linked with the main program.
- ldelf stack unwinding does not support C++ frames so crash/panic
dumps will likely be truncated when they involve C++ code.
Link: [1] https://gcc.gnu.org/onlinedocs/gcc/Link-Options.html see "-shared-libgcc"
Tested-by: Jerome Forissier <jerome@forissier.org> (QEMU, QEMUv8, HiKey960)
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Build systems that manage multiple different python interpreters need
explicit control over which version of the interpreter to use.
This patch enables one to override the default interpreter with the path
to a specific one.
Signed-off-by: Dick Olsson <hi@senzilla.io>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Jerome Forissier <jerome@forissier.org>
|
|
After processing a sub.mk by subdir.mk also clear aflags-remove-y
together with the rest of the variables to clear.
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The same Clang 10 fix in commit 4d35ab6a0cef ("TA dev kit: clang: link
shared libraries with -z separate-loadable-segments") is needed for
locally built user space libraries when CFG_ULIBS_SHARED=y.
Signed-off-by: Jerome Forissier <jerome@forissier.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
|
