Age | Commit message (Collapse) | Author |
|
Since custom load and verification methods for user TA is supported, the
sign tool also should be configurable.
Signed-off-by: Pengguang Zhu <zpghao@163.com>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Adds an AVB TA to be used to provide required services for AVB in U-boot.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds support for compiling in-tree TAs. Unless specified via
CFG_USER_TA_TARGET_<ta-name> the TA will be built with the first TA
target (aka TA dev kit, when delivered) specified in the variable
ta-targets which is initialized in core/arch/arm/plat-*/conf.mk.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Replaces the old variables "binary" and "ldadd" with "user-ta-uuid" and
"user-ta-ldadd" respectively.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Prepare for in-tree TA building by adding $(sm) to all TA dev-kit
variables that may cause conflicts either with the core linking or when
linking multiple TAs.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
All the static user TA libraries supplied in $(libnames) are linked in
the same group using --start-group and --end-group so the order of the
libraries doesn't matter any more. Remove the complexity of reordering
the libraries.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
The symbolic link and its target are in the same directory, so we need
to make sure that there is no relative path before the target filename.
The proper Make variable to use is therefore not $< but $(<F).
Fixes: 01b8b5ce011d ("TA dev kit: when building a shared library, create symlink with UUID")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Allows a TA to determine at build time if the targeted OP-TEE supports
run time dynamic linking.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When creating a symbolic link <uuid>.elf -> libname.so, use the -f (force)
argument so that the command won't fail if the link already exists. It is
a very common case: the first time the library is built and the link is
created. Then whenever some source file is modified, the .so is re-linked
but the symbolic link is there already.
Fixes: 01b8b5ce011d ("TA dev kit: when building a shared library, create symlink with UUID")
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Add system pTA, which provides misc. auxiliary services, extending
existing GlobalPlatform Core API.
Add a call for seeding entropy to the default RNG pool.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Igor Opaniuk <igor.opaniuk@linaro.org>
|
|
For convenience for use by tools such as scripts/symbolize.py, create
a symbolic link <uuid>.elf -> libfoo.so.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Configures mbedtls with a minimal user mode TA configuration and makes
it compile.
Adds dummy include/mbedtls_config_kernel.h to give a good error message
in case mbedTLS is compiled in for kernel mode.
mbedTLS is enabled for TAs with CFG_TA_MBEDTLS = y
Builtin self tests are enabled with CFG_TA_MBEDTLS_SELF_TEST = y
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Since a while the source files license info are defined by SPDX
identifiers. We can safely remove the verbose license text from the
files that are owned by either only STMicroelectronics or only both
Linaro and STMicroelectronics.
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
This patch is preparatory work for the support of dynamically linked
user mode TAs.
The Procedure Linkage Table (.plt) section should be executable,
because it contains special code used to redirect function calls to
the proper destination in external (shared) libraries. Therefore, move
it into the executable segment.
A couple of blank lines are removed in the hope that it will make it
easier to see which sections are grouped together in the same segment.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
|
|
A new Makefile include (ta/arch/arm/link_shlib.mk) is introduced, it is
quite similar to the file used to generate a TA (ta/arch/arm/link.mk)
except that is produces a shared object: $(SHLIBNAME).so. A signed file
is also produced: $(SHLIBUUID).ta.
Actual support for dynamically linked TAs in the OP-TEE ELF loader will
be added in subsequent patches.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
|
|
Exports CFG_CACHE_API and CFG_SECURE_DATA_PATH to the dev kit conf.mk,
making them available for compiled TAs.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Pass all CFG_ variables as -D<varname>=<value> command line parameters
for the C preprocessor. Variables set to "n" are not passed and
variables set to "y" are supplied with the value "1" instead. This is
the same translation as done for conf.h when compiling OP-TEE OS.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Only exports variables containing a value to the dev kit conf.mk
Suggested-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Reworks how CFG_TA_FLOAT_SUPPORT is passed to the exported conf.mk
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Reworks how ENABLE_MDBG=1 is passed when compiling the TA.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Makes sure that conf.mk exported to TA dev kit is updated even if the
change isn't due to a change in mk/config.mk
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
TA property flags TA_FLAG_EXEC_DDR and TA_FLAG_USER_MODE were
not really useful in the OP-TEE and now they are meaningless.
Define the mask of flags a TA may pretend to and assert loaded
TAs do not expect flags set outside of the defined supported bit
flags.
Fix gmon.h against duplicate round macros.
Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
In order to use the memory leak detection code, a user-mode TA needs
two things:
- A version of libutils.a that was built with malloc debug code. This
is taken care of by ta/ta.mk which sets ENABLE_MDBG=1 when
CFG_TEE_TA_MALLOC_DEBUG is 'y'.
- The proper declarations for mdbg_malloc(), mdbg_free(), mdbg_check()
etc. as well as the macro redefinitions for malloc(), free() etc. in
the header files when the TA is built. This patch adds the
missing definition of ENABLE_MDBG in ta/mk/ta_dev_kit.mk when
CFG_TEE_TA_MALLOC_DEBUG is 'y'.
In addition, the usage of CFG_TEE_TA_MALLOC_DEBUG and
CFG_TEE_CORE_MALLOC_DEBUG is better documented in mk/conf.mk.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
|
|
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds one SPDX-License-Identifier line [1] to each source files that
contains license text.
Generated by [2]:
spdxify.py --add-spdx optee_os/
The scancode tool [3] was used to double check the license matching
code in the Python script. All the licenses detected by scancode are
either detected by spdxify.py, or have no SPDX identifier, or are false
matches.
Link: [1] https://spdx.org/licenses/
Link: [2] https://github.com/jforissier/misc/blob/f7b56c8/spdxify.py
Link: [3] https://github.com/nexB/scancode-toolkit
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Joakim Bech <joakim.bech@linaro.org>
|
|
The new format for traces are:
<type>/<where>:<thread_id> [<func:line>] <message>
<type>:
D = DEBUG
E = ERROR
I = INFO
F = FLOW
<where>:
TA = Trusted Application
TC = TEE Core
I.e, it outputs messages like this:
D/TC:00 ta_load:316 ELF load address 0x101000
etc
Thread ID will either take a single or two digits depending on the
number of threads in use.
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Changes to TA sign script to sign TAs as Bootstrap TAs
(img_type == SHDR_BOOTSTRAP_TA) instead of the legacy
TA format (img_type == SHDR_TA).
Reviewed-by: Volodymyr Babchuk <vlad.babchuk@gmail.com>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Adds support for dumping the call stack of a user-mode TA when it
panics. Stack unwinding happens in kernel mode by re-using
abort_print_error() in core/arch/arm/kernel/abort.c. Like for abort
dumps, the helper script scripts/symbolize.py may be used to obtain
source-level information.
This feature is enabled by default. Set CFG_UNWIND=n to disable it
(or CFG_TEE_CORE_DEBUG=n).
In libutee, the utee_panic() syscall wrapper is renamed __utee_panic()
and now takes an additional parameters: a stack pointer, in addition to
the panic code. utee_panic() is written in assembly and pushes some
registers onto the stack before calling __utee_panic(). When it is time
to return from syscall_panic(), tee_svc_sys_return_helper() uses the
stack pointer to get the information needed to unwind the TA stack.
A struct abort_info is created and abort_print_error() is called.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey 32/64)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMUv8)
|
|
Removes all the TUI-related code from libutee (lib/libutee/tui), as
well as its dependencies: lib/libpng and lib/libzlib. Two reasons for
this:
1. This is far from being a complete and testable TUI implementation.
In other words, it is dead code, more or less.
2. lib/libzlib (version 1.2.8) contains several CVE vulnerabilities.
Even if the code is not used, it may trigger some code analysis tools
and is a problem for some projects.
Reported-by: Jianhui Li <airbak.li@hisilicon.com>
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Let's use --start-group / --end-group to allow all libraries added by the
user to use any symbols provided by optee-os lib without having to add that
library again.
For example, if one provides its own library libexample.a that use
strcmp(), which is provided by libutils.a, and he want to compile its TA
with libexample.a, he'll add
libdirs += ...
libnames += example
in his TA Makefile
But the linker will not find strcmp() symbol unless he adds utils lib
explicitly:
libnames += utils example
even if it is already specified in ta_dev_kit.mk because the order matter,
unless it uses -start-group / --end-group
Signed-off-by: Pierre Peiffer <ppeiffer@invensense.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
[jerome.forissier@linaro.org: wrap line in commit description]
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
|
|
Adds support for `make ta_dev_kit`, to build the user space libraries
only and copy them (as well as the related header files and make files)
to the export directory.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
scripts/symbolize.py is useful to TA developers, so add it to the TA
development kit.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
File names passed to $(wildcard) in ta/mk contain no wildcarding
token and they all exist. Therefore, $(wildcard <file>) is always equal
to <file> and $(wildcard) may be omitted.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Provides a hash tree to be used by REE and SQL FS for the secure storage
implementation.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
"make clean" may report errors when trying to clean with different
configuration values than the ones used during the build. For instance:
$ make -s CFG_RPMB_FS=y
$ make clean
CLEAN out/arm-plat-vexpress
rmdir: failed to remove 'out/arm-plat-vexpress/core/tee': Directory not empty
rmdir: failed to remove 'out/arm-plat-vexpress/core': Directory not empty
rmdir: failed to remove 'out/arm-plat-vexpress': Directory not empty
Makefile:88: recipe for target 'clean' failed
make: *** [clean] Error 1
The clean command should not fail, since the build tree was properly
cleaned for the requested configuration. Fix this by using
'rmdir --ignore-fail-on-non-empty'.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
Adds the infrastructure to collect profiling information from Trusted
Applications running in user mode and instrumented with -pg.
Enable with: CFG_TA_GPROF_SUPPORT=y.
Profiling support in itself adds no significant performance overhead.
Instrumented applications however may run 1.3x - 2x slower, and have a
larger .bss section (+1.36 times .text size for 32-bit TAs, +1.77 times
.text size for 64-bit ones).
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (D02 64-bit)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU 32-bit)
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
When a target starts with './', $@ does not. Therefore we must not use
$@ to access a variable if its name is created from $(out-dir) which
might start with './'. We use a macro to make sure that
$(conf-mk-file-export) is evaluated immediately rather than when the
rule is executed. It is needed because ta/ta.mk may be included twice
with different values for $(conf-mk-file-export) (32-bit and 64-bit
dev kits).
Fixes the following issue:
$ make O=./build
<snip>
GEN build/export-ta_arm32/mk/conf.mk
/bin/bash: -c: line 0: syntax error near unexpected token `)'
/bin/bash: -c: line 0: `() >> build/export-ta_arm32/mk/conf.mk'
ta/ta.mk:120: recipe for target 'build/export-ta_arm32/mk/conf.mk' failed
make: *** [build/export-ta_arm32/mk/conf.mk] Error 1
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
|
|
"make clean" would leave behind some files and many directories. Fix
this by correctly tracking the files and directories created under $(O)
during the build process:
- Fix incorrect file names in $(cleanfiles) and add a few missing
ones.
- Introduce a makefile macro: $(cleandirs-for-rmdir), defined in a new
file: mk/cleandirs.mk. It returns the list of directories that should
be removed, given a list of files.
The clean target removes the files, then all the directories in depth-
first order. $(O) is also removed, if found to be empty.
Note that a more straightforward approach was discussed in [1]: use
"rm -rf $(O)/some_dir" and get rid of the whole file and directory
tracking via $(cleanfiles) and $(cleandirs). Although it was agreed it
would be safe, doing so would necessarily break the backward
compatibility for build scripts relying on "make O=<some path>", due to
the additional level ($(O)/some_dir).
Finally, mk/cleandirs.mk is exported to the TA dev kit and the clean
rule for the TAs is updated.
[1] https://github.com/OP-TEE/optee_os/pull/1270
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Andy Green <andy@warmcat.com>
|
|
This provides an easy way to append some flags to the TA build, for
instance: `make CFLAGS_ta_arm64=-O0' to disable optimizations in 64-bit
TAs.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
It is not always suitable to place the third party library source in
the optee-os directory, provide a common library makefile here, the
usage is similar as TA, the only difference is as follow:
TA Makefile:
BINARY := xxx
LIB Makefile:
LIBNAME := libxxx
And xxx.ta or libxxx.a is the target.
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Zeng Tao <prime.zeng@huawei.com>
|
|
Imports libpng 1.6.21 from git://git.code.sf.net/p/libpng/code,
tag ibpng-1.6.21-master-signed
This library is built as a user-mode lib only and is needed to be able
to support png images used in Trusted UI.
Internal test files and other unused files are removed.
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Imports zlib-1.2.8 from http://zlib.net/zlib-1.2.8.tar.xz
with MD5 checksum 28f1205d8dd2001f26fec1e8c2cebe37
This library is built as a user-mode lib only and is needed to be able
to decompress png images used in Trusted UI.
Internal test files and other unused files are removed.
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Optimizes byte swap macros to use compiler builtin if possible. Also
adds a 64-bit byte swap macro.
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
Maps user TA with strict permissions. Blocks with mixed permissions are
mapped with the union of the permissions. In order to take full
advantage of the strict permissions TAs should be mapped using small
pages, that is, using the config option CFG_SMALL_PAGE_USER_TA = y.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM)
Tested-by: Jens Wiklander <jens.wiklander@linaro.org> (QEMU, Juno)
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
|
|
According to GP Internal API, TA_STACK_SIZE corresponds to the stack
size used by the TA code itself and does not include stack space
possibly used by the Trusted Core Framework.
Hence, stack_size which is the size of the stack to use,
must be enlarged.
Without this patch, on FVP, xtest 1012, based on ta/sims, fails because
TA_STACK_SIZE is defined as 1024, which is too low.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
|
|
Cleaning TA $(link-script-dep) is especially important when
switching from 32bits mode to 64bits mode compilation of the TAs
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
|
|
Currently, to build a 64-bit TEE core (as well as mixed 32- and 64-bit
TA libraries, which are automatically enabled in this case), one has to
set too many compiler variables:
$ make PLATFORM=hikey CFG_ARM64_core=y \
CROSS_COMPILE_core=aarch64-linux-gnu- \
CROSS_COMPILE_ta_arm64=aarch64-linux-gnu-
This commit introduces two variables, CROSS_COMPILE32 and
CROSS_COMPILE64. They take appropriate default values, so that the
above line may be simplified as:
$ make PLATFORM=hikey CFG_ARM64_core=y
The change remains compatible with previous builds, i.e., CROSS_COMPILE
can still be used to define the 32-bit compiler because CROSS_COMPILE32
defaults to $(CROSS_COMPILE). Similarly, CROSS_COMPILE_core and
CROSS_COMPILE_ta_arm{32,64} are still used so they may be overridden
too.
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
|