From e0272de38ce87f2a9b0e2bac4162d87d11735992 Mon Sep 17 00:00:00 2001 From: Khang Nguyen Date: Mon, 3 Sep 2018 23:50:35 -0400 Subject: rcar-gen3: IPL: Update IPL to the latest version This commit updates IPL/Secure Monitor for the following changes: Update IPL and Secure Monitor Rev1.0.22 [IPL] - Update CPG setting. - Add support Ebisu-4D board. - Change the timing to invalidate of instruction cache. - Fixed a bug in the exception handler. - Update DDR setting for E3. [Secure Monitor] - Add the wait processing that is placed in the system RAM area for Suspend To RAM. Update optee_os Rev1.0.15 - Fix the polling process of the HyperFlash driver waiting for HW completion. - Fix incorrect memory access in RSA processing using a provider for a HW engine driver. - Fix a conditional branch in a mutex_destroy function. Signed-off-by: Khang Nguyen Signed-off-by: Duy Dang Signed-off-by: Takamitsu Honda --- ...DER-188185-Fix-a-contxt-size-allocated-by.patch | 29 ++++++ ...DER-188122-Fix-to-exclusive-control-for-R.patch | 105 +++++++++++++++++++++ meta-rcar-gen3/recipes-bsp/optee/optee-os_git.bb | 12 ++- 3 files changed, 144 insertions(+), 2 deletions(-) create mode 100644 meta-rcar-gen3/recipes-bsp/optee/optee-os/0001-OPTEE_PROVIDER-188185-Fix-a-contxt-size-allocated-by.patch create mode 100644 meta-rcar-gen3/recipes-bsp/optee/optee-os/0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch (limited to 'meta-rcar-gen3/recipes-bsp/optee') diff --git a/meta-rcar-gen3/recipes-bsp/optee/optee-os/0001-OPTEE_PROVIDER-188185-Fix-a-contxt-size-allocated-by.patch b/meta-rcar-gen3/recipes-bsp/optee/optee-os/0001-OPTEE_PROVIDER-188185-Fix-a-contxt-size-allocated-by.patch new file mode 100644 index 0000000..eada5c5 --- /dev/null +++ b/meta-rcar-gen3/recipes-bsp/optee/optee-os/0001-OPTEE_PROVIDER-188185-Fix-a-contxt-size-allocated-by.patch @@ -0,0 +1,29 @@ +From 88085caf87cf1060c0db269f021efdea617fbef9 Mon Sep 17 00:00:00 2001 +From: Tomohiro Fujiwara +Date: Wed, 26 Sep 2018 10:12:02 +0900 +Subject: [PATCH 1/2] [OPTEE_PROVIDER][#188185] Fix a contxt size allocated by + the OP-TEE OS + +This commit adds a compile option for deciding a context size used by +HASH algorithm of SS6.3-Secure Driver. + +Signed-off-by: Tomohiro Fujiwara +--- + core/core.mk | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/core/core.mk b/core/core.mk +index c428cd00..405b1e76 100644 +--- a/core/core.mk ++++ b/core/core.mk +@@ -90,6 +90,7 @@ base-prefix := + + ifeq ($(CFG_CRYPT_HW_CRYPTOENGINE),y) + core-platform-cflags += -DENABLE_CRYPTOENGINE ++core-platform-cflags += -DDX_CC_TEE -DCRYS_NO_CRYS_COMBINED_SUPPORT + + ifeq ($(CFG_CRYPT_ENABLE_CEPKA),y) + libname = crypto_engine_pka +-- +2.14.1.windows.1 + diff --git a/meta-rcar-gen3/recipes-bsp/optee/optee-os/0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch b/meta-rcar-gen3/recipes-bsp/optee/optee-os/0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch new file mode 100644 index 0000000..bac23ad --- /dev/null +++ b/meta-rcar-gen3/recipes-bsp/optee/optee-os/0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch @@ -0,0 +1,105 @@ +From f6ba4b6f808158a9daf39bc7224da806a9e3547d Mon Sep 17 00:00:00 2001 +From: Tomohiro Fujiwara +Date: Wed, 26 Sep 2018 23:12:17 +0900 +Subject: [PATCH 2/2] [OPTEE_PROVIDER][#188122] Fix to exclusive control for + RSA/ECDSA + +This commit fixes to be exclusive in order to other processes are not +executed between build key process and sign/verify/enc/dec process. + +Signed-off-by: Tomohiro Fujiwara +--- + core/lib/libcryptoengine/tee_pka_provider.c | 4 ++++ + core/lib/libcryptoengine/tee_provider_common.h | 1 + + core/lib/libcryptoengine/tee_ss_provider.c | 6 ++++++ + 3 files changed, 11 insertions(+) + +diff --git a/core/lib/libcryptoengine/tee_pka_provider.c b/core/lib/libcryptoengine/tee_pka_provider.c +index 453bc31a..c5df6737 100644 +--- a/core/lib/libcryptoengine/tee_pka_provider.c ++++ b/core/lib/libcryptoengine/tee_pka_provider.c +@@ -20,6 +20,8 @@ static SSError_t pka_get_ecc_keysize(uint32_t curve, + static void userProcessCompletedFunc(CRYSError_t opStatus __unused, + void* pVerifContext __unused); + ++static struct mutex pka_ecdsa_mutex = MUTEX_INITIALIZER; ++ + /* + * brief: Translate CRYS API AES error into SS provider error. + * +@@ -239,6 +241,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg, + res = pka_get_ecc_digest(messageSizeInBytes, &eccHash); + } + ++ mutex_lock(&pka_ecdsa_mutex); + if (res == SS_SUCCESS) { + /* build public key */ + *publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed; +@@ -274,6 +277,7 @@ TEE_Result ss_ecc_verify_pka(struct ecc_public_key *key, const uint8_t *msg, + res = pka_translate_error_pka2ss_ecc(pka_res); + PROV_DMSG("Result: res=0x%08x\n", res); + } ++ mutex_unlock(&pka_ecdsa_mutex); + + ss_free((void *)publKeyX_ptr); + ss_free((void *)publKeyY_ptr); +diff --git a/core/lib/libcryptoengine/tee_provider_common.h b/core/lib/libcryptoengine/tee_provider_common.h +index 823c7bfa..ed2de568 100644 +--- a/core/lib/libcryptoengine/tee_provider_common.h ++++ b/core/lib/libcryptoengine/tee_provider_common.h +@@ -8,6 +8,7 @@ + + #include + #include ++#include + #include + #include + #include +diff --git a/core/lib/libcryptoengine/tee_ss_provider.c b/core/lib/libcryptoengine/tee_ss_provider.c +index 77a12d7c..3e9f93a1 100644 +--- a/core/lib/libcryptoengine/tee_ss_provider.c ++++ b/core/lib/libcryptoengine/tee_ss_provider.c +@@ -282,6 +282,8 @@ static SSError_t ss_crys_aesccm_update(void *ctx, uint8_t *dataIn_ptr, + static void ss_backup_cb(enum suspend_to_ram_state state, uint32_t cpu_id); + static TEE_Result crypto_hw_init_crypto_engine(void); + ++static struct mutex secure_ecdsa_mutex = MUTEX_INITIALIZER; ++ + static SSError_t ss_crys_aes_update(void *ctx, uint8_t *dataIn_ptr, + uint32_t dataInSize, uint8_t *dataOut_ptr, CRYSError_t *crysRes) + { +@@ -3090,6 +3092,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key, + res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode); + } + ++ mutex_lock(&secure_ecdsa_mutex); + if (res == SS_SUCCESS) { + PROV_DMSG("CALL: CRYS_ECPKI_BuildPrivKey()\n"); + crys_res = CRYS_ECPKI_BuildPrivKey(domain_id, privKeySizeIn_ptr, +@@ -3107,6 +3110,7 @@ TEE_Result crypto_hw_acipher_ecc_sign(struct ecc_keypair *key, + res = ss_translate_error_crys2ss_ecc(crys_res); + PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n",crys_res,res); + } ++ mutex_unlock(&secure_ecdsa_mutex); + + ss_free((void *)signUserContext_ptr); + ss_free((void *)privKeySizeIn_ptr); +@@ -3193,6 +3197,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key, + res = ss_get_ecc_digest(messageSizeInBytes, &eccHashMode); + } + ++ mutex_lock(&secure_ecdsa_mutex); + if (res == SS_SUCCESS) { + /* build public key */ + *publKeyIn_ptr = (uint8_t)CRYS_EC_PointUncompressed; +@@ -3217,6 +3222,7 @@ static SSError_t ss_ecc_verify_secure(struct ecc_public_key *key, + PROV_DMSG("Result: crys_res=0x%08x -> res=0x%08x\n", crys_res, + res); + } ++ mutex_unlock(&secure_ecdsa_mutex); + + ss_free((void *)publKeyX_ptr); + ss_free((void *)publKeyY_ptr); +-- +2.14.1.windows.1 + diff --git a/meta-rcar-gen3/recipes-bsp/optee/optee-os_git.bb b/meta-rcar-gen3/recipes-bsp/optee/optee-os_git.bb index 30f430e..765e24d 100644 --- a/meta-rcar-gen3/recipes-bsp/optee/optee-os_git.bb +++ b/meta-rcar-gen3/recipes-bsp/optee/optee-os_git.bb @@ -13,8 +13,8 @@ inherit deploy pythonnative PV = "3.1.0+renesas+git${SRCPV}" BRANCH = "rcar_gen3" -SRCREV_renesas = "5524832ca895973a372223a6bff9cc3fc7df4b15" -SRCREV_officialgit = "0ab9388c0d553a6bb5ae04e41b38ba40cf0474bf" +SRCREV_renesas = "459c612224e123658a2ad29a91a3d186342d24a9" +SRCREV_officialgit = "e77020396508fc086d7a4d6137388b116e4a662f" SRCREV_FORMAT = "renesas_officialgit" SRC_URI = " \ @@ -22,6 +22,12 @@ SRC_URI = " \ git://github.com/OP-TEE/optee_os.git;branch=master;name=officialgit;destsuffix=git_official \ " +# Patch for Yv3.9.0.1 +SRC_URI_append = " \ + file://0001-OPTEE_PROVIDER-188185-Fix-a-contxt-size-allocated-by.patch \ + file://0002-OPTEE_PROVIDER-188122-Fix-to-exclusive-control-for-R.patch \ +" + COMPATIBLE_MACHINE = "(salvator-x|h3ulcb|m3ulcb|ebisu)" PLATFORM = "rcar" @@ -43,6 +49,8 @@ S = "${WORKDIR}/git" EXTRA_OEMAKE = "-e MAKEFLAGS=" do_configure() { + git -C ${WORKDIR}/git_official checkout -B official 3.1.0 + git -C ${WORKDIR}/git_official cherry-pick ${SRCREV_officialgit} cp -rn ${WORKDIR}/git_official/core/lib/libtomcrypt ${B}/core/lib/. } -- cgit 1.2.3-korg