)]}' { "log": [ { "commit": "9f5e90918093c1d1cd264d8149081b64ab7ba672", "tree": "24fae448793a780b054885daaf8a3904c6f0295f", "parents": [ "d6c3b39db151dae1ee1f056d4f04057e56f0e0d9" ], "author": { "name": "Jari Nippula", "email": "jari.nippula@tii.ae", "time": "Thu Dec 04 08:33:23 2025 +0200" }, "committer": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Mon Jan 05 09:42:34 2026 +0100" }, "message": "tee-supplicant: fix uninit data access if stat() fails\n\ndo_mkdir() shall not rely on \u0027st\u0027 struct fields in case\nstat() call returns error.\n\nSigned-off-by: Jari Nippula \u003cjari.nippula@tii.ae\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "d6c3b39db151dae1ee1f056d4f04057e56f0e0d9", "tree": "f6c123531820f434e12a1a07721f29f988487b06", "parents": [ "943d1f2936ba236a0f856b5c6964dbac24f1bb59" ], "author": { "name": "Marco Felsch", "email": "m.felsch@pengutronix.de", "time": "Sat Nov 08 02:21:18 2025 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 15 15:54:20 2025 +0100" }, "message": "tee-supplicant: add missing rule for the mmcblk[0-9]rpmb group\n\nFix rootless tee-supplicant handling for RPMB use-case. The RPMB\ncommuncation fails badly if the in-kernel RPMB handling was not enabled\nand the rootless tee-supplicant is used because the default group for\nthe /dev/mmcblk[0-9]rpmb is \u0027root\u0027.\n\nSet the group to same group used for /dev/teepriv[0-9] to fix this and\nto allow rootless tee-supplicant usage with legacy user-space RPMB\nhandling.\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Marco Felsch \u003cm.felsch@pengutronix.de\u003e\n" }, { "commit": "943d1f2936ba236a0f856b5c6964dbac24f1bb59", "tree": "a918ce7521de93a3147fe2e7a028bb3623c539f8", "parents": [ "f18e04e8a8d7e0dccc8d14d82038cd1e79d4e247" ], "author": { "name": "Holger Assmann", "email": "h.assmann@pengutronix.de", "time": "Mon Dec 01 10:35:22 2025 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 08 12:09:06 2025 +0100" }, "message": "tee-supplicant: add device instance as start parameter for service file\n\ntee-supplicant requires a device name as a positional argument. This can\nnot be provided via $OPTARGS from the EnvironmentFile, since that\nvariable does not account for the service file being a template where\ninstance-specific services (i.e. @teepriv0, @teepriv1, ...) are derived\nfrom.\n\nTherefore, the device instance used for each templated systemd service\nneeds to be included directly in the ExecStart line.\n\nSigned-off-by: Holger Assmann \u003ch.assmann@pengutronix.de\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "f18e04e8a8d7e0dccc8d14d82038cd1e79d4e247", "tree": "3213ffff57a0ca8696d1d0a96ecc4c34bd93140a", "parents": [ "9d6f69844ff60ec0966cf3659abcc38eda8b31ea" ], "author": { "name": "Holger Assmann", "email": "h.assmann@pengutronix.de", "time": "Mon Dec 01 09:31:12 2025 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 08 12:09:06 2025 +0100" }, "message": "tee-supplicant: add priority prefix for udev rule\n\nThe manpage of udev states that \"All rule files are read in lexical\norder.\" This coincides with the established convention of assigning a\ntwo-digit priority prefix in front of the respective rule file name.\n\nIn case of \"optee-udev.rules\", we are currently missing that prefix.\nWhen looking for context, it seems suitable to choose a priority in the\nrealm of the already existing \"60-tpm-udev.rules\", since that serves a\nsimilar purpose like the rule for optee-client.\n\nThis commit hence changes the installed rule file name to\n\"60-optee-udev.rules\", with \"60-\" being a configurable default value.\n\nSigned-off-by: Holger Assmann \u003ch.assmann@pengutronix.de\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "9d6f69844ff60ec0966cf3659abcc38eda8b31ea", "tree": "0ba3955c486455221515f238815bcf259637df80", "parents": [ "59b90488e93e8172b66e6b29c48780893881e607" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Tue Sep 23 10:37:26 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Wed Sep 24 13:30:14 2025 +0200" }, "message": "github: update stale workflow to v10.0.0\n\nUpdate actions/stale@v4.1.0 to the latest version (v10.0.0). One\ndifference is that issues and PRs are closed by the bot as\n\"not_planned\" rather than \"completed\", which is the main reason for\nupdating.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "59b90488e93e8172b66e6b29c48780893881e607", "tree": "fce23e0e2c39f82fa67cd1010a93564254af565e", "parents": [ "e3148e3019f4eb0eeadac5ddceffc4d425b3570d" ], "author": { "name": "Frazer Carsley", "email": "frazer.carsley@arm.com", "time": "Thu Jul 03 18:43:34 2025 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Wed Jul 30 15:02:53 2025 +0200" }, "message": "tee-supplicant: update udev \u0026 systemd install code\n\n- Allow optionally using pkg-config to discover install location of\n systemd service and udev rule files\n- Make systemd service file generation and installation optional.\n- Make udev rule file generation and installation optional.\n\nChanges are backwards compatible and the default operation is unchanged.\n\nSigned-off-by: Gyorgy Szing \u003cgyorgy.szing@arm.com\u003e\nSigned-off-by: Frazer Carsley \u003cfrazer.carsley@arm.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Mikko Rapeli \u003cmikko.rapeli@linaro.org\u003e\n" }, { "commit": "e3148e3019f4eb0eeadac5ddceffc4d425b3570d", "tree": "a187f7d812ccfd7d46fc27752f52f12b6be54bcd", "parents": [ "84557a2ae821d32f6326a2434107d3c1d3126ae3" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: use renameat2()\n\nSimplify the rename operation by using the renameat2() call, removing\nthe need to call fstat() first and removing possible race condition.\nThis call is \u0027hidden\u0027 behind the GNU_SOURCE define.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nTested-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e (vexpress-qemu_armv8a)\n" }, { "commit": "84557a2ae821d32f6326a2434107d3c1d3126ae3", "tree": "914f06d79701b9bd0339f3f0db85d192251dc02b", "parents": [ "0abffbf913072765f2f9c5f7fcfa6b2875757f84" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: move a non-working fs_fsync() call\n\nfs_fsync() was called in the do_mkdir function that is called\nrecursively from mkpath. It is thus calling fs_fsync several times,\nbefore the entire path is constructed.\nThe fs_fsync function checked that the path existed through open, but\nit will still do possibly numerous useless calls depending on the path.\n\nWith tee_fs_root being replaced with a tee_fs_fd, we must wait for the\nend of tee_supp_fs_init for tee_fs_fd to be valid.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "0abffbf913072765f2f9c5f7fcfa6b2875757f84", "tree": "ee91f5c7f09181f2ec7a6d8d6f22ea18b69b0def", "parents": [ "478acd7ce8cd6cd0742c55cd85e8d782c05a580a" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: remove now useless tee_fs_root variable\n\nFollowing the convertion of all code to use system calls relative to a\nfile descriptor instead of building absolute paths, the tee_fs_root\nvariable is no longer needed and can simply be removed.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "478acd7ce8cd6cd0742c55cd85e8d782c05a580a", "tree": "e35e6007bf1f58176a4019c21f46c7be99fd1aee", "parents": [ "9a791baa5b80e1220a80134a0e2752c2d5971c64" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: remove useless strncpy call\n\nThis call was not required since the variable is not modified.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "9a791baa5b80e1220a80134a0e2752c2d5971c64", "tree": "55b7a0115d91e1721c4c67529d25e0b5fdd04c0c", "parents": [ "8ec1439e2c0c1a971425062085b59cb99ed86faf" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: finish removing direct calls to open with absolute paths\n\nFollowing the previous two commits, finish converting all FS operations\nto use the *at() family of calls instead of using absolute paths.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "8ec1439e2c0c1a971425062085b59cb99ed86faf", "tree": "710369b116c347df6dcce4e568147f1073133fb9", "parents": [ "b7f589a44a45bd8d75584cec69631cee79cb593c" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: use at() functions in rename operation\n\nFollowing the introduction of openat() call in the previous commit, this\ncommit now converts more calls to use the *at() family of calls for file\nsystem access, specifically the rename operation here.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "b7f589a44a45bd8d75584cec69631cee79cb593c", "tree": "850c33acafec5ec90ff67f43a4711601ce73ad99", "parents": [ "23c112a6f05cc5e39bd4aaf52ad515cad532237d" ], "author": { "name": "Pierre Ducroquet", "email": "pinaraf@pinaraf.info", "time": "Mon Jun 23 12:41:00 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Jul 11 14:22:33 2025 +0200" }, "message": "tee-supplicant: use openat() instead of open() for ree_fs_new_open()\n\nThere are several possibilities on a system to temporarily loose access\nto the tee data folder when using the absolute path. In my current\nsetup, this happens when using full disc encryption backed by the fTPM.\nTee-supplicant has to be started early at boot time, with the root\nfilesystem being mounted later. Thus for short windows of time, the tee\ndatas are available only when referred to using a file descriptor.\nThe openat() call (along with fstatat(), renameat() and so on) allows\nthis, while also being faster and safer against TOCTTOU or similar\nattacks/bugs.\nThis first patch converts only the ree_fs_new_open() function and\nintroduces the required elements for further conversions.\n\nSigned-off-by: Pierre Ducroquet \u003cpinaraf@pinaraf.info\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "23c112a6f05cc5e39bd4aaf52ad515cad532237d", "tree": "db06bcc842ad51ab10744667542e2652ca3417ef", "parents": [ "9d09ea1a0c6720506d99e598a168e896e245b295" ], "author": { "name": "Sunny CHEN", "email": "sunny.chen@st.com", "time": "Fri Jun 06 16:06:24 2025 +0800" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Wed Jun 11 14:01:07 2025 +0200" }, "message": "tee-supplicant: clear whole rsp_frm buffer\n\nFix rpmb_data_req() for message types RPMB_MSG_TYPE_REQ_AUTH_KEY_PROGRAM\nand RPMB_MSG_TYPE_REQ_AUTH_DATA_WRITE: the response frame must be cleared\nfully before being used.\n\nSigned-off-by: Sunny Chen \u003csunny.chen@st.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "9d09ea1a0c6720506d99e598a168e896e245b295", "tree": "74e5a478ba4974c31672ec73dd99285cf118b4ed", "parents": [ "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Wed Apr 09 10:01:08 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Mon Apr 28 16:37:57 2025 +0200" }, "message": "tee-supplicant: remove unused TEE_FS_FILENAME_MAX_LENGTH\n\nThe TEE_FS_FILENAME_MAX_LENGTH is not used anywhere so remove it.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "02e7f9213b0d7db9c35ebf1e41e733fc9c5a3f75", "tree": "fb71849f4996de19e8494c6e154e15062245e7dc", "parents": [ "6486773583b5983af8250a47cf07eca938e0e422" ], "author": { "name": "Daniel Lang", "email": "ldaniell14260@gmail.com", "time": "Wed Apr 09 16:55:08 2025 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Wed Apr 09 17:55:00 2025 +0200" }, "message": "cmake: raise mimimum required to 3.5\n\nCMake 4.0 was released [1] which dropped compatibility with versions\nolder than 3.5 and causes cmake_minimum_required(3.4) to fail.\nBump the minimum required version to 3.5, which was released 9 years\nago.\n\n[1] https://www.kitware.com/cmake-4-0-0-available-for-download/\n\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Daniel Lang \u003cldaniell14260@gmail.com\u003e\n" }, { "commit": "6486773583b5983af8250a47cf07eca938e0e422", "tree": "028daf5bdc2f50db98fe27c02426478901909510", "parents": [ "0a22c22a65cf6f18dc42175ac4455934dcc32e84" ], "author": { "name": "Matej Zachar", "email": "zachar.matej@gmail.com", "time": "Fri Nov 29 10:01:13 2024 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Fri Nov 29 17:32:41 2024 +0100" }, "message": "libckteec: Validate EdDSA mechanism parameter length\n\nThis fixes Segmentation fault when no parameter is provided\nas specified in pkcs11 v3.0 spec for Ed25519 Signature Scheme\n\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nSigned-off-by: Matej Zachar \u003czachar.matej@gmail.com\u003e\n" }, { "commit": "0a22c22a65cf6f18dc42175ac4455934dcc32e84", "tree": "ffe4327189b3ab3a8a04a6905ff2131c9bed3ef9", "parents": [ "54539c5b0fd448cdc8d6823c01491033593b5165" ], "author": { "name": "Ayoub Zaki", "email": "ayoub.zaki@embetrix.com", "time": "Wed Jun 12 10:14:12 2024 +0000" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Thu Nov 28 17:33:12 2024 +0100" }, "message": " VSCode : Enable Development inside Docker Container\n\nThis will enable seamless Development of optee_client Project with VSCode\ninside Docker container.\n\nThe VSCode Container provides:\n\n* Automatic Mapping of the host user UID/GID inside the container\n* Cross-Compilers (aarch64/armhf)\n* GDB Multiarch for Debugging\n* Remote SSH on the Target with seamless ssh mapping of the Host inside the container (Linux/Windows WSL)\n* Git and Git Extensions to work and send Patches\n\nNote: This require Docker installation for Linux/or Windows :\n [1] https://docs.docker.com/engine/install\n\n VSCode Extensions (extensions.json) will be recommended for the installation\n\nFor more Information :\n[2] https://code.visualstudio.com/docs/devcontainers/containers\n[3] https://www.youtube.com/watch?v\u003dC_5tDWsWSj0\n[4] https://www.youtube.com/watch?v\u003db1RavPr_878\n\nSigned-off-by: Ayoub Zaki \u003cayoub.zaki@embetrix.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "54539c5b0fd448cdc8d6823c01491033593b5165", "tree": "345711eac46fc10346d23add8de1934b993ef71e", "parents": [ "d221676a58b305bddbf97db00395205b3038de8e" ], "author": { "name": "Etienne Carriere", "email": "etienne.carriere@foss.st.com", "time": "Thu Aug 29 18:19:15 2024 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Mon Nov 18 15:44:24 2024 +0100" }, "message": "libckteec: support for CKM_RSA_X_509\n\nDefine CKM_RSA_X_509 mechanism identifier to allow client to\nrequest operations with this mechanism.\n\nSigned-off-by: Alexandre Marechal \u003calexandre.marechal@st.com\u003e\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "d221676a58b305bddbf97db00395205b3038de8e", "tree": "588752f204c53ddd71bf727c59cb827453ee76d4", "parents": [ "bf0d02758696ee7a9f7af9e95f85f5c238d0e109" ], "author": { "name": "Mikko Rapeli", "email": "mikko.rapeli@linaro.org", "time": "Fri Oct 04 14:43:30 2024 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Thu Oct 10 16:41:49 2024 +0200" }, "message": "libteec/CMakeLists.txt: remove CFG_TEE_CLIENT_LOAD_PATH comment\n\nIt\u0027s not needed now that both use CMAKE_INSTALL_LIBDIR as path.\nIf users want different paths, then they need to set\nCMAKE_INSTALL_LIBDIR to their liking when compiling.\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Mikko Rapeli \u003cmikko.rapeli@linaro.org\u003e\n" }, { "commit": "bf0d02758696ee7a9f7af9e95f85f5c238d0e109", "tree": "7b1429f3ecc602931420cf91fe5edd120995d03f", "parents": [ "49e646de7ed3b5e5a67627ab8e83fa1e012ed568" ], "author": { "name": "Mikko Rapeli", "email": "mikko.rapeli@linaro.org", "time": "Wed Oct 02 15:24:21 2024 +0100" }, "committer": { "name": "Jerome Forissier", "email": "jerome@forissier.org", "time": "Thu Oct 10 16:41:49 2024 +0200" }, "message": "tee-supplicant: add udev rule and systemd service file\n\ntee-supplicant startup with systemd init based\nis non-trivial. Add sample udev rule and systemd\nservice files here so that distros can co-operate maintaining\nthem.\n\nFiles are from meta-arm https://git.yoctoproject.org/meta-arm\nat commit 7cce43e632daa8650f683ac726f9124681b302a4 with license\nMIT and authors:\n\nPeter Griffin \u003cpeter.griffin@linaro.org\u003e\nJoshua Watt \u003cJPEWhacker@gmail.com\u003e\nJavier Tia \u003cjavier.tia@linaro.org\u003e\nMikko Rapeli \u003cmikko.rapeli@linaro.org\u003e\n\nWith permission from the authors, files can be relicensed to\nBSD-2-Clause like rest of optee client repo.\n\nThe config files expect to find tee and teepriv system groups\nand teesuppl user and group (part of teepriv group) for running\ntee-supplicant. Additionally state directory /var/lib/tee\nmust be owned by teesuppl user and group with no rights\nto other users. The groups and user can be changed via\nCMake variables:\n\nCFG_TEE_GROUP\nCFG_TEEPRIV_GROUP\nCFG_TEE_SUPPL_USER\nCFG_TEE_SUPPL_GROUP\n\nChange storage path from /data to /var/lib and\nuse standard CMake variables also for constructing install\npaths which can be override to change the defaults:\n\nCMAKE_INSTALL_PREFIX, e.g. /\nCMAKE_INSTALL_LIBDIR, e.g. /usr/lib\nCMAKE_INSTALL_LOCALSTATEDIR /var\n\nOnce these are setup, udev will start tee-supplicant in initramfs\nor rootfs with teesuppl user and group when /dev/teepriv\ndevice appears. The systemd service starts before tpm2.target\n(new in systemd 256) which starts early in initramfs and in main rootfs.\nThis covers firmware TPM TA usecases for main rootfs encryption. When\nstopping tee-supplicant, the ftpm kernel modules are removed and only\nthen the main process stopped to avoid fTPM breakage. These workarounds\nmay be removed once RPMB kernel and optee patches without tee-supplicant\nare merged (Linux kernel \u003e\u003d 6.12-rc1, optee_os latest master or \u003e\u003d 4.4).\n\nTested on yocto meta-arm setup which runs fTPM and optee-test/xtest\nunder qemuarm64:\n\n$ git clone https://git.yoctoproject.org/meta-arm\n$ cd meta-arm\n$ SSTATE_DIR\u003d$HOME/sstate DL_DIR\u003d$HOME/download kas build \\\nci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml\n\nCompiled image can be manually started to qemu serial console with:\n\n$ SSTATE_DIR\u003d$HOME/sstate DL_DIR\u003d$HOME/download kas shell \\\nci/qemuarm64-secureboot.yml:ci/poky-altcfg.yml:ci/testimage.yml\n$ runqemu slirp nographic\n\nmeta-arm maintainers run these tests as part of their CI.\n\nNote that if the tee-supplicant state directory /var/lib/tee\ncan not be accessed due permissions or other problems, then\ntee-supplicant startup with systemd still works. Only optee-test/xtest\nwill be failing and fTPM kernel drivers fail to load with error\nmessages.\n\nCc: Peter Griffin \u003cpeter.griffin@linaro.org\u003e\nCc: Joshua Watt \u003cJPEWhacker@gmail.com\u003e\nCc: Javier Tia \u003cjavier.tia@linaro.org\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Mikko Rapeli \u003cmikko.rapeli@linaro.org\u003e\n" }, { "commit": "49e646de7ed3b5e5a67627ab8e83fa1e012ed568", "tree": "66f5868f347c4c5d00bfc8b2a9ea96481c79ccdb", "parents": [ "0293dd912c9cf9f3e4064588c0115b39fc33ad54" ], "author": { "name": "hoyong2007", "email": "hoyong2007@naver.com", "time": "Fri Sep 13 10:26:53 2024 +0900" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Sep 24 10:24:03 2024 +0200" }, "message": "libckteec: fix memory allocation leakage on template serialization\n\nFix memory allocation leakage with a call to release_serial_object()\nto release obj2 before serialize_indirect_attribute() returns.\n\nLink: https://github.com/OP-TEE/optee_client/issues/387\nFixes: e88c264ba358 (\"libckteec: helper function to serialize a attribute template\")\nSigned-off-by: Hoyong Jin \u003choyong2007@naver.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "0293dd912c9cf9f3e4064588c0115b39fc33ad54", "tree": "16773882383d1648cd5ad227794b75216e5b2fc9", "parents": [ "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c" ], "author": { "name": "Esteban Blanc", "email": "eblanc@baylibre.com", "time": "Thu Sep 12 12:18:05 2024 +0000" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Sep 17 09:50:07 2024 +0200" }, "message": "tee-supplicant: add sd_notify.c to Android.bp sources\n\nFixes the following link error:\nld.lld: error: undefined symbol: sd_notify_ready\n\u003e\u003e\u003e referenced by tee_supplicant.c:928 (vendor/linaro/optee_client/tee-supplicant/src/tee_supplicant.c:928)\n\nFixes: a5b1ffc (\"tee-supplicant: send READY\u003d1 notification to systemd\")\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Esteban Blanc \u003ceblanc@baylibre.com\u003e\n" }, { "commit": "a5b1ffcd26e328af0bbf18ab448a38ecd558e05c", "tree": "13377aa38f3ddbc5114920afeaa3f5693ba44bff", "parents": [ "f1f000b3951ae3ceeafedeb95cc3c010a2d15047" ], "author": { "name": "Ayoub Zaki", "email": "ayoub.zaki@embetrix.com", "time": "Thu May 30 13:36:59 2024 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Fri Jun 21 15:29:03 2024 +0200" }, "message": "tee-supplicant: send READY\u003d1 notification to systemd\n\nThis option is very useful when tee-supplicant is started\nfrom systemd and can used with Type\u003dnotify to signal readiness\n\nSigned-off-by: Ayoub Zaki \u003cayoub.zaki@embetrix.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nTested-by: Mikko Rapeli \u003cmikko.rapeli@linaro.org\u003e\n" }, { "commit": "f1f000b3951ae3ceeafedeb95cc3c010a2d15047", "tree": "499c5b091bab3fcde979111db63363876129aa7f", "parents": [ "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0" ], "author": { "name": "Etienne Carriere", "email": "etienne.carriere@foss.st.com", "time": "Fri May 24 17:11:11 2024 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Jun 13 21:37:44 2024 +0200" }, "message": "tee-supplicant: remove useless use of __ANDROID__ condition\n\nSince commit 37975f1ba31e (\"rmpb: update AOSP RPMB device path\")\nthe RPMB device path is the same __ANDROID__ directive being set\nor not hence simplify the implementation by removing use of that\ndirective.\n\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "3eac340a781c00ccd61b151b0e9c22a8c6e9f9f0", "tree": "04b99fcd10a1d882f3dd0efd1bf689d0bd5875ab", "parents": [ "7749688eb18d6ff87f94e838ec0cadc7051bc692" ], "author": { "name": "Julianus Larson", "email": "julianus.larson@linaro.org", "time": "Wed May 17 11:15:02 2023 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Tue Apr 02 10:21:52 2024 +0200" }, "message": "libteec: Move OP-TEE defined fields into an imp struct\n\nGlobalPlatform TEE Client API Specification v1.0 specifies that\nthe structs TEEC_Context, TEEC_Session, TEEC_SharedMemory,\nand TEEC_Operation shall have a user defined struct named imp.\nIn OP-TEE the struct is not there and instead the user defined\nfields are declared directly in the top structs.\nThis commit introduces the imp struct to better support using\ndifferent implementations. The imp fields now represent the\nimplementation defined parts of the structs that was\npreviously declared directly in the top struct. All previously\navailable parameters are preserved in the imp struct.\nThe updated version of the imp structure makes it easier to\ncreate a binding for Rust.\nAdding the missing imp struct to the structs in OP-TEE is an\nABI breakage which requires a version major update of libteec.\n\nLink: https://github.com/OP-TEE/optee_client/issues/348\nReported-by: Tom Hebb \u003ctommyhebb@gmail.com\u003e\nSigned-off-by: Julianus Larson \u003cjulianus.larson@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "7749688eb18d6ff87f94e838ec0cadc7051bc692", "tree": "3517ecf167090ce7c011c65e9283bcc69e2c5c6e", "parents": [ "07d2dfab2ecb0f2f1821d69d27b08308b8b339db" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Tue Feb 13 12:47:39 2024 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 13 14:17:45 2024 +0100" }, "message": "libteeacl: add pkgconfig file: teeacl.pc\n\nAdd a pkgconfig file to libteeacl, so that the library and its headers\ncan be found from wherever they have been installed.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "07d2dfab2ecb0f2f1821d69d27b08308b8b339db", "tree": "a523cf65a1840eab4c6ceefaeb03b19c420e3c28", "parents": [ "6f992c52a8dfa6b6413ec3b83f82a54cee4b3259" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Tue Feb 13 12:43:18 2024 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 13 14:17:45 2024 +0100" }, "message": "libteec: pkgconfig: remove duplicate flags in teec.pc\n\npkg-config --static --libs includes the libraries specified in Libs, so\nthere\u0027s no need to repeat them in Libs.private.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "6f992c52a8dfa6b6413ec3b83f82a54cee4b3259", "tree": "9f794def9f8ad82fa750db6a7c846f5c62e36e60", "parents": [ "cef6c7eca4945e51b1f854af1077b44d13c21c28" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Tue Feb 13 11:31:33 2024 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 13 14:17:45 2024 +0100" }, "message": "libteec: pkgconfig: rename libteec.pc as teec.pc\n\nSwitch naming convention of the pkgconfig metadata file use the plain\nnamespec without the lib prefix.\n\nWhile both forms are permitted, the man page of pkg-config[1] has more\nexamples of metadata files without a lib prefix. Similarly the uuid\nmetadata file that teeacl uses to link is named simply `uuid.pc`.\nAdditionally the lib prefix does not provide extra information, and\nlong lists of pkgconfig metadata files are easier to read with just the\nplain namespec.\n\n[1]: https://linux.die.net/man/1/pkg-config\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "cef6c7eca4945e51b1f854af1077b44d13c21c28", "tree": "be108169087f4f75fceff96731ffc786dd7a2698", "parents": [ "c5b3920f58080fda3423235d2620106456bd5b50" ], "author": { "name": "p870613", "email": "p870613@yahoo.com.tw", "time": "Fri Feb 16 01:22:33 2024 +0800" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Feb 19 17:17:13 2024 +0100" }, "message": "tee-supplicant: fix potential crash when TA isn\u0027t found\n\nset_ta_path() doesn\u0027t add a NULL pointer to the last element of ta_path,\nwhich can cause a segmentation fault when a TA is not found. Use\ncalloc() instead of malloc() to make sure the ta_path array is always\nNULL-terminated.\n\nLink: https://github.com/OP-TEE/optee_client/issues/374\nSigned-off-by: guan-gm.lin \u003cguan-gm.lin@mediatek.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "c5b3920f58080fda3423235d2620106456bd5b50", "tree": "61e9c226bfd8329ccb828ea65dbe7cd8f9c94077", "parents": [ "afbd31d9592e8919cf2b6883e33d80fcc32ccdc2" ], "author": { "name": "Etienne Carriere", "email": "etienne.carriere@foss.st.com", "time": "Mon Feb 12 06:19:59 2024 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Feb 14 09:57:10 2024 +0100" }, "message": "libckteec: one shot encryption/decryption may have no input data\n\nChange the one shot encryption and decryption handler function to\nallow input buffer reference to be NULL. This may happen for example\nwith AES GCM operation where encryption of a NULL buffer is expected to\nproduce an AES GCM authentication tag. Before this change, providing a\nNULL buffer to C_Encrypt() made ckteec_register_shm() to fail and\nckteec_register_shm() to return CKR_HOST_MEMORY error code.\n\nFixes: aa3dd58d605e (\"libckteec: Allow 0 length input buffer for update operations.\")\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "afbd31d9592e8919cf2b6883e33d80fcc32ccdc2", "tree": "9c51bd5e9f9f56b73c577a55c39d8079f5a17940", "parents": [ "bfe37714c20c46512e70fad961f1a81a7ab05a8b" ], "author": { "name": "Julien Masson", "email": "jmasson@baylibre.com", "time": "Fri Jan 12 16:29:19 2024 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Jan 29 10:20:32 2024 +0100" }, "message": "android: convert .mk files to .bp\n\nAndroid use by default Soong Build System, *.mk files are deprecated\nin favor of Android.bp [1].\n\nAll the logics present in android mk files have been ported to a\nsingle Android.bp\n\noptee_client.device.mk set the same default flags as we did in the\nold Android *.mk files.\n\nExample of configs in device/VENDOR/BOARD/device.mk:\nBefore:\n\nCFG_TEE_FS_PARENT_PATH :\u003d /mnt/vendor/persist/tee\n\nPRODUCT_PACKAGES +\u003d \\\n libteec \\\n tee-supplicant\n\nAfter:\n\ninclude $(PATH_OPTEE_CLIENT)/optee_client.device.mk\n$(call soong_config_set,optee_client,cfg_tee_fs_parent_path,/mnt/vendor/persist/tee)\n\nPRODUCT_PACKAGES +\u003d \\\n libteec \\\n tee-supplicant\n\n[1] https://source.android.com/docs/setup/build\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Julien Masson \u003cjmasson@baylibre.com\u003e\n" }, { "commit": "bfe37714c20c46512e70fad961f1a81a7ab05a8b", "tree": "fa42f07f842c5ef022a2dfa4d3adfc080ea29e6e", "parents": [ "f7e4ced15d1fefd073bbfc484fe0e1f74afe96c2" ], "author": { "name": "Igor Opaniuk", "email": "igor.opaniuk@foundries.io", "time": "Tue Jan 16 17:15:11 2024 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Jan 23 15:38:27 2024 +0100" }, "message": "libteec: drop benchmark framework support\n\nDrop Benchmark Framework as current implementation is non-function\nand obsolete, and it\u0027s not supported anymore.\n\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nSigned-off-by: Igor Opaniuk \u003cigor.opaniuk@foundries.io\u003e\n" }, { "commit": "f7e4ced15d1fefd073bbfc484fe0e1f74afe96c2", "tree": "aa44e4f4f9ab96ee26e2f472252863c85f67c7e2", "parents": [ "333e51280497722c7f466b1c7905a3fd76290d6a" ], "author": { "name": "Jorge Ramirez-Ortiz", "email": "jorge@foundries.io", "time": "Tue Jan 16 09:12:40 2024 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Jan 16 14:16:58 2024 +0100" }, "message": "teec: do fail on MAX_SIZE allocation requests\n\nThe variable aligned_sz will be 0 when the requested sz is MAX_SIZE.\nSince posix_memalign can return a valid pointer for zero size\nallocations, share memory registration requests for MAX_SIZE might make\nit to the kernel.\n\nThis PR stops it early - just as it was before \"teec: use multiple of\npage size for page aligned buffers\" was merged.\n\nFixes: acb0885c117e (\"teec: use multiple of page size for page aligned buffers\")\nSigned-off-by: Jorge Ramirez-Ortiz \u003cjorge@foundries.io\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "333e51280497722c7f466b1c7905a3fd76290d6a", "tree": "10eaccf93a80a9022bf062aeec1ce2497dcf125d", "parents": [ "332f454cdf8d0a97cd4ac03d5e99136c9218d114" ], "author": { "name": "Vesa Jääskeläinen", "email": "vesa.jaaskelainen@vaisala.com", "time": "Fri Dec 22 09:35:28 2023 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Jan 12 14:38:33 2024 +0100" }, "message": "libckteec: Fix CK_ULONG conversions in C_GetTokenInfo()\n\nWhen running in 64 bit CPU things like ulMaxSessionCount would get value\nof 4294967295 instead of ~0.\n\nAdjust all other CK_ULONG fields supporting CK_UNAVAILABLE_INFORMATION.\n\nSigned-off-by: Vesa Jääskeläinen \u003cvesa.jaaskelainen@vaisala.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "332f454cdf8d0a97cd4ac03d5e99136c9218d114", "tree": "85462b7eaec3f3f5af02af9867c3089bfdaae712", "parents": [ "f467ad36bec5b06b38f936b020a59543cbc632a7" ], "author": { "name": "Vesa Jääskeläinen", "email": "vesa.jaaskelainen@vaisala.com", "time": "Sat Nov 25 17:33:21 2023 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Jan 12 14:38:33 2024 +0100" }, "message": "libckteec: Add helper to convert TA\u0027s CK_ULONG to REE\u0027s CK_ULONG\n\nOn 64 bit systems uint32_t cannot handle CK_ULONG defined\nCK_UNAVAILABLE_INFORMATION.\n\nThis adds helper maybe_unavail() to assist in conversion.\n\nSigned-off-by: Vesa Jääskeläinen \u003cvesa.jaaskelainen@vaisala.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "f467ad36bec5b06b38f936b020a59543cbc632a7", "tree": "3e4400953100e1aa6bce5613d58aeeb533443916", "parents": [ "5448e224fb594edda13985f47bd22b746eee0711" ], "author": { "name": "Fabrice Fontaine", "email": "fontaine.fabrice@gmail.com", "time": "Fri Jan 05 09:47:43 2024 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Jan 08 14:43:23 2024 +0100" }, "message": "tee-supplicant: fix build with kernel \u003c 4.16\n\nCommit 3ac968ee7c927271e83ea3a4247839649202ab5e moved linux/tee.h from\nlibteec/include to libteec/src resulting in the following build failure\nwith any kernel \u003c 4.16 (i.e before\nhttps://github.com/torvalds/linux/commit/033ddf12bcf5326b93bd604f50a7474a434a35f9):\n\n/home/buildroot/autobuild/instance-3/output-1/build/optee-client-4.0.0/tee-supplicant/src/tee_supplicant.c: In function \u0027register_local_shm\u0027:\n/home/buildroot/autobuild/instance-3/output-1/build/optee-client-4.0.0/tee-supplicant/src/tee_supplicant.c:356:44: error: storage size of \u0027data\u0027 isn\u0027t known\n 356 | struct tee_ioctl_shm_register_data data;\n | ^~~~\n\nTo fix this build failure, update CMakeLists.txt and Makefile of\ntee-supplicant to add libteec/src to the include directories.\n\nFixes: 3ac968ee7c92 (\"Makefile, cmake: move teec related headers\")\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nSigned-off-by: Fabrice Fontaine \u003cfontaine.fabrice@gmail.com\u003e\n" }, { "commit": "5448e224fb594edda13985f47bd22b746eee0711", "tree": "0e14eb94cb485d1ad8a7e938029a734687d30d48", "parents": [ "98dc4f488c2f9e433e3e6574ddbdafd116f523db" ], "author": { "name": "Tanel Dettenborn", "email": "tanel@ssrc.tii.ae", "time": "Tue Dec 05 10:47:05 2023 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Jan 08 09:33:45 2024 +0100" }, "message": "tee-supplicant: Enforce paths bound limits\n\nVerify \"ta-path\" command line argument length and if snprintf()\nconcated path is too long, then print an error message and\nterminate startup.\n\nSigned-off-by: Tanel Dettenborn \u003ctanel@ssrc.tii.ae\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "98dc4f488c2f9e433e3e6574ddbdafd116f523db", "tree": "d896fca23feaeb49db0854f7990ddad64fcc81db", "parents": [ "a8381cf4a5ec81d3fbe1c810d9546bd73a45bb96" ], "author": { "name": "Marouene Boubakri", "email": "marouene.boubakri@nxp.com", "time": "Thu Nov 16 12:45:27 2023 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Dec 07 12:13:00 2023 +0100" }, "message": "libckteec: serialize_ck.c: serialize AES-GCM mechanism parameters\n\nThis commits adds serialize_mecha_aes_gcm() function to serialize_ck.c\nto support AES-GCM mechanism (CKM_AES_GCM) in libckteec.\n\nCo-developed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nSigned-off-by: Marouene Boubakri \u003cmarouene.boubakri@nxp.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "a8381cf4a5ec81d3fbe1c810d9546bd73a45bb96", "tree": "6a22174b249eb0d6a85e7b2320f8a90ea4eb061c", "parents": [ "e5f99865c33535d6928fb20d98e641ca607a589c" ], "author": { "name": "Vincent Mailhol", "email": "mailhol.vincent@wanadoo.fr", "time": "Fri Nov 03 09:21:41 2023 +0900" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 04 09:39:17 2023 +0100" }, "message": "tee_client_api: deprecate two TEE_ERROR_* macros not in the specification\n\nTEE_ERROR_EXTERNAL_CANCEL and TEE_ERROR_STORAGE_NO_SPACE are not part\nof the specification [1]. TEEC_ERROR_EXTERNAL_CANCEL and\nTEEC_ERROR_STORAGE_NO_SPACE should be preferred instead.\n\nAdd a message in the description to deprecate these two macros, but\nkeep them for backward compatibility.\n\n[1] TEE Client API Specification v1.0 Errata and Precisions\n Version 2.0, §P.4 Define Additional Return Codes\n\nSigned-off-by: Vincent Mailhol \u003cmailhol.vincent@wanadoo.fr\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "e5f99865c33535d6928fb20d98e641ca607a589c", "tree": "92ab411814948582c73acfb7ea91366919de6ad6", "parents": [ "570c3b44ce1ecf7e1ed947c980f92f9a03b8dabb" ], "author": { "name": "Vincent Mailhol", "email": "mailhol.vincent@wanadoo.fr", "time": "Sun Oct 29 18:33:47 2023 +0900" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 04 09:39:17 2023 +0100" }, "message": "tee_client_api: define additional return codes\n\nThe precision from [1] defines 9 additional return codes. One of them,\nTEEC_ERROR_TARGET_DEAD was already added in [2]. Apply the 8 other\nones and reorder them by values.\n\nThe added documentation is a verbatim copy of the description from\n[1]. Overwrite the existing documentation of TEEC_ERROR_TARGET_DEAD\nwith the one from the specification.\n\n[1] TEE Client API Specification v1.0 Errata and Precisions\n Version 2.0, §P.4 Define Additional Return Codes\n\n[2] commit f2b0ed41c8c7 (\"Updated related Linux Driver Refactoring\")\nLink: https://github.com/OP-TEE/optee_client/commit/f2b0ed41c8c7b3\n\nSigned-off-by: Vincent Mailhol \u003cmailhol.vincent@wanadoo.fr\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "570c3b44ce1ecf7e1ed947c980f92f9a03b8dabb", "tree": "fc1967ec7166a9248d1c98a788d8983d669c9477", "parents": [ "f3845d8bee3645eedfcc494be4db034c3c69e9ab" ], "author": { "name": "Vincent Mailhol", "email": "mailhol.vincent@wanadoo.fr", "time": "Sun Oct 29 18:33:47 2023 +0900" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Dec 04 09:39:17 2023 +0100" }, "message": "tee_client_api: correct reference to TEEC_MemoryReference\n\nApply the errata from [1] which fixes two typos in the definition of\nthe paramTypes.\n\n[1] TEE Client API Specification v1.0 Errata and Precisions\n Version 2.0, §E.1 Correct Reference to TEEC_MemoryReference\n\nSigned-off-by: Vincent Mailhol \u003cmailhol.vincent@wanadoo.fr\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "f3845d8bee3645eedfcc494be4db034c3c69e9ab", "tree": "299fccf34df69e28fbec09b273b88c6f2434c6d0", "parents": [ "c84206b27d44f8dbe5271d700b952ae10f19ee73" ], "author": { "name": "Jared Baur", "email": "jaredbaur@fastmail.com", "time": "Sun Nov 19 20:16:47 2023 -0800" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Nov 27 16:06:16 2023 +0100" }, "message": "tee-supplicant: Allow for TA load path to be specified at runtime\n\nAdd a new `--ta-path` CLI flag for overriding the default load path used\nby tee-supplicant. The given path string can be a set of colon (\u0027:\u0027)\nseparated paths, each being a full path used when searching for TAs.\nWhen this option is not used, the existing behavior of loading TAs from\na subdirectory \"ta-dir\" under TEEC_LOAD_PATH is retained.\n\nSigned-off-by: Jared Baur \u003cjaredbaur@fastmail.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "c84206b27d44f8dbe5271d700b952ae10f19ee73", "tree": "1689a1c8bbbe82e475c261a6976c53cc7cc15ff6", "parents": [ "acb0885c117e73cb6c5c9b1dd9054cb3f93507ee" ], "author": { "name": "Mika Tammi", "email": "mika.tammi@unikie.com", "time": "Tue Sep 19 22:32:50 2023 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Oct 30 18:29:43 2023 +0100" }, "message": "tee-supplicant: Cleanup TEEC_TEST_LOAD_PATH\n\nCleanup TEEC_TEST_LOAD_PATH and CFG_TA_TEST_PATH, as the\nTEEC_TEST_LOAD_PATH was not working properly anyway.\n\nTEEC_TEST_LOAD_PATH and CFG_TA_TEST_PATH are removed, and the\nTEEC_LOAD_PATH is supposed to hold all paths where to search for TAs.\n\nSigned-off-by: Mika Tammi \u003cmika.tammi@unikie.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "acb0885c117e73cb6c5c9b1dd9054cb3f93507ee", "tree": "acb60d9a4b63c13f3752f7cde4a02d54ccae65fa", "parents": [ "6178477728ebea18f1ef37f3534d06a34840fd3b" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Thu Sep 28 21:21:12 2023 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Oct 19 16:26:32 2023 +0200" }, "message": "teec: use multiple of page size for page aligned buffers\n\nWhen allocating a page aligned buffer, round the size up the next\nmultiple of page size. With this we can guarantee that a part of that\npage isn\u0027t registered already.\n\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Joakim Bech \u003cjoakim.bech@linaro.org\u003e\n" }, { "commit": "6178477728ebea18f1ef37f3534d06a34840fd3b", "tree": "3e34ef12d5b60436ff95831cb66256ddf25ec485", "parents": [ "46831ac8eb67d4ab922c8844bb0b7b35841b8ee3" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Wed Aug 23 17:08:43 2023 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Oct 13 22:27:08 2023 +0200" }, "message": "cmake: pkgconfig file: install the file\n\nMake it so that pkgconfig file is actually installed to INSTALL_LIBDIR.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "46831ac8eb67d4ab922c8844bb0b7b35841b8ee3", "tree": "bcf7db20f66992c207511f3a63b3346be0d6ce0c", "parents": [ "3ac968ee7c927271e83ea3a4247839649202ab5e" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Wed Aug 23 17:05:19 2023 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Oct 13 22:27:08 2023 +0200" }, "message": "pkgconfig file: remove extra comments\n\nRemove extra comments about CMake build. Before the comments were\nincluded in the generated .pc file. Based on a short sample, most\nprojects pkgconfig files don\u0027t start with any extra comments.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "3ac968ee7c927271e83ea3a4247839649202ab5e", "tree": "31f6da92f9be018661639a4f6220e72d805e4e1b", "parents": [ "2dd250b3785663c3a2a2c9349ad55d79bb443899" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Aug 10 15:37:40 2023 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Oct 13 22:27:08 2023 +0200" }, "message": "Makefile, cmake: move teec related headers\n\nThe optee-client-headers interface library was added back in commit\ne0a12e2322ae02e957910f29948bd19455bf9cfa \"cmake: Initial CMake support\"\n, but to a directory named \"public\". Improve the consistency of the\nCmake build by moving the headers under the associated libteec include\ndirectory.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "2dd250b3785663c3a2a2c9349ad55d79bb443899", "tree": "863311eb688176c93c1e73987cd5a80b2cbb97ae", "parents": [ "8533e0e6329840ee96cf81b6453f257204227e6c" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Aug 10 15:56:13 2023 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Oct 13 22:27:08 2023 +0200" }, "message": "cmake: remove whitespace before parenthesis\n\nThe style used by the CMake project itself and the most widely used\nCMake style does not place white space between the function/macro name\nand the parenthesis. Align with the common style.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@foss.st.com\u003e\n" }, { "commit": "8533e0e6329840ee96cf81b6453f257204227e6c", "tree": "6990e821e521b2314a8f747f934281077aa33160", "parents": [ "0fc6ef70a70d38628ded06590aefb7bc23364d99" ], "author": { "name": "Joakim Bech", "email": "joakim.bech@linaro.org", "time": "Thu Mar 09 16:48:15 2023 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Mar 20 10:52:16 2023 +0100" }, "message": "travis: remove the .travis.yml file\n\nWe\u0027re no longer using Travis CI and have no plans of adding it again.\nHence let\u0027s remove the .travis.yml file.\n\nSigned-off-by: Joakim Bech \u003cjoakim.bech@linaro.org\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "0fc6ef70a70d38628ded06590aefb7bc23364d99", "tree": "7cf9a2afe640d3a9b7af835eb72fd1ca6d1ddb5f", "parents": [ "dde6306458331371be5df15e3ca953697d2463ef" ], "author": { "name": "liu_yi", "email": "liu_yi@kylinos.cn", "time": "Tue Feb 28 09:20:34 2023 +0800" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Wed Mar 01 09:09:57 2023 +0100" }, "message": "tee-supplicant: fix leak when load plugin failed\n\nload_plugin() calls dlopen() but does not call dlclose() when dlsym()\nfails. Fix that.\n\nSigned-off-by: liu_yi \u003cliu_yi@kylinos.cn\u003e\n[jf: fix minor formatting issues in code and description]\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "dde6306458331371be5df15e3ca953697d2463ef", "tree": "d3eb349e6314819fed8c5816eb8f5c59dc788cba", "parents": [ "462b9546ffc06af81a3c3eb78e51acfa740a1e21" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Feb 02 17:22:29 2023 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Feb 15 12:10:18 2023 +0100" }, "message": "libteeacl: use realloc() instead of reallocarray()\n\nUse realloc() instead of reallocarray(), since uClibc apparently does\nnot implement reallocarray().\n\nFixes: https://github.com/OP-TEE/optee_client/issues/339\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "462b9546ffc06af81a3c3eb78e51acfa740a1e21", "tree": "f8d0c70a93cf8e8138ee7682d58b03b8702dfe98", "parents": [ "209654290c51d9576c81804daccdc9b355fdb72c" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Feb 02 15:47:43 2023 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Feb 15 12:10:18 2023 +0100" }, "message": "Add -Wunsafe-loop-optimizations only for gcc\n\nCompiling with clang would fail with\n```\nerror: unknown warning option \u0027-Wunsafe-loop-optimizations\u0027\n```\nAdjust CMake so that the warning is only added for GNU compiler.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "209654290c51d9576c81804daccdc9b355fdb72c", "tree": "d69e75bad9780a836e60f1f739e3793db2d7f199", "parents": [ "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc" ], "author": { "name": "Clement Faure", "email": "clement.faure@nxp.com", "time": "Wed Jan 04 15:03:02 2023 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Feb 02 09:59:38 2023 +0100" }, "message": "Makefile: use GNU standards for directory variables\n\nUse `sbindir`, `libdir` and `includedir` as variables for installation\ntargets.\nThese variables names are defined by GNU coding standards [1].\n\nLink: [1] https://www.gnu.org/prep/standards/html_node/Directory-Variables.html\nSigned-off-by: Clement Faure \u003cclement.faure@nxp.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc", "tree": "64a8afc5e61e3aa1ef1a0cab5e765076c0be37d6", "parents": [ "1056b40862203ef5a561d088fd7bb54e79a46e0e" ], "author": { "name": "Baocheng Su", "email": "baocheng.su@siemens.com", "time": "Mon Nov 07 20:19:29 2022 +0800" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Dec 09 10:35:29 2022 +0100" }, "message": "libteeacl: Move uuid-dev checking in libteec makefile\n\nFor uuid dependency checking, cross compiler version pkg-config should\nbe used. However top level makefile does not hold the information of the\ncross compiler. To solve that, move the checking from top level makefile\nto the library level.\n\nFixes: d448e8bb2e52 (\"Allow cross-compile pkg-config\")\nSigned-off-by: Su Bao Cheng \u003cbaocheng.su@siemens.com\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "1056b40862203ef5a561d088fd7bb54e79a46e0e", "tree": "dc631eb2ac18ebc77489ec35b62d6eb4b6b6028a", "parents": [ "bbdf665aba39c29a3ce7bd06e4554c62a416ebaa" ], "author": { "name": "Etienne Carriere", "email": "etienne.carriere@linaro.org", "time": "Mon Dec 05 15:39:07 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Dec 08 16:19:39 2022 +0100" }, "message": "cmake: define boolean switch CFG_WERROR with option()\n\nReplaces use of set() with option() for CFG_WERROR boolean switch.\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nTested-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "bbdf665aba39c29a3ce7bd06e4554c62a416ebaa", "tree": "d2863a4c142eb498e598235474ee767dfe1a0704", "parents": [ "fba995056b2756fe74a3bb4643ed8b867b5984bc" ], "author": { "name": "Etienne Carriere", "email": "etienne.carriere@linaro.org", "time": "Thu Nov 10 12:05:24 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Dec 08 16:19:39 2022 +0100" }, "message": "libteeacl: condition libteeacl with WITH_TEEACL\n\nBuild and embed libteeacl upon WITH_TEEACL\u003d1 (default configuration).\nThis configuration switch allows one to build OP-TEE client without\ndependencies on pkg-config and libuuid when OP-TEE ACL for\nPKCS11 is not needed:\n cmake -DWITH_TEEACL\u003d0 ...\nor\n make WITH_TEEACL\u003d0 ...\n\nWith the comments below addressed, LGTM.\n\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nSigned-off-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "fba995056b2756fe74a3bb4643ed8b867b5984bc", "tree": "a8e01cf9e3b0d5465416821ab4e929a811a98bff", "parents": [ "fc67c277017a581f14cc1bd34acad7d7ae2ebf8c" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Nov 28 13:03:31 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Dec 01 11:01:53 2022 +0100" }, "message": "ci: add GitHub Actions script and Docker files\n\nAdds a CI script to be run on push and pull requests. Eight cross-builds\nare checked: (armhf, aarch64) x (make, cmake) x (Debian, Ubuntu).\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "fc67c277017a581f14cc1bd34acad7d7ae2ebf8c", "tree": "1e51a61df9e983ef1d88ae872e0ce519a1b79fa1", "parents": [ "d448e8bb2e526ba132311a61927f0a9177ae8c4d" ], "author": { "name": "Neil Horman", "email": "nhorman@gmail.com", "time": "Fri Nov 18 08:19:04 2022 -0500" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Nov 25 17:33:09 2022 +0100" }, "message": "Add pkgconfig file for libteec\n\nAutotools build environments that use libteec would benefit from the\naddition of generated package config files so that libraries could be\nfound wherever they are installed. Add a teec pkg-config generation to\nsupport that\n\nSigned-off-by: Neil Horman \u003cnhorman@gmail.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "d448e8bb2e526ba132311a61927f0a9177ae8c4d", "tree": "03fe853ac0b5d87bd3aa5fa712716a8a21da5a68", "parents": [ "d26d885c82d2455cbf50c4f0d45108ca5ce28382" ], "author": { "name": "Ying-Chun Liu (PaulLiu)", "email": "paul.liu@linaro.org", "time": "Mon Nov 21 22:14:05 2022 +0800" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Nov 21 18:46:37 2022 +0100" }, "message": "Allow cross-compile pkg-config\n\noptee-client fails to cross build from source. This commit\napply CROSS_COMPILE on pkg-config to let it be able to build by\ncross-compiler.\n\nLink: https://bugs.debian.org/1023233\nLink: http://crossqa.debian.net/src/optee-client\nSigned-off-by: Ying-Chun Liu (PaulLiu) \u003cpaul.liu@linaro.org\u003e\nSigned-off-by: Helmut Grohne \u003chelmut@subdivi.de\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "d26d885c82d2455cbf50c4f0d45108ca5ce28382", "tree": "0975a4c6528a249dab250fd114aeb980c7c613e9", "parents": [ "cb3842cb92255989a402c032797be999eebb9158" ], "author": { "name": "Valerii Chubar", "email": "valerii_chubar@epam.com", "time": "Mon Nov 14 11:44:33 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Nov 18 14:42:09 2022 +0100" }, "message": "libckteec: Add RSA AES key wrap serialization\n\nThe PKCS#11 Specification:\nhttps://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/\npkcs11-spec-v3.1-cs01.pdf\n6.1.23 RSA AES KEY WRAP\n\nSigned-off-by: Valerii Chubar \u003cvalerii_chubar@epam.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "cb3842cb92255989a402c032797be999eebb9158", "tree": "5ccfcac6d7cd7615cd558bda2c71472f4b6e7c52", "parents": [ "52fca902d7c31a1070ee46d8f674840fdadfdfeb" ], "author": { "name": "Joakim Nordell", "email": "joakim.nordell@axis.com", "time": "Fri Oct 21 13:27:33 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Oct 31 09:53:34 2022 +0100" }, "message": "tee-supplicant: Synchronize file operations for secure storage\n\nIn order to properly synchronize data and meta-data for secure\nstorage, fsync() must be performed on the containing directory\nafter mkdir() and rename() operations.\nThis may be especially of interest in a production environment\nwhere power may be cut as soon as all the security\nparameters are saved.\n\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nSigned-off-by: Joakim Nordell \u003cjoakim.nordell@axis.com\u003e\n" }, { "commit": "52fca902d7c31a1070ee46d8f674840fdadfdfeb", "tree": "a9f4be033bf4069413f1d31b08e6e48bd6509d37", "parents": [ "13123dea4bce6a52365b8d9c063a8e8b26ea9946" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Wed Oct 26 22:05:47 2022 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Oct 28 09:15:14 2022 +0200" }, "message": "teeacl: fix include path\n\nThe `uuid` pkg-config file provides the include directory as\n`${PREFIX}/include/uuid`. Set include path relative to pkg-config file\nspecified include_dir to remain portable.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Clement Faure \u003cclement.faure@nxp.com\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "13123dea4bce6a52365b8d9c063a8e8b26ea9946", "tree": "a252e1064b4fae896b94dd1b8e7244a83555c54a", "parents": [ "4a8438d8be156df3258dc8d8cd73a357c1ab7ee2" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Oct 24 11:36:33 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Oct 24 18:02:19 2022 +0200" }, "message": "tee-supplicant: fs: no need to use strlen() to check for empty string\n\nA string is empty when its first character is zero. Therefore, we can\navoid calling strlen() on each FS request.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "4a8438d8be156df3258dc8d8cd73a357c1ab7ee2", "tree": "8e8bf39b4e58a9eb9db245f01adea248f11bfa86", "parents": [ "140bf463046071d3ca5ebbde3fb21ee0854e1951" ], "author": { "name": "KanYuelei", "email": "kanyuelei@acoinfo.com", "time": "Mon Oct 17 16:43:35 2022 +0800" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Oct 17 11:17:14 2022 +0200" }, "message": "libteec: fix memory mapping function in benchmark\n\nFixed libteec function mmap_paddr mmap() size problem reported in [1].\n\nLink: [1] https://github.com/OP-TEE/optee_client/issues/318\nSigned-off-by: Yuelei Kan \u003c936115299@qq.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "140bf463046071d3ca5ebbde3fb21ee0854e1951", "tree": "7a888f9ea3f441ccae9dfc50ae175e12e032cb34", "parents": [ "1fc38c669fc2e2bd76b34000e16bc36fd0915062" ], "author": { "name": "Valerii Chubar", "email": "valerii_chubar@epam.com", "time": "Thu Sep 29 11:13:57 2022 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Oct 06 10:34:32 2022 +0200" }, "message": "libckteec: Add EDDSA attribute serialization\n\nThe PKCS#11 Specification:\nhttps://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/\npkcs11-spec-v3.1-cs01.pdf\n6.3.16 EC mechanism parameters\n\nSigned-off-by: Valerii Chubar \u003cvalerii_chubar@epam.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "1fc38c669fc2e2bd76b34000e16bc36fd0915062", "tree": "c167ca12cc2ad19512ba619e6341e2c706926d4d", "parents": [ "15605824fd823cdf257c88ed3c94e8381fe552a4" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Fri Dec 04 15:35:02 2020 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Thu Sep 29 14:56:33 2022 +0200" }, "message": "libteeacl: Add function to resolve name to gid_t\n\nIt\u0027s very common to specify groups by name so a helper function may be\nuseful.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "15605824fd823cdf257c88ed3c94e8381fe552a4", "tree": "6af7520c0fbecf1703d822912465d5aaef7cdda4", "parents": [ "e58b15867d4779d28866881a69a55042c3f2afe8" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Fri Nov 27 14:39:57 2020 +0200" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Thu Sep 29 14:56:33 2022 +0200" }, "message": "libteeacl: function to encode a group login UUID\n\nteeacl_group_acl_uuid() encodes the group id to a UUID which can be\npassed to a PKCS#11 token.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "e58b15867d4779d28866881a69a55042c3f2afe8", "tree": "d322f7affe38fa1632f5d47adca9cc14a5774631", "parents": [ "5364e6155dbe1511c2b506c7320533170c56ab0f" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Fri Sep 02 11:54:14 2022 +0300" }, "committer": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Thu Sep 29 14:56:33 2022 +0200" }, "message": "libteeacl: Add new ACL helper library\n\nAdd helper library libteeacl containing functions that can be used to\ngenerate the hashed UUID of the user or group. These can then be\nconfigured to PKCS#11 tokens provided by libckteec for Access Control\nList (ACL) based access.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "5364e6155dbe1511c2b506c7320533170c56ab0f", "tree": "a1e7e9173ae220f8d0ff7ce3223b738a978f8445", "parents": [ "a46239c82f941f60e91b31ff4e0c94569ac41e1b" ], "author": { "name": "Julien Masson", "email": "jmasson@baylibre.com", "time": "Wed Jul 06 11:40:50 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Sep 09 15:12:00 2022 +0200" }, "message": "tee-supplicant: read rpmb dev info from sysfs\n\nFor now tee-supplicant retrieve RPMB informations by opening mmc dev\nnode and read data at the corresponding offset.\nThat is a problem on Android device with selinux enabled because the\naccess to this node is restricted to kernel/init.\n\nAll the necessary informations can instead be read from sysfs:\n- RPMB partition size:\n/sys/class/mmc_host/mmc%u/mmc%u:0001/raw_rpmb_size_mult\n- Reliable write sector count:\n/sys/class/mmc_host/mmc%u/mmc%u:0001/rel_sectors\n\nTests done on the following board: (Android build)\nhttps://ologicinc.com/portfolio/mediatek-pumpkin-i350/\n\nSigned-off-by: Julien Masson \u003cjmasson@baylibre.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nTested-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e (hikey-hikey)\n" }, { "commit": "a46239c82f941f60e91b31ff4e0c94569ac41e1b", "tree": "6597a33640620bbd325737ad643834d728edba6d", "parents": [ "30abe6cd47dc24526ef882ecb1f54716d4b3af14" ], "author": { "name": "Julien Masson", "email": "jmasson@baylibre.com", "time": "Tue Feb 08 17:38:39 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Aug 31 17:31:50 2022 +0200" }, "message": "tee-supplicant: android: make RPMB_EMU a conditional assignment\n\nAt the moment the RPMB_EMU variable in the Makefile uses a simple\nassignment and unconditionally sets the variable.\nMove it to a conditional assignment and allow users to override it.\n\nSigned-off-by: Julien Masson \u003cjmasson@baylibre.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "30abe6cd47dc24526ef882ecb1f54716d4b3af14", "tree": "53a21c057d81249d48412396d499da8b506fae8a", "parents": [ "f2755feaa95a9b352830cc874cc8f80b38a5b655" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Aug 11 18:12:32 2022 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Aug 22 09:28:54 2022 +0200" }, "message": "cmake: Use separate generator expression for lib targets\n\nA separate generator expression allows to refer to the headers from the\nsame build tree.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "f2755feaa95a9b352830cc874cc8f80b38a5b655", "tree": "b1f23f31a2183754f731b5dabb9dc9e114357a19", "parents": [ "1dcb80aea0b53349873eec5c18bfb0b592fdc308" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Thu Aug 11 18:06:26 2022 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Aug 22 09:28:54 2022 +0200" }, "message": "cmake: Don\u0027t set teec include_directory from libseteec\n\nSeems to be unused, and CMake builds are easier to reason about, if\neach subdirectory only configures targets located within itself.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "1dcb80aea0b53349873eec5c18bfb0b592fdc308", "tree": "81efcd900b269d00262d69297dd46c21702f03c5", "parents": [ "492410dcb78f07677524e1d932c86260180ea72c" ], "author": { "name": "Eero Aaltonen", "email": "eero.aaltonen@vaisala.com", "time": "Mon Nov 16 17:35:08 2020 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Aug 22 09:28:54 2022 +0200" }, "message": "Use CMake project command to set version\n\nSetting in the version in the `project()` call automatically populates\nthe variables `PROJECT_VERSION_MAJOR`, `_MINOR`, `_PATCH` and `_TWEAK`\n(if used).\n\nIf a `SHARED` version of `ckteec` is built, `PROJECT_VERSION_MAJOR` can\nbe used for the `SOVERSION`.\n\nSigned-off-by: Eero Aaltonen \u003ceero.aaltonen@vaisala.com\u003e\nAcked-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "492410dcb78f07677524e1d932c86260180ea72c", "tree": "febbbd78e9e6ff5ae35d3a3309596c1799f2f667", "parents": [ "d59ed2d3a9635791f72f7fdc3f59ba1b8b5c960f" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Wed Aug 10 19:06:00 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Aug 18 12:58:11 2022 +0200" }, "message": "tee-supplicant: -d: return after TEE device is opened\n\nThis commit addresses a race condition when a kernel module using OP-TEE\nis loaded immediately after tee-supplicant is started. To understand the\nproblem, consider that with a shell background task there is no guarantee\nthat the service is available to the kernel when the command returns.\nSo the following:\n\n tee-supplicant \u0026\n modprobe \u003csome_module\u003e\n\n...may fail when \u003csome_module\u003e invokes the kernel TEE client API (note\nthat kernel users do NOT wait for the supplicant to be available [1],\ncontrary to user space clients [1]).\n\nThis scenario was addressed by commit 66cdd5db37db (\"tee-supplicant: add\ndaemon mode (-d)\"), although the commit description did not explicitly\nmention it. With \u0027-d \u0027 the supplicant command would open the device\nbefore returning. Unfortunately, this was inadvertently broken by commit\n523d50bdede6 (\"tee-supplicant: daemonize before opening a supplicant\ndevice\").\n\nRestore the previous behavior while still keeping the open() call in the\nchild process, by introducing some synchronization between the parent\nand the child. A pipe is created and the parent issues a blocking read.\nAfter successfully opening the device the child writes data to the pipe,\nthus releasing the parent. If the child crashes or exits before writing\nthe parent is released with 0 bytes read and exits with an error status.\n\nThe daemon() call is replaced by make_daemon() which is an open-coded\nversion of the daemon() funcion as described in the Linux man page,\nmodified to deal with the IPC.\n\nLink: [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tee/tee_core.c?h\u003dv5.19#n1128\nLink: [2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tee/tee_core.c?h\u003dv5.19#n117\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "d59ed2d3a9635791f72f7fdc3f59ba1b8b5c960f", "tree": "c7d5d24e92ed27db4ecc8358ce8331cccca96c44", "parents": [ "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f" ], "author": { "name": "zhanglejia", "email": "zhanglejia@baidu.com", "time": "Tue Jul 26 20:53:26 2022 +0800" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Jul 26 15:01:07 2022 +0200" }, "message": "cmake: fix log level don\u0027t take effect\n\nCFG_TEE_CLIENT_LOG_LEVEL and CFG_TEE_SUPP_LOG_LEVEL have no effect on\nDEBUGLEVEL_X when compiling with cmake.\n\nTherefore, modifying the values of CFG_TEE_CLIENT_LOG_LEVEL and\nCFG_TEE_SUPP_LOG_LEVEL cannot set the log level.\n\nSigned-off-by: Lejia Zhang zhanlej@gmail.com\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f", "tree": "ad02ef1da8cd6d07f88aa2eac43f39952163c9cb", "parents": [ "f7ed8e3d3955e0b7a7d3ff77ab2abcfd8fb1cdb9" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Jul 04 16:34:40 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Jul 06 10:22:49 2022 +0200" }, "message": "tee-supplicant: fs: use errno instead of returning TEEC_ERROR_GENERIC\n\nTry to give a bit more information to the TEE core (and subsequently the\nTA) about the cause of FS operation errors by translating errno to a\nTEEC_Result rather than returning TEEC_ERROR_GENERIC always. Introduce\nTEEC_ERROR_STORAGE_NO_SPACE with the same value as\nTEE_ERROR_STORAGE_NO_SPACE and use it to map to ENOSPC.\n\nThis would have been helpful in issue [1]. Instead of being killed with\nTEE_ERROR_GENERIC, the TA would have received TEE_ERROR_STORAGE_NO_SPACE.\n\nLink: [1] https://github.com/OP-TEE/optee_os/issues/5419\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "f7ed8e3d3955e0b7a7d3ff77ab2abcfd8fb1cdb9", "tree": "79b2c91b75e22752ac7e647ac4b57bd2b5a93dc4", "parents": [ "a5c30b1277466a9bf85b62f45a6b00e79774e29c" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Mon Apr 18 09:53:32 2022 -0700" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Jun 29 07:17:12 2022 +0200" }, "message": "tee-supplicant: support multiple TA load paths\n\nParse CFG_TEE_CLIENT_LOAD_PATH (TEEC_LOAD_PATH) and TEEC_TEST_LOAD_PATH\nas a colon-separated list of paths. This commit also updates the\ndocumentation of CFG_TEE_CLIENT_LOAD_PATH and try_load_secure_module()\nwhich were either lacking or incorrect.\n\nSuggested-by: Chao Chen \u003cccha@amazon.com\u003e\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "a5c30b1277466a9bf85b62f45a6b00e79774e29c", "tree": "ebc019a02479cc92e2a091c34306ae078da82cf7", "parents": [ "dc58de2f6d93a181def3bb11b6c4fc541457818f" ], "author": { "name": "Clement Faure", "email": "clement.faure@nxp.com", "time": "Tue May 24 12:45:52 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue May 24 18:04:32 2022 +0200" }, "message": "Makefile: Makefile: only preserve links when installing output files\n\nWhen installing output files with the `install` Makefile target, the\noutput file ownership is preserved because the file copy to the\ndestination directory is done with `cp -a/--archive`.\n\nWhen using the `install` Makefile target in a Yocto recipe, it triggers\nthe following Bitbake host contamination warning:\n\nWARNING: optee-client-3.17.0.imx-r0 do_package_qa: QA Issue: optee-client: /usr/lib/libseteec.so is owned by uid 1001, which is the same as the user running bitbake. This may be due to host contamination\noptee-client: /usr/lib/libteec.so is owned by uid 1001, which is the same as the user running bitbake. This may be due to host contamination\n\nThe original goal of `cp -a` was to preserve symbolics links to shared\nlibraries. The issue is that it also preserves ownership which is\nunwanted. To preserve symbolic links, `cp -d` is enough.\n\nFixes: 44c0d3056 (\"Makefile: preserve links to libraries during make copy_export\")\nSigned-off-by: Clement Faure \u003cclement.faure@nxp.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "dc58de2f6d93a181def3bb11b6c4fc541457818f", "tree": "413f7f0ee72c124fe22b5076839daf4d1920d83a", "parents": [ "f2a7c942393c6383ac89d9264999cd9c93a70b80" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Fri May 20 07:51:01 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri May 20 11:34:02 2022 +0200" }, "message": "tee-supplicant: close shm fd before freeing memory\n\nThe resources of a shm is released in process_free(), this includes the\nfile descriptor and the memory buffer which was registered. Closing\nthe file descriptor unregisters the memory buffer.\n\nThe memory buffer was, prior to this patch, freed before the file\ndescriptor was closed. This could lead to another thread reusing this\nmemory buffer before it has been unregistered. This is normally not a\nproblem since the buffer will not be read or modified after it has been\nfreed. However, FF-A mandates that a physical memory isn\u0027t registered\nalready when registering. Son in the case we can have occasional failures.\n\nFixes: 075c56eebdc9 (\"tee_supplicant: add register memory feature\")\nAcked-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "f2a7c942393c6383ac89d9264999cd9c93a70b80", "tree": "8b4dbcf7fe4e70b8f1564e7f35db10f40fb9708f", "parents": [ "9a337049c52495e5e16b4a94decaa3e58fce793e" ], "author": { "name": "Fabrice Fontaine", "email": "fontaine.fabrice@gmail.com", "time": "Sat May 14 19:33:57 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon May 16 11:26:40 2022 +0200" }, "message": "tee-supplicant/src/tee_supplicant.c: fix build without plugins\n\nFix the following build failure with CFG_TEE_SUPP_PLUGINS !\u003d y raised\nsince version 3.17.0 and commit [1].\n\n/home/giuliobenetti/autobuild/run/instance-2/output-1/build/optee-client-3.17.0/tee-supplicant/src/tee_supplicant.c:104:22: error: \u0027TEE_PLUGIN_LOAD_PATH\u0027 undeclared here (not in a function); did you mean \u0027TEEC_LOAD_PATH\u0027?\n 104 | .plugin_load_path \u003d TEE_PLUGIN_LOAD_PATH,\n | ^~~~~~~~~~~~~~~~~~~~\n | TEEC_LOAD_PATH\n\nLink: [1] https://github.com/OP-TEE/optee_client/commit/876b1ae719e12890ddd96e85cd4e9862dab46448\nFixes: http://autobuild.buildroot.org/results/384e0ca894dbc0ec72cea76141de890f1ce484db\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nSigned-off-by: Fabrice Fontaine \u003cfontaine.fabrice@gmail.com\u003e\n" }, { "commit": "9a337049c52495e5e16b4a94decaa3e58fce793e", "tree": "d3a1a1e05af979caf61740352d6d651d8e4426e2", "parents": [ "8aed3edca4db2736fdadddab20f07945ddb9d3d1" ], "author": { "name": "Ding Tao", "email": "miyatsu@qq.com", "time": "Thu Apr 14 10:36:26 2022 +0000" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Apr 14 14:38:59 2022 +0200" }, "message": "public: Fix simple typo in tee_client_api.h\n\nReplace TEEC_PARAMS_TYPE with TEEC_PARAM_TYPES.\n\nSigned-off-by: Ding Tao \u003cmiyatsu@qq.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\n" }, { "commit": "8aed3edca4db2736fdadddab20f07945ddb9d3d1", "tree": "c8613e35e37c562686b8116a6c6ddd5b0a10dd27", "parents": [ "5a69d55d65966c098ee1acce56bcd660f0de917b" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Wed Apr 13 17:20:05 2022 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Thu Apr 14 13:03:41 2022 +0200" }, "message": "tee-supplicant: accept -r as a short option for --rpmb-cid\n\nCommit 5a69d55d6596 (\"tee-supplicant: add --rpmb-cid command line option\")\nmentions in the help string that -r is synonymous for --rpmb-cid, but\nit\u0027s not. Add the missing characters to the getopt_long() optstring\nargument.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "5a69d55d65966c098ee1acce56bcd660f0de917b", "tree": "7a4aee804e71c488bba3f791d21b23aecb81a00b", "parents": [ "88d374e56e611163de47dabe1bfc5c39ac5a107d" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Wed Mar 16 19:33:26 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 30 09:32:26 2022 +0200" }, "message": "tee-supplicant: add --rpmb-cid command line option\n\nIn OP-TEE OS, the RPMB device used for secure storage is selected at\ncompile time via an integer identifier (CFG_RPMB_FS_DEV_ID). As\nmentioned in [1], this ID is assigned by the Linux kernel and is used\nwhen tee-supplicant opens the device on behalf of OP-TEE. There are a\ncouple of issues with that:\n\n1. U-Boot and Linux may assign a different number to the same RPMB\ndevice. Therefore, the TEE supplicant components in U-Boot and Linux\ncannot both trust the ID given by OP-TEE.\n\n2. If a system has several RPMB devices, and even if we ignore removable\nones, there is no guarantee that the devices will always be enumerated\nin the same order by the kernel on boot. This results in different\ndevice numbers. I observed this behavior on a Hikey620 board with an\nexternal eMMC module plugged into the micro SD slot. Sometimes the\non-board RPMB (which I don’t use for testing) is /dev/mmcblk0rpmb and\nthe external one is /dev/mmcblk1rpmb; sometimes it is the other way\naround.\n\nIn order to remove any ambiguity, introduce a new command line argument\nto tee-supplicant: --rpmb-cid \u003cCID\u003e. \u003cCID\u003e is the device identification\nregister of the eMMC device that OP-TEE should use for RPMB. It is\nunique for every flash device. When --rpmb-cid is given, the device\nnumber given by OP-TEE is ignored and the specified device is used\ninstead. \u003cCID\u003e can be found in sysfs, for example:\n\n # Read the CID of MMC device 0. Its RPMB partition is /dev/mmcblk0rpmb.\n $ cat /sys/class/mmc_host/mmc0/mmc0\\:0001/cid\n 11010030303847453000e0a18ceb13df\n $\n\nLink: https://github.com/OP-TEE/optee_os/blob/3.16.0/mk/config.mk#L159-L162\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "88d374e56e611163de47dabe1bfc5c39ac5a107d", "tree": "6611ed1776576aae5d89972d9aa8aa5f6d381222", "parents": [ "ba0ed67e1a066736d88f08bc99d73b5c40617c46" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Fri Mar 18 11:14:19 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 30 09:32:26 2022 +0200" }, "message": "tee-supplicant: rpmb: read CID in one go\n\nIntroduce read_cid_str() to read the whole eMMC CID from sysfs in one\ngo rather than doing it two bytes at a time. This function will come\nin handy in the next commit.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "ba0ed67e1a066736d88f08bc99d73b5c40617c46", "tree": "7bb3cff71102409901f9958f3e32de7fb5116e31", "parents": [ "945704e6433e31753fb6c3f05e1ce61673dec1d6" ], "author": { "name": "Jerome Forissier", "email": "jerome.forissier@linaro.org", "time": "Fri Mar 18 10:55:43 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Mar 30 09:32:26 2022 +0200" }, "message": "tee-supplicant: rpmb: introduce readn() wrapper to the read() syscall\n\nread_cid() obtains the ID of the eMMC device by reading from sysfs with\nthe read() function. Two bytes are read at a time but short reads (i.e.,\nwhen only one byte is returned) and EINTR are not handled. Although I\n*think* these situation cannot happen with sysfs, I was unable to find\nany guarantee that it is the case. Therefore, introduce a readn()\nfunction which does exactly that.\n\nSigned-off-by: Jerome Forissier \u003cjerome.forissier@linaro.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "945704e6433e31753fb6c3f05e1ce61673dec1d6", "tree": "4e417fe7bcdda8783a343159862cd42bf6dc6ebe", "parents": [ "edf30722ab94317c29c0d49ef8d946239cb7d600" ], "author": { "name": "Ondrej Kubik", "email": "ondrej.kubik@canonical.com", "time": "Thu Feb 10 13:18:22 2022 +0000" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Mar 01 14:13:16 2022 +0100" }, "message": "tee-supplicant: fix plugin loading logic\n\nd_name variable in structures returned by readdir() contains filename within the directory.\nThis needs to be extended by dir path itself before passed to load_plugin() function\n\nSigned-off-by: Ondrej Kubik \u003condrej.kubik@canonical.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nReviewed-by: Aleksandr Anisimov \u003canisimov.alexander.s@gmail.com\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "edf30722ab94317c29c0d49ef8d946239cb7d600", "tree": "3a1d863bdc64e3f1aaa826240a8130f0c17be549", "parents": [ "876b1ae719e12890ddd96e85cd4e9862dab46448" ], "author": { "name": "Ondrej Kubik", "email": "ondrej.kubik@canonical.com", "time": "Thu Feb 03 21:35:57 2022 +0000" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Feb 21 19:17:16 2022 +0100" }, "message": "tee-supplicant: refactor argument parsing in main()\n\nSigned-off-by: Ondrej Kubik \u003condrej.kubik@canonical.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\n" }, { "commit": "876b1ae719e12890ddd96e85cd4e9862dab46448", "tree": "7fb590ac22f893215d32aa9c14a297435b696fb7", "parents": [ "8b3f7fe3401f0853b4af32aed2c1b436f3a36377" ], "author": { "name": "Ondrej Kubik", "email": "ondrej.kubik@canonical.com", "time": "Thu Feb 03 21:31:04 2022 +0000" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Mon Feb 21 19:17:16 2022 +0100" }, "message": "tee-supplicant: introduce struct tee_supplicant_params for global config\n\nSigned-off-by: Ondrej Kubik \u003condrej.kubik@canonical.com\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\n" }, { "commit": "8b3f7fe3401f0853b4af32aed2c1b436f3a36377", "tree": "7c5958ed5e9b11b2b70961c02b2351c7ee9403e1", "parents": [ "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2" ], "author": { "name": "Jorge Ramirez-Ortiz", "email": "jorge@foundries.io", "time": "Thu Dec 02 23:06:01 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Feb 08 14:47:57 2022 +0100" }, "message": "libckteec: add support for ECDH derive\n\nThis commit adds support for Elliptic curve Diffie-Hellman key\nderivation, a mechanism where each party contributes one key pair all\nusing the same EC domain parameters.\n\nThe mechanism derives a secret value and truncates the result.\n\nTested with pkcs11_tool -m ECDH1-DERIVE\n\nSigned-off-by: Jorge Ramirez-Ortiz \u003cjorge@foundries.io\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nReviewed-by: Vesa Jääskeläinen \u003cvesa.jaaskelainen@vaisala.com\u003e\n" }, { "commit": "06db73b3f3fdb8d23eceaedbc46c49c0b45fd1e2", "tree": "022bdc923ea569a80d884903fd9a1110107ee2b8", "parents": [ "f6e05d3d614e5abffd1bc34561d4724773c063be" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Tue Jan 11 15:48:04 2022 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Jan 11 19:55:23 2022 +0100" }, "message": "libteec: copy out partial shadow buffer\n\nWithout dynamic shared memory enabled (CFG_CORE_DYN_SHM\u003dn) temporary\nmemrefs uses a shadow buffer to transport data to and from the kernel.\n\nPrior to this patch in case the out length of such a buffer is larger\nthan the initial size then no copy out is performed even though some\nrelevant data may be available. Fix this by copying out as much data as\nthe shadow buffer can hold.\n\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nTested-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nFixes: https://github.com/OP-TEE/optee_os/issues/5101\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "f6e05d3d614e5abffd1bc34561d4724773c063be", "tree": "9987e4b102083c753b85867e50f675a7f275c26e", "parents": [ "975fa78e1f41b443ce1bb9a9a7e4ff4b99fb0bdd" ], "author": { "name": "Joakim Bech", "email": "joakim.bech@linaro.org", "time": "Wed Dec 22 09:16:45 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Dec 22 21:01:32 2021 +0100" }, "message": "GitHub actions: fix incorrect version\n\nv4.0.1 was incorrectly added to the commit below, instead it should have\nbeen v4.1.0.\n\nFixes: 975fa78e1f41 (\"GitHub actions: add a stales.yml file\")\n\nSigned-off-by: Joakim Bech \u003cjoakim.bech@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "975fa78e1f41b443ce1bb9a9a7e4ff4b99fb0bdd", "tree": "b0ff41fffba79530c4dbb8265ffaee476d860985", "parents": [ "df537dd7b9147bd5aaba620f76cbf9dd7a07f0a3" ], "author": { "name": "Joakim Bech", "email": "joakim.bech@linaro.org", "time": "Tue Dec 21 10:27:09 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Tue Dec 21 18:14:18 2021 +0100" }, "message": "GitHub actions: add a stales.yml file\n\nAdd a stales.yml similar to the ones we find in the other OP-TEE gits.\n\nSigned-off-by: Joakim Bech \u003cjoakim.bech@linaro.org\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "df537dd7b9147bd5aaba620f76cbf9dd7a07f0a3", "tree": "7455ea81f4c7e53b3191bec500f3b759db625028", "parents": [ "6d54f84d1e9aa58265afc7a5541bd7eeac4cc929" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Wed Dec 01 08:37:33 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Dec 01 13:25:35 2021 +0100" }, "message": "tee-supplicant: read_with_timeout(): fix non-blocking peeking\n\nIn case read_with_timeout() is called with *blen \u003d\u003d 0 it indicates that\nread_with_timeout() should just check how much data is available, and\nset how much in *blen and return success. If there is none available it\njust also returns success.\n\nPrior to this patch read_with_timeout() was instead returning an error\nin case no data was available, this is not expected by the caller so fix\nthis by returning success in that case instead.\n\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "6d54f84d1e9aa58265afc7a5541bd7eeac4cc929", "tree": "3f7f2f418be44c288f8424a7cdf93e3d426ffb9e", "parents": [ "f4f54e5a76641fda22a49f00294771f948cd4c92" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Tue Nov 30 13:09:51 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Dec 01 13:25:35 2021 +0100" }, "message": "tee-supplicant: recv_with_out_flags(): check EINTR\n\nAdds special treatment if recvmsg() returns error with EINTR, in that\ncase the syscall was interrupted by delivery of a signal and we\nshould just try again with the same arguments.\n\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "f4f54e5a76641fda22a49f00294771f948cd4c92", "tree": "737b56db18379cef9b35362ffcc72e117b4f8d7f", "parents": [ "e532a51ec020fd652dc1f83b4a5a0311afeab246" ], "author": { "name": "Jorge Ramirez-Ortiz", "email": "jorge@foundries.io", "time": "Wed Nov 03 12:28:47 2021 +0100" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Fri Nov 26 09:09:30 2021 +0100" }, "message": "libseteec: Secure Element control\n\nWhen a Secure Element -supported by OP-TEE- enables SCP03, the\nencryption keys could have been derived from the HUK and therefore not\nknown to the normal world.\n\nIn such circumstances, APDU frames will need to be routed to the\nsecure world for encryption before sending them to the SE and then\ndecrypted when processing the response.\n\nSecure Elements supporting SCP03 are shipped with predefined keys\nstored in persistent memory and documented in their data sheets.\n\nThis library provides an interface to enable SCP03 using those\nnon-secure keys. It also provides an interface to rotate these default\nkeys and derive board unique new ones before enabling the SCP03\nsession.\n\nA working scenario currently in OP-TEE is the NXP SE050/SE051 device\n(both have been tested)\n\nSigned-off-by: Jorge Ramirez-Ortiz \u003cjorge@foundries.io\u003e\nAcked-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nAcked-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\n" }, { "commit": "e532a51ec020fd652dc1f83b4a5a0311afeab246", "tree": "8eee5cfc13a0506afdd2308ebd6fde43d7418d23", "parents": [ "2a99339c9afd75623934bb8b90c5059490d8ac13" ], "author": { "name": "Jens Wiklander", "email": "jens.wiklander@linaro.org", "time": "Wed Oct 27 15:45:44 2021 +0200" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Nov 24 15:50:52 2021 +0100" }, "message": "tee-supplicant: tee_socket_recv(): report truncated datagrams\n\nUpdates tee_socket_recv() to detect and report truncated datagrams and\nenable amount of data available to be queried.\n\nAcked-by: Jerome Forissier \u003cjerome@forissier.org\u003e\nReviewed-by: Etienne Carriere \u003cetienne.carriere@linaro.org\u003e\nSigned-off-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\n" }, { "commit": "2a99339c9afd75623934bb8b90c5059490d8ac13", "tree": "29780467798752cd8d84581710dd7cd75a6e6283", "parents": [ "b3e9cee465371668e8beb6246f08d0b32d60b4fa" ], "author": { "name": "Elvira Khabirova", "email": "e.khabirova@omp.ru", "time": "Wed Oct 13 16:37:47 2021 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Oct 20 11:32:33 2021 +0200" }, "message": "libckteec: check for ckteec_alloc_shm rval\n\nckteec_alloc_shm() can return NULL; handle it properly in ck_digest_update().\n\nSigned-off-by: Elvira Khabirova \u003ce.khabirova@omp.ru\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\n" }, { "commit": "b3e9cee465371668e8beb6246f08d0b32d60b4fa", "tree": "e15ec242ce4fc19b5e97e02c3618768cb33e2828", "parents": [ "9876c9cb785bbd2a13f7981f72aaf825c7bb118a" ], "author": { "name": "Elvira Khabirova", "email": "e.khabirova@omp.ru", "time": "Tue Oct 19 14:45:43 2021 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Oct 20 11:32:33 2021 +0200" }, "message": "tee-supplicant: handle ftell() errors\n\nftell() can return -1; handle that properly.\n\nSigned-off-by: Elvira Khabirova \u003ce.khabirova@omp.ru\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\n" }, { "commit": "9876c9cb785bbd2a13f7981f72aaf825c7bb118a", "tree": "935736bab337aeeeeba0c9a089539da18ee4dbb5", "parents": [ "ae19e954232f4c34c48f1d2c92646a031a180c5f" ], "author": { "name": "Elvira Khabirova", "email": "e.khabirova@omp.ru", "time": "Tue Oct 19 14:45:32 2021 +0300" }, "committer": { "name": "Jérôme Forissier", "email": "jerome@forissier.org", "time": "Wed Oct 20 11:32:33 2021 +0200" }, "message": "teec_ta_load: replace printfs with DMSGs\n\nSigned-off-by: Elvira Khabirova \u003ce.khabirova@omp.ru\u003e\nReviewed-by: Jens Wiklander \u003cjens.wiklander@linaro.org\u003e\nReviewed-by: Jerome Forissier \u003cjerome@forissier.org\u003e\n" } ], "next": "ae19e954232f4c34c48f1d2c92646a031a180c5f" }