[scarthgap] Issue with cryptographic operations offloaded to the Trusted Execution Environment (TEE) #2413
Description
With the Scarthgap branch (commit 62423c6) TEE crypto lead kernel panic when it is used to decrypt dm-crypt partition:
# cryptsetup 2.7.2 processing "cryptsetup open <blabla> --readonly --batch-mode -y -v --debug"
# Verifying parameters for command open.
# Running command open.
# Installing SIGINT/SIGTERM handler.
# Unblocking interruption on signal.
# Allocating context for crypt device /dev/mmcblk0p5.
# Trying to open and read device /dev/mmcblk0p5 with direct-io.
# Initialising device-mapper backend library.
# Trying to load any crypt type from device /dev/mmcblk0p5.
# Crypto backend (OpenSSL 3.2.4 11 Feb 2025 [default][legacy][threads][argon2]) initialized in cryptsetup library version 2.7.2.
# Detected kernel Linux 6.6.101-lf-6.6.y-lf-6.6.y-geeace7569d38 aarch64.
# Loading LUKS2 header (repair disabled).
# Acquiring read lock for device /dev/mmcblk0p5.
# Locking directory /run/cryptsetup will be created with default compiled-in permissions.
# Opening lock resource file /run/cryptsetup/L_179:5
# Verifying lock handle for /dev/mmcblk0p5.
# Device /dev/mmcblk0p5 READ lock taken.
# Trying to read primary LUKS2 header at offset 0x0.
# Opening locked device /dev/mmcblk0p5
# Verifying locked device handle (bdev)
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:0baf103693f7d4170cda7f8f079d2b262aa114d147cfa85f6eae526722b16b85 (on-disk)
# Checksum:0baf103693f7d4170cda7f8f079d2b262aa114d147cfa85f6eae526722b16b85 (in-memory)
# Trying to read secondary LUKS2 header at offset 0x4000.
# Reusing open ro fd on device /dev/mmcblk0p5
# LUKS2 header version 2 of size 16384 bytes, checksum sha256.
# Checksum:85d7048e14f056a070833bfa09b5f8dfe224337759fd5c81565f124a339933d3 (on-disk)
# Checksum:85d7048e14f056a070833bfa09b5f8dfe224337759fd5c81565f124a339933d3 (in-memory)
# Device size 335544320, offset 8388608.
# Device /dev/mmcblk0p5 READ lock released.
# Only 2 active CPUs detected, PBKDF threads decreased from 4 to 2.
# Not enough physical memory detected, PBKDF max memory decreased from 1048576kB to 422278kB.
# PBKDF argon2i, time_ms 2000 (iterations 0), max_memory_kb 422278, parallel_threads 2.
# Activating volume mmcblk0p5 [keyslot -1] using token.
# dm version [ opencount flush ] [16384] (*1)
# dm versions [ opencount flush ] [16384] (*1)
# Detected dm-ioctl version 4.48.0.
# Detected dm-verity version 1.9.0.
# Detected dm-crypt version 1.24.0.
# Device-mapper backend running with UDEV support enabled.
# dm status mmcblk0p5 [ opencount noflush ] [16384] (*1)
No usable token is available.
# File descriptor passphrase entry requested.
# Activating volume mmcblk0p5 [keyslot -1] using passphrase.
# dm versions [ opencount flush ] [16384] (*1)
# dm status mmcblk0p5 [ opencount noflush ] [16384] (*1)
# Keyslot 0 priority 1 != 2 (required), skipped.
# Trying to open LUKS2 keyslot 0.
# Running keyslot key derivation.
# Reading keyslot area [0x8000].
# Acquiring read lock for device /dev/mmcblk0p5.
# Opening lock resource file /run/cryptsetup/L_179:5
# Verifying lock handle for /dev/mmcblk0p5.
# Device /dev/mmcblk0p5 READ lock taken.
# Reusing open ro fd on device /dev/mmcblk0p5
# Device /dev/mmcblk0p5 READ lock released.
# Verifying key from keyslot 0, digest 0.
# Loading key (type logon, name cryptsetup:6d8478[ 5.552730] Unable to handle kernel paging request at virtual address 006e72656874652e
10-e792-41d5-8413[ 5.561264] Mem abort info:
-cea5c78ea349-d0)[ 5.565522] ESR = 0x0000000096000044
in thread keyrin[ 5.570743] EC = 0x25: DABT (current EL), IL = 32 bits
g.
# dm versions[ 5.577518] SET = 0, FnV = 0
[ opencount fl[ 5.582040] EA = 0, S1PTW = 0
ush ] [16384] ([ 5.586652] FSC = 0x04: level 0 translation fault
*1)
# dm status [ 5.592995] Data abort info:
mmcblk0p5 [ open[ 5.597346] ISV = 0, ISS = 0x00000044, ISS2 = 0x00000000
count noflush ] [ 5.604296] CM = 0, WnR = 1, TnD = 0, TagAccess = 0
[16384] (*1)
# [ 5.610814] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
Calculated device[ 5.617602] [006e72656874652e] address between user and kernel address ranges
size is 638976 s[ 5.626192] Internal error: Oops: 0000000096000044 [#1] PREEMPT SMP
[ 5.633899] CPU: 0 PID: 235 Comm: cryptsetup Not tainted 6.6.101-lf-6.6.y-lf-6.6.y-geeace7569d38 #1
[ 5.642934] Hardware name: Silicom i.MX93 eBoot Pro (DT)
[ 5.648239] pstate: a0400009 (NzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 5.655198] pc : 0xffff80008008e2c4
[ 5.658682] lr : 0xffff80008094d420
[ 5.662166] sp : ffff800083a1b7a0
[ 5.665476] x29: ffff800083a1b7d0 x28: ffff8000828da348 x27: ffff0000037cc160
[ 5.672617] x26: 0000000000000000 x25: 0000000000000001 x24: 00000000ffffffff
[ 5.679750] x23: ffff000002cc2c40 x22: 0000000000000002 x21: ffff000002413ad8
[ 5.686883] x20: ffff800083a1b7a8 x19: ffff000002413ad0 x18: fffffc00000b5988
[ 5.694015] x17: 0000000000000000 x16: 0000000000000000 x15: ffff00003fdd29d8
[ 5.701148] x14: 0000000000000001 x13: 788c2989da3238a7 x12: 0000000000000000
[ 5.708281] x11: 00000000000000c0 x10: 0000000000000000 x9 : ffff000002413ad0
[ 5.715413] x8 : ffff000002cc36e0 x7 : ffff000002cc2c40 x6 : ffff000002410070
[ 5.722546] x5 : ffff000002410074 x4 : 00000000510f8040 x3 : 656e72656874652e
[ 5.729679] x2 : ffff000002413ae0 x1 : ffff800083a1b7a8 x0 : ffff000002413ad0
[ 5.736812] Call trace:
[ 5.739256] 0xffff80008008e2c4
[ 5.742393] 0xffff80008094d5fc
[ 5.745530] 0xffff80008094d630
[ 5.748667] 0xffff80008078aa80
[ 5.751805] 0xffff80008078af60
[ 5.754942] 0xffff80008078b178
[ 5.758079] 0xffff80008078bb4c
[ 5.761217] 0xffff80008078c040
[ 5.764354] 0xffff8000802fd7b4
[ 5.767491] 0xffff8000806de658
[ 5.770629] 0xffff8000806de858
[ 5.773766] 0xffff8000806e1af4
[ 5.776904] 0xffff8000806d00f4
[ 5.780041] 0xffff8000806d4118
[ 5.783178] 0xffff8000806d4f18
[ 5.786315] 0xffff8000806d4fd8
[ 5.789453] 0xffff8000801ed9c0
[ 5.792590] 0xffff8000801eeaf8
[ 5.795727] 0xffff80008002253c
[ 5.798865] 0xffff80008002267c
[ 5.802002] 0xffff8000800226b4
[ 5.805139] 0xffff800080949494
[ 5.808277] 0xffff800080949d38
[ 5.811414] 0xffff80008001154c
[ 5.814559] Code: 17fffffa f9400443 f9000441 a9000c22 (f9000061)
[ 5.820646] ---[ end trace 0000000000000000 ]---
ectors (RW), offs[ 5.825295] note: cryptsetup[235] exited with preempt_count 2
et 16384.
# DM-UUID is CRYPT-LUKS2-6d847810e79241d58413cea5c78ea349-mmcblk0p5
# Udev cookie 0xd4d2e97 (semid 0) created
# Udev cookie 0xd4d2e97 (semid 0) incremented to 1
# Udev cookie 0xd4d2e97 (semid 0) incremented to 2
# Udev cookie 0xd4d2e97 (semid 0) assigned to CREATE task(0) with flags DISABLE_LIBRARY_FALLBACK (0x20)
# dm create mmcblk0p5 CRYPT-LUKS2-6d847810e79241d58413cea5c78ea349-mmcblk0p5 [ opencount flush ] [16384] (*1)
# dm reload (254:0) [ opencount flush readonly securedata ] [16384] (*1)
Segmentation fault
Where:
D/TC:? 0 tee_ta_init_pseudo_ta_session:303 Lookup pseudo TA 560c5231-71bc-476d-8c2e-4ba107991e72
D/TC:? 0 ldelf_load_ldelf:110 ldelf load address 0xc0007000
D/LD: ldelf:142 Loading TS 560c5231-71bc-476d-8c2e-4ba107991e72
F/TC:? 0 trace_syscall:147 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:147 syscall #5 (syscall_open_ta_session)
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 560c5231-71bc-476d-8c2e-4ba107991e72 (early TA)
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 560c5231-71bc-476d-8c2e-4ba107991e72 (Secure Storage TA)
I/TC: WARNING (insecure configuration): Failed to get monotonic counter for REE FS, using 0
E/TC:? 0 get_rpc_alloc_res:644 RPC allocation failed. Non-secure world result: ret=0xffff000c ret_origin=0x2
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff000c
E/LD: init_elf:493 sys_open_ta_bin(560c5231-71bc-476d-8c2e-4[b a 1 0 719.961e87426)5^M4]
E /uTsCb: ?2 -01 :l dneelwf _hiingiht-_swpietehd_ lUdSeBl df:e1v5i2c el nduemlbfe rfa i2l eudsi nwgi tchi r_hedsr:c ^M0
xffff000c
D/TC:? 0 tee_ta_open_session:696 init session failed 0xffff000c
F/TC:? 0 plat_prng_add_jitter_entropy:68 0xE1
[ 1.708134] tee_client_open_session failed, err: ffff000c
[ 1.713752] tee_crypt algorithms registered in /proc/crypto
This issue no longer occurs when crypto operations offloaded to TEE (e.g CONFIG_TEE_CRYPTO) are disabled.
Furthermore, this issue appears to be linked to the IMX_TRUSTED_ARM_CE driver or the PTA.
Additionally, the OP-TEE PKCS#11 tests are failing:
pkcs11_1000 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:204
pkcs11_1001 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:244
pkcs11_1002 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:502
pkcs11_1003 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1144 [0/18024]
pkcs11_1004.1 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1224
pkcs11_1004.2 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1224
pkcs11_1004.3 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1267
pkcs11_1004.4 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1318
pkcs11_1004.5 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1318
pkcs11_1004 FAILED
pkcs11_1005 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:1576
pkcs11_1006 FAILED first error aD/TC:? 0 tee_ta_close_session:460 csess 0x221ddb20 id 6
t /usr/src/debug/optee-test/4.4.0.imx/host/xtestD/TC:? 0 tee_ta_close_session:479 Destroy session
/pkcs11_1000.c:1638
pkcs11_1007 FAILED first error at /usr/src/debug/optee-testD/TC:? 0 destroy_context:318 Destroy TA ctx (0x221df230)
/4.4.0.imx/host/F/TC:? 0 plat_prng_add_jitter_entropy:68 0xF2
xtest/pkcs11_1000.c:1767
pkcs11_1008 FAILED first error at /usrD/TC:? 0 tee_ta_close_session:460 csess 0x221df370 id 4
/src/debug/optee-test/4.4.0.imx/D/TC:? 0 tee_ta_close_session:479 Destroy session
host/xtest/pkcs11_1000.c:2023
pkcs11_1009 FAILED/TC:? 0 destroy_context:318 Destroy TA ctx (0x221e0a80)
D first error at /usr/src/debug/D/TC:? 0 tee_ta_close_session:460 csess 0x221e0f10 id 2
optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:2198
pkcs11_1010 FAILED first errD/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 destroy_context:318 Destroy TA ctx (0x221e0eb0)
or at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:2462
pkcs11_1011 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:2736
pkcs11_1012 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:3153
pkcs11_1013 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:3391
pkcs11_1014 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:3709
pkcs11_1015 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:3905
pkcs11_1016 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:4197
pkcs11_1017 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:4406
pkcs11_1018 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:4900
pkcs11_1019 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:5851
pkcs11_1020 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:6047
pkcs11_1021 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:6847
pkcs11_1022 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:7230
pkcs11_1023 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:7615
pkcs11_1024 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:7789
pkcs11_1025 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:8163
pkcs11_1026 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:8653
pkcs11_1027 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:8776
pkcs11_1028 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:8919
pkcs11_1029 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:9088
pkcs11_1030 FAILED first error at /usr/src/debug/optee-test/4.4.0.imx/host/xtest/pkcs11_1000.c:9587