February 2021 - OP-TEE - lists.trustedfirmware.org

[PATCH v8 0/4] Introduce TEE based Trusted Keys support

by Sumit Garg

Add support for TEE based trusted keys where TEE provides the functionality to seal and unseal trusted keys using hardware unique key. Also, this is an alternative in case platform doesn't possess a TPM device. This patch-set has been tested with OP-TEE based early TA which is already merged in upstream [1]. [1] https://github.com/OP-TEE/optee_os/commit/f86ab8e7e0de869dfa25ca05a37ee070d… Changes in v8: 1. Added static calls support instead of indirect calls. 2. Documented trusted keys source module parameter. 3. Refined patch #1 commit message discription. 4. Addressed misc. comments on patch #2. 5. Added myself as Trusted Keys co-maintainer instead. 6. Rebased to latest tpmdd master. Changes in v7: 1. Added a trusted.source module parameter in order to enforce user's choice in case a particular platform posses both TPM and TEE. 2. Refine commit description for patch #1. Changes in v6: 1. Revert back to dynamic detection of trust source. 2. Drop author mention from trusted_core.c and trusted_tpm1.c files. 3. Rebased to latest tpmdd/master. Changes in v5: 1. Drop dynamic detection of trust source and use compile time flags instead. 2. Rename trusted_common.c -> trusted_core.c. 3. Rename callback: cleanup() -> exit(). 4. Drop "tk" acronym. 5. Other misc. comments. 6. Added review tags for patch #3 and #4. Changes in v4: 1. Pushed independent TEE features separately: - Part of recent TEE PR: https://lkml.org/lkml/2020/5/4/1062 2. Updated trusted-encrypted doc with TEE as a new trust source. 3. Rebased onto latest tpmdd/master. Changes in v3: 1. Update patch #2 to support registration of multiple kernel pages. 2. Incoporate dependency patch #4 in this patch-set: https://patchwork.kernel.org/patch/11091435/ Changes in v2: 1. Add reviewed-by tags for patch #1 and #2. 2. Incorporate comments from Jens for patch #3. 3. Switch to use generic trusted keys framework. Sumit Garg (4): KEYS: trusted: Add generic trusted keys framework KEYS: trusted: Introduce TEE based Trusted Keys doc: trusted-encrypted: updates with TEE as a new trust source MAINTAINERS: Add myself as Trusted Keys co-maintainer Documentation/admin-guide/kernel-parameters.txt | 12 + Documentation/security/keys/trusted-encrypted.rst | 203 +++++++++++-- MAINTAINERS | 2 + include/keys/trusted-type.h | 47 +++ include/keys/trusted_tee.h | 55 ++++ include/keys/trusted_tpm.h | 17 +- security/keys/trusted-keys/Makefile | 2 + security/keys/trusted-keys/trusted_core.c | 354 ++++++++++++++++++++++ security/keys/trusted-keys/trusted_tee.c | 278 +++++++++++++++++ security/keys/trusted-keys/trusted_tpm1.c | 336 ++++---------------- 10 files changed, 979 insertions(+), 327 deletions(-) create mode 100644 include/keys/trusted_tee.h create mode 100644 security/keys/trusted-keys/trusted_core.c create mode 100644 security/keys/trusted-keys/trusted_tee.c -- 2.7.4

3 years, 2 months

6
36
0 0

Re: [Tee-dev] OpenVPN hardening with OP-TEE

by Jerome Forissier

Hi Kris, [CC op-tee(a)lists.trustedfirmware.org the newer ML for OP-TEE which is now under the TrustedFirmware.org umbrella] On 2/9/21 11:04 PM, Kris Kwiatkowski wrote: > Hello, > > I've recently been involved in producing PoC, which utilizes OP-TEE > to produce proof of a secret key possession. That is used during tunnel > establishment by OpenVPN. > > In case someone finds it interesting, for example as kind of "real-world" > use case of OP-TEE, then details are described here: > https://www.amongbytes.com/post/20210112-optee-openssl-engine/ Thanks for sharing! It is a well-written article, quite interesting to read IMO. I always like to see how OP-TEE is used in various scenarios. As upstream project maintainers we hear about bug reports and we review new contributions of course, but there is clearly a lot of activity going on downstream that we don't know much about. Yet, a bit of context certainly helps take the good decisions for the project going forward! > and code is here: > https://github.com/henrydcase/optee_eng > > The actual PoC used post-quantum schemes integrated into TEE OS and TF-A > (secure boot). Those two points are not described really described for brevity > (and probably there is low interest anyway). > > Kind regards, > Kris > _______________________________________________ > Tee-dev mailing list > Tee-dev(a)lists.linaro.org > https://lists.linaro.org/mailman/listinfo/tee-dev Thanks, -- Jerome

3 years, 2 months

1
0
0 0

[PATCH v2] hwrng: optee: Use device-managed registration API

by Tian Tao

Use devm_hwrng_register to get rid of manual unregistration. Signed-off-by: Tian Tao <tiantao6(a)hisilicon.com> Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> --- v2:Fix up subject line as s/hwrng: optee -:/hwrng: optee:/ --- drivers/char/hw_random/optee-rng.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/char/hw_random/optee-rng.c b/drivers/char/hw_random/optee-rng.c index a99d829..135a825 100644 --- a/drivers/char/hw_random/optee-rng.c +++ b/drivers/char/hw_random/optee-rng.c @@ -243,7 +243,7 @@ static int optee_rng_probe(struct device *dev) if (err) goto out_sess; - err = hwrng_register(&pvt_data.optee_rng); + err = devm_hwrng_register(dev, &pvt_data.optee_rng); if (err) { dev_err(dev, "hwrng registration failed (%d)\n", err); goto out_sess; @@ -263,7 +263,6 @@ static int optee_rng_probe(struct device *dev) static int optee_rng_remove(struct device *dev) { - hwrng_unregister(&pvt_data.optee_rng); tee_client_close_session(pvt_data.ctx, pvt_data.session_id); tee_client_close_context(pvt_data.ctx); -- 2.7.4

3 years, 2 months

2
1
0 0

[GIT PULL] OP-TEE I2C simplification for v5.12

by Jens Wiklander

Hello arm-soc maintainers, Please pull this fix eliminating a stack frame size warning and also simplifying I2C access in the OP-TEE driver. Thanks, Jens The following changes since commit e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62: Linux 5.11-rc2 (2021-01-03 15:55:30 -0800) are available in the Git repository at: git://git.linaro.org/people/jens.wiklander/linux-tee.git tags/optee-simplify-i2c-access_for-v5.12 for you to fetch changes up to 67bc809752796acb2641ca343cad5b45eef31d7c: optee: simplify i2c access (2021-02-08 13:42:31 +0100) ---------------------------------------------------------------- Simplify i2c acess in OP-TEE driver ---------------------------------------------------------------- Arnd Bergmann (1): optee: simplify i2c access drivers/tee/optee/rpc.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-)

3 years, 2 months

2
1
0 0

[PATCH] tee: optee: add invoke_fn tracepoints

by Jisheng Zhang

Add tracepoints to retrieve information about the invoke_fn. This would help to measure how many invoke_fn are triggered and how long it takes to complete one invoke_fn call. Signed-off-by: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> --- drivers/tee/optee/call.c | 4 ++ drivers/tee/optee/optee_trace.h | 65 +++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 drivers/tee/optee/optee_trace.h diff --git a/drivers/tee/optee/call.c b/drivers/tee/optee/call.c index 780d7c4fd756..9dbab10e7ac3 100644 --- a/drivers/tee/optee/call.c +++ b/drivers/tee/optee/call.c @@ -12,6 +12,8 @@ #include <linux/tee_drv.h> #include <linux/types.h> #include <linux/uaccess.h> +#define CREATE_TRACE_POINTS +#include "optee_trace.h" #include "optee_private.h" #include "optee_smc.h" @@ -138,9 +140,11 @@ u32 optee_do_call_with_arg(struct tee_context *ctx, phys_addr_t parg) while (true) { struct arm_smccc_res res; + trace_optee_invoke_fn_begin(&param); optee->invoke_fn(param.a0, param.a1, param.a2, param.a3, param.a4, param.a5, param.a6, param.a7, &res); + trace_optee_invoke_fn_end(&param, &res); if (res.a0 == OPTEE_SMC_RETURN_ETHREAD_LIMIT) { /* diff --git a/drivers/tee/optee/optee_trace.h b/drivers/tee/optee/optee_trace.h new file mode 100644 index 000000000000..f209df7004c2 --- /dev/null +++ b/drivers/tee/optee/optee_trace.h @@ -0,0 +1,65 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * optee trace points + * + * Copyright (C) 2021 Synaptics Incorporated + * Author: Jisheng Zhang <jszhang(a)kernel.org> + */ + +#undef TRACE_SYSTEM +#define TRACE_SYSTEM optee + +#if !defined(_TRACE_OPTEE_H) || defined(TRACE_HEADER_MULTI_READ) +#define _TRACE_OPTEE_H + +#include <linux/arm-smccc.h> +#include <linux/tracepoint.h> +#include "optee_private.h" + +TRACE_EVENT(optee_invoke_fn_begin, + TP_PROTO(struct optee_rpc_param *param), + TP_ARGS(param), + + TP_STRUCT__entry( + __field(void *, param) + __array(u32, args, 8) + ), + + TP_fast_assign( + __entry->param = param; + memcpy(__entry->args, param, sizeof(__entry->args)); + ), + + TP_printk("param=%p (%x, %x, %x, %x, %x, %x, %x, %x)", __entry->param, + __entry->args[0], __entry->args[1], __entry->args[2], + __entry->args[3], __entry->args[4], __entry->args[5], + __entry->args[6], __entry->args[7]) +); + +TRACE_EVENT(optee_invoke_fn_end, + TP_PROTO(struct optee_rpc_param *param, struct arm_smccc_res *res), + TP_ARGS(param, res), + + TP_STRUCT__entry( + __field(void *, param) + __array(unsigned long, rets, 4) + ), + + TP_fast_assign( + __entry->param = param; + memcpy(__entry->rets, res, sizeof(__entry->rets)); + ), + + TP_printk("param=%p ret (%lx, %lx, %lx, %lx)", __entry->param, + __entry->rets[0], __entry->rets[1], __entry->rets[2], + __entry->rets[3]) +); +#endif /* _TRACE_OPTEE_H */ + +#undef TRACE_INCLUDE_PATH +#define TRACE_INCLUDE_PATH . +#undef TRACE_INCLUDE_FILE +#define TRACE_INCLUDE_FILE optee_trace + +/* This part must be outside protection */ +#include <trace/define_trace.h> -- 2.30.0

3 years, 2 months

2
1
0 0

[PATCH] optee: simplify i2c access

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> Storing a bogus i2c_client structure on the stack adds overhead and causes a compile-time warning: drivers/tee/optee/rpc.c:493:6: error: stack frame size of 1056 bytes in function 'optee_handle_rpc' [-Werror,-Wframe-larger-than=] void optee_handle_rpc(struct tee_context *ctx, struct optee_rpc_param *param, Change the implementation of handle_rpc_func_cmd_i2c_transfer() to open-code the i2c_transfer() call, which makes it easier to read and avoids the warning. Fixes: c05210ab9757 ("drivers: optee: allow op-tee to access devices on the i2c bus") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- drivers/tee/optee/rpc.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index 1e3614e4798f..6cbb3643c6c4 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -54,8 +54,9 @@ static void handle_rpc_func_cmd_get_time(struct optee_msg_arg *arg) static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, struct optee_msg_arg *arg) { - struct i2c_client client = { 0 }; struct tee_param *params; + struct i2c_adapter *adapter; + struct i2c_msg msg = { }; size_t i; int ret = -EOPNOTSUPP; u8 attr[] = { @@ -85,48 +86,48 @@ static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, goto bad; } - client.adapter = i2c_get_adapter(params[0].u.value.b); - if (!client.adapter) + adapter = i2c_get_adapter(params[0].u.value.b); + if (!adapter) goto bad; if (params[1].u.value.a & OPTEE_MSG_RPC_CMD_I2C_FLAGS_TEN_BIT) { - if (!i2c_check_functionality(client.adapter, + if (!i2c_check_functionality(adapter, I2C_FUNC_10BIT_ADDR)) { - i2c_put_adapter(client.adapter); + i2c_put_adapter(adapter); goto bad; } - client.flags = I2C_CLIENT_TEN; + msg.flags = I2C_M_TEN; } - client.addr = params[0].u.value.c; - snprintf(client.name, I2C_NAME_SIZE, "i2c%d", client.adapter->nr); + msg.addr = params[0].u.value.c; + msg.buf = params[2].u.memref.shm->kaddr; + msg.len = params[2].u.memref.size; switch (params[0].u.value.a) { case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_RD: - ret = i2c_master_recv(&client, params[2].u.memref.shm->kaddr, - params[2].u.memref.size); + msg.flags |= I2C_M_RD; break; case OPTEE_MSG_RPC_CMD_I2C_TRANSFER_WR: - ret = i2c_master_send(&client, params[2].u.memref.shm->kaddr, - params[2].u.memref.size); break; default: - i2c_put_adapter(client.adapter); + i2c_put_adapter(adapter); goto bad; } + ret = i2c_transfer(adapter, &msg, 1); + if (ret < 0) { arg->ret = TEEC_ERROR_COMMUNICATION; } else { - params[3].u.value.a = ret; + params[3].u.value.a = msg.len; if (optee_to_msg_param(arg->params, arg->num_params, params)) arg->ret = TEEC_ERROR_BAD_PARAMETERS; else arg->ret = TEEC_SUCCESS; } - i2c_put_adapter(client.adapter); + i2c_put_adapter(adapter); kfree(params); return; bad: -- 2.29.2

3 years, 2 months

3
9
0 0

[GIT PULL] TEE housekeeping for v5.12

by Jens Wiklander

Hello arm-soc maintainers, Please pull these patches fixing some comment typos and also a larger patch syncing some internal OP-TEE driver headers with OP-TEE OS. Thanks, Jens The following changes since commit e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62: Linux 5.11-rc2 (2021-01-03 15:55:30 -0800) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/tee-housekeeping-for-v5.12 for you to fetch changes up to 617d8e8b347edcee6da38df0aeb671fc9c9ba19c: optee: sync OP-TEE headers (2021-02-02 14:50:41 +0100) ---------------------------------------------------------------- TEE subsystem housekeeping - Fixes some comment typos in header files - Updates to use flexible-array member instead of zero-length array - Syncs internal OP-TEE headers with the ones from OP-TEE OS ---------------------------------------------------------------- Bjorn Helgaas (1): tee: optee: fix 'physical' typos Elvira Khabirova (1): tee: fix some comment typos in header files Jens Wiklander (1): optee: sync OP-TEE headers Tian Tao (1): drivers: optee: use flexible-array member instead of zero-length array drivers/tee/optee/optee_msg.h | 158 +++----------------------------------- drivers/tee/optee/optee_rpc_cmd.h | 103 +++++++++++++++++++++++++ drivers/tee/optee/optee_smc.h | 72 +++++++++++------ drivers/tee/optee/rpc.c | 39 +++++----- include/linux/tee_drv.h | 2 +- include/uapi/linux/tee.h | 2 +- 6 files changed, 183 insertions(+), 193 deletions(-) create mode 100644 drivers/tee/optee/optee_rpc_cmd.h

3 years, 2 months

2
1
0 0

[GIT PULL] OP-TEE fix for v5.12

by Jens Wiklander

Hello arm-soc maintainers, Please pull this small fix removing an unnecessary call to need_resched() before cond_resched() while the OP-TEE driver is handing a RPC. Thanks, Jens The following changes since commit e71ba9452f0b5b2e8dc8aa5445198cd9214a6a62: Linux 5.11-rc2 (2021-01-03 15:55:30 -0800) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/optee-fix-cond-resched-call-for-v5.12 for you to fetch changes up to 958567600517fd15b7f35ca1a8be0104f0eb0686: tee: optee: remove need_resched() before cond_resched() (2021-02-03 08:11:11 +0100) ---------------------------------------------------------------- Remove unnecessary need_resched() before cond_resched() ---------------------------------------------------------------- Jens Wiklander (1): tee: optee: remove need_resched() before cond_resched() Rouven Czerwinski (1): tee: optee: replace might_sleep with cond_resched drivers/tee/optee/call.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

3 years, 2 months

2
1
0 0

[PATCH] hwrng: optee -: Use device-managed registration API

by Tian Tao

Use devm_hwrng_register to get rid of manual unregistration. Signed-off-by: Tian Tao <tiantao6(a)hisilicon.com> --- drivers/char/hw_random/optee-rng.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/char/hw_random/optee-rng.c b/drivers/char/hw_random/optee-rng.c index a99d829..135a825 100644 --- a/drivers/char/hw_random/optee-rng.c +++ b/drivers/char/hw_random/optee-rng.c @@ -243,7 +243,7 @@ static int optee_rng_probe(struct device *dev) if (err) goto out_sess; - err = hwrng_register(&pvt_data.optee_rng); + err = devm_hwrng_register(dev, &pvt_data.optee_rng); if (err) { dev_err(dev, "hwrng registration failed (%d)\n", err); goto out_sess; @@ -263,7 +263,6 @@ static int optee_rng_probe(struct device *dev) static int optee_rng_remove(struct device *dev) { - hwrng_unregister(&pvt_data.optee_rng); tee_client_close_session(pvt_data.ctx, pvt_data.session_id); tee_client_close_context(pvt_data.ctx); -- 2.7.4

3 years, 2 months

2
1
0 0

[PATCH] tee: fix some comment typos in header files

by Elvira Khabirova

struct tee_param: revc -> recv. TEE_IOC_SUPPL_SEND: typo introduced by copy-pasting, replace invalid description with description from the according argument struct. Signed-off-by: Elvira Khabirova <e.khabirova(a)omprussia.ru> --- include/linux/tee_drv.h | 2 +- include/uapi/linux/tee.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h index d074302989dd..61557bc0e29f 100644 --- a/include/linux/tee_drv.h +++ b/include/linux/tee_drv.h @@ -85,7 +85,7 @@ struct tee_param { * @close_session: close a session * @invoke_func: invoke a trusted function * @cancel_req: request cancel of an ongoing invoke or open - * @supp_revc: called for supplicant to get a command + * @supp_recv: called for supplicant to get a command * @supp_send: called for supplicant to send a response * @shm_register: register shared memory buffer in TEE * @shm_unregister: unregister shared memory buffer in TEE diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index b619f37ee03e..7546be5ed4f8 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -342,7 +342,7 @@ struct tee_iocl_supp_send_arg { }; /** - * TEE_IOC_SUPPL_SEND - Receive a request for a supplicant function + * TEE_IOC_SUPPL_SEND - Send a response to a received request * * Takes a struct tee_ioctl_buf_data which contains a struct * tee_iocl_supp_send_arg followed by any array of struct tee_param -- 2.28.0

3 years, 2 months

3
2
0 0

2024

2023

2022

2021

2020

OP-TEE February 2021