January 2023 - OP-TEE - lists.trustedfirmware.org

by Jens Wiklander

Hi, The recent patch [1] for the OP-TEE Dispatcher in TF-A proposes a way of post-boot loading OP-TEE by the Linux kernel with signature verification in the normal world only. This has previously been discussed in this mail thread [2] about half a year ago. Ultimately, it was concluded that this should in principle be accepted upstream as a platform choice to allow this or not. There are concerns that what we have in upstream TF-A should serve as good examples, and trusting the normal world to verify secure world software might not meet that criterion. There are also concerns about adding signature verification to BL31 Leaving the secure world wide open until the Linux kernel has been able to successfully load and verify an OP-TEE binary seems very risky. Even if it's claimed that the normal world can be trusted at this point, we're still giving up a critical level of defense without a good reason. I've started to review [1], but it should not be accepted for merging without support and approval from other maintainers. I would like to explore other options in this mail thread. In [2] it was suggested that a remnant of bl2 could be kept to verify OP-TEE before starting to execute it. This could be taken one step further and load a limited OP-TEE at boot which later is updated live, almost like what's discussed in [3]. This should minimize the impact on TF-A and also leave OP-TEE in charge of accepting an update instead of a divided responsibility between the normal world and TF-A. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/18635 [2] https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… [3] https://github.com/OP-TEE/optee_os/issues/5699 Thanks, Jens

1 year, 1 month

4
4
0 0

[RFC PATCH 0/2] introduce op-tee based EFI Runtime Variable Service

by Masahisa Kojima

This RFC series introduces the op-tee based EFI Runtime Variable Service. The eMMC device is typically owned by the non-secure world(linux in this case). There is an existing solution utilizing eMMC RPMB partition for EFI Variables, it is implemented by interacting with OP-TEE, StandaloneMM(as EFI Variable Service Pseudo TA), eMMC driver and tee-supplicant. The last piece is the tee-based variable access driver to interact with OP-TEE and StandaloneMM. Masahisa Kojima (2): efi: expose efivar generic ops register function tee: Add op-tee helper functions for variable access drivers/firmware/efi/efi.c | 12 + drivers/tee/optee/Kconfig | 10 + drivers/tee/optee/Makefile | 1 + drivers/tee/optee/mm_communication.h | 249 +++++++++++ drivers/tee/optee/optee_private.h | 5 +- drivers/tee/optee/optee_stmm_efi.c | 598 +++++++++++++++++++++++++++ drivers/tee/tee_core.c | 23 ++ include/linux/efi.h | 4 + include/linux/tee_drv.h | 23 ++ 9 files changed, 924 insertions(+), 1 deletion(-) create mode 100644 drivers/tee/optee/mm_communication.h create mode 100644 drivers/tee/optee/optee_stmm_efi.c -- 2.30.2

1 year, 2 months

5
15
0 0

[PATCH v2 0/1] tee: Add tee_shm_register_fd

by Olivier Masse

Add a new ioctl called TEE_IOC_SHM_REGISTER_FD to register a shared memory from a dmabuf file descriptor. This new ioctl will allow the Linux Kernel to register a buffer to be used by the Secure Data Path OPTEE OS feature. Please find more information here: https://static.linaro.org/connect/san19/presentations/san19-107.pdf Patch tested on Hikey 6220. Etienne Carriere (1): tee: new ioctl to a register tee_shm from a dmabuf file descriptor drivers/tee/tee_core.c | 38 +++++++++++++++ drivers/tee/tee_shm.c | 99 +++++++++++++++++++++++++++++++++++++++- include/linux/tee_drv.h | 11 +++++ include/uapi/linux/tee.h | 29 ++++++++++++ 4 files changed, 175 insertions(+), 2 deletions(-) -- 2.25.0

1 year, 2 months

9
24
0 0

[PATCH] ta: avb: fix object leakage at lock state write

by Ivan Khoronzhuk

From: Ivan Khoronzhuk <ivan.khoronzhuk(a)globallogic.com> Should close object created for reading, so better use seek and then close the object. Fixes: b29b41950 ("ta: add AVB TA") Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk(a)globallogic.com> --- ta/avb/entry.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ta/avb/entry.c b/ta/avb/entry.c index 4e57003e..a6e01035 100644 --- a/ta/avb/entry.c +++ b/ta/avb/entry.c @@ -239,7 +239,11 @@ static TEE_Result write_lock_state(uint32_t pt, if (count == sizeof(lock_state) && lock_state == wlock_state) goto out; - res = create_rb_state(wlock_state, &h); + res = TEE_SeekObjectData(h, 0, TEE_DATA_SEEK_SET); + if (res) + goto out; + + res = TEE_WriteObjectData(h, &wlock_state, sizeof(wlock_state)); out: TEE_CloseObject(h); return res; -- 2.34.1

1 year, 3 months

2
1
0 0

Linaro OP-TEE Contribution (LOC) monthly meeting January 24

by Jens Wiklander

Hi, It's soon time for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ I have one topic to discuss: OP-TEE 3.20.0 is just released and a PR [1] to upgrade from TEE Internal Core API version 1.1 to 1.3.1 is soon to be merged. This may bump the major OP-TEE version in the next release. There's in particular the define TEE_ALG_SM2_PKE which is tricky to keep compatible when upgrading. We have some time until the next release to determine if this is reason enough to bump the major version. Any other topics? [1] https://github.com/OP-TEE/optee_os/pull/5688 Thanks, Jens

1 year, 3 months

1
0
0 0

OP-TEE 3.20.0 has been released

by Jens Wiklander

Hi, I'm pleased to announce that OP-TEE version 3.20.0 is now available. The list of changes can be found in the changelog [1]. A blog post will be published soon on trustedfirmware.org [2]. A big thank you to everyone who participated with contributions and helping out with testing the release [3]. [1] https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md [2] https://www.trustedfirmware.org/blog/ [3] https://github.com/OP-TEE/optee_os/commit/8e74d47616a20eaa23ca692f4bbbf917a… Regards, Jens

1 year, 3 months

1
0
0 0

[PATCH 0/3] optee: async notif with PPI + interrupt provider

by Etienne Carriere

Dear all, This small series aggregates 2 change proposals related to OP-TEE async notif. I've made a single series since the 2 patches hit the same portions of optee driver source file and I think this will help the review. If you prefer having independent post and deal with the conflicts afterward, please tell me. Patch "optee: add per cpu asynchronous notification" aims at allowing optee to use a per-cpu interrupt (PPI on Arm CPUs) for async notif instead of a shared peripheral interrupt. The 2 next patches implement a new feature in OP-TEE, based on optee async notif. The allow optee driver to behave as an interrupt controller, for when a secure OP-TEE event is to be delivered to the Linux kernel as a interrupt event. Regards, Etienne Etienne Carriere (3): optee: add per cpu asynchronous notification dt-bindings: arm: optee: add interrupt controller properties optee core: add irq chip using optee async notification .../arm/firmware/linaro,optee-tz.yaml | 19 +- drivers/tee/optee/optee_private.h | 24 ++ drivers/tee/optee/optee_smc.h | 78 +++++- drivers/tee/optee/smc_abi.c | 249 +++++++++++++++++- 4 files changed, 358 insertions(+), 12 deletions(-) -- 2.25.1

1 year, 3 months

4
10
0 0

Preparing for OP-TEE 3.20.0

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE v3.20.0 is scheduled to be released on 2023-01-20. So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comments is https://github.com/OP-TEE/optee_os/pull/5751 As usual, we will create a release candidate tag one week before the release date for final testing. In addition to that you can find some additional information related to releases here: https://optee.readthedocs.io/en/latest/general/releases.html Thanks, Jens

1 year, 3 months

1
1
0 0

optee device tree and tee driver

by 梅建强(禹夜)

Hello expert, I have a few questions about the optee device tree and tee driver. In our environment, optee uses version 3.19 vexpress-fvp and runs on top of hafnium as SPMC. Here's my question. 1. Does the current optee version support adding ACPI table iterm for optee to enable REE to identify the installed optee driver so that TA and CA can establish communication? (I raise this question because I cannot find the corresponding optee node in "/sys/devices/platform" in the current linux environment. While in the QEMU runtime environment, the corresponding optee node is in "/proc/device-tree/firmware", i.e. "linaro,optee-tz".) 2. If I want to transfer dtb file which includes a device tree node written by optee to linux, How to configure CFG_DT, CFG_DT_ADDR, and CFG_EXTERNAL_DTB_OVERLAY? (I understand that this method should be independent from the method in question 1. If it is not, look forward your explain.) Looking forward to your reply. Thanks. regards, yuye

1 year, 3 months

2
4
0 0

[PATCH] tee: optee: ffa_abi: Fix use-after-free in optee_ffa_open

by Yoochan Lee

A race condition may occur if the user physically removes the ffa_abi device while calling open(). This is a race condition between optee_open() function and the optee_ffa_remove() function, which may lead to Use-After-Free. Therefore, add a refcount check to optee_ffa_remove() function to free the "optee" structure after the device is close()d. ---------------CPU 0--------------------CPU 1----------------- optee_open() | optee_ffa_remove() -------------------------------------------------------------- struct optee *optee = tee_get_| drvdata(teedev); — (1) | | struct optee *optee = ffa_dev_ | get_drvdata(ffa_dev); | ... | kfree(optee); — (2) if (teedev == optee->supp_ | teedev) { — (3) | Signed-off-by: Yoochan Lee <yoochan1026(a)gmail.com> --- drivers/tee/optee/ffa_abi.c | 49 +++++++++++++++++++++++++------ drivers/tee/optee/optee_private.h | 1 + 2 files changed, 41 insertions(+), 9 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 0828240f27e6..ea76d7532419 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -726,15 +726,52 @@ static void optee_ffa_get_version(struct tee_device *teedev, *vers = v; } +static void optee_ffa_delete(struct kref *kref) +{ + struct optee *optee = container_of(kref, struct optee, refcnt); + + optee_remove_common(optee); + + mutex_destroy(&optee->ffa.mutex); + rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL); + + kfree(optee); + +} + +static void optee_ffa_release(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(teedev); + + optee_release_helper(ctx, optee_close_session_helper); + kref_put(&optee->refcnt, optee_ffa_delete); +} + +void optee_ffa_release_supp(struct tee_context *ctx) +{ + struct optee *optee = tee_get_drvdata(ctx->teedev); + + optee_release_helper(ctx, optee_close_session_helper); + if (optee->scan_bus_wq) { + destroy_workqueue(optee->scan_bus_wq); + optee->scan_bus_wq = NULL; + } + optee_supp_release(&optee->supp); + kref_put(&optee->refcnt, optee_ffa_delete); +} + static int optee_ffa_open(struct tee_context *ctx) { + struct optee *optee = tee_get_drvdata(teedev); + kref_get(&optee->refcnt); + return optee_open(ctx, true); } static const struct tee_driver_ops optee_ffa_clnt_ops = { .get_version = optee_ffa_get_version, .open = optee_ffa_open, - .release = optee_release, + .release = optee_ffa_release, .open_session = optee_open_session, .close_session = optee_close_session, .invoke_func = optee_invoke_func, @@ -752,7 +789,7 @@ static const struct tee_desc optee_ffa_clnt_desc = { static const struct tee_driver_ops optee_ffa_supp_ops = { .get_version = optee_ffa_get_version, .open = optee_ffa_open, - .release = optee_release_supp, + .release = optee_ffa_release_supp, .supp_recv = optee_supp_recv, .supp_send = optee_supp_send, .shm_register = optee_ffa_shm_register, /* same as for clnt ops */ @@ -775,13 +812,7 @@ static const struct optee_ops optee_ffa_ops = { static void optee_ffa_remove(struct ffa_device *ffa_dev) { struct optee *optee = ffa_dev_get_drvdata(ffa_dev); - - optee_remove_common(optee); - - mutex_destroy(&optee->ffa.mutex); - rhashtable_free_and_destroy(&optee->ffa.global_ids, rh_free_fn, NULL); - - kfree(optee); + kref_put(&optee->refcnt, optee_ffa_delete); } static int optee_ffa_probe(struct ffa_device *ffa_dev) diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 04ae58892608..f52b1cf20eab 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -175,6 +175,7 @@ struct optee { bool scan_bus_done; struct workqueue_struct *scan_bus_wq; struct work_struct scan_bus_work; + struct kref refcnt; }; struct optee_session { -- 2.39.0

1 year, 3 months

3
4
0 0

2024

2023

2022

2021

2020

OP-TEE January 2023