November 2023 - OP-TEE - lists.trustedfirmware.org

[PATCH v2] tee: Use iov_iter to better support shared buffer registration

by Arnaud Pouliquen

It is not possible to register buffers allocated with vmalloc. Use iov_iter and associated helper functions to manage the page registration for all type of memories. Suggested-by: Christoph Hellwig <hch(a)infradead.org> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> --- update from V1 to V2: - replace ITER_SOURCE by ITER_DEST flag in tee_shm_register_user_buf(), - replace IS_ERR_OR NULL(shm) by IS_ERR(shm) in tee_shm_register_user_buf(). V1: The support of buffer registration allocated with vmalloc is no more available since c83900393aa1 ("tee: Remove vmalloc page support"). This patch is an alternative to a revert and resulted from a discussion with Christopher Hellwig [1]. This patch has been tested using xtest tool in optee qemu environment [2] and using the series related to the remoteproc tee that should be proposed soon [3]. References: [1] https://lore.kernel.org/linux-arm-kernel/18a8528d-7d9d-6ed0-0045-5ee47dd39f… [2] https://optee.readthedocs.io/en/latest/building/devices/qemu.html#build-ins… [3] https://lore.kernel.org/linux-arm-kernel/18a8528d-7d9d-6ed0-0045-5ee47dd39f… --- drivers/tee/tee_shm.c | 72 +++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 673cf0359494..4a24b9942938 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -22,23 +22,13 @@ static void shm_put_kernel_pages(struct page **pages, size_t page_count) put_page(pages[n]); } -static int shm_get_kernel_pages(unsigned long start, size_t page_count, - struct page **pages) +static void shm_get_kernel_pages(struct page **pages, size_t page_count) { - struct page *page; size_t n; - if (WARN_ON_ONCE(is_vmalloc_addr((void *)start) || - is_kmap_addr((void *)start))) - return -EINVAL; - - page = virt_to_page((void *)start); - for (n = 0; n < page_count; n++) { - pages[n] = page + n; + /* iov_iter_extract_kvec_pages does not get reference on the pages, get a pin on them. */ + for (n = 0; n < page_count; n++) get_page(pages[n]); - } - - return page_count; } static void release_registered_pages(struct tee_shm *shm) @@ -214,13 +204,12 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size) EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf); static struct tee_shm * -register_shm_helper(struct tee_context *ctx, unsigned long addr, - size_t length, u32 flags, int id) +register_shm_helper(struct tee_context *ctx, struct iov_iter *iter, u32 flags, int id) { struct tee_device *teedev = ctx->teedev; struct tee_shm *shm; - unsigned long start; - size_t num_pages; + unsigned long start, addr; + size_t num_pages, length, len, off; void *ret; int rc; @@ -245,31 +234,31 @@ register_shm_helper(struct tee_context *ctx, unsigned long addr, shm->flags = flags; shm->ctx = ctx; shm->id = id; - addr = untagged_addr(addr); + addr = (unsigned long)iter_iov_addr(iter); + length = iter_iov_len(iter); start = rounddown(addr, PAGE_SIZE); - shm->offset = addr - start; - shm->size = length; - num_pages = (roundup(addr + length, PAGE_SIZE) - start) / PAGE_SIZE; + num_pages = iov_iter_npages(iter, INT_MAX); + if (!num_pages) { + ret = ERR_PTR(-ENOMEM); + goto err_ctx_put; + } + shm->pages = kcalloc(num_pages, sizeof(*shm->pages), GFP_KERNEL); if (!shm->pages) { ret = ERR_PTR(-ENOMEM); goto err_free_shm; } - if (flags & TEE_SHM_USER_MAPPED) - rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, - shm->pages); - else - rc = shm_get_kernel_pages(start, num_pages, shm->pages); - if (rc > 0) - shm->num_pages = rc; - if (rc != num_pages) { - if (rc >= 0) - rc = -ENOMEM; - ret = ERR_PTR(rc); + len = iov_iter_extract_pages(iter, &shm->pages, LONG_MAX, num_pages, 0, &off); + if (len != length) { + ret = len ? ERR_PTR(len) : ERR_PTR(-ENOMEM); goto err_put_shm_pages; } + shm->offset = off; + shm->size = len; + shm->num_pages = num_pages; + rc = teedev->desc->ops->shm_register(ctx, shm, shm->pages, shm->num_pages, start); if (rc) { @@ -307,6 +296,8 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, u32 flags = TEE_SHM_USER_MAPPED | TEE_SHM_DYNAMIC; struct tee_device *teedev = ctx->teedev; struct tee_shm *shm; + struct iovec iov; + struct iov_iter iter; void *ret; int id; @@ -319,7 +310,10 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, if (id < 0) return ERR_PTR(id); - shm = register_shm_helper(ctx, addr, length, flags, id); + iov.iov_base = (void __user *)addr; + iov.iov_len = length; + iov_iter_init(&iter, ITER_DEST, &iov, 1, length); + shm = register_shm_helper(ctx, &iter, flags, id); if (IS_ERR(shm)) { mutex_lock(&teedev->mutex); idr_remove(&teedev->idr, id); @@ -351,9 +345,19 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx, void *addr, size_t length) { + struct tee_shm *shm; u32 flags = TEE_SHM_DYNAMIC; + struct kvec kvec; + struct iov_iter iter; - return register_shm_helper(ctx, (unsigned long)addr, length, flags, -1); + kvec.iov_base = addr; + kvec.iov_len = length; + iov_iter_kvec(&iter, ITER_DEST, &kvec, 1, length); + shm = register_shm_helper(ctx, &iter, flags, -1); + if (!IS_ERR(shm)) + shm_get_kernel_pages(shm->pages, shm->num_pages); + + return shm; } EXPORT_SYMBOL_GPL(tee_shm_register_kernel_buf); -- 2.25.1

5 months, 1 week

2
1
0 0

[PATCH v2] Documentation: Destage TEE subsystem documentation

by Sumit Garg

Add a separate documentation directory for TEE subsystem since it is a standalone subsystem which already offers devices consumed by multiple different subsystem drivers. Split overall TEE subsystem documentation modularly where: - The userspace API has been moved to Documentation/userspace-api/tee.rst. - The driver API has been moved to Documentation/driver-api/tee.rst. - The first module covers the overview of TEE subsystem. - The further modules are dedicated to different TEE implementations like: - OP-TEE - AMD-TEE - and so on for future TEE implementation support. Signed-off-by: Sumit Garg <sumit.garg(a)linaro.org> --- Changes in v2: - Move userspace API to Documentation/userspace-api/tee.rst. - Move driver API to Documentation/driver-api/tee.rst. Documentation/driver-api/index.rst | 1 + Documentation/driver-api/tee.rst | 66 +++++ Documentation/staging/index.rst | 1 - Documentation/staging/tee.rst | 364 -------------------------- Documentation/subsystem-apis.rst | 1 + Documentation/tee/amd-tee.rst | 90 +++++++ Documentation/tee/index.rst | 19 ++ Documentation/tee/op-tee.rst | 166 ++++++++++++ Documentation/tee/tee.rst | 22 ++ Documentation/userspace-api/index.rst | 1 + Documentation/userspace-api/tee.rst | 39 +++ MAINTAINERS | 4 +- 12 files changed, 408 insertions(+), 366 deletions(-) create mode 100644 Documentation/driver-api/tee.rst delete mode 100644 Documentation/staging/tee.rst create mode 100644 Documentation/tee/amd-tee.rst create mode 100644 Documentation/tee/index.rst create mode 100644 Documentation/tee/op-tee.rst create mode 100644 Documentation/tee/tee.rst create mode 100644 Documentation/userspace-api/tee.rst diff --git a/Documentation/driver-api/index.rst b/Documentation/driver-api/index.rst index 1e16a40da3ba..b4214d98d7b5 100644 --- a/Documentation/driver-api/index.rst +++ b/Documentation/driver-api/index.rst @@ -114,6 +114,7 @@ available subsections can be seen below. zorro hte/index wmi + tee .. only:: subproject and html diff --git a/Documentation/driver-api/tee.rst b/Documentation/driver-api/tee.rst new file mode 100644 index 000000000000..5eaeb8103988 --- /dev/null +++ b/Documentation/driver-api/tee.rst @@ -0,0 +1,66 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=============================================== +TEE (Trusted Execution Environment) driver API +=============================================== + +Kernel provides a TEE bus infrastructure where a Trusted Application is +represented as a device identified via Universally Unique Identifier (UUID) and +client drivers register a table of supported device UUIDs. + +TEE bus infrastructure registers following APIs: + +match(): + iterates over the client driver UUID table to find a corresponding + match for device UUID. If a match is found, then this particular device is + probed via corresponding probe API registered by the client driver. This + process happens whenever a device or a client driver is registered with TEE + bus. + +uevent(): + notifies user-space (udev) whenever a new device is registered on + TEE bus for auto-loading of modularized client drivers. + +TEE bus device enumeration is specific to underlying TEE implementation, so it +is left open for TEE drivers to provide corresponding implementation. + +Then TEE client driver can talk to a matched Trusted Application using APIs +listed in include/linux/tee_drv.h. + +TEE client driver example +------------------------- + +Suppose a TEE client driver needs to communicate with a Trusted Application +having UUID: ``ac6a4085-0e82-4c33-bf98-8eb8e118b6c2``, so driver registration +snippet would look like:: + + static const struct tee_client_device_id client_id_table[] = { + {UUID_INIT(0xac6a4085, 0x0e82, 0x4c33, + 0xbf, 0x98, 0x8e, 0xb8, 0xe1, 0x18, 0xb6, 0xc2)}, + {} + }; + + MODULE_DEVICE_TABLE(tee, client_id_table); + + static struct tee_client_driver client_driver = { + .id_table = client_id_table, + .driver = { + .name = DRIVER_NAME, + .bus = &tee_bus_type, + .probe = client_probe, + .remove = client_remove, + }, + }; + + static int __init client_init(void) + { + return driver_register(&client_driver.driver); + } + + static void __exit client_exit(void) + { + driver_unregister(&client_driver.driver); + } + + module_init(client_init); + module_exit(client_exit); diff --git a/Documentation/staging/index.rst b/Documentation/staging/index.rst index ded8254bc0d7..71592f3ce89b 100644 --- a/Documentation/staging/index.rst +++ b/Documentation/staging/index.rst @@ -12,5 +12,4 @@ Unsorted Documentation rpmsg speculation static-keys - tee xz diff --git a/Documentation/staging/tee.rst b/Documentation/staging/tee.rst deleted file mode 100644 index 22baa077a3b9..000000000000 --- a/Documentation/staging/tee.rst +++ /dev/null @@ -1,364 +0,0 @@ -============= -TEE subsystem -============= - -This document describes the TEE subsystem in Linux. - -A TEE (Trusted Execution Environment) is a trusted OS running in some -secure environment, for example, TrustZone on ARM CPUs, or a separate -secure co-processor etc. A TEE driver handles the details needed to -communicate with the TEE. - -This subsystem deals with: - -- Registration of TEE drivers - -- Managing shared memory between Linux and the TEE - -- Providing a generic API to the TEE - -The TEE interface -================= - -include/uapi/linux/tee.h defines the generic interface to a TEE. - -User space (the client) connects to the driver by opening /dev/tee[0-9]* or -/dev/teepriv[0-9]*. - -- TEE_IOC_SHM_ALLOC allocates shared memory and returns a file descriptor - which user space can mmap. When user space doesn't need the file - descriptor any more, it should be closed. When shared memory isn't needed - any longer it should be unmapped with munmap() to allow the reuse of - memory. - -- TEE_IOC_VERSION lets user space know which TEE this driver handles and - its capabilities. - -- TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application. - -- TEE_IOC_INVOKE invokes a function in a Trusted Application. - -- TEE_IOC_CANCEL may cancel an ongoing TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. - -- TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application. - -There are two classes of clients, normal clients and supplicants. The latter is -a helper process for the TEE to access resources in Linux, for example file -system access. A normal client opens /dev/tee[0-9]* and a supplicant opens -/dev/teepriv[0-9]. - -Much of the communication between clients and the TEE is opaque to the -driver. The main job for the driver is to receive requests from the -clients, forward them to the TEE and send back the results. In the case of -supplicants the communication goes in the other direction, the TEE sends -requests to the supplicant which then sends back the result. - -The TEE kernel interface -======================== - -Kernel provides a TEE bus infrastructure where a Trusted Application is -represented as a device identified via Universally Unique Identifier (UUID) and -client drivers register a table of supported device UUIDs. - -TEE bus infrastructure registers following APIs: - -match(): - iterates over the client driver UUID table to find a corresponding - match for device UUID. If a match is found, then this particular device is - probed via corresponding probe API registered by the client driver. This - process happens whenever a device or a client driver is registered with TEE - bus. - -uevent(): - notifies user-space (udev) whenever a new device is registered on - TEE bus for auto-loading of modularized client drivers. - -TEE bus device enumeration is specific to underlying TEE implementation, so it -is left open for TEE drivers to provide corresponding implementation. - -Then TEE client driver can talk to a matched Trusted Application using APIs -listed in include/linux/tee_drv.h. - -TEE client driver example -------------------------- - -Suppose a TEE client driver needs to communicate with a Trusted Application -having UUID: ``ac6a4085-0e82-4c33-bf98-8eb8e118b6c2``, so driver registration -snippet would look like:: - - static const struct tee_client_device_id client_id_table[] = { - {UUID_INIT(0xac6a4085, 0x0e82, 0x4c33, - 0xbf, 0x98, 0x8e, 0xb8, 0xe1, 0x18, 0xb6, 0xc2)}, - {} - }; - - MODULE_DEVICE_TABLE(tee, client_id_table); - - static struct tee_client_driver client_driver = { - .id_table = client_id_table, - .driver = { - .name = DRIVER_NAME, - .bus = &tee_bus_type, - .probe = client_probe, - .remove = client_remove, - }, - }; - - static int __init client_init(void) - { - return driver_register(&client_driver.driver); - } - - static void __exit client_exit(void) - { - driver_unregister(&client_driver.driver); - } - - module_init(client_init); - module_exit(client_exit); - -OP-TEE driver -============= - -The OP-TEE driver handles OP-TEE [1] based TEEs. Currently it is only the ARM -TrustZone based OP-TEE solution that is supported. - -Lowest level of communication with OP-TEE builds on ARM SMC Calling -Convention (SMCCC) [2], which is the foundation for OP-TEE's SMC interface -[3] used internally by the driver. Stacked on top of that is OP-TEE Message -Protocol [4]. - -OP-TEE SMC interface provides the basic functions required by SMCCC and some -additional functions specific for OP-TEE. The most interesting functions are: - -- OPTEE_SMC_FUNCID_CALLS_UID (part of SMCCC) returns the version information - which is then returned by TEE_IOC_VERSION - -- OPTEE_SMC_CALL_GET_OS_UUID returns the particular OP-TEE implementation, used - to tell, for instance, a TrustZone OP-TEE apart from an OP-TEE running on a - separate secure co-processor. - -- OPTEE_SMC_CALL_WITH_ARG drives the OP-TEE message protocol - -- OPTEE_SMC_GET_SHM_CONFIG lets the driver and OP-TEE agree on which memory - range to used for shared memory between Linux and OP-TEE. - -The GlobalPlatform TEE Client API [5] is implemented on top of the generic -TEE API. - -Picture of the relationship between the different components in the -OP-TEE architecture:: - - User space Kernel Secure world - ~~~~~~~~~~ ~~~~~~ ~~~~~~~~~~~~ - +--------+ +-------------+ - | Client | | Trusted | - +--------+ | Application | - /\ +-------------+ - || +----------+ /\ - || |tee- | || - || |supplicant| \/ - || +----------+ +-------------+ - \/ /\ | TEE Internal| - +-------+ || | API | - + TEE | || +--------+--------+ +-------------+ - | Client| || | TEE | OP-TEE | | OP-TEE | - | API | \/ | subsys | driver | | Trusted OS | - +-------+----------------+----+-------+----+-----------+-------------+ - | Generic TEE API | | OP-TEE MSG | - | IOCTL (TEE_IOC_*) | | SMCCC (OPTEE_SMC_CALL_*) | - +-----------------------------+ +------------------------------+ - -RPC (Remote Procedure Call) are requests from secure world to kernel driver -or tee-supplicant. An RPC is identified by a special range of SMCCC return -values from OPTEE_SMC_CALL_WITH_ARG. RPC messages which are intended for the -kernel are handled by the kernel driver. Other RPC messages will be forwarded to -tee-supplicant without further involvement of the driver, except switching -shared memory buffer representation. - -OP-TEE device enumeration -------------------------- - -OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in -order to support device enumeration. In other words, OP-TEE driver invokes this -application to retrieve a list of Trusted Applications which can be registered -as devices on the TEE bus. - -OP-TEE notifications --------------------- - -There are two kinds of notifications that secure world can use to make -normal world aware of some event. - -1. Synchronous notifications delivered with ``OPTEE_RPC_CMD_NOTIFICATION`` - using the ``OPTEE_RPC_NOTIFICATION_SEND`` parameter. -2. Asynchronous notifications delivered with a combination of a non-secure - edge-triggered interrupt and a fast call from the non-secure interrupt - handler. - -Synchronous notifications are limited by depending on RPC for delivery, -this is only usable when secure world is entered with a yielding call via -``OPTEE_SMC_CALL_WITH_ARG``. This excludes such notifications from secure -world interrupt handlers. - -An asynchronous notification is delivered via a non-secure edge-triggered -interrupt to an interrupt handler registered in the OP-TEE driver. The -actual notification value are retrieved with the fast call -``OPTEE_SMC_GET_ASYNC_NOTIF_VALUE``. Note that one interrupt can represent -multiple notifications. - -One notification value ``OPTEE_SMC_ASYNC_NOTIF_VALUE_DO_BOTTOM_HALF`` has a -special meaning. When this value is received it means that normal world is -supposed to make a yielding call ``OPTEE_MSG_CMD_DO_BOTTOM_HALF``. This -call is done from the thread assisting the interrupt handler. This is a -building block for OP-TEE OS in secure world to implement the top half and -bottom half style of device drivers. - -OPTEE_INSECURE_LOAD_IMAGE Kconfig option ----------------------------------------- - -The OPTEE_INSECURE_LOAD_IMAGE Kconfig option enables the ability to load the -BL32 OP-TEE image from the kernel after the kernel boots, rather than loading -it from the firmware before the kernel boots. This also requires enabling the -corresponding option in Trusted Firmware for Arm. The Trusted Firmware for Arm -documentation [8] explains the security threat associated with enabling this as -well as mitigations at the firmware and platform level. - -There are additional attack vectors/mitigations for the kernel that should be -addressed when using this option. - -1. Boot chain security. - - * Attack vector: Replace the OP-TEE OS image in the rootfs to gain control of - the system. - - * Mitigation: There must be boot chain security that verifies the kernel and - rootfs, otherwise an attacker can modify the loaded OP-TEE binary by - modifying it in the rootfs. - -2. Alternate boot modes. - - * Attack vector: Using an alternate boot mode (i.e. recovery mode), the - OP-TEE driver isn't loaded, leaving the SMC hole open. - - * Mitigation: If there are alternate methods of booting the device, such as a - recovery mode, it should be ensured that the same mitigations are applied - in that mode. - -3. Attacks prior to SMC invocation. - - * Attack vector: Code that is executed prior to issuing the SMC call to load - OP-TEE can be exploited to then load an alternate OS image. - - * Mitigation: The OP-TEE driver must be loaded before any potential attack - vectors are opened up. This should include mounting of any modifiable - filesystems, opening of network ports or communicating with external - devices (e.g. USB). - -4. Blocking SMC call to load OP-TEE. - - * Attack vector: Prevent the driver from being probed, so the SMC call to - load OP-TEE isn't executed when desired, leaving it open to being executed - later and loading a modified OS. - - * Mitigation: It is recommended to build the OP-TEE driver as builtin driver - rather than as a module to prevent exploits that may cause the module to - not be loaded. - -AMD-TEE driver -============== - -The AMD-TEE driver handles the communication with AMD's TEE environment. The -TEE environment is provided by AMD Secure Processor. - -The AMD Secure Processor (formerly called Platform Security Processor or PSP) -is a dedicated processor that features ARM TrustZone technology, along with a -software-based Trusted Execution Environment (TEE) designed to enable -third-party Trusted Applications. This feature is currently enabled only for -APUs. - -The following picture shows a high level overview of AMD-TEE:: - - | - x86 | - | - User space (Kernel space) | AMD Secure Processor (PSP) - ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ - | - +--------+ | +-------------+ - | Client | | | Trusted | - +--------+ | | Application | - /\ | +-------------+ - || | /\ - || | || - || | \/ - || | +----------+ - || | | TEE | - || | | Internal | - \/ | | API | - +---------+ +-----------+---------+ +----------+ - | TEE | | TEE | AMD-TEE | | AMD-TEE | - | Client | | subsystem | driver | | Trusted | - | API | | | | | OS | - +---------+-----------+----+------+---------+---------+----------+ - | Generic TEE API | | ASP | Mailbox | - | IOCTL (TEE_IOC_*) | | driver | Register Protocol | - +--------------------------+ +---------+--------------------+ - -At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the -CPU to PSP mailbox register to submit commands to the PSP. The format of the -command buffer is opaque to the ASP driver. It's role is to submit commands to -the secure processor and return results to AMD-TEE driver. The interface -between AMD-TEE driver and AMD Secure Processor driver can be found in [6]. - -The AMD-TEE driver packages the command buffer payload for processing in TEE. -The command buffer format for the different TEE commands can be found in [7]. - -The TEE commands supported by AMD-TEE Trusted OS are: - -* TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into - TEE environment. -* TEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment. -* TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA. -* TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA -* TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA -* TEE_CMD_ID_MAP_SHARED_MEM - maps shared memory -* TEE_CMD_ID_UNMAP_SHARED_MEM - unmaps shared memory - -AMD-TEE Trusted OS is the firmware running on AMD Secure Processor. - -The AMD-TEE driver registers itself with TEE subsystem and implements the -following driver function callbacks: - -* get_version - returns the driver implementation id and capability. -* open - sets up the driver context data structure. -* release - frees up driver resources. -* open_session - loads the TA binary and opens session with loaded TA. -* close_session - closes session with loaded TA and unloads it. -* invoke_func - invokes a command with loaded TA. - -cancel_req driver callback is not supported by AMD-TEE. - -The GlobalPlatform TEE Client API [5] can be used by the user space (client) to -talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening -a session, invoking commands and closing session with TA. - -References -========== - -[1] https://github.com/OP-TEE/optee_os - -[2] http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html - -[3] drivers/tee/optee/optee_smc.h - -[4] drivers/tee/optee/optee_msg.h - -[5] http://www.globalplatform.org/specificationsdevice.asp look for - "TEE Client API Specification v1.0" and click download. - -[6] include/linux/psp-tee.h - -[7] drivers/tee/amdtee/amdtee_if.h - -[8] https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_mode… diff --git a/Documentation/subsystem-apis.rst b/Documentation/subsystem-apis.rst index 90a0535a932a..1666f11de8df 100644 --- a/Documentation/subsystem-apis.rst +++ b/Documentation/subsystem-apis.rst @@ -86,3 +86,4 @@ Storage interfaces misc-devices/index peci/index wmi/index + tee/index diff --git a/Documentation/tee/amd-tee.rst b/Documentation/tee/amd-tee.rst new file mode 100644 index 000000000000..51500fde7038 --- /dev/null +++ b/Documentation/tee/amd-tee.rst @@ -0,0 +1,90 @@ +.. SPDX-License-Identifier: GPL-2.0 + +============================================= +AMD-TEE (AMD's Trusted Execution Environment) +============================================= + +The AMD-TEE driver handles the communication with AMD's TEE environment. The +TEE environment is provided by AMD Secure Processor. + +The AMD Secure Processor (formerly called Platform Security Processor or PSP) +is a dedicated processor that features ARM TrustZone technology, along with a +software-based Trusted Execution Environment (TEE) designed to enable +third-party Trusted Applications. This feature is currently enabled only for +APUs. + +The following picture shows a high level overview of AMD-TEE:: + + | + x86 | + | + User space (Kernel space) | AMD Secure Processor (PSP) + ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ + | + +--------+ | +-------------+ + | Client | | | Trusted | + +--------+ | | Application | + /\ | +-------------+ + || | /\ + || | || + || | \/ + || | +----------+ + || | | TEE | + || | | Internal | + \/ | | API | + +---------+ +-----------+---------+ +----------+ + | TEE | | TEE | AMD-TEE | | AMD-TEE | + | Client | | subsystem | driver | | Trusted | + | API | | | | | OS | + +---------+-----------+----+------+---------+---------+----------+ + | Generic TEE API | | ASP | Mailbox | + | IOCTL (TEE_IOC_*) | | driver | Register Protocol | + +--------------------------+ +---------+--------------------+ + +At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the +CPU to PSP mailbox register to submit commands to the PSP. The format of the +command buffer is opaque to the ASP driver. It's role is to submit commands to +the secure processor and return results to AMD-TEE driver. The interface +between AMD-TEE driver and AMD Secure Processor driver can be found in [1]. + +The AMD-TEE driver packages the command buffer payload for processing in TEE. +The command buffer format for the different TEE commands can be found in [2]. + +The TEE commands supported by AMD-TEE Trusted OS are: + +* TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into + TEE environment. +* TEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment. +* TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA. +* TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA +* TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA +* TEE_CMD_ID_MAP_SHARED_MEM - maps shared memory +* TEE_CMD_ID_UNMAP_SHARED_MEM - unmaps shared memory + +AMD-TEE Trusted OS is the firmware running on AMD Secure Processor. + +The AMD-TEE driver registers itself with TEE subsystem and implements the +following driver function callbacks: + +* get_version - returns the driver implementation id and capability. +* open - sets up the driver context data structure. +* release - frees up driver resources. +* open_session - loads the TA binary and opens session with loaded TA. +* close_session - closes session with loaded TA and unloads it. +* invoke_func - invokes a command with loaded TA. + +cancel_req driver callback is not supported by AMD-TEE. + +The GlobalPlatform TEE Client API [3] can be used by the user space (client) to +talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening +a session, invoking commands and closing session with TA. + +References +========== + +[1] include/linux/psp-tee.h + +[2] drivers/tee/amdtee/amdtee_if.h + +[3] http://www.globalplatform.org/specificationsdevice.asp look for + "TEE Client API Specification v1.0" and click download. diff --git a/Documentation/tee/index.rst b/Documentation/tee/index.rst new file mode 100644 index 000000000000..a23bd08847e5 --- /dev/null +++ b/Documentation/tee/index.rst @@ -0,0 +1,19 @@ +.. SPDX-License-Identifier: GPL-2.0 + +============= +TEE Subsystem +============= + +.. toctree:: + :maxdepth: 1 + + tee + op-tee + amd-tee + +.. only:: subproject and html + + Indices + ======= + + * :ref:`genindex` diff --git a/Documentation/tee/op-tee.rst b/Documentation/tee/op-tee.rst new file mode 100644 index 000000000000..b0ac097d5547 --- /dev/null +++ b/Documentation/tee/op-tee.rst @@ -0,0 +1,166 @@ +.. SPDX-License-Identifier: GPL-2.0 + +==================================================== +OP-TEE (Open Portable Trusted Execution Environment) +==================================================== + +The OP-TEE driver handles OP-TEE [1] based TEEs. Currently it is only the ARM +TrustZone based OP-TEE solution that is supported. + +Lowest level of communication with OP-TEE builds on ARM SMC Calling +Convention (SMCCC) [2], which is the foundation for OP-TEE's SMC interface +[3] used internally by the driver. Stacked on top of that is OP-TEE Message +Protocol [4]. + +OP-TEE SMC interface provides the basic functions required by SMCCC and some +additional functions specific for OP-TEE. The most interesting functions are: + +- OPTEE_SMC_FUNCID_CALLS_UID (part of SMCCC) returns the version information + which is then returned by TEE_IOC_VERSION + +- OPTEE_SMC_CALL_GET_OS_UUID returns the particular OP-TEE implementation, used + to tell, for instance, a TrustZone OP-TEE apart from an OP-TEE running on a + separate secure co-processor. + +- OPTEE_SMC_CALL_WITH_ARG drives the OP-TEE message protocol + +- OPTEE_SMC_GET_SHM_CONFIG lets the driver and OP-TEE agree on which memory + range to used for shared memory between Linux and OP-TEE. + +The GlobalPlatform TEE Client API [5] is implemented on top of the generic +TEE API. + +Picture of the relationship between the different components in the +OP-TEE architecture:: + + User space Kernel Secure world + ~~~~~~~~~~ ~~~~~~ ~~~~~~~~~~~~ + +--------+ +-------------+ + | Client | | Trusted | + +--------+ | Application | + /\ +-------------+ + || +----------+ /\ + || |tee- | || + || |supplicant| \/ + || +----------+ +-------------+ + \/ /\ | TEE Internal| + +-------+ || | API | + + TEE | || +--------+--------+ +-------------+ + | Client| || | TEE | OP-TEE | | OP-TEE | + | API | \/ | subsys | driver | | Trusted OS | + +-------+----------------+----+-------+----+-----------+-------------+ + | Generic TEE API | | OP-TEE MSG | + | IOCTL (TEE_IOC_*) | | SMCCC (OPTEE_SMC_CALL_*) | + +-----------------------------+ +------------------------------+ + +RPC (Remote Procedure Call) are requests from secure world to kernel driver +or tee-supplicant. An RPC is identified by a special range of SMCCC return +values from OPTEE_SMC_CALL_WITH_ARG. RPC messages which are intended for the +kernel are handled by the kernel driver. Other RPC messages will be forwarded to +tee-supplicant without further involvement of the driver, except switching +shared memory buffer representation. + +OP-TEE device enumeration +------------------------- + +OP-TEE provides a pseudo Trusted Application: drivers/tee/optee/device.c in +order to support device enumeration. In other words, OP-TEE driver invokes this +application to retrieve a list of Trusted Applications which can be registered +as devices on the TEE bus. + +OP-TEE notifications +-------------------- + +There are two kinds of notifications that secure world can use to make +normal world aware of some event. + +1. Synchronous notifications delivered with ``OPTEE_RPC_CMD_NOTIFICATION`` + using the ``OPTEE_RPC_NOTIFICATION_SEND`` parameter. +2. Asynchronous notifications delivered with a combination of a non-secure + edge-triggered interrupt and a fast call from the non-secure interrupt + handler. + +Synchronous notifications are limited by depending on RPC for delivery, +this is only usable when secure world is entered with a yielding call via +``OPTEE_SMC_CALL_WITH_ARG``. This excludes such notifications from secure +world interrupt handlers. + +An asynchronous notification is delivered via a non-secure edge-triggered +interrupt to an interrupt handler registered in the OP-TEE driver. The +actual notification value are retrieved with the fast call +``OPTEE_SMC_GET_ASYNC_NOTIF_VALUE``. Note that one interrupt can represent +multiple notifications. + +One notification value ``OPTEE_SMC_ASYNC_NOTIF_VALUE_DO_BOTTOM_HALF`` has a +special meaning. When this value is received it means that normal world is +supposed to make a yielding call ``OPTEE_MSG_CMD_DO_BOTTOM_HALF``. This +call is done from the thread assisting the interrupt handler. This is a +building block for OP-TEE OS in secure world to implement the top half and +bottom half style of device drivers. + +OPTEE_INSECURE_LOAD_IMAGE Kconfig option +---------------------------------------- + +The OPTEE_INSECURE_LOAD_IMAGE Kconfig option enables the ability to load the +BL32 OP-TEE image from the kernel after the kernel boots, rather than loading +it from the firmware before the kernel boots. This also requires enabling the +corresponding option in Trusted Firmware for Arm. The Trusted Firmware for Arm +documentation [6] explains the security threat associated with enabling this as +well as mitigations at the firmware and platform level. + +There are additional attack vectors/mitigations for the kernel that should be +addressed when using this option. + +1. Boot chain security. + + * Attack vector: Replace the OP-TEE OS image in the rootfs to gain control of + the system. + + * Mitigation: There must be boot chain security that verifies the kernel and + rootfs, otherwise an attacker can modify the loaded OP-TEE binary by + modifying it in the rootfs. + +2. Alternate boot modes. + + * Attack vector: Using an alternate boot mode (i.e. recovery mode), the + OP-TEE driver isn't loaded, leaving the SMC hole open. + + * Mitigation: If there are alternate methods of booting the device, such as a + recovery mode, it should be ensured that the same mitigations are applied + in that mode. + +3. Attacks prior to SMC invocation. + + * Attack vector: Code that is executed prior to issuing the SMC call to load + OP-TEE can be exploited to then load an alternate OS image. + + * Mitigation: The OP-TEE driver must be loaded before any potential attack + vectors are opened up. This should include mounting of any modifiable + filesystems, opening of network ports or communicating with external + devices (e.g. USB). + +4. Blocking SMC call to load OP-TEE. + + * Attack vector: Prevent the driver from being probed, so the SMC call to + load OP-TEE isn't executed when desired, leaving it open to being executed + later and loading a modified OS. + + * Mitigation: It is recommended to build the OP-TEE driver as builtin driver + rather than as a module to prevent exploits that may cause the module to + not be loaded. + +References +========== + +[1] https://github.com/OP-TEE/optee_os + +[2] http://infocenter.arm.com/help/topic/com.arm.doc.den0028a/index.html + +[3] drivers/tee/optee/optee_smc.h + +[4] drivers/tee/optee/optee_msg.h + +[5] http://www.globalplatform.org/specificationsdevice.asp look for + "TEE Client API Specification v1.0" and click download. + +[6] https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_mode… diff --git a/Documentation/tee/tee.rst b/Documentation/tee/tee.rst new file mode 100644 index 000000000000..fd9f8c4ff63d --- /dev/null +++ b/Documentation/tee/tee.rst @@ -0,0 +1,22 @@ +.. SPDX-License-Identifier: GPL-2.0 + +=================================== +TEE (Trusted Execution Environment) +=================================== + +This document describes the TEE subsystem in Linux. + +Overview +======== + +A TEE is a trusted OS running in some secure environment, for example, +TrustZone on ARM CPUs, or a separate secure co-processor etc. A TEE driver +handles the details needed to communicate with the TEE. + +This subsystem deals with: + +- Registration of TEE drivers + +- Managing shared memory between Linux and the TEE + +- Providing a generic API to the TEE diff --git a/Documentation/userspace-api/index.rst b/Documentation/userspace-api/index.rst index 72a65db0c498..24ed39735dd3 100644 --- a/Documentation/userspace-api/index.rst +++ b/Documentation/userspace-api/index.rst @@ -32,6 +32,7 @@ place where this information is gathered. sysfs-platform_profile vduse futex2 + tee .. only:: subproject and html diff --git a/Documentation/userspace-api/tee.rst b/Documentation/userspace-api/tee.rst new file mode 100644 index 000000000000..e2368dbc3451 --- /dev/null +++ b/Documentation/userspace-api/tee.rst @@ -0,0 +1,39 @@ +.. SPDX-License-Identifier: GPL-2.0 +.. tee: + +================================================== +TEE (Trusted Execution Environment) Userspace API +================================================== + +include/uapi/linux/tee.h defines the generic interface to a TEE. + +User space (the client) connects to the driver by opening /dev/tee[0-9]* or +/dev/teepriv[0-9]*. + +- TEE_IOC_SHM_ALLOC allocates shared memory and returns a file descriptor + which user space can mmap. When user space doesn't need the file + descriptor any more, it should be closed. When shared memory isn't needed + any longer it should be unmapped with munmap() to allow the reuse of + memory. + +- TEE_IOC_VERSION lets user space know which TEE this driver handles and + its capabilities. + +- TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application. + +- TEE_IOC_INVOKE invokes a function in a Trusted Application. + +- TEE_IOC_CANCEL may cancel an ongoing TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE. + +- TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application. + +There are two classes of clients, normal clients and supplicants. The latter is +a helper process for the TEE to access resources in Linux, for example file +system access. A normal client opens /dev/tee[0-9]* and a supplicant opens +/dev/teepriv[0-9]. + +Much of the communication between clients and the TEE is opaque to the +driver. The main job for the driver is to receive requests from the +clients, forward them to the TEE and send back the results. In the case of +supplicants the communication goes in the other direction, the TEE sends +requests to the supplicant which then sends back the result. diff --git a/MAINTAINERS b/MAINTAINERS index dd5de540ec0b..f20d5fb19ebc 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -21130,7 +21130,9 @@ M: Jens Wiklander <jens.wiklander(a)linaro.org> R: Sumit Garg <sumit.garg(a)linaro.org> L: op-tee(a)lists.trustedfirmware.org S: Maintained -F: Documentation/staging/tee.rst +F: Documentation/driver-api/tee.rst +F: Documentation/tee/ +F: Documentation/userspace-api/tee.rst F: drivers/tee/ F: include/linux/tee_drv.h F: include/uapi/linux/tee.h -- 2.34.1

5 months, 1 week

5
8
0 0

[PATCH] tee: Use iov_iter to better support shared buffer registration

by Arnaud Pouliquen

It is not possible to register buffers allocated with vmalloc. Use iov_iter and associated helper functions to manage the page registration for all type of memories. Suggested-by: Christoph Hellwig <hch(a)infradead.org> Signed-off-by: Arnaud Pouliquen <arnaud.pouliquen(a)foss.st.com> --- The support of buffer registration allocated with vmalloc is no more available since c83900393aa1 ("tee: Remove vmalloc page support"). This patch is an alternative to a revert and resulted from a discussion with Christopher Hellwig [1]. This patch has been tested using xtest tool in optee qemu environment [2] and using the series related to the remoteproc tee that should be proposed soon [3]. References: [1] https://lore.kernel.org/linux-arm-kernel/18a8528d-7d9d-6ed0-0045-5ee47dd39f… [2] https://optee.readthedocs.io/en/latest/building/devices/qemu.html#build-ins… [3] https://lore.kernel.org/linux-arm-kernel/18a8528d-7d9d-6ed0-0045-5ee47dd39f… --- drivers/tee/tee_shm.c | 72 +++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 34 deletions(-) diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c index 673cf0359494..0bb47ffd049a 100644 --- a/drivers/tee/tee_shm.c +++ b/drivers/tee/tee_shm.c @@ -22,23 +22,13 @@ static void shm_put_kernel_pages(struct page **pages, size_t page_count) put_page(pages[n]); } -static int shm_get_kernel_pages(unsigned long start, size_t page_count, - struct page **pages) +static void shm_get_kernel_pages(struct page **pages, size_t page_count) { - struct page *page; size_t n; - if (WARN_ON_ONCE(is_vmalloc_addr((void *)start) || - is_kmap_addr((void *)start))) - return -EINVAL; - - page = virt_to_page((void *)start); - for (n = 0; n < page_count; n++) { - pages[n] = page + n; + /* iov_iter_extract_kvec_pages does not get reference on the pages, get a pin on them. */ + for (n = 0; n < page_count; n++) get_page(pages[n]); - } - - return page_count; } static void release_registered_pages(struct tee_shm *shm) @@ -214,13 +204,12 @@ struct tee_shm *tee_shm_alloc_priv_buf(struct tee_context *ctx, size_t size) EXPORT_SYMBOL_GPL(tee_shm_alloc_priv_buf); static struct tee_shm * -register_shm_helper(struct tee_context *ctx, unsigned long addr, - size_t length, u32 flags, int id) +register_shm_helper(struct tee_context *ctx, struct iov_iter *iter, u32 flags, int id) { struct tee_device *teedev = ctx->teedev; struct tee_shm *shm; - unsigned long start; - size_t num_pages; + unsigned long start, addr; + size_t num_pages, length, len, off; void *ret; int rc; @@ -245,31 +234,31 @@ register_shm_helper(struct tee_context *ctx, unsigned long addr, shm->flags = flags; shm->ctx = ctx; shm->id = id; - addr = untagged_addr(addr); + addr = (unsigned long)iter_iov_addr(iter); + length = iter_iov_len(iter); start = rounddown(addr, PAGE_SIZE); - shm->offset = addr - start; - shm->size = length; - num_pages = (roundup(addr + length, PAGE_SIZE) - start) / PAGE_SIZE; + num_pages = iov_iter_npages(iter, INT_MAX); + if (!num_pages) { + ret = ERR_PTR(-ENOMEM); + goto err_ctx_put; + } + shm->pages = kcalloc(num_pages, sizeof(*shm->pages), GFP_KERNEL); if (!shm->pages) { ret = ERR_PTR(-ENOMEM); goto err_free_shm; } - if (flags & TEE_SHM_USER_MAPPED) - rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, - shm->pages); - else - rc = shm_get_kernel_pages(start, num_pages, shm->pages); - if (rc > 0) - shm->num_pages = rc; - if (rc != num_pages) { - if (rc >= 0) - rc = -ENOMEM; - ret = ERR_PTR(rc); + len = iov_iter_extract_pages(iter, &shm->pages, LONG_MAX, num_pages, 0, &off); + if (len != length) { + ret = len ? ERR_PTR(len) : ERR_PTR(-ENOMEM); goto err_put_shm_pages; } + shm->offset = off; + shm->size = len; + shm->num_pages = num_pages; + rc = teedev->desc->ops->shm_register(ctx, shm, shm->pages, shm->num_pages, start); if (rc) { @@ -307,6 +296,8 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, u32 flags = TEE_SHM_USER_MAPPED | TEE_SHM_DYNAMIC; struct tee_device *teedev = ctx->teedev; struct tee_shm *shm; + struct iovec iov; + struct iov_iter iter; void *ret; int id; @@ -319,7 +310,10 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, if (id < 0) return ERR_PTR(id); - shm = register_shm_helper(ctx, addr, length, flags, id); + iov.iov_base = (void __user *)addr; + iov.iov_len = length; + iov_iter_init(&iter, ITER_DEST, &iov, 1, length); + shm = register_shm_helper(ctx, &iter, flags, id); if (IS_ERR(shm)) { mutex_lock(&teedev->mutex); idr_remove(&teedev->idr, id); @@ -351,9 +345,19 @@ struct tee_shm *tee_shm_register_user_buf(struct tee_context *ctx, struct tee_shm *tee_shm_register_kernel_buf(struct tee_context *ctx, void *addr, size_t length) { + struct tee_shm *shm; u32 flags = TEE_SHM_DYNAMIC; + struct kvec kvec; + struct iov_iter iter; - return register_shm_helper(ctx, (unsigned long)addr, length, flags, -1); + kvec.iov_base = addr; + kvec.iov_len = length; + iov_iter_kvec(&iter, ITER_SOURCE, &kvec, 1, length); + shm = register_shm_helper(ctx, &iter, flags, -1); + if (!IS_ERR_OR_NULL(shm)) + shm_get_kernel_pages(shm->pages, shm->num_pages); + + return shm; } EXPORT_SYMBOL_GPL(tee_shm_register_kernel_buf); -- 2.25.1

5 months, 1 week

3
2
0 0

Linaro OP-TEE Contribution, LOC, monthly meeting November 28

by Jens Wiklander

Hi, On Tuesday, November 28 it's time for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ There's an ongoing effort to add RPMB emulation in QEMU. This should allow RPMB testing in our CI. Any other topics? Thanks, Jens

5 months, 2 weeks

1
0
0 0

[RFC PATCH] tee: tstee: Add initial Trusted Services TEE driver

by Balint Dobszay

The Trusted Services project provides a framework for developing and deploying device Root Of Trust services in FF-A Secure Partitions. The FF-A SPs are accessible through the FF-A driver, but this doesn't provide a user space interface. The goal of this TEE driver is to make Trusted Services SPs accessible for user space clients. All TS SPs have the same FF-A UUID, it identifies the RPC protocol used by TS. A TS SP can host one or more services, a service is identified by its service UUID. The same type of service cannot be present twice in the same SP. During SP boot each service in the SP gets assigned an interface ID, this is just a short ID to simplify message addressing. There is 1:1 mapping between TS SPs and TEE devices, i.e. a TEE device gets registered for each Trusted Services compatible FF-A device found on the FF-A bus. Opening the SP corresponds to opening the TEE dev and creating a TEE context. A TS SP hosts one or more services, opening a service corresponds to opening a session in the given tee_context. Signed-off-by: Balint Dobszay <balint.dobszay(a)arm.com> --- Hi All, This is an initial TEE driver implementation for Trusted Services [1]. Trusted Services is a TrustedFirmware.org project that provides a framework for developing and deploying device Root Of Trust services in FF-A Secure Partitions. The project hosts the reference implementation of Arm Platform Security Architecture [2] for Arm A-profile devices. The FF-A Secure Partitions (SPs) are accessible through the FF-A driver in Linux. However, the FF-A driver doesn't have a user space interface so user space clients currently cannot access Trusted Services. The goal of this TEE driver is to bridge this gap and make Trusted Services functionality accessible from user space. The predecessor of this driver is an out-of-tree kernel module that we have been using for prototyping [3]. An integration of Trusted Services, OP-TEE as a S-EL1 SPMC, TF-A, Linux and this out-of-tree module is available as part of the OP-TEE project, please find the manifest file at [4]. Some key points about the structure of Trusted Services (for more details please see the documentation at [5]): - A Trusted Services SP can host one or multiple services. All TS SPs have the same FF-A UUID, it identifies the RPC protocol used by TS. The protocol's register ABI definition is available at [6] and is implemented in tstee_private.h. - A service hosted by an SP is identified by its service UUID. The same type of service can be present in multiple SPs, but not twice in the same SP. During SP boot each service in the SP gets assigned an interface ID, this is just a short ID to simplify message addressing. - There is 1:1 mapping between TS SPs and TEE devices, i.e. a TEE device gets registered for each Trusted Services compatible FF-A device found on the FF-A bus. - Opening the SP corresponds to opening the TEE dev and creating a TEE context. A TS SP hosts one or more services, opening a service corresponds to opening a session in the given tee_context. Regards, Balint [1] https://www.trustedfirmware.org/projects/trusted-services/ [2] https://www.arm.com/architecture/security-features/platform-security [3] https://gitlab.arm.com/linux-arm/linux-trusted-services [4] https://github.com/OP-TEE/manifest/blob/master/fvp-ts.xml [5] https://trusted-services.readthedocs.io [6] https://trusted-services.readthedocs.io/en/integration/developer/service-ac… drivers/tee/Kconfig | 1 + drivers/tee/Makefile | 1 + drivers/tee/tstee/Kconfig | 11 + drivers/tee/tstee/Makefile | 3 + drivers/tee/tstee/core.c | 473 ++++++++++++++++++++++++++++++ drivers/tee/tstee/shm_pool.c | 91 ++++++ drivers/tee/tstee/tstee_private.h | 97 ++++++ include/uapi/linux/tee.h | 1 + 8 files changed, 678 insertions(+) create mode 100644 drivers/tee/tstee/Kconfig create mode 100644 drivers/tee/tstee/Makefile create mode 100644 drivers/tee/tstee/core.c create mode 100644 drivers/tee/tstee/shm_pool.c create mode 100644 drivers/tee/tstee/tstee_private.h diff --git a/drivers/tee/Kconfig b/drivers/tee/Kconfig index 73a147202e88..61b507c18780 100644 --- a/drivers/tee/Kconfig +++ b/drivers/tee/Kconfig @@ -15,5 +15,6 @@ if TEE source "drivers/tee/optee/Kconfig" source "drivers/tee/amdtee/Kconfig" +source "drivers/tee/tstee/Kconfig" endif diff --git a/drivers/tee/Makefile b/drivers/tee/Makefile index 68da044afbfa..5488cba30bd2 100644 --- a/drivers/tee/Makefile +++ b/drivers/tee/Makefile @@ -5,3 +5,4 @@ tee-objs += tee_shm.o tee-objs += tee_shm_pool.o obj-$(CONFIG_OPTEE) += optee/ obj-$(CONFIG_AMDTEE) += amdtee/ +obj-$(CONFIG_ARM_TSTEE) += tstee/ diff --git a/drivers/tee/tstee/Kconfig b/drivers/tee/tstee/Kconfig new file mode 100644 index 000000000000..cd8d32586a77 --- /dev/null +++ b/drivers/tee/tstee/Kconfig @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: GPL-2.0-only +config ARM_TSTEE + tristate "Arm Trusted Services TEE driver" + depends on ARM_FFA_TRANSPORT + default n + help + The Trusted Services project provides a framework for developing and + deploying device Root Of Trust services in FF-A Secure Partitions. + This driver provides an interface to make Trusted Services Secure + Partitions accessible for user space clients, since the FF-A driver + doesn't implement a user space interface directly. diff --git a/drivers/tee/tstee/Makefile b/drivers/tee/tstee/Makefile new file mode 100644 index 000000000000..dd54b1f88652 --- /dev/null +++ b/drivers/tee/tstee/Makefile @@ -0,0 +1,3 @@ +# SPDX-License-Identifier: GPL-2.0-only +arm-tstee-objs := core.o shm_pool.o +obj-$(CONFIG_ARM_TSTEE) = arm-tstee.o diff --git a/drivers/tee/tstee/core.c b/drivers/tee/tstee/core.c new file mode 100644 index 000000000000..c0194638b7da --- /dev/null +++ b/drivers/tee/tstee/core.c @@ -0,0 +1,473 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2023, Arm Limited + */ + +#define DRIVER_NAME "Arm TSTEE" +#define pr_fmt(fmt) DRIVER_NAME ": " fmt + +#include <linux/arm_ffa.h> +#include <linux/err.h> +#include <linux/errno.h> +#include <linux/kernel.h> +#include <linux/limits.h> +#include <linux/list.h> +#include <linux/mm.h> +#include <linux/module.h> +#include <linux/scatterlist.h> +#include <linux/slab.h> +#include <linux/stat.h> +#include <linux/tee_drv.h> +#include <linux/types.h> +#include <linux/uaccess.h> + +#include "tstee_private.h" + +#define FFA_INVALID_MEM_HANDLE U64_MAX + +static void arg_list_to_ffa_data(const u32 *args, struct ffa_send_direct_data *data) +{ + data->data0 = args[0]; + data->data1 = args[1]; + data->data2 = args[2]; + data->data3 = args[3]; + data->data4 = args[4]; +} + +static void arg_list_from_ffa_data(const struct ffa_send_direct_data *data, u32 *args) +{ + args[0] = lower_32_bits(data->data0); + args[1] = lower_32_bits(data->data1); + args[2] = lower_32_bits(data->data2); + args[3] = lower_32_bits(data->data3); + args[4] = lower_32_bits(data->data4); +} + +static void tstee_get_version(struct tee_device *teedev, struct tee_ioctl_version_data *vers) +{ + struct tstee *tstee = tee_get_drvdata(teedev); + struct tee_ioctl_version_data v = { + .impl_id = TEE_IMPL_ID_TSTEE, + .impl_caps = tstee->ffa_dev->vm_id, + .gen_caps = 0, + }; + + *vers = v; +} + +static int tstee_open(struct tee_context *ctx) +{ + struct ts_context_data *ctxdata; + + ctxdata = kzalloc(sizeof(*ctxdata), GFP_KERNEL); + if (!ctxdata) + return -ENOMEM; + + mutex_init(&ctxdata->mutex); + idr_init(&ctxdata->sess_ids); + INIT_LIST_HEAD(&ctxdata->sess_list); + + ctx->data = ctxdata; + + return 0; +} + +static void tstee_release(struct tee_context *ctx) +{ + struct ts_context_data *ctxdata = ctx->data; + struct ts_session *sess, *sess_tmp; + + if (!ctxdata) + return; + + list_for_each_entry_safe(sess, sess_tmp, &ctxdata->sess_list, list_node) { + list_del(&sess->list_node); + idr_remove(&ctxdata->sess_ids, sess->session_id); + kfree(sess); + } + + idr_destroy(&ctxdata->sess_ids); + mutex_destroy(&ctxdata->mutex); + + kfree(ctxdata); + ctx->data = NULL; +} + +static struct ts_session *find_session(struct ts_context_data *ctxdata, u32 session_id) +{ + struct ts_session *sess; + + list_for_each_entry(sess, &ctxdata->sess_list, list_node) + if (sess->session_id == session_id) + return sess; + + return NULL; +} + +static int tstee_open_session(struct tee_context *ctx, struct tee_ioctl_open_session_arg *arg, + struct tee_param *param __always_unused) +{ + struct tstee *tstee = tee_get_drvdata(ctx->teedev); + struct ffa_device *ffa_dev = tstee->ffa_dev; + struct ts_context_data *ctxdata = ctx->data; + struct ffa_send_direct_data ffa_data; + struct ts_session *sess = NULL; + u32 ffa_args[5] = {}; + int sess_id; + int rc; + + ffa_args[TS_RPC_CTRL_REG] = TS_RPC_CTRL_PACK_IFACE_OPCODE(TS_RPC_MGMT_IFACE_ID, + TS_RPC_OP_SERVICE_INFO); + + memcpy((u8 *)(ffa_args + TS_RPC_SERVICE_INFO_UUID0), arg->uuid, UUID_SIZE); + + arg_list_to_ffa_data(ffa_args, &ffa_data); + rc = ffa_dev->ops->msg_ops->sync_send_receive(ffa_dev, &ffa_data); + if (rc) + return rc; + + arg_list_from_ffa_data(&ffa_data, ffa_args); + + if (ffa_args[TS_RPC_SERVICE_INFO_RPC_STATUS] != TS_RPC_OK) + return -ENODEV; + + if (ffa_args[TS_RPC_SERVICE_INFO_IFACE] > U8_MAX) + return -EINVAL; + + sess = kzalloc(sizeof(*sess), GFP_KERNEL); + if (!sess) + return -ENOMEM; + + sess_id = idr_alloc(&ctxdata->sess_ids, sess, 1, 0, GFP_KERNEL); + if (sess_id < 0) { + kfree(sess); + return sess_id; + } + + sess->session_id = sess_id; + sess->iface_id = ffa_args[TS_RPC_SERVICE_INFO_IFACE]; + + mutex_lock(&ctxdata->mutex); + list_add(&sess->list_node, &ctxdata->sess_list); + mutex_unlock(&ctxdata->mutex); + + arg->session = sess_id; + arg->ret = 0; + + return 0; +} + +static int tstee_close_session(struct tee_context *ctx, u32 session) +{ + struct ts_context_data *ctxdata = ctx->data; + struct ts_session *sess; + + mutex_lock(&ctxdata->mutex); + sess = find_session(ctxdata, session); + if (sess) + list_del(&sess->list_node); + + mutex_unlock(&ctxdata->mutex); + + if (!sess) + return -EINVAL; + + idr_remove(&ctxdata->sess_ids, sess->session_id); + kfree(sess); + + return 0; +} + +static int tstee_invoke_func(struct tee_context *ctx, struct tee_ioctl_invoke_arg *arg, + struct tee_param *param) +{ + struct tstee *tstee = tee_get_drvdata(ctx->teedev); + struct ffa_device *ffa_dev = tstee->ffa_dev; + struct ts_context_data *ctxdata = ctx->data; + struct ffa_send_direct_data ffa_data; + struct tee_shm *shm = NULL; + struct ts_session *sess; + u32 req_len, ffa_args[5] = {}; + int shm_id, rc; + u8 iface_id; + u64 handle; + u16 opcode; + + mutex_lock(&ctxdata->mutex); + sess = find_session(ctxdata, arg->session); + + /* Do this while holding the mutex to make sure that the session wasn't closed meanwhile */ + if (sess) + iface_id = sess->iface_id; + + mutex_unlock(&ctxdata->mutex); + if (!sess) + return -EINVAL; + + opcode = lower_16_bits(arg->func); + shm_id = lower_32_bits(param[0].u.value.a); + req_len = lower_32_bits(param[0].u.value.b); + + if (shm_id != 0) { + shm = tee_shm_get_from_id(ctx, shm_id); + if (IS_ERR(shm)) + return PTR_ERR(shm); + + if (shm->size < req_len) { + pr_err("request doesn't fit into shared memory buffer\n"); + rc = -EINVAL; + goto out; + } + + handle = shm->sec_world_id; + } else { + handle = FFA_INVALID_MEM_HANDLE; + } + + ffa_args[TS_RPC_CTRL_REG] = TS_RPC_CTRL_PACK_IFACE_OPCODE(iface_id, opcode); + ffa_args[TS_RPC_SERVICE_MEM_HANDLE_LSW] = lower_32_bits(handle); + ffa_args[TS_RPC_SERVICE_MEM_HANDLE_MSW] = upper_32_bits(handle); + ffa_args[TS_RPC_SERVICE_REQ_LEN] = req_len; + ffa_args[TS_RPC_SERVICE_CLIENT_ID] = 0; + + arg_list_to_ffa_data(ffa_args, &ffa_data); + rc = ffa_dev->ops->msg_ops->sync_send_receive(ffa_dev, &ffa_data); + if (rc) + goto out; + + arg_list_from_ffa_data(&ffa_data, ffa_args); + + if (ffa_args[TS_RPC_SERVICE_RPC_STATUS] != TS_RPC_OK) { + pr_err("invoke_func rpc status: %d\n", ffa_args[TS_RPC_SERVICE_RPC_STATUS]); + rc = -EINVAL; + goto out; + } + + arg->ret = ffa_args[TS_RPC_SERVICE_STATUS]; + if (shm && shm->size >= ffa_args[TS_RPC_SERVICE_RESP_LEN]) + param[0].u.value.a = ffa_args[TS_RPC_SERVICE_RESP_LEN]; + +out: + if (shm) + tee_shm_put(shm); + + return rc; +} + +static int tstee_cancel_req(struct tee_context *ctx __always_unused, u32 cancel_id __always_unused, + u32 session __always_unused) +{ + return -EINVAL; +} + +int tstee_shm_register(struct tee_context *ctx, struct tee_shm *shm, struct page **pages, + size_t num_pages, unsigned long start __always_unused) +{ + struct tstee *tstee = tee_get_drvdata(ctx->teedev); + struct ffa_device *ffa_dev = tstee->ffa_dev; + struct ffa_mem_region_attributes mem_attr = { + .receiver = tstee->ffa_dev->vm_id, + .attrs = FFA_MEM_RW, + .flag = 0, + }; + struct ffa_mem_ops_args mem_args = { + .attrs = &mem_attr, + .use_txbuf = true, + .nattrs = 1, + .flags = 0, + }; + struct ffa_send_direct_data ffa_data; + struct sg_table sgt; + u32 ffa_args[5] = {}; + int rc; + + rc = sg_alloc_table_from_pages(&sgt, pages, num_pages, 0, num_pages * PAGE_SIZE, + GFP_KERNEL); + if (rc) + return rc; + + mem_args.sg = sgt.sgl; + rc = ffa_dev->ops->mem_ops->memory_share(&mem_args); + sg_free_table(&sgt); + if (rc) + return rc; + + shm->sec_world_id = mem_args.g_handle; + + ffa_args[TS_RPC_CTRL_REG] = TS_RPC_CTRL_PACK_IFACE_OPCODE(TS_RPC_MGMT_IFACE_ID, + TS_RPC_OP_RETRIEVE_MEM); + ffa_args[TS_RPC_RETRIEVE_MEM_HANDLE_LSW] = lower_32_bits(shm->sec_world_id); + ffa_args[TS_RPC_RETRIEVE_MEM_HANDLE_MSW] = upper_32_bits(shm->sec_world_id); + ffa_args[TS_RPC_RETRIEVE_MEM_TAG_LSW] = 0; + ffa_args[TS_RPC_RETRIEVE_MEM_TAG_MSW] = 0; + + arg_list_to_ffa_data(ffa_args, &ffa_data); + rc = ffa_dev->ops->msg_ops->sync_send_receive(ffa_dev, &ffa_data); + if (rc) { + (void)ffa_dev->ops->mem_ops->memory_reclaim(shm->sec_world_id, 0); + return rc; + } + + arg_list_from_ffa_data(&ffa_data, ffa_args); + + if (ffa_args[TS_RPC_RETRIEVE_MEM_RPC_STATUS] != TS_RPC_OK) { + pr_err("shm_register rpc status: %d\n", ffa_args[TS_RPC_RETRIEVE_MEM_RPC_STATUS]); + ffa_dev->ops->mem_ops->memory_reclaim(shm->sec_world_id, 0); + return -EINVAL; + } + + return 0; +} + +int tstee_shm_unregister(struct tee_context *ctx, struct tee_shm *shm) +{ + struct tstee *tstee = tee_get_drvdata(ctx->teedev); + struct ffa_device *ffa_dev = tstee->ffa_dev; + struct ffa_send_direct_data ffa_data; + u32 ffa_args[5] = {}; + int rc; + + ffa_args[TS_RPC_CTRL_REG] = TS_RPC_CTRL_PACK_IFACE_OPCODE(TS_RPC_MGMT_IFACE_ID, + TS_RPC_OP_RELINQ_MEM); + ffa_args[TS_RPC_RELINQ_MEM_HANDLE_LSW] = lower_32_bits(shm->sec_world_id); + ffa_args[TS_RPC_RELINQ_MEM_HANDLE_MSW] = upper_32_bits(shm->sec_world_id); + + arg_list_to_ffa_data(ffa_args, &ffa_data); + rc = ffa_dev->ops->msg_ops->sync_send_receive(ffa_dev, &ffa_data); + if (rc) + return rc; + arg_list_from_ffa_data(&ffa_data, ffa_args); + + if (ffa_args[TS_RPC_RELINQ_MEM_RPC_STATUS] != TS_RPC_OK) { + pr_err("shm_unregister rpc status: %d\n", ffa_args[TS_RPC_RELINQ_MEM_RPC_STATUS]); + return -EINVAL; + } + + rc = ffa_dev->ops->mem_ops->memory_reclaim(shm->sec_world_id, 0); + + return rc; +} + +static const struct tee_driver_ops tstee_ops = { + .get_version = tstee_get_version, + .open = tstee_open, + .release = tstee_release, + .open_session = tstee_open_session, + .close_session = tstee_close_session, + .invoke_func = tstee_invoke_func, + .cancel_req = tstee_cancel_req, + .shm_register = tstee_shm_register, + .shm_unregister = tstee_shm_unregister, +}; + +static const struct tee_desc tstee_desc = { + .name = "tstee-clnt", + .ops = &tstee_ops, + .owner = THIS_MODULE, +}; + +static bool tstee_check_rpc_compatible(struct ffa_device *ffa_dev) +{ + struct ffa_send_direct_data ffa_data; + u32 ffa_args[5] = {}; + + ffa_args[TS_RPC_CTRL_REG] = TS_RPC_CTRL_PACK_IFACE_OPCODE(TS_RPC_MGMT_IFACE_ID, + TS_RPC_OP_GET_VERSION); + + arg_list_to_ffa_data(ffa_args, &ffa_data); + if (ffa_dev->ops->msg_ops->sync_send_receive(ffa_dev, &ffa_data)) + return false; + + arg_list_from_ffa_data(&ffa_data, ffa_args); + + return ffa_args[TS_RPC_GET_VERSION_RESP] == TS_RPC_PROTOCOL_VERSION; +} + +static void tstee_deinit_common(struct tstee *tstee) +{ + tee_device_unregister(tstee->teedev); + if (tstee->pool) + tee_shm_pool_free(tstee->pool); + + kfree(tstee); +} + +static int tstee_probe(struct ffa_device *ffa_dev) +{ + struct tstee *tstee; + int rc; + + ffa_dev->ops->msg_ops->mode_32bit_set(ffa_dev); + + if (!tstee_check_rpc_compatible(ffa_dev)) + return -EINVAL; + + tstee = kzalloc(sizeof(*tstee), GFP_KERNEL); + if (!tstee) + return -ENOMEM; + + tstee->ffa_dev = ffa_dev; + + tstee->pool = tstee_create_shm_pool(); + if (IS_ERR(tstee->pool)) { + rc = PTR_ERR(tstee->pool); + tstee->pool = NULL; + goto err; + } + + tstee->teedev = tee_device_alloc(&tstee_desc, NULL, tstee->pool, tstee); + if (IS_ERR(tstee->teedev)) { + rc = PTR_ERR(tstee->teedev); + tstee->teedev = NULL; + goto err; + } + + rc = tee_device_register(tstee->teedev); + if (rc) + goto err; + + ffa_dev_set_drvdata(ffa_dev, tstee); + + pr_info("driver initialized for endpoint 0x%x\n", ffa_dev->vm_id); + + return 0; + +err: + tstee_deinit_common(tstee); + return rc; +} + +static void tstee_remove(struct ffa_device *ffa_dev) +{ + tstee_deinit_common(ffa_dev->dev.driver_data); +} + +static const struct ffa_device_id tstee_device_ids[] = { + /* TS RPC protocol UUID: bdcd76d7-825e-4751-963b-86d4f84943ac */ + { TS_RPC_UUID }, + {} +}; + +static struct ffa_driver tstee_driver = { + .name = "arm_tstee", + .probe = tstee_probe, + .remove = tstee_remove, + .id_table = tstee_device_ids, +}; + +static int __init mod_init(void) +{ + return ffa_register(&tstee_driver); +} +module_init(mod_init) + +static void __exit mod_exit(void) +{ + ffa_unregister(&tstee_driver); +} +module_exit(mod_exit) + +MODULE_ALIAS("arm-tstee"); +MODULE_AUTHOR("Balint Dobszay <balint.dobszay(a)arm.com>"); +MODULE_DESCRIPTION("Arm Trusted Services TEE driver"); +MODULE_LICENSE("GPL"); diff --git a/drivers/tee/tstee/shm_pool.c b/drivers/tee/tstee/shm_pool.c new file mode 100644 index 000000000000..518c10dd0735 --- /dev/null +++ b/drivers/tee/tstee/shm_pool.c @@ -0,0 +1,91 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * Copyright (c) 2023, Arm Limited + */ + +#include <linux/arm_ffa.h> +#include <linux/device.h> +#include <linux/dma-buf.h> +#include <linux/genalloc.h> +#include <linux/slab.h> +#include <linux/tee_drv.h> + +#include "tstee_private.h" + +static int pool_op_alloc(struct tee_shm_pool *pool __always_unused, struct tee_shm *shm, + size_t size, size_t align __always_unused) +{ + unsigned int order, nr_pages, i; + struct page *page, **pages; + int rc; + + if (size == 0) + return -EINVAL; + + order = get_order(size); + nr_pages = 1 << order; + + page = alloc_pages(GFP_KERNEL | __GFP_ZERO, order); + if (!page) + return -ENOMEM; + + shm->kaddr = page_address(page); + shm->paddr = page_to_phys(page); + shm->size = PAGE_SIZE << order; + + pages = kcalloc(nr_pages, sizeof(*pages), GFP_KERNEL); + if (!pages) { + rc = -ENOMEM; + goto err; + } + + for (i = 0; i < nr_pages; i++) + pages[i] = page + i; + + rc = tstee_shm_register(shm->ctx, shm, pages, nr_pages, (unsigned long)shm->kaddr); + kfree(pages); + if (rc) + goto err; + + return 0; + +err: + __free_pages(page, order); + return rc; +} + +static void pool_op_free(struct tee_shm_pool *pool __always_unused, struct tee_shm *shm) +{ + int rc; + + rc = tstee_shm_unregister(shm->ctx, shm); + if (rc) + pr_err("shm id 0x%llx unregister rc %d\n", shm->sec_world_id, rc); + + free_pages((unsigned long)shm->kaddr, get_order(shm->size)); + shm->kaddr = NULL; +} + +static void pool_op_destroy_pool(struct tee_shm_pool *pool) +{ + kfree(pool); +} + +static const struct tee_shm_pool_ops pool_ops = { + .alloc = pool_op_alloc, + .free = pool_op_free, + .destroy_pool = pool_op_destroy_pool, +}; + +struct tee_shm_pool *tstee_create_shm_pool(void) +{ + struct tee_shm_pool *pool; + + pool = kzalloc(sizeof(*pool), GFP_KERNEL); + if (!pool) + return ERR_PTR(-ENOMEM); + + pool->ops = &pool_ops; + + return pool; +} diff --git a/drivers/tee/tstee/tstee_private.h b/drivers/tee/tstee/tstee_private.h new file mode 100644 index 000000000000..2ea266804ccf --- /dev/null +++ b/drivers/tee/tstee/tstee_private.h @@ -0,0 +1,97 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (c) 2023, Arm Limited + */ + +#ifndef TSTEE_PRIVATE_H +#define TSTEE_PRIVATE_H + +#include <linux/arm_ffa.h> +#include <linux/bitops.h> +#include <linux/idr.h> +#include <linux/tee_drv.h> +#include <linux/types.h> +#include <linux/uuid.h> + +/* UUID of this protocol */ +#define TS_RPC_UUID UUID_INIT(0xbdcd76d7, 0x825e, 0x4751, \ + 0x96, 0x3b, 0x86, 0xd4, 0xf8, 0x49, 0x43, 0xac) + +/* Protocol version*/ +#define TS_RPC_PROTOCOL_VERSION (1) + +/* Status codes */ +#define TS_RPC_OK (0) + +/* RPC control register */ +#define TS_RPC_CTRL_REG (0) +#define OPCODE_MASK GENMASK(15, 0) +#define IFACE_ID_MASK GENMASK(23, 16) +#define TS_RPC_CTRL_OPCODE(x) ((u16)(FIELD_GET(OPCODE_MASK, (x)))) +#define TS_RPC_CTRL_IFACE_ID(x) ((u8)(FIELD_GET(IFACE_ID_MASK, (x)))) +#define TS_RPC_CTRL_PACK_IFACE_OPCODE(i, o) \ + (FIELD_PREP(IFACE_ID_MASK, (i)) | FIELD_PREP(OPCODE_MASK, (o))) +#define TS_RPC_CTRL_SAP_RC BIT(30) +#define TS_RPC_CTRL_SAP_ERR BIT(31) + +/* Interface ID for RPC management operations */ +#define TS_RPC_MGMT_IFACE_ID (0xff) + +/* Management calls */ +#define TS_RPC_OP_GET_VERSION (0x0000) +#define TS_RPC_GET_VERSION_RESP (1) + +#define TS_RPC_OP_RETRIEVE_MEM (0x0001) +#define TS_RPC_RETRIEVE_MEM_HANDLE_LSW (1) +#define TS_RPC_RETRIEVE_MEM_HANDLE_MSW (2) +#define TS_RPC_RETRIEVE_MEM_TAG_LSW (3) +#define TS_RPC_RETRIEVE_MEM_TAG_MSW (4) +#define TS_RPC_RETRIEVE_MEM_RPC_STATUS (1) + +#define TS_RPC_OP_RELINQ_MEM (0x0002) +#define TS_RPC_RELINQ_MEM_HANDLE_LSW (1) +#define TS_RPC_RELINQ_MEM_HANDLE_MSW (2) +#define TS_RPC_RELINQ_MEM_RPC_STATUS (1) + +#define TS_RPC_OP_SERVICE_INFO (0x0003) +#define TS_RPC_SERVICE_INFO_UUID0 (1) +#define TS_RPC_SERVICE_INFO_UUID1 (2) +#define TS_RPC_SERVICE_INFO_UUID2 (3) +#define TS_RPC_SERVICE_INFO_UUID3 (4) +#define TS_RPC_SERVICE_INFO_RPC_STATUS (1) +#define TS_RPC_SERVICE_INFO_IFACE (2) + +/* Service call */ +#define TS_RPC_SERVICE_MEM_HANDLE_LSW (1) +#define TS_RPC_SERVICE_MEM_HANDLE_MSW (2) +#define TS_RPC_SERVICE_REQ_LEN (3) +#define TS_RPC_SERVICE_CLIENT_ID (4) +#define TS_RPC_SERVICE_RPC_STATUS (1) +#define TS_RPC_SERVICE_STATUS (2) +#define TS_RPC_SERVICE_RESP_LEN (3) + +struct tstee { + struct ffa_device *ffa_dev; + struct tee_device *teedev; + struct tee_shm_pool *pool; +}; + +struct ts_session { + struct list_head list_node; + u32 session_id; + u8 iface_id; +}; + +struct ts_context_data { + struct list_head sess_list; + struct idr sess_ids; + /* Serializes access to this struct */ + struct mutex mutex; +}; + +struct tee_shm_pool *tstee_create_shm_pool(void); +int tstee_shm_register(struct tee_context *ctx, struct tee_shm *shm, struct page **pages, + size_t num_pages, unsigned long start); +int tstee_shm_unregister(struct tee_context *ctx, struct tee_shm *shm); + +#endif /* TSTEE_PRIVATE_H */ diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h index 23e57164693c..d0430bee8292 100644 --- a/include/uapi/linux/tee.h +++ b/include/uapi/linux/tee.h @@ -56,6 +56,7 @@ */ #define TEE_IMPL_ID_OPTEE 1 #define TEE_IMPL_ID_AMDTEE 2 +#define TEE_IMPL_ID_TSTEE 3 /* * OP-TEE specific capabilities -- 2.34.1

5 months, 2 weeks

3
26
0 0

[PATCH v2 0/2] OP-TEE FF-A notifications

by Jens Wiklander

Hi all, This patchset adds support for using FF-A notifications as a delivery mechanism of asynchronous notifications from OP-TEE running in the secure world. Support for asynchronous notifications via the SMC ABI was added in [1], here we add the counterpart needed when using the the FF-A ABI. Support for FF-A notifications is added with [2] and this patch set is based on Sudeeps tree at [3]. [1] https://lore.kernel.org/lkml/20211103090255.998070-1-jens.wiklander@linaro.… [2] https://lore.kernel.org/linux-arm-kernel/20231005-ffa_v1-1_notif-v4-0-cddd3… [3] https://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux.git/tag/… commit bcefd1bf63b1 ("firmware: arm_ffa: Upgrade the driver version to v1.1") v1->v2: * Applied Sumit's Reviewed-by * Addressed Sumit's comment on "optee: ffa_abi: add asynchronous notifications" Thanks, Jens Jens Wiklander (2): optee: provide optee_do_bottom_half() as a common function optee: ffa_abi: add asynchronous notifications drivers/tee/optee/call.c | 31 ++++++++++- drivers/tee/optee/ffa_abi.c | 93 ++++++++++++++++++++++++++++++- drivers/tee/optee/optee_ffa.h | 28 ++++++++-- drivers/tee/optee/optee_private.h | 9 ++- drivers/tee/optee/smc_abi.c | 36 ++---------- 5 files changed, 155 insertions(+), 42 deletions(-) base-commit: bcefd1bf63b1ec9bb08067021cf47f0fad96f395 -- 2.34.1

5 months, 3 weeks

1
3
0 0

How to sign TAs with an HSM?

by Jan Claußen

There is one thing I really don't understand about the offline signing process for TAs using an HSM: In the documentation (https://link.getmailspring.com/link/4CCC8610-79B9-4890-AF1F-7A0AA56F0C20@ge…) it says to generate a keypair with openssl and sign the TAs using the public key as ${TA_SIGN_KEY}. In point 4. the usage of an HSM is described, but since it is not possible to extract the private key from an HSM, I wonder how steps 3.-5. are even possible. Do you mix the previously generated RSA key with the one from the HSM? I cannot image that is as it should be. Can you please clarify this! Thank you

5 months, 3 weeks

5
10
0 0

[PATCH v4 0/2] tee: optee: Fixes for supplicant dependent enumeration

by Sumit Garg

Currently supplicant dependent optee device enumeration only registers devices whenever tee-supplicant is invoked for the first time. But it forgets to remove devices when tee-supplicant daemon stops running and closes its context gracefully. This leads to following error for fTPM driver during reboot/shutdown: [ 73.466791] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024 Fix this by adding an attribute for supplicant dependent devices so that the user-space service can detect and detach supplicant devices before closing the supplicant: $ for dev in /sys/bus/tee/devices/*; do if [[ -f "$dev/need_supplicant" && -f "$dev/driver/unbind" ]]; \ then echo $(basename "$dev") > $dev/driver/unbind; fi done While at it use the global system workqueue for OP-TEE bus scanning work rather than our own custom one. Changes in v4: - Changing the device name would be an ABI break, rather switch to additional device attribute: "need_supplicant" to distinguish for ABI compatibility. - Dropped tested-by for patch #1, I would encourage folks to retest this. Changes in v3: - Split patch into 2 separate ones, one for supplicant fix and other for the workqueue. Changes in v2: - Use device names to separate out tee-supplicant dependent devices via this patch. - Since user-space service is aware about tee-supplicant lifespan, so allow the user-space service to unbind tee-supplicant dependent devices before killing the supplicant. Following command has to be added to the tee-supplicant service file. $ for dev in /sys/bus/tee/devices/*; do if [[ "$dev" == *"optee-ta-supp-"* ]]; \ then echo $(basename "$dev") > $dev/driver/unbind; fi done Sumit Garg (2): tee: optee: Fix supplicant based device enumeration tee: optee: Remove redundant custom workqueue .../ABI/testing/sysfs-bus-optee-devices | 9 +++++++++ drivers/tee/optee/core.c | 13 ++----------- drivers/tee/optee/device.c | 17 +++++++++++++++-- drivers/tee/optee/optee_private.h | 2 -- 4 files changed, 26 insertions(+), 15 deletions(-) -- 2.34.1

5 months, 3 weeks

4
7
0 0

[GIT PULL] OP-TEE fix for 6.7

by Jens Wiklander

Hello arm-soc maintainers, Please pull this OP-TEE driver fix allowing supplicant dependent devices to be detached by user-space before the supplicant service is shut down. Thanks, Jens The following changes since commit ffc253263a1375a65fa6c9f62a893e9767fbebfa: Linux 6.6 (2023-10-29 16:31:08 -1000) are available in the Git repository at: git://git.linaro.org:/people/jens.wiklander/linux-tee.git tags/optee-supplicant-fix-for-v6.7 for you to fetch changes up to 7269cba53d906cf257c139d3b3a53ad272176bca: tee: optee: Fix supplicant based device enumeration (2023-11-03 09:27:20 +0100) ---------------------------------------------------------------- OP-TEE fix for supplicant based device enumeration Adds a sysfs attribute for devices depending on supplicant services so that the user-space service can detect and detach those devices before closing the supplicant ---------------------------------------------------------------- Sumit Garg (1): tee: optee: Fix supplicant based device enumeration Documentation/ABI/testing/sysfs-bus-optee-devices | 9 +++++++++ drivers/tee/optee/device.c | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-)

5 months, 3 weeks

1
0
0 0

Is it possible to sign a TA twice?

by Jan Claußen

I am currently trying to sing a few TAs using the Yocto environment, namely The three in-tree TAs shipped with optee-os oemcrypto needed for widevine For some reason I can't sign oemcrypto successfully using the offline singing method described in the documentation. I could however successfully exchange the default_ta.pem successfully to accomplish the above. optee-os is then built with the exchanged default private key and the oemcrypto recipe pulls this key as dependency. This is not optimal though, since we want to use an HSM for offline signing to increase security. I am therefore suspecting that oemcrypto is somehow signed differently or that that the stripped.elf is somehow different. From what I have read, it should not matter though what you sign you TA with during the build. You can always create the digest, sign and stitch everything back together. For some reason this does not work. If I sideload the oemcrypto TA that was built by exchanging the default_ta.pem file, everything works again. Do you have an idea what is happening here?

5 months, 3 weeks

1
0
0 0

2024

2023

2022

2021

2020

OP-TEE November 2023