- OP-TEE - lists.trustedfirmware.org

Linaro OP-TEE Contribution, LOC, monthly meeting May 28

by Jens Wiklander

Tomorrow (Tuesday), it's time for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ We discussed fTPM last time with some actions (see notes at http://bit.ly/loc-notes): - Linaro to talk to members etc - Jan to continue discussions internally Any other topics? Cheers, Jens

1 year, 1 month

1
0
0 0

[PATCH v6 0/3] Replay Protected Memory Block (RPMB) subsystem

by Jens Wiklander

Hi, This patch set introduces a new RPMB subsystem, based on patches from [1], [2], and [3]. The RPMB subsystem aims at providing access to RPMB partitions to other kernel drivers, in particular the OP-TEE driver. A new user space ABI isn't needed, we can instead continue using the already present ABI when writing the RPMB key during production. I've added and removed things to keep only what is needed by the OP-TEE driver. Since the posting of [3], there has been major changes in the MMC subsystem so "mmc: block: register RPMB partition with the RPMB subsystem" is in practice completely rewritten. With this OP-TEE can access RPMB during early boot instead of having to wait for user space to become available as in the current design [4]. This will benefit the efi variables [5] since we wont rely on userspace as well as some TPM issues [6] that were solved. The OP-TEE driver finds the correct RPMB device to interact with by iterating over available devices until one is found with a programmed authentication matching the one OP-TEE is using. This enables coexisting users of other RPMBs since the owner can be determined by who knows the authentication key. The corresponding secure world OP-TEE patches are available at [7]. I've put myself as a maintainer for the RPMB subsystem as I have an interest in the OP-TEE driver to keep this in good shape. However, if you'd rather see someone else taking the maintainership that's fine too. I'll help keep the subsystem updated regardless. [1] https://lore.kernel.org/lkml/20230722014037.42647-1-shyamsaini@linux.micros… [2] https://lore.kernel.org/lkml/20220405093759.1126835-2-alex.bennee@linaro.or… [3] https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.wi… [4] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#rpm… [5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [7] https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe_v6 Thanks, Jens Changes since v5: Manuel Traut reported and investigated an error on an i.MX8MM, the root cause was identified as insufficient alignment on frames sent to the RPMB device. Fixed in the OP-TEE driver as described below. * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding a missing EXPORT_SYMBOL_GPL() * "optee: probe RPMB device using RPMB subsystem" - Replacing the old OPTEE_RPC_CMD_RPMB ABI with OPTEE_RPC_CMD_RPMB_FRAMES to get rid of the small header struct rpmb_req (now removed) causing the problem. - Matching changes on the secure side + support for re-initializing RPMB in case a boot stage has used RPMB, the latter also reported by Manuel Traut. Changes since v4: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Describing struct rpmb_descr as RPMB description instead of descriptor * "mmc: block: register RPMB partition with the RPMB subsystem" - Addressing review comments - Adding more comments for struct rpmb_frame - Fixing assignment of reliable_wr_count and capacity in mmc_blk_rpmb_add() * "optee: probe RPMB device using RPMB subsystem" - Updating struct rpmb_dev_info to match changes in "rpmb: add Replay Protected Memory Block (RPMB) subsystem" Changes since v3: * Move struct rpmb_frame into the MMC driver since the format of the RPMB frames depend on the implementation, one format for eMMC, another for UFS, and so on * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> - Adding more description of the API functions - Removing the set_dev_info() op from struct rpmb_ops, the needed information is supplied in the arguments to rpmb_dev_register() instead. - Getting rid of struct rpmb_ops since only the route_frames() op was remaining, store that op directly in struct rpmb_dev - Changed rpmb_interface_register() and rpmb_interface_unregister() to use notifier_block instead of implementing the same thing ourselves * "mmc: block: register RPMB partition with the RPMB subsystem" - Moving the call to rpmb_dev_register() to be done at the end of mmc_blk_probe() when the device is fully available * "optee: probe RPMB device using RPMB subsystem" - Use IS_REACHABLE(CONFIG_RPMB) to determine if the RPMB subsystem is available - Translate TEE_ERROR_STORAGE_NOT_AVAILABLE if encountered in get_devices() to recognize the error in optee_rpmb_scan() - Simplified optee_rpmb_scan() and optee_rpmb_intf_rdev() Changes since v2: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Fixing documentation issues - Adding a "depends on MMC" in the Kconfig - Removed the class-device and the embedded device, struct rpmb_dev now relies on the parent device for reference counting as requested - Removed the now unneeded rpmb_ops get_resources() and put_resources() since references are already taken in mmc_blk_alloc_rpmb_part() before rpmb_dev_register() is called - Added rpmb_interface_{,un}register() now that class_interface_{,un}register() can't be used ay longer * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding the missing error cleanup in alloc_idata() - Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part() instead of in mmc_rpmb_chrdev_open() and rpmb_op_mmc_get_resources() * "optee: probe RPMB device using RPMB subsystem" - Registering to get a notification when an RPMB device comes online - Probes for RPMB devices each time an RPMB device comes online, until a usable device is found - When a usable RPMB device is found, call optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB) - Pass type of rpmb in return value from OPTEE_RPC_CMD_RPMB_PROBE_NEXT Changes since Shyam's RFC: * Removed the remaining leftover rpmb_cdev_*() function calls * Refactored the struct rpmb_ops with all the previous ops replaced, in some sense closer to [3] with the route_frames() op * Added rpmb_route_frames() * Added struct rpmb_frame, enum rpmb_op_result, and enum rpmb_type from [3] * Removed all functions not needed in the OP-TEE use case * Added "mmc: block: register RPMB partition with the RPMB subsystem", based on the commit with the same name in [3] * Added "optee: probe RPMB device using RPMB subsystem" for integration with OP-TEE * Moved the RPMB driver into drivers/misc/rpmb-core.c * Added my name to MODULE_AUTHOR() in rpmb-core.c * Added an rpmb_mutex to serialize access to the IDA * Removed the target parameter from all rpmb_*() functions since it's currently unused Jens Wiklander (3): rpmb: add Replay Protected Memory Block (RPMB) subsystem mmc: block: register RPMB partition with the RPMB subsystem optee: probe RPMB device using RPMB subsystem MAINTAINERS | 7 + drivers/misc/Kconfig | 10 ++ drivers/misc/Makefile | 1 + drivers/misc/rpmb-core.c | 233 +++++++++++++++++++++++++++++ drivers/mmc/core/block.c | 241 +++++++++++++++++++++++++++++- drivers/tee/optee/core.c | 30 ++++ drivers/tee/optee/device.c | 7 + drivers/tee/optee/ffa_abi.c | 8 + drivers/tee/optee/optee_private.h | 21 ++- drivers/tee/optee/optee_rpc_cmd.h | 35 +++++ drivers/tee/optee/rpc.c | 166 ++++++++++++++++++++ drivers/tee/optee/smc_abi.c | 7 + include/linux/rpmb.h | 136 +++++++++++++++++ 13 files changed, 899 insertions(+), 3 deletions(-) create mode 100644 drivers/misc/rpmb-core.c create mode 100644 include/linux/rpmb.h -- 2.34.1

1 year, 1 month

3
13
0 0

SSH - OpTee reboot scenario Issue

by Hareesh Das Ulleri

Hello All, [please suggest the email list if this is not the right platform to discuss, sorry for that] We use Op-tee (3.18) in our ARM64 based project (Linux 5.15.14+) for cryption, so basically it is like " OpenSSH -> OpenSSL -> OpTee -> HSM". It works fine until we tried with a test scenario of reboot request via SSH. When we request the system reboot via SSH, the shutting down looks not a graceful way (ssh client connection exception). This is only we add OpTee layer, otherwise everything works fine. I would like to know anyone has encountered similar kind of issue where OpTee has to take care any special shutting down process. Any leads much appreciated ! Thanks & Regards, Hareesh

1 year, 1 month

2
3
0 0

[PATCH v3] optee: add timeout value to optee_notif_wait() to support timeout

by gavin.liu

From: Gavin Liu <gavin.liu(a)mediatek.com> Add timeout value to support self waking when timeout to avoid waiting indefinitely. Signed-off-by: Gavin Liu <gavin.liu(a)mediatek.com> --- change in v3: 1. change the comment in optee_rpc_cmd.h 2. add macro for "TEE_ERROR_TIMEOUT" 3. change from "TEEC_ERROR_BUSY" to "TEE_ERROR_TIMEOUT" --- drivers/tee/optee/notif.c | 9 +++++++-- drivers/tee/optee/optee_private.h | 5 ++++- drivers/tee/optee/optee_rpc_cmd.h | 1 + drivers/tee/optee/rpc.c | 10 ++++++++-- 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/drivers/tee/optee/notif.c b/drivers/tee/optee/notif.c index 0d7878e770cd..1970880c796f 100644 --- a/drivers/tee/optee/notif.c +++ b/drivers/tee/optee/notif.c @@ -29,7 +29,7 @@ static bool have_key(struct optee *optee, u_int key) return false; } -int optee_notif_wait(struct optee *optee, u_int key) +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout) { unsigned long flags; struct notif_entry *entry; @@ -70,7 +70,12 @@ int optee_notif_wait(struct optee *optee, u_int key) * Unlock temporarily and wait for completion. */ spin_unlock_irqrestore(&optee->notif.lock, flags); - wait_for_completion(&entry->c); + if (timeout != 0) { + if (!wait_for_completion_timeout(&entry->c, timeout)) + rc = -ETIMEDOUT; + } else { + wait_for_completion(&entry->c); + } spin_lock_irqsave(&optee->notif.lock, flags); list_del(&entry->link); diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 429cc20be5cc..424898cdc4e9 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -26,6 +26,9 @@ #define TEEC_ERROR_BUSY 0xFFFF000D #define TEEC_ERROR_SHORT_BUFFER 0xFFFF0010 +/* API Return Codes are from the GP TEE Internal Core API Specification */ +#define TEE_ERROR_TIMEOUT 0xFFFF3001 + #define TEEC_ORIGIN_COMMS 0x00000002 /* @@ -252,7 +255,7 @@ struct optee_call_ctx { int optee_notif_init(struct optee *optee, u_int max_key); void optee_notif_uninit(struct optee *optee); -int optee_notif_wait(struct optee *optee, u_int key); +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout); int optee_notif_send(struct optee *optee, u_int key); u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h index f3f06e0994a7..4576751b490c 100644 --- a/drivers/tee/optee/optee_rpc_cmd.h +++ b/drivers/tee/optee/optee_rpc_cmd.h @@ -41,6 +41,7 @@ * Waiting on notification * [in] value[0].a OPTEE_RPC_NOTIFICATION_WAIT * [in] value[0].b notification value + * [in] value[0].c timeout in milliseconds or 0 if no timeout * * Sending a synchronous notification * [in] value[0].a OPTEE_RPC_NOTIFICATION_SEND diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index f086812f1179..5de4504665be 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -130,6 +130,8 @@ static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, static void handle_rpc_func_cmd_wq(struct optee *optee, struct optee_msg_arg *arg) { + int rc = 0; + if (arg->num_params != 1) goto bad; @@ -139,7 +141,8 @@ static void handle_rpc_func_cmd_wq(struct optee *optee, switch (arg->params[0].u.value.a) { case OPTEE_RPC_NOTIFICATION_WAIT: - if (optee_notif_wait(optee, arg->params[0].u.value.b)) + rc = optee_notif_wait(optee, arg->params[0].u.value.b, arg->params[0].u.value.c); + if (rc) goto bad; break; case OPTEE_RPC_NOTIFICATION_SEND: @@ -153,7 +156,10 @@ static void handle_rpc_func_cmd_wq(struct optee *optee, arg->ret = TEEC_SUCCESS; return; bad: - arg->ret = TEEC_ERROR_BAD_PARAMETERS; + if (rc == -ETIMEDOUT) + arg->ret = TEE_ERROR_TIMEOUT; + else + arg->ret = TEEC_ERROR_BAD_PARAMETERS; } static void handle_rpc_func_cmd_wait(struct optee_msg_arg *arg) -- 2.18.0

1 year, 1 month

2
1
0 0

[PATCH v5 0/3] Replay Protected Memory Block (RPMB) subsystem

by Jens Wiklander

Hi, This patch set introduces a new RPMB subsystem, based on patches from [1], [2], and [3]. The RPMB subsystem aims at providing access to RPMB partitions to other kernel drivers, in particular the OP-TEE driver. A new user space ABI isn't needed, we can instead continue using the already present ABI when writing the RPMB key during production. I've added and removed things to keep only what is needed by the OP-TEE driver. Since the posting of [3], there has been major changes in the MMC subsystem so "mmc: block: register RPMB partition with the RPMB subsystem" is in practice completely rewritten. With this OP-TEE can access RPMB during early boot instead of having to wait for user space to become available as in the current design [4]. This will benefit the efi variables [5] since we wont rely on userspace as well as some TPM issues [6] that were solved. The OP-TEE driver finds the correct RPMB device to interact with by iterating over available devices until one is found with a programmed authentication matching the one OP-TEE is using. This enables coexisting users of other RPMBs since the owner can be determined by who knows the authentication key. The corresponding secure world OP-TEE patches are available at [7]. I've put myself as a maintainer for the RPMB subsystem as I have an interest in the OP-TEE driver to keep this in good shape. However, if you'd rather see someone else taking the maintainership that's fine too. I'll help keep the subsystem updated regardless. [1] https://lore.kernel.org/lkml/20230722014037.42647-1-shyamsaini@linux.micros… [2] https://lore.kernel.org/lkml/20220405093759.1126835-2-alex.bennee@linaro.or… [3] https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.wi… [4] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#rpm… [5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [7] https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe Thanks, Jens Changes since v4: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Describing struct rpmb_descr as RPMB description instead of descriptor * "mmc: block: register RPMB partition with the RPMB subsystem" - Addressing review comments - Adding more comments for struct rpmb_frame - Fixing assignment of reliable_wr_count and capacity in mmc_blk_rpmb_add() * "optee: probe RPMB device using RPMB subsystem" - Updating struct rpmb_dev_info to match changes in "rpmb: add Replay Protected Memory Block (RPMB) subsystem" Changes since v3: * Move struct rpmb_frame into the MMC driver since the format of the RPMB frames depend on the implementation, one format for eMMC, another for UFS, and so on * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> - Adding more description of the API functions - Removing the set_dev_info() op from struct rpmb_ops, the needed information is supplied in the arguments to rpmb_dev_register() instead. - Getting rid of struct rpmb_ops since only the route_frames() op was remaining, store that op directly in struct rpmb_dev - Changed rpmb_interface_register() and rpmb_interface_unregister() to use notifier_block instead of implementing the same thing ourselves * "mmc: block: register RPMB partition with the RPMB subsystem" - Moving the call to rpmb_dev_register() to be done at the end of mmc_blk_probe() when the device is fully available * "optee: probe RPMB device using RPMB subsystem" - Use IS_REACHABLE(CONFIG_RPMB) to determine if the RPMB subsystem is available - Translate TEE_ERROR_STORAGE_NOT_AVAILABLE if encountered in get_devices() to recognize the error in optee_rpmb_scan() - Simplified optee_rpmb_scan() and optee_rpmb_intf_rdev() Changes since v2: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Fixing documentation issues - Adding a "depends on MMC" in the Kconfig - Removed the class-device and the embedded device, struct rpmb_dev now relies on the parent device for reference counting as requested - Removed the now unneeded rpmb_ops get_resources() and put_resources() since references are already taken in mmc_blk_alloc_rpmb_part() before rpmb_dev_register() is called - Added rpmb_interface_{,un}register() now that class_interface_{,un}register() can't be used ay longer * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding the missing error cleanup in alloc_idata() - Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part() instead of in mmc_rpmb_chrdev_open() and rpmb_op_mmc_get_resources() * "optee: probe RPMB device using RPMB subsystem" - Registering to get a notification when an RPMB device comes online - Probes for RPMB devices each time an RPMB device comes online, until a usable device is found - When a usable RPMB device is found, call optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB) - Pass type of rpmb in return value from OPTEE_RPC_CMD_RPMB_PROBE_NEXT Changes since Shyam's RFC: * Removed the remaining leftover rpmb_cdev_*() function calls * Refactored the struct rpmb_ops with all the previous ops replaced, in some sense closer to [3] with the route_frames() op * Added rpmb_route_frames() * Added struct rpmb_frame, enum rpmb_op_result, and enum rpmb_type from [3] * Removed all functions not needed in the OP-TEE use case * Added "mmc: block: register RPMB partition with the RPMB subsystem", based on the commit with the same name in [3] * Added "optee: probe RPMB device using RPMB subsystem" for integration with OP-TEE * Moved the RPMB driver into drivers/misc/rpmb-core.c * Added my name to MODULE_AUTHOR() in rpmb-core.c * Added an rpmb_mutex to serialize access to the IDA * Removed the target parameter from all rpmb_*() functions since it's currently unused Jens Wiklander (3): rpmb: add Replay Protected Memory Block (RPMB) subsystem mmc: block: register RPMB partition with the RPMB subsystem optee: probe RPMB device using RPMB subsystem MAINTAINERS | 7 + drivers/misc/Kconfig | 10 ++ drivers/misc/Makefile | 1 + drivers/misc/rpmb-core.c | 232 ++++++++++++++++++++++++++++ drivers/mmc/core/block.c | 241 +++++++++++++++++++++++++++++- drivers/tee/optee/core.c | 30 ++++ drivers/tee/optee/device.c | 7 + drivers/tee/optee/ffa_abi.c | 8 + drivers/tee/optee/optee_private.h | 21 ++- drivers/tee/optee/optee_rpc_cmd.h | 35 +++++ drivers/tee/optee/rpc.c | 232 ++++++++++++++++++++++++++++ drivers/tee/optee/smc_abi.c | 7 + include/linux/rpmb.h | 136 +++++++++++++++++ 13 files changed, 964 insertions(+), 3 deletions(-) create mode 100644 drivers/misc/rpmb-core.c create mode 100644 include/linux/rpmb.h -- 2.34.1

1 year, 1 month

3
25
0 0

Re: [PATCH v2] optee: add timeout value to optee_notif_wait() to support timeout

by Jens Wiklander

On Mon, May 6, 2024 at 10:19 AM Gavin Liu (劉哲廷) <Gavin.Liu(a)mediatek.com> wrote: > > Hi Jens, > > Thanks for the reviews. > > On Mon, 2024-05-06 at 09:48 +0200, Jens Wiklander wrote: > > > > External email : Please do not click links or open attachments until > > you have verified the sender or the content. > > On Thu, May 2, 2024 at 10:56 AM gavin.liu <gavin.liu(a)mediatek.com> > > wrote: > > > > > > From: Gavin Liu <gavin.liu(a)mediatek.com> > > > > > > Add timeout value to support self waking when timeout to avoid > > waiting > > > indefinitely. > > > > > > Signed-off-by: Gavin Liu <gavin.liu(a)mediatek.com> > > > --- > > > Change in v2: > > > Change commit message. > > > Add description for value[0].c in optee_rpc_cmd.h. > > > --- > > > --- > > > drivers/tee/optee/notif.c | 9 +++++++-- > > > drivers/tee/optee/optee_private.h | 2 +- > > > drivers/tee/optee/optee_rpc_cmd.h | 1 + > > > drivers/tee/optee/rpc.c | 10 ++++++++-- > > > 4 files changed, 17 insertions(+), 5 deletions(-) > > > > > > diff --git a/drivers/tee/optee/notif.c b/drivers/tee/optee/notif.c > > > index 05212842b0a5..d5e5c0645609 100644 > > > --- a/drivers/tee/optee/notif.c > > > +++ b/drivers/tee/optee/notif.c > > > @@ -29,7 +29,7 @@ static bool have_key(struct optee *optee, u_int > > key) > > > return false; > > > } > > > > > > -int optee_notif_wait(struct optee *optee, u_int key) > > > +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout) > > > { > > > unsigned long flags; > > > struct notif_entry *entry; > > > @@ -70,7 +70,12 @@ int optee_notif_wait(struct optee *optee, u_int > > key) > > > * Unlock temporarily and wait for completion. > > > */ > > > spin_unlock_irqrestore(&optee->notif.lock, flags); > > > - wait_for_completion(&entry->c); > > > + if (timeout != 0) { > > > + if (!wait_for_completion_timeout(&entry->c, > > timeout)) > > > + rc = -ETIMEDOUT; > > > + } else { > > > + wait_for_completion(&entry->c); > > > + } > > > spin_lock_irqsave(&optee->notif.lock, flags); > > > > > > list_del(&entry->link); > > > diff --git a/drivers/tee/optee/optee_private.h > > b/drivers/tee/optee/optee_private.h > > > index 7a5243c78b55..da990c4016ec 100644 > > > --- a/drivers/tee/optee/optee_private.h > > > +++ b/drivers/tee/optee/optee_private.h > > > @@ -252,7 +252,7 @@ struct optee_call_ctx { > > > > > > int optee_notif_init(struct optee *optee, u_int max_key); > > > void optee_notif_uninit(struct optee *optee); > > > -int optee_notif_wait(struct optee *optee, u_int key); > > > +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout); > > > int optee_notif_send(struct optee *optee, u_int key); > > > > > > u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t > > num_params, > > > diff --git a/drivers/tee/optee/optee_rpc_cmd.h > > b/drivers/tee/optee/optee_rpc_cmd.h > > > index f3f06e0994a7..99342aa66263 100644 > > > --- a/drivers/tee/optee/optee_rpc_cmd.h > > > +++ b/drivers/tee/optee/optee_rpc_cmd.h > > > @@ -41,6 +41,7 @@ > > > * Waiting on notification > > > * [in] value[0].a OPTEE_RPC_NOTIFICATION_WAIT > > > * [in] value[0].b notification value > > > + * [in] value[0].c timeout in millisecond or 0 if no > > timeout > > > > milliseconds > > Ok, I'll change it. > > > > > > * > > > * Sending a synchronous notification > > > * [in] value[0].a OPTEE_RPC_NOTIFICATION_SEND > > > diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c > > > index e69bc6380683..14e6246aaf05 100644 > > > --- a/drivers/tee/optee/rpc.c > > > +++ b/drivers/tee/optee/rpc.c > > > @@ -130,6 +130,8 @@ static void > > handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, > > > static void handle_rpc_func_cmd_wq(struct optee *optee, > > > struct optee_msg_arg *arg) > > > { > > > + int rc = 0; > > > + > > > if (arg->num_params != 1) > > > goto bad; > > > > > > @@ -139,7 +141,8 @@ static void handle_rpc_func_cmd_wq(struct optee > > *optee, > > > > > > switch (arg->params[0].u.value.a) { > > > case OPTEE_RPC_NOTIFICATION_WAIT: > > > - if (optee_notif_wait(optee, arg- > > >params[0].u.value.b)) > > > + rc = optee_notif_wait(optee, arg- > > >params[0].u.value.b, arg->params[0].u.value.c); > > > + if (rc) > > > goto bad; > > > break; > > > case OPTEE_RPC_NOTIFICATION_SEND: > > > @@ -153,7 +156,10 @@ static void handle_rpc_func_cmd_wq(struct > > optee *optee, > > > arg->ret = TEEC_SUCCESS; > > > return; > > > bad: > > > - arg->ret = TEEC_ERROR_BAD_PARAMETERS; > > > + if (rc == -ETIMEDOUT) > > > + arg->ret = TEEC_ERROR_BUSY; > > > > TEEC_ERROR_BUSY is confusing. How about TEE_ERROR_TIMEOUT? We > > normally > > only use TEEC_XXX error codes, but GP doesn't define a > > TEEC_ERROR_TIMEOUT so it's better to use the GP-defined > > TEE_ERROR_TIMEOUT. > > > > Cheers, > > Jens > > > > Agreed, we also use TEE_ERROR_TIMEOUT in the corresponding patch for > optee-os. But, the "TEE_ERROR_TIMEOUT" is currently undefined in Linux > Kernel. Do you have a suggestion for which header would be better to > place it in? Please put it in drivers/tee/optee/optee_private.h below TEEC_ERROR_SHORT_BUFFER with a comment that it's from the GP TEE Internal Core API Specification. Cheers, Jens

1 year, 1 month

1
0
0 0

[PATCH v2] optee: add timeout value to optee_notif_wait() to support timeout

by gavin.liu

From: Gavin Liu <gavin.liu(a)mediatek.com> Add timeout value to support self waking when timeout to avoid waiting indefinitely. Signed-off-by: Gavin Liu <gavin.liu(a)mediatek.com> --- Change in v2: Change commit message. Add description for value[0].c in optee_rpc_cmd.h. --- --- drivers/tee/optee/notif.c | 9 +++++++-- drivers/tee/optee/optee_private.h | 2 +- drivers/tee/optee/optee_rpc_cmd.h | 1 + drivers/tee/optee/rpc.c | 10 ++++++++-- 4 files changed, 17 insertions(+), 5 deletions(-) diff --git a/drivers/tee/optee/notif.c b/drivers/tee/optee/notif.c index 05212842b0a5..d5e5c0645609 100644 --- a/drivers/tee/optee/notif.c +++ b/drivers/tee/optee/notif.c @@ -29,7 +29,7 @@ static bool have_key(struct optee *optee, u_int key) return false; } -int optee_notif_wait(struct optee *optee, u_int key) +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout) { unsigned long flags; struct notif_entry *entry; @@ -70,7 +70,12 @@ int optee_notif_wait(struct optee *optee, u_int key) * Unlock temporarily and wait for completion. */ spin_unlock_irqrestore(&optee->notif.lock, flags); - wait_for_completion(&entry->c); + if (timeout != 0) { + if (!wait_for_completion_timeout(&entry->c, timeout)) + rc = -ETIMEDOUT; + } else { + wait_for_completion(&entry->c); + } spin_lock_irqsave(&optee->notif.lock, flags); list_del(&entry->link); diff --git a/drivers/tee/optee/optee_private.h b/drivers/tee/optee/optee_private.h index 7a5243c78b55..da990c4016ec 100644 --- a/drivers/tee/optee/optee_private.h +++ b/drivers/tee/optee/optee_private.h @@ -252,7 +252,7 @@ struct optee_call_ctx { int optee_notif_init(struct optee *optee, u_int max_key); void optee_notif_uninit(struct optee *optee); -int optee_notif_wait(struct optee *optee, u_int key); +int optee_notif_wait(struct optee *optee, u_int key, u32 timeout); int optee_notif_send(struct optee *optee, u_int key); u32 optee_supp_thrd_req(struct tee_context *ctx, u32 func, size_t num_params, diff --git a/drivers/tee/optee/optee_rpc_cmd.h b/drivers/tee/optee/optee_rpc_cmd.h index f3f06e0994a7..99342aa66263 100644 --- a/drivers/tee/optee/optee_rpc_cmd.h +++ b/drivers/tee/optee/optee_rpc_cmd.h @@ -41,6 +41,7 @@ * Waiting on notification * [in] value[0].a OPTEE_RPC_NOTIFICATION_WAIT * [in] value[0].b notification value + * [in] value[0].c timeout in millisecond or 0 if no timeout * * Sending a synchronous notification * [in] value[0].a OPTEE_RPC_NOTIFICATION_SEND diff --git a/drivers/tee/optee/rpc.c b/drivers/tee/optee/rpc.c index e69bc6380683..14e6246aaf05 100644 --- a/drivers/tee/optee/rpc.c +++ b/drivers/tee/optee/rpc.c @@ -130,6 +130,8 @@ static void handle_rpc_func_cmd_i2c_transfer(struct tee_context *ctx, static void handle_rpc_func_cmd_wq(struct optee *optee, struct optee_msg_arg *arg) { + int rc = 0; + if (arg->num_params != 1) goto bad; @@ -139,7 +141,8 @@ static void handle_rpc_func_cmd_wq(struct optee *optee, switch (arg->params[0].u.value.a) { case OPTEE_RPC_NOTIFICATION_WAIT: - if (optee_notif_wait(optee, arg->params[0].u.value.b)) + rc = optee_notif_wait(optee, arg->params[0].u.value.b, arg->params[0].u.value.c); + if (rc) goto bad; break; case OPTEE_RPC_NOTIFICATION_SEND: @@ -153,7 +156,10 @@ static void handle_rpc_func_cmd_wq(struct optee *optee, arg->ret = TEEC_SUCCESS; return; bad: - arg->ret = TEEC_ERROR_BAD_PARAMETERS; + if (rc == -ETIMEDOUT) + arg->ret = TEEC_ERROR_BUSY; + else + arg->ret = TEEC_ERROR_BAD_PARAMETERS; } static void handle_rpc_func_cmd_wait(struct optee_msg_arg *arg) -- 2.18.0

1 year, 1 month

2
1
0 0

[GIT PULL] TEE driver for Trusted Services

by Jens Wiklander

Hello arm-soc maintainers, Please pull these patches that introduces a TEE driver for Trusted Services. You can see more details below from the signed tag. These patches have been in for a few weeks. Thanks, Jens The following changes since commit 4cece764965020c22cff7665b18a012006359095: Linux 6.9-rc1 (2024-03-24 14:10:05 -0700) are available in the Git repository at: https://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/tee-ts-for-v6.10 for you to fetch changes up to 31611cc8faa082a96009c29822d9906d893cce57: MAINTAINERS: tee: tstee: Add entry (2024-04-03 14:03:09 +0200) ---------------------------------------------------------------- TEE driver for Trusted Services This introduces a TEE driver for Trusted Services [1]. Trusted Services is a TrustedFirmware.org project that provides a framework for developing and deploying device Root of Trust services in FF-A [2] Secure Partitions. The project hosts the reference implementation of Arm Platform Security Architecture [3] for Arm A-profile devices. The FF-A Secure Partitions are accessible through the FF-A driver in Linux. However, the FF-A driver doesn't have a user space interface so user space clients currently cannot access Trusted Services. The goal of this TEE driver is to bridge this gap and make Trusted Services functionality accessible from user space. [1] https://www.trustedfirmware.org/projects/trusted-services/ [2] https://developer.arm.com/documentation/den0077/ [3] https://www.arm.com/architecture/security-features/platform-security ---------------------------------------------------------------- Balint Dobszay (4): tee: optee: Move pool_op helper functions tee: tstee: Add Trusted Services TEE driver Documentation: tee: Add TS-TEE driver MAINTAINERS: tee: tstee: Add entry Sumit Garg (1): tee: Refactor TEE subsystem header files Documentation/tee/index.rst | 1 + Documentation/tee/ts-tee.rst | 71 ++++++ MAINTAINERS | 10 + drivers/tee/Kconfig | 1 + drivers/tee/Makefile | 1 + drivers/tee/amdtee/amdtee_private.h | 2 +- drivers/tee/amdtee/call.c | 2 +- drivers/tee/amdtee/core.c | 3 +- drivers/tee/amdtee/shm_pool.c | 2 +- drivers/tee/optee/call.c | 2 +- drivers/tee/optee/core.c | 66 +---- drivers/tee/optee/device.c | 2 +- drivers/tee/optee/ffa_abi.c | 8 +- drivers/tee/optee/notif.c | 2 +- drivers/tee/optee/optee_private.h | 14 +- drivers/tee/optee/rpc.c | 2 +- drivers/tee/optee/smc_abi.c | 11 +- drivers/tee/tee_core.c | 2 +- drivers/tee/tee_private.h | 35 --- drivers/tee/tee_shm.c | 67 ++++- drivers/tee/tee_shm_pool.c | 2 +- drivers/tee/tstee/Kconfig | 11 + drivers/tee/tstee/Makefile | 3 + drivers/tee/tstee/core.c | 480 ++++++++++++++++++++++++++++++++++++ drivers/tee/tstee/tstee_private.h | 92 +++++++ include/linux/tee_core.h | 306 +++++++++++++++++++++++ include/linux/tee_drv.h | 285 +++------------------ include/uapi/linux/tee.h | 1 + 28 files changed, 1095 insertions(+), 389 deletions(-) create mode 100644 Documentation/tee/ts-tee.rst create mode 100644 drivers/tee/tstee/Kconfig create mode 100644 drivers/tee/tstee/Makefile create mode 100644 drivers/tee/tstee/core.c create mode 100644 drivers/tee/tstee/tstee_private.h create mode 100644 include/linux/tee_core.h

1 year, 2 months

1
0
0 0

[GIT PULL] OP-TEE convert platform callback for v6.10

by Jens Wiklander

Hello arm-soc maitainers, Please pull this small patch converting the platform remove callback to return void for the OP-TEE driver. Thanks, Jens The following changes since commit 4cece764965020c22cff7665b18a012006359095: Linux 6.9-rc1 (2024-03-24 14:10:05 -0700) are available in the Git repository at: https://git.linaro.org/people/jens.wiklander/linux-tee.git/ tags/optee-convert-platform-remove-callback-for-v6.10 for you to fetch changes up to 5c794301eb4e5373822e8898661bacdc7f46ba14: tee: optee: smc: Convert to platform remove callback returning void (2024-03-25 11:51:06 +0100) ---------------------------------------------------------------- OP-TEE Convert to platform remove callback returning void ---------------------------------------------------------------- Uwe Kleine-König (1): tee: optee: smc: Convert to platform remove callback returning void drivers/tee/optee/smc_abi.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)

1 year, 2 months

1
0
0 0

Re: rk3399 issue: no DMA in Linux with mainline TF-A and U-Boot SPL

by kever.yang＠rock-chips.com

The content of this message was lost. It was probably cross-posted to multiple lists and previously handled on another list.

1 year, 2 months

3
2
0 0

2025

2024

2023

2022

2021

2020

OP-TEE