- OP-TEE - lists.trustedfirmware.org

[PATCH 1/2] mmc: block: add RPMB dependency

by Jens Wiklander

Prevent build error when CONFIG_RPMB=m and CONFIG_MMC_BLOCK=y by adding a dependency to CONFIG_RPMB for CONFIG_MMC_BLOCK block so the RPMB subsystem always is reachable if configured. This means that CONFIG_MMC_BLOCK automatically becomes compiled as a module if CONFIG_RPMB is compiled as a module. If CONFIG_RPMB isn't configured or is configured as built-in, CONFIG_MMC_BLOCK will remain unchanged. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202409021448.RSvcBPzt-lkp@intel.com/ Fixes: 7852028a35f0 ("mmc: block: register RPMB partition with the RPMB subsystem") Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> --- Replacing "rpmb: use IS_REACHABLE instead of IS_ENABLED" https://lore.kernel.org/lkml/20240902080727.2665235-1-jens.wiklander@linaro… --- drivers/mmc/core/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mmc/core/Kconfig b/drivers/mmc/core/Kconfig index bf4e29ef023c..14d2ecbb04d3 100644 --- a/drivers/mmc/core/Kconfig +++ b/drivers/mmc/core/Kconfig @@ -37,6 +37,7 @@ config PWRSEQ_SIMPLE config MMC_BLOCK tristate "MMC block device driver" depends on BLOCK + depends on RPMB || !RPMB imply IOSCHED_BFQ default y help -- 2.34.1

2 months, 3 weeks

3
4
0 0

[PATCH v2 0/7] firmware: arm_ffa: FF-A basic v1.2 support

by Sudeep Holla

This series add basic support for FF-A v1.2. It mainly includes support for newly added: 1. FFA_MSG_SEND_DIRECT_{REQ,RESP}2 2. FFA_PARTITION_INFO_GET_REGS 3. FFA_YIELD support in direct messaging Apart from these, the changes include support to fetch the Rx/Tx buffer size using FFA_FEATURES, addition of the FF-A FIDs for v1.2 and some coding style cleanups. Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> --- Changes in v2: - Fixed allmodconfig build. The issue is with memcpy when FORTIFY_SOURCE is enabled. - Fixed the return value copied back when the response is FFA_MSG_SEND_DIRECT_RESP2 - Link to v1: https://lore.kernel.org/r/20240814-ffa_v1-2-v1-0-9e9abef69b21@arm.com --- Sudeep Holla (7): firmware: arm_ffa: Some coding style fixes firmware: arm_ffa: Update the FF-A command list with v1.2 additions firmware: arm_ffa: Move the function ffa_features() earlier firmware: arm_ffa: Add support for FFA_PARTITION_INFO_GET_REGS firmware: arm_ffa: Add support for FFA_MSG_SEND_DIRECT_{REQ,RESP}2 firmware: arm_ffa: Add support for FFA_YIELD in direct messaging firmware: arm_ffa: Fetch the Rx/Tx buffer size using ffa_features() drivers/firmware/arm_ffa/driver.c | 240 +++++++++++++++++++++++++++++--------- include/linux/arm_ffa.h | 12 ++ 2 files changed, 195 insertions(+), 57 deletions(-) --- base-commit: 47ac09b91befbb6a235ab620c32af719f8208399 change-id: 20240814-ffa_v1-2-6c33798743f3 Best regards, -- Regards, Sudeep

2 months, 4 weeks

1
8
0 0

Linaro OP-TEE Contribution, LOC, monthly meeting August 27

by Jens Wiklander

Hi, Tomorrow, Tuesday, it's time for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ The RPMB patches to handle RPMB processing internally in the kernel are about to be merged, see https://lore.kernel.org/lkml/20240814153558.708365-1-jens.wiklander@linaro.…. Progress on fTPM have slowed down recently. Jan and colleagues at Siemens have published patches at https://github.com/zeschg/ms-tpm-20-ref/tree/feat_add_tee_crypto replacing the third-party crypto library with TEE Internal core API. Good work! What should be our next step? Are there any other topics? Cheers, Jens

2 months, 4 weeks

2
2
0 0

[PATCH v9 0/4] Replay Protected Memory Block (RPMB) subsystem

by Jens Wiklander

Hi, This patch set is getting ready to be queued for the next merge window. The issues reported by Mikka in the v7 patch set has been resolved, the issues turned out to be outside of the v7 patch set relating to configuration in the secure world. I'm planning a pull request to arm-soc, but before that I'd rather have acks or at least an OK for: - "rpmb: add Replay Protected Memory Block (RPMB) subsystem" by Greg - "mmc: block: register RPMB partition with the RPMB subsystem" by Ulf Arnd, please let me know if anything else is missing. This patch set introduces a new RPMB subsystem, based on patches from [1], [2], and [3]. The RPMB subsystem aims at providing access to RPMB partitions to other kernel drivers, in particular the OP-TEE driver. A new user space ABI isn't needed, we can instead continue using the already present ABI when writing the RPMB key during production. I've added and removed things to keep only what is needed by the OP-TEE driver. Since the posting of [3], there has been major changes in the MMC subsystem so "mmc: block: register RPMB partition with the RPMB subsystem" is in practice completely rewritten. With this OP-TEE can access RPMB during early boot instead of having to wait for user space to become available as in the current design [4]. This will benefit the efi variables [5] since we won't rely on userspace as well as some TPM issues [6] that were solved. The OP-TEE driver finds the correct RPMB device to interact with by iterating over available devices until one is found with a programmed authentication matching the one OP-TEE is using. This enables coexisting users of other RPMBs since the owner can be determined by who knows the authentication key. The corresponding secure world OP-TEE patches are available at [7]. I've put myself as a maintainer for the RPMB subsystem as I have an interest in the OP-TEE driver to keep this in good shape. However, if you'd rather see someone else taking the maintainership that's fine too. I'll help keep the subsystem updated regardless. [1] https://lore.kernel.org/lkml/20230722014037.42647-1-shyamsaini@linux.micros… [2] https://lore.kernel.org/lkml/20220405093759.1126835-2-alex.bennee@linaro.or… [3] https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.wi… [4] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#rpm… [5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [7] https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe_v8 Thanks, Jens Changes since v8: * Moved changes to drivers/misc/rpmb-core.c and include/linux/rpmb.h from "tee: add tee_device_set_dev_groups()" to "rpmb: add Replay Protected Memory Block (RPMB) subsystem" * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - reverted license change of include/linux/rpmb.h introduced in [2] back to GLP-2.0 as in [3] - Small documentation fixes reported by kernel test robot <lkp(a)intel.com> * "mmc: block: register RPMB partition with the RPMB subsystem" - Small documentation fixes reported by kernel test robot <lkp(a)intel.com> - Silencing a "sparse: cast to restricted __be32" warning reported by kernel test robot <lkp(a)intel.com> * "optee: probe RPMB device using RPMB subsystem" - replaced IS_ENABLED(CONFIG_RPMB) with IS_REACHABLE(CONFIG_RPMB) - Added Reviewed-by: Sumit Garg <sumit.garg(a)linaro.org> Changes since v7: * Rebased on v6.11-rc1 * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> * "tee: add tee_device_set_dev_groups()" - Declaring tee_device_set_dev_groups() in the recently introduced include/linux/tee_core.h Changes since v6: * Add Tested-by: Manuel Traut <manut(a)mecka.net> provided for the v6 * Add a new patch "tee: add tee_device_set_dev_groups()" needed later in the patch set * Reintroduce the rpmb_class as requested by Greg, this affects the patches "rpmb: add Replay Protected Memory Block (RPMB) subsystem" and "optee: probe RPMB device using RPMB subsystem" * "rpmb: add Replay Protected Memory Block (RPMB) subsystem": - rpmb_interface_{,un}register() are now based on class_interface_{,un}register() - Embed a separate device in struct rpmb_dev for life cycle management etc * "optee: probe RPMB device using RPMB subsystem" - Add an internal blocking_notifier to deal with the struct class_interface callback - Add a rpmb_routing_model variable in sysfs to help integration with systemd, requested by Mikko Rapeli - Add an RPMB probe capability flag in the ABI shared with the secure world, both SMC and FF-A ABI, needed to support the rpmb_routing_model variable - optee_rpc_cmd() is strict whether an RPMB RPC request should be forwarded to tee-supplicant or routed via the RPMB subsystem, depending on the reported RPMB routing model Changes since v5: Manuel Traut reported and investigated an error on an i.MX8MM, the root cause was identified as insufficient alignment on frames sent to the RPMB device. Fixed in the OP-TEE driver as described below. * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding a missing EXPORT_SYMBOL_GPL() * "optee: probe RPMB device using RPMB subsystem" - Replacing the old OPTEE_RPC_CMD_RPMB ABI with OPTEE_RPC_CMD_RPMB_FRAMES to get rid of the small header struct rpmb_req (now removed) causing the problem. - Matching changes on the secure side + support for re-initializing RPMB in case a boot stage has used RPMB, the latter also reported by Manuel Traut. Changes since v4: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Describing struct rpmb_descr as RPMB description instead of descriptor * "mmc: block: register RPMB partition with the RPMB subsystem" - Addressing review comments - Adding more comments for struct rpmb_frame - Fixing assignment of reliable_wr_count and capacity in mmc_blk_rpmb_add() * "optee: probe RPMB device using RPMB subsystem" - Updating struct rpmb_dev_info to match changes in "rpmb: add Replay Protected Memory Block (RPMB) subsystem" Changes since v3: * Move struct rpmb_frame into the MMC driver since the format of the RPMB frames depend on the implementation, one format for eMMC, another for UFS, and so on * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> - Adding more description of the API functions - Removing the set_dev_info() op from struct rpmb_ops, the needed information is supplied in the arguments to rpmb_dev_register() instead. - Getting rid of struct rpmb_ops since only the route_frames() op was remaining, store that op directly in struct rpmb_dev - Changed rpmb_interface_register() and rpmb_interface_unregister() to use notifier_block instead of implementing the same thing ourselves * "mmc: block: register RPMB partition with the RPMB subsystem" - Moving the call to rpmb_dev_register() to be done at the end of mmc_blk_probe() when the device is fully available * "optee: probe RPMB device using RPMB subsystem" - Use IS_REACHABLE(CONFIG_RPMB) to determine if the RPMB subsystem is available - Translate TEE_ERROR_STORAGE_NOT_AVAILABLE if encountered in get_devices() to recognize the error in optee_rpmb_scan() - Simplified optee_rpmb_scan() and optee_rpmb_intf_rdev() Changes since v2: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Fixing documentation issues - Adding a "depends on MMC" in the Kconfig - Removed the class-device and the embedded device, struct rpmb_dev now relies on the parent device for reference counting as requested - Removed the now unneeded rpmb_ops get_resources() and put_resources() since references are already taken in mmc_blk_alloc_rpmb_part() before rpmb_dev_register() is called - Added rpmb_interface_{,un}register() now that class_interface_{,un}register() can't be used ay longer * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding the missing error cleanup in alloc_idata() - Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part() instead of in mmc_rpmb_chrdev_open() and rpmb_op_mmc_get_resources() * "optee: probe RPMB device using RPMB subsystem" - Registering to get a notification when an RPMB device comes online - Probes for RPMB devices each time an RPMB device comes online, until a usable device is found - When a usable RPMB device is found, call optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB) - Pass type of rpmb in return value from OPTEE_RPC_CMD_RPMB_PROBE_NEXT Changes since Shyam's RFC: * Removed the remaining leftover rpmb_cdev_*() function calls * Refactored the struct rpmb_ops with all the previous ops replaced, in some sense closer to [3] with the route_frames() op * Added rpmb_route_frames() * Added struct rpmb_frame, enum rpmb_op_result, and enum rpmb_type from [3] * Removed all functions not needed in the OP-TEE use case * Added "mmc: block: register RPMB partition with the RPMB subsystem", based on the commit with the same name in [3] * Added "optee: probe RPMB device using RPMB subsystem" for integration with OP-TEE * Moved the RPMB driver into drivers/misc/rpmb-core.c * Added my name to MODULE_AUTHOR() in rpmb-core.c * Added an rpmb_mutex to serialize access to the IDA * Removed the target parameter from all rpmb_*() functions since it's currently unused Jens Wiklander (4): rpmb: add Replay Protected Memory Block (RPMB) subsystem mmc: block: register RPMB partition with the RPMB subsystem tee: add tee_device_set_dev_groups() optee: probe RPMB device using RPMB subsystem Documentation/ABI/testing/sysfs-class-tee | 15 ++ MAINTAINERS | 8 + drivers/misc/Kconfig | 10 + drivers/misc/Makefile | 1 + drivers/misc/rpmb-core.c | 233 +++++++++++++++++++++ drivers/mmc/core/block.c | 242 +++++++++++++++++++++- drivers/tee/optee/core.c | 96 ++++++++- drivers/tee/optee/device.c | 7 + drivers/tee/optee/ffa_abi.c | 14 ++ drivers/tee/optee/optee_ffa.h | 2 + drivers/tee/optee/optee_private.h | 26 ++- drivers/tee/optee/optee_rpc_cmd.h | 35 ++++ drivers/tee/optee/optee_smc.h | 2 + drivers/tee/optee/rpc.c | 177 ++++++++++++++++ drivers/tee/optee/smc_abi.c | 14 ++ drivers/tee/tee_core.c | 19 +- include/linux/rpmb.h | 123 +++++++++++ include/linux/tee_core.h | 12 ++ 18 files changed, 1026 insertions(+), 10 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-class-tee create mode 100644 drivers/misc/rpmb-core.c create mode 100644 include/linux/rpmb.h -- 2.34.1

2 months, 4 weeks

4
13
0 0

[PATCH 0/7] firmware: arm_ffa: FF-A basic v1.2 support

by Sudeep Holla

This series add basic support for FF-A v1.2. It mainly includes support for newly added: 1. FFA_MSG_SEND_DIRECT_{REQ,RESP}2 2. FFA_PARTITION_INFO_GET_REGS 3. FFA_YIELD support in direct messaging Apart from these, the changes include support to fetch the Rx/Tx buffer size using FFA_FEATURES, addition of the FF-A FIDs for v1.2 and some coding style cleanups. Signed-off-by: Sudeep Holla <sudeep.holla(a)arm.com> --- Sudeep Holla (7): firmware: arm_ffa: Some coding style fixes firmware: arm_ffa: Update the FF-A command list with v1.2 additions firmware: arm_ffa: Move the function ffa_features() earlier firmware: arm_ffa: Add support for FFA_PARTITION_INFO_GET_REGS firmware: arm_ffa: Add support for FFA_MSG_SEND_DIRECT_{REQ,RESP}2 firmware: arm_ffa: Add support for FFA_YIELD in direct messaging firmware: arm_ffa: Fetch the Rx/Tx buffer size using ffa_features() drivers/firmware/arm_ffa/driver.c | 240 +++++++++++++++++++++++++++++--------- include/linux/arm_ffa.h | 12 ++ 2 files changed, 195 insertions(+), 57 deletions(-) --- base-commit: 7c626ce4bae1ac14f60076d00eafe71af30450ba change-id: 20240814-ffa_v1-2-6c33798743f3 Best regards, -- Regards, Sudeep

3 months, 1 week

1
7
0 0

[PATCH v8 0/4] Replay Protected Memory Block (RPMB) subsystem

by Jens Wiklander

Hi, This patch set is getting ready to be queued for the next merge window. The issues reported by Mikka in the previous patch set has been resolved, the issues turned out to be outside of this patch set relating to configuration in the secure world. I'm planning a pull request to arm-soc, but before that I'd rather have acks or at least an OK for: - "rpmb: add Replay Protected Memory Block (RPMB) subsystem" by Greg - "mmc: block: register RPMB partition with the RPMB subsystem" by Ulf Arnd, please let me know if anything else is missing. This patch set introduces a new RPMB subsystem, based on patches from [1], [2], and [3]. The RPMB subsystem aims at providing access to RPMB partitions to other kernel drivers, in particular the OP-TEE driver. A new user space ABI isn't needed, we can instead continue using the already present ABI when writing the RPMB key during production. I've added and removed things to keep only what is needed by the OP-TEE driver. Since the posting of [3], there has been major changes in the MMC subsystem so "mmc: block: register RPMB partition with the RPMB subsystem" is in practice completely rewritten. With this OP-TEE can access RPMB during early boot instead of having to wait for user space to become available as in the current design [4]. This will benefit the efi variables [5] since we won't rely on userspace as well as some TPM issues [6] that were solved. The OP-TEE driver finds the correct RPMB device to interact with by iterating over available devices until one is found with a programmed authentication matching the one OP-TEE is using. This enables coexisting users of other RPMBs since the owner can be determined by who knows the authentication key. The corresponding secure world OP-TEE patches are available at [7]. I've put myself as a maintainer for the RPMB subsystem as I have an interest in the OP-TEE driver to keep this in good shape. However, if you'd rather see someone else taking the maintainership that's fine too. I'll help keep the subsystem updated regardless. [1] https://lore.kernel.org/lkml/20230722014037.42647-1-shyamsaini@linux.micros… [2] https://lore.kernel.org/lkml/20220405093759.1126835-2-alex.bennee@linaro.or… [3] https://lore.kernel.org/linux-mmc/1478548394-8184-2-git-send-email-tomas.wi… [4] https://optee.readthedocs.io/en/latest/architecture/secure_storage.html#rpm… [5] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [6] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… [7] https://github.com/jenswi-linaro/optee_os/tree/rpmb_probe_v8 Thanks, Jens Changes since v7: * Rebased on v6.11-rc1 * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> * "tee: add tee_device_set_dev_groups()" - Declaring tee_device_set_dev_groups() in the recently introduced include/linux/tee_core.h Changes since v6: * Add Tested-by: Manuel Traut <manut(a)mecka.net> provided for the v6 * Add a new patch "tee: add tee_device_set_dev_groups()" needed later in the patch set * Reintroduce the rpmb_class as requested by Greg, this affects the patches "rpmb: add Replay Protected Memory Block (RPMB) subsystem" and "optee: probe RPMB device using RPMB subsystem" * "rpmb: add Replay Protected Memory Block (RPMB) subsystem": - rpmb_interface_{,un}register() are now based on class_interface_{,un}register() - Embed a separate device in struct rpmb_dev for life cycle management etc * "optee: probe RPMB device using RPMB subsystem" - Add an internal blocking_notifier to deal with the struct class_interface callback - Add a rpmb_routing_model variable in sysfs to help integration with systemd, requested by Mikko Rapeli - Add an RPMB probe capability flag in the ABI shared with the secure world, both SMC and FF-A ABI, needed to support the rpmb_routing_model variable - optee_rpc_cmd() is strict whether an RPMB RPC request should be forwarded to tee-supplicant or routed via the RPMB subsystem, depending on the reported RPMB routing model Changes since v5: Manuel Traut reported and investigated an error on an i.MX8MM, the root cause was identified as insufficient alignment on frames sent to the RPMB device. Fixed in the OP-TEE driver as described below. * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding a missing EXPORT_SYMBOL_GPL() * "optee: probe RPMB device using RPMB subsystem" - Replacing the old OPTEE_RPC_CMD_RPMB ABI with OPTEE_RPC_CMD_RPMB_FRAMES to get rid of the small header struct rpmb_req (now removed) causing the problem. - Matching changes on the secure side + support for re-initializing RPMB in case a boot stage has used RPMB, the latter also reported by Manuel Traut. Changes since v4: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Describing struct rpmb_descr as RPMB description instead of descriptor * "mmc: block: register RPMB partition with the RPMB subsystem" - Addressing review comments - Adding more comments for struct rpmb_frame - Fixing assignment of reliable_wr_count and capacity in mmc_blk_rpmb_add() * "optee: probe RPMB device using RPMB subsystem" - Updating struct rpmb_dev_info to match changes in "rpmb: add Replay Protected Memory Block (RPMB) subsystem" Changes since v3: * Move struct rpmb_frame into the MMC driver since the format of the RPMB frames depend on the implementation, one format for eMMC, another for UFS, and so on * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Adding Reviewed-by: Linus Walleij <linus.walleij(a)linaro.org> - Adding more description of the API functions - Removing the set_dev_info() op from struct rpmb_ops, the needed information is supplied in the arguments to rpmb_dev_register() instead. - Getting rid of struct rpmb_ops since only the route_frames() op was remaining, store that op directly in struct rpmb_dev - Changed rpmb_interface_register() and rpmb_interface_unregister() to use notifier_block instead of implementing the same thing ourselves * "mmc: block: register RPMB partition with the RPMB subsystem" - Moving the call to rpmb_dev_register() to be done at the end of mmc_blk_probe() when the device is fully available * "optee: probe RPMB device using RPMB subsystem" - Use IS_REACHABLE(CONFIG_RPMB) to determine if the RPMB subsystem is available - Translate TEE_ERROR_STORAGE_NOT_AVAILABLE if encountered in get_devices() to recognize the error in optee_rpmb_scan() - Simplified optee_rpmb_scan() and optee_rpmb_intf_rdev() Changes since v2: * "rpmb: add Replay Protected Memory Block (RPMB) subsystem" - Fixing documentation issues - Adding a "depends on MMC" in the Kconfig - Removed the class-device and the embedded device, struct rpmb_dev now relies on the parent device for reference counting as requested - Removed the now unneeded rpmb_ops get_resources() and put_resources() since references are already taken in mmc_blk_alloc_rpmb_part() before rpmb_dev_register() is called - Added rpmb_interface_{,un}register() now that class_interface_{,un}register() can't be used ay longer * "mmc: block: register RPMB partition with the RPMB subsystem" - Adding the missing error cleanup in alloc_idata() - Taking the needed reference to md->disk in mmc_blk_alloc_rpmb_part() instead of in mmc_rpmb_chrdev_open() and rpmb_op_mmc_get_resources() * "optee: probe RPMB device using RPMB subsystem" - Registering to get a notification when an RPMB device comes online - Probes for RPMB devices each time an RPMB device comes online, until a usable device is found - When a usable RPMB device is found, call optee_enumerate_devices(PTA_CMD_GET_DEVICES_RPMB) - Pass type of rpmb in return value from OPTEE_RPC_CMD_RPMB_PROBE_NEXT Changes since Shyam's RFC: * Removed the remaining leftover rpmb_cdev_*() function calls * Refactored the struct rpmb_ops with all the previous ops replaced, in some sense closer to [3] with the route_frames() op * Added rpmb_route_frames() * Added struct rpmb_frame, enum rpmb_op_result, and enum rpmb_type from [3] * Removed all functions not needed in the OP-TEE use case * Added "mmc: block: register RPMB partition with the RPMB subsystem", based on the commit with the same name in [3] * Added "optee: probe RPMB device using RPMB subsystem" for integration with OP-TEE * Moved the RPMB driver into drivers/misc/rpmb-core.c * Added my name to MODULE_AUTHOR() in rpmb-core.c * Added an rpmb_mutex to serialize access to the IDA * Removed the target parameter from all rpmb_*() functions since it's currently unused Jens Wiklander (4): rpmb: add Replay Protected Memory Block (RPMB) subsystem mmc: block: register RPMB partition with the RPMB subsystem tee: add tee_device_set_dev_groups() optee: probe RPMB device using RPMB subsystem Documentation/ABI/testing/sysfs-class-tee | 15 ++ MAINTAINERS | 8 + drivers/misc/Kconfig | 10 + drivers/misc/Makefile | 1 + drivers/misc/rpmb-core.c | 232 +++++++++++++++++++++ drivers/mmc/core/block.c | 241 +++++++++++++++++++++- drivers/tee/optee/core.c | 96 ++++++++- drivers/tee/optee/device.c | 7 + drivers/tee/optee/ffa_abi.c | 14 ++ drivers/tee/optee/optee_ffa.h | 2 + drivers/tee/optee/optee_private.h | 26 ++- drivers/tee/optee/optee_rpc_cmd.h | 35 ++++ drivers/tee/optee/optee_smc.h | 2 + drivers/tee/optee/rpc.c | 177 ++++++++++++++++ drivers/tee/optee/smc_abi.c | 14 ++ drivers/tee/tee_core.c | 19 +- include/linux/rpmb.h | 123 +++++++++++ include/linux/tee_core.h | 12 ++ 18 files changed, 1024 insertions(+), 10 deletions(-) create mode 100644 Documentation/ABI/testing/sysfs-class-tee create mode 100644 drivers/misc/rpmb-core.c create mode 100644 include/linux/rpmb.h -- 2.34.1

3 months, 1 week

4
15
0 0

Verified Boot through U-Boot for RPi3 with OP-TEE

by thomas.gymer＠bt.com

Hello all, We (Eden and I) have been assigned a summer project exploring the possibility of verified boot for Linux with a view to experiment with a TEE, and would like to share our outcomes from the project so far. We've been working on condensing all the information and documentation on TF-A, OP-TEE, and U-Boot verified boot into a trivially workable form, a Makefile, for the Raspberry Pi 3B+. Our aim is a proof of concept pilot project to see what parts of the technology outlined in the NIST standards for secure boot on IoT is currently available, and thus what needs to be developed. This also leads us to an interest in full crypto algorithm agility to ensure quick adoption of the quantum safe algorithms as they come out. I should note that our boot order here is TF-A to OP-TEE, then TF-A to U-Boot to Linux. This has raised a few areas of note and a couple of issues on our end: # Areas of note - U-Boot and Linux DTB's being incompatible has minimal documentation Newer versions of U-Boot do have `CONFIG_OF_UPSTREAM`, but I can't see that as a recommended solution. Perhaps a note in the Kconfig entry for `CONFIG_OF_CONTROL` would be sufficient - U-Boot can fail silently if the DTB used is incompatible No idea what the solution here could be; an invalid DTB inevitably means that the firmware cannot access any of the hardware correctly. - U-Boot unable to find `CONFIG_OF_SEPARATE` DTB's when loaded by TF-A; this is a TF-A problem, but maybe check other possible places for a DTB on the U-Boot end? - U-Boot itself appears to have good crypto agility (or will in the near future), with a macro and existing algorithms as examples for the addition of new algorithms - `mkimage` appears to be lacking these same features for crypto agility, which would otherwise set U-Boot up to be ready for the new quantum safe algorithms' release A similar macro system for `mkimage`, or some other schema for defining how to add algorithm keys to the FDT, would provide some amazing flexibility, already being able to define more than one signature as required. Adding keys to the FDT would need to be standardised in someway for this, I would imagine. I am very aware that some of the below issues are not relevant to all projects, but thought it best to maintain a single list to ensure that the correct place to make a fix for each issue is not locked project wise too early. # Issues - buildroot build fails when the directory length is greater than ~80 characters - TF-A does not pass on the DTB address unless `RPI3_DIRECT_LINUX_BOOT` is set, which also implies a define U-Boot doesn't need - TF-A `LOG_LEVEL=50` flag has compatibility issue in xlat tables v2 when compiled for 64bit - `mkimage` ECDSA key adding to FDT fails if there is no signature node pre-added and doesn't set `required` node when `-r` is used - `fit_check_sig`fails to check an ECDSA signed FIT file with corresponding FDT due to `<null>` hash node - `mkimage` expects ECDSA private key only in a `.pem` and not `.der`, which would be standard for a single private key We intend to release the Makefile and accompanying scripts for this on Monday 12th August, likely ~5pm BST to give us time to finalise what we have currently; this will consist of two Makefiles: one for verified boot using `CONFIG_OF_EMBED`, and another using `CONFIG_OF_SEPARATE` on U-Boot v2024.07. We are currently planning on releasing this on GitHub under the same license as the involved projects, but what would be the most helpful way for us to release this to you? We have, beside the points raised in the Issues section above, no specific changes for the exiting repos, focusing instead on Makefiles which pull together parts of the existing releases to produce a working PoC as quickly as possible. We intend to also release this to the Raspberry Pi community as a TEE solution they can experiment with today. This email has been sent to: - u-boot(a)lists.denx.de - op-tee(a)lists.trustedfirmware.org and the Makefiles will be sent to Raspberry Pi Foundation and community some point next week Thomas Gymer (thomas.gymer(a)bt.com) & Eden Hamilton (eden.hamilton(a)bt.com)

3 months, 1 week

2
2
0 0

Re: [PATCH RFC 0/3] Implement Qualcomm TEE IPC and ioctl calls

by Dmitry Baryshkov

Adding TEE mailing list and maintainers to the CC list. Amirreza, please include them in future even if you are not going to use the framework. On Wed, Jul 10, 2024 at 09:16:48AM GMT, Amirreza Zarrabi wrote: > > > On 7/3/2024 9:36 PM, Dmitry Baryshkov wrote: > > On Tue, Jul 02, 2024 at 10:57:35PM GMT, Amirreza Zarrabi wrote: > >> Qualcomm TEE hosts Trusted Applications (TAs) and services that run in > >> the secure world. Access to these resources is provided using MinkIPC. > >> MinkIPC is a capability-based synchronous message passing facility. It > >> allows code executing in one domain to invoke objects running in other > >> domains. When a process holds a reference to an object that lives in > >> another domain, that object reference is a capability. Capabilities > >> allow us to separate implementation of policies from implementation of > >> the transport. > >> > >> As part of the upstreaming of the object invoke driver (called SMC-Invoke > >> driver), we need to provide a reasonable kernel API and UAPI. The clear > >> option is to use TEE subsystem and write a back-end driver, however the > >> TEE subsystem doesn't fit with the design of Qualcomm TEE. > >> > > To answer your "general comment", maybe a bit of background :). > > Traditionally, policy enforcement is based on access-control models, > either (1) access-control list or (2) capability [0]. A capability is an > opaque ("non-forge-able") object reference that grants the holder the > right to perform certain operations on the object (e.g. Read, Write, > Execute, or Grant). Capabilities are preferred mechanism for representing > a policy, due to their fine-grained representation of access right, inline > with > (P1) the principle of least privilege [1], and > (P2) the ability to avoid the confused deputy problem [2]. > > [0] Jack B. Dennis and Earl C. Van Horn. 1966. Programming Semantics for > Multiprogrammed Computations. Commun. ACM 9 (1966), 143–155. > > [1] Jerome H. Saltzer and Michael D. Schroeder. 1975. The Protection of > Information in Computer Systems. Proc. IEEE 63 (1975), 1278–1308. > > [2] Norm Hardy. 1988. The Confused Deputy (or Why Capabilities Might Have > Been Invented). ACM Operating Systems Review 22, 4 (1988), 36–38. > > For MinkIPC, an object represents a TEE or TA service. The reference to > the object is the "handle" that is returned from TEE (let's call it > TEE-Handle). The supported operations are "service invocation" (similar > to Execute), and "sharing access to a service" (similar to Grant). > Anyone with access to the TEE-Handle can invoke the service or pass the > TEE-Handle to someone else to access the same service. > > The responsibility of the MinkIPC framework is to hide the TEE-Handle, > so that the client can not forge it, and allow the owner of the handle > to transfer it to other clients as it wishes. Using a file descriptor > table we can achieve that. We wrap the TEE-Handle as a FD and let the > client invoke FD (e.g. using IOCTL), or transfer the FD (e.g. using > UNIX socket). > > As a side note, for the sake of completeness, capabilities are fundamentally > a "discretionary mechanism", as the holder of the object reference has the > ability to share it with others. A secure system requires "mandatory > enforcement" (i.e. ability to revoke authority and ability to control > the authority propagation). This is out of scope for the MinkIPC. > MinkIPC is only interested in P1 and P2 (mention above). > > > >> Does TEE subsystem fit requirements of a capability based system? > >> ----------------------------------------------------------------- > >> In TEE subsystem, to invoke a function: > >> - client should open a device file "/dev/teeX", > >> - create a session with a TA, and > >> - invoke the functions in that session. > >> > >> 1. The privilege to invoke a function is determined by a session. If a > >> client has a session, it cannot share it with other clients. Even if > >> it does, it is not fine-grained enough, i.e. either all accessible > >> functions/resources in a session or none. Assume a scenario when a client > >> wants to grant a permission to invoke just a function that it has the rights, > >> to another client. > >> > >> The "all or nothing" for sharing sessions is not in line with our > >> capability system: "if you own a capability, you should be able to grant > >> or share it". > > > > Can you please be more specific here? What kind of sharing is expected > > on the user side of it? > > In MinkIPC, after authenticating a client credential, a TA (or TEE) may > return multiple TEE-Handles, each representing a service that the client > has privilege to access. The client should be able to "individually" > reference each TEE-Handle, e.g. to invoke and share it (as per capability- > based system requirements). > > If we use TEE subsystem, which has a session based design, all TEE-Handles > are meaningful with respect to the session in which they are allocated, > hence the use of "__u32 session" in "struct tee_ioctl_invoke_arg". > > Here, we have a contradiction with MinkIPC. We may ignore the session > and say "even though a TEE-Handle is allocated in a session but it is also > valid outside a session", i.e. the session-id in TEE uapi becomes redundant > (a case of divergence from definition). > > > > >> 2. In TEE subsystem, resources are managed in a context. Every time a > >> client opens "/dev/teeX", a new context is created to keep track of > >> the allocated resources, including opened sessions and remote objects. Any > >> effort for sharing resources between two independent clients requires > >> involvement of context manager, i.e. the back-end driver. This requires > >> implementing some form of policy in the back-end driver. > > > > What kind of resource sharing? > > TEE subsystem "rightfully" allocates a context each time a client opens > a device file. This context pass around to the backend driver to identify > independent clients that opened the device file. > > The context is used by backend driver to keep track of the resources. Type > of resources are TEE driver dependent. As an example of resource in TEE > subsystem, you can look into 'shm' register and unregister (specially, > see comment in function 'shm_alloc_helper'). > > For MinkIPC, all clients are treated the same and the TEE-Handles are > representative of the resources, accessible "globally" if a client has the > capability for them. In kernel, clients access an object if they have > access to "qcom_tee_object", in userspace, clients access an object if > they have the FD wrapper for the TEE-Handle. > > If we use context, instead of the file descriptor table, any form of object > transfer requires involvement of the backend driver. If we use the file > descriptor table, contexts are becoming useless for MinkIPC (i.e. > 'ctx->data' will "always" be null). > > > > >> 3. The TEE subsystem supports two type of memory sharing: > >> - per-device memory pools, and > >> - user defined memory references. > >> User defined memory references are private to the application and cannot > >> be shared. Memory allocated from per-device "shared" pools are accessible > >> using a file descriptor. It can be mapped by any process if it has > >> access to it. This means, we cannot provide the resource isolation > >> between two clients. Assume a scenario when a client wants to allocate a > >> memory (which is shared with TEE) from an "isolated" pool and share it > >> with another client, without the right to access the contents of memory. > > > > This doesn't explain, why would it want to share such memory with > > another client. > > Ok, I believe there is a misunderstanding here. I did not try to justify > specific usecase. We want to separate the memory allocation from the > framework. This way, how the memory is obtained, e.g. it is allocated > (1) from an isolated pool, (2) a shared pool, (3) a secure heap, > (4) a system dma-heap, (5) process address space, or (6) other memory > with "different constraints", becomes independent. > > We introduced "memory object" type. User implements a kernel service > using "qcom_tee_object" to represent the memory object. We have an > implementation of memory objects based on dma-buf. > > > > >> 4. The kernel API provided by TEE subsystem does not support a kernel > >> supplicant. Adding support requires an execution context (e.g. a > >> kernel thread) due to the TEE subsystem design. tee_driver_ops supports > >> only "send" and "receive" callbacks and to deliver a request, someone > >> should wait on "receive". > > > > There is nothing wrong here, but maybe I'm misunderstanding something. > > I agree. But, I am trying to re-emphasize how useful TEE subsystem is > for MinkIPC. For kernel services, we solely rely on the backend driver. > For instance, to expose RPMB service we will use "qcom_tee_object". > So there is nothing provided by the framework to simplify the service > development. > > > > >> We need a callback to "dispatch" or "handle" a request in the context of > >> the client thread. It should redirect a request to a kernel service or > >> a user supplicant. In TEE subsystem such requirement should be implemented > >> in TEE back-end driver, independent from the TEE subsystem. > >> > >> 5. The UAPI provided by TEE subsystem is similar to the GPTEE Client > >> interface. This interface is not suitable for a capability system. > >> For instance, there is no session in a capability system which means > >> either its should not be used, or we should overload its definition. > > > > General comment: maybe adding more detailed explanation of how the > > capabilities are aquired and how they can be used might make sense. > > > > BTW. It might be my imperfect English, but each time I see the word > > 'capability' I'm thinking that some is capable of doing something. I > > find it hard to use 'capability' for the reference to another object. > > > > Explained at the top :). > > >> > >> Can we use TEE subsystem? > >> ------------------------- > >> There are workarounds for some of the issues above. The question is if we > >> should define our own UAPI or try to use a hack-y way of fitting into > >> the TEE subsystem. I am using word hack-y, as most of the workaround > >> involves: > >> > >> - "diverging from the definition". For instance, ignoring the session > >> open and close ioctl calls or use file descriptors for all remote > >> resources (as, fd is the closet to capability) which undermines the > >> isolation provided by the contexts, > >> > >> - "overloading the variables". For instance, passing object ID as file > >> descriptors in a place of session ID, or > >> > >> - "bypass TEE subsystem". For instance, extensively rely on meta > >> parameters or push everything (e.g. kernel services) to the back-end > >> driver, which means leaving almost all TEE subsystem unused. > >> > >> We cannot take the full benefits of TEE subsystem and may need to > >> implement most of the requirements in the back-end driver. Also, as > >> discussed above, the UAPI is not suitable for capability-based use cases. > >> We proposed a new set of ioctl calls for SMC-Invoke driver. > >> > >> In this series we posted three patches. We implemented a transport > >> driver that provides qcom_tee_object. Any object on secure side is > >> represented with an instance of qcom_tee_object and any struct exposed > >> to TEE should embed an instance of qcom_tee_object. Any, support for new > >> services, e.g. memory object, RPMB, userspace clients or supplicants are > >> implemented independently from the driver. > >> > >> We have a simple memory object and a user driver that uses > >> qcom_tee_object. > > > > Could you please point out any user for the uAPI? I'd like to understand > > how does it from from the userspace point of view. > > Sure :), I'll write up a test patch and send it in next series. > > Summary. > > TEE framework provides some nice facilities, including: > - uapi and ioctl interface, > - marshaling parameters and context management, > - memory mapping and sharing, and > - TEE bus and TA drivers. > > For, MinkIPC, we will not use any of them. The only usable piece, is uapi > interface which is not suitable for MinkIPC, as discussed above. > > > > >> > >> Signed-off-by: Amirreza Zarrabi <quic_azarrabi(a)quicinc.com> > >> --- > >> Amirreza Zarrabi (3): > >> firmware: qcom: implement object invoke support > >> firmware: qcom: implement memory object support for TEE > >> firmware: qcom: implement ioctl for TEE object invocation > >> > >> drivers/firmware/qcom/Kconfig | 36 + > >> drivers/firmware/qcom/Makefile | 2 + > >> drivers/firmware/qcom/qcom_object_invoke/Makefile | 12 + > >> drivers/firmware/qcom/qcom_object_invoke/async.c | 142 +++ > >> drivers/firmware/qcom/qcom_object_invoke/core.c | 1139 ++++++++++++++++++ > >> drivers/firmware/qcom/qcom_object_invoke/core.h | 186 +++ > >> .../qcom/qcom_object_invoke/qcom_scm_invoke.c | 22 + > >> .../firmware/qcom/qcom_object_invoke/release_wq.c | 90 ++ > >> .../qcom/qcom_object_invoke/xts/mem_object.c | 406 +++++++ > >> .../qcom_object_invoke/xts/object_invoke_uapi.c | 1231 ++++++++++++++++++++ > >> include/linux/firmware/qcom/qcom_object_invoke.h | 233 ++++ > >> include/uapi/misc/qcom_tee.h | 117 ++ > >> 12 files changed, 3616 insertions(+) > >> --- > >> base-commit: 74564adfd3521d9e322cfc345fdc132df80f3c79 > >> change-id: 20240702-qcom-tee-object-and-ioctls-6f52fde03485 > >> > >> Best regards, > >> -- > >> Amirreza Zarrabi <quic_azarrabi(a)quicinc.com> > >> > > -- With best wishes Dmitry

4 months

3
2
0 0

Re: [PATCH RFC 0/3] Implement Qualcomm TEE IPC and ioctl calls

by Jens Wiklander

Hi, On Wed, Jul 10, 2024 at 1:17 AM Amirreza Zarrabi <quic_azarrabi(a)quicinc.com> wrote: > > > > On 7/3/2024 9:36 PM, Dmitry Baryshkov wrote: > > On Tue, Jul 02, 2024 at 10:57:35PM GMT, Amirreza Zarrabi wrote: > >> Qualcomm TEE hosts Trusted Applications (TAs) and services that run in > >> the secure world. Access to these resources is provided using MinkIPC. > >> MinkIPC is a capability-based synchronous message passing facility. It > >> allows code executing in one domain to invoke objects running in other > >> domains. When a process holds a reference to an object that lives in > >> another domain, that object reference is a capability. Capabilities > >> allow us to separate implementation of policies from implementation of > >> the transport. > >> > >> As part of the upstreaming of the object invoke driver (called SMC-Invoke > >> driver), we need to provide a reasonable kernel API and UAPI. The clear > >> option is to use TEE subsystem and write a back-end driver, however the > >> TEE subsystem doesn't fit with the design of Qualcomm TEE. > >> > > To answer your "general comment", maybe a bit of background :). > > Traditionally, policy enforcement is based on access-control models, > either (1) access-control list or (2) capability [0]. A capability is an > opaque ("non-forge-able") object reference that grants the holder the > right to perform certain operations on the object (e.g. Read, Write, > Execute, or Grant). Capabilities are preferred mechanism for representing > a policy, due to their fine-grained representation of access right, inline > with > (P1) the principle of least privilege [1], and > (P2) the ability to avoid the confused deputy problem [2]. > > [0] Jack B. Dennis and Earl C. Van Horn. 1966. Programming Semantics for > Multiprogrammed Computations. Commun. ACM 9 (1966), 143–155. > > [1] Jerome H. Saltzer and Michael D. Schroeder. 1975. The Protection of > Information in Computer Systems. Proc. IEEE 63 (1975), 1278–1308. > > [2] Norm Hardy. 1988. The Confused Deputy (or Why Capabilities Might Have > Been Invented). ACM Operating Systems Review 22, 4 (1988), 36–38. > > For MinkIPC, an object represents a TEE or TA service. The reference to > the object is the "handle" that is returned from TEE (let's call it > TEE-Handle). The supported operations are "service invocation" (similar > to Execute), and "sharing access to a service" (similar to Grant). > Anyone with access to the TEE-Handle can invoke the service or pass the > TEE-Handle to someone else to access the same service. > > The responsibility of the MinkIPC framework is to hide the TEE-Handle, > so that the client can not forge it, and allow the owner of the handle > to transfer it to other clients as it wishes. Using a file descriptor > table we can achieve that. We wrap the TEE-Handle as a FD and let the > client invoke FD (e.g. using IOCTL), or transfer the FD (e.g. using > UNIX socket). > > As a side note, for the sake of completeness, capabilities are fundamentally > a "discretionary mechanism", as the holder of the object reference has the > ability to share it with others. A secure system requires "mandatory > enforcement" (i.e. ability to revoke authority and ability to control > the authority propagation). This is out of scope for the MinkIPC. > MinkIPC is only interested in P1 and P2 (mention above). This is still quite abstract. We have tried to avoid inventing yet another IPC mechanism in the TEE subsystem. But that's not written in stone if it turns out there's a use case that needs it. > > > >> Does TEE subsystem fit requirements of a capability based system? > >> ----------------------------------------------------------------- > >> In TEE subsystem, to invoke a function: > >> - client should open a device file "/dev/teeX", > >> - create a session with a TA, and > >> - invoke the functions in that session. > >> > >> 1. The privilege to invoke a function is determined by a session. If a > >> client has a session, it cannot share it with other clients. Even if > >> it does, it is not fine-grained enough, i.e. either all accessible > >> functions/resources in a session or none. Assume a scenario when a client > >> wants to grant a permission to invoke just a function that it has the rights, > >> to another client. > >> > >> The "all or nothing" for sharing sessions is not in line with our > >> capability system: "if you own a capability, you should be able to grant > >> or share it". > > > > Can you please be more specific here? What kind of sharing is expected > > on the user side of it? > > In MinkIPC, after authenticating a client credential, a TA (or TEE) may > return multiple TEE-Handles, each representing a service that the client > has privilege to access. The client should be able to "individually" > reference each TEE-Handle, e.g. to invoke and share it (as per capability- > based system requirements). > > If we use TEE subsystem, which has a session based design, all TEE-Handles > are meaningful with respect to the session in which they are allocated, > hence the use of "__u32 session" in "struct tee_ioctl_invoke_arg". > > Here, we have a contradiction with MinkIPC. We may ignore the session > and say "even though a TEE-Handle is allocated in a session but it is also > valid outside a session", i.e. the session-id in TEE uapi becomes redundant > (a case of divergence from definition). Only the backend drivers put a meaning to a session, the TEE subsystem doesn't enforce anything. All fields but num_params and params in struct tee_ioctl_invoke_arg are only interpreted by the backend driver if I recall correctly. Using the fields for something completely different would be confusing so if struct tee_ioctl_invoke_arg isn't matching well enough we might need a new IOCTL for whatever you have in mind. > > > > >> 2. In TEE subsystem, resources are managed in a context. Every time a > >> client opens "/dev/teeX", a new context is created to keep track of > >> the allocated resources, including opened sessions and remote objects. Any > >> effort for sharing resources between two independent clients requires > >> involvement of context manager, i.e. the back-end driver. This requires > >> implementing some form of policy in the back-end driver. > > > > What kind of resource sharing? > > TEE subsystem "rightfully" allocates a context each time a client opens > a device file. This context pass around to the backend driver to identify > independent clients that opened the device file. > > The context is used by backend driver to keep track of the resources. Type > of resources are TEE driver dependent. As an example of resource in TEE > subsystem, you can look into 'shm' register and unregister (specially, > see comment in function 'shm_alloc_helper'). > > For MinkIPC, all clients are treated the same and the TEE-Handles are > representative of the resources, accessible "globally" if a client has the > capability for them. In kernel, clients access an object if they have > access to "qcom_tee_object", in userspace, clients access an object if > they have the FD wrapper for the TEE-Handle. So if a client has a file descriptor representing a TEE-Handle, then it has the capability to access a TEE-object? Is the kernel controlling anything more about these capabilities? > > If we use context, instead of the file descriptor table, any form of object > transfer requires involvement of the backend driver. If we use the file > descriptor table, contexts are becoming useless for MinkIPC (i.e. > 'ctx->data' will "always" be null). You still need to open a device to be able to create TEE-handles. > > > > >> 3. The TEE subsystem supports two type of memory sharing: > >> - per-device memory pools, and > >> - user defined memory references. > >> User defined memory references are private to the application and cannot > >> be shared. Memory allocated from per-device "shared" pools are accessible > >> using a file descriptor. It can be mapped by any process if it has > >> access to it. This means, we cannot provide the resource isolation > >> between two clients. Assume a scenario when a client wants to allocate a > >> memory (which is shared with TEE) from an "isolated" pool and share it > >> with another client, without the right to access the contents of memory. > > > > This doesn't explain, why would it want to share such memory with > > another client. > > Ok, I believe there is a misunderstanding here. I did not try to justify > specific usecase. We want to separate the memory allocation from the > framework. This way, how the memory is obtained, e.g. it is allocated > (1) from an isolated pool, (2) a shared pool, (3) a secure heap, > (4) a system dma-heap, (5) process address space, or (6) other memory > with "different constraints", becomes independent. Especially points 3 and 4 are of great interest for the TEE Subsystem. > > We introduced "memory object" type. User implements a kernel service > using "qcom_tee_object" to represent the memory object. We have an > implementation of memory objects based on dma-buf. Do you have an idea of what it would take to extend to TEE subsystem to cover this? > > > > >> 4. The kernel API provided by TEE subsystem does not support a kernel > >> supplicant. Adding support requires an execution context (e.g. a > >> kernel thread) due to the TEE subsystem design. tee_driver_ops supports > >> only "send" and "receive" callbacks and to deliver a request, someone > >> should wait on "receive". So far we haven't needed a kernel thread, but if you need one feel free to propose something. > > > > There is nothing wrong here, but maybe I'm misunderstanding something. > > I agree. But, I am trying to re-emphasize how useful TEE subsystem is > for MinkIPC. For kernel services, we solely rely on the backend driver. > For instance, to expose RPMB service we will use "qcom_tee_object". > So there is nothing provided by the framework to simplify the service > development. The same is true for all backend drivers. > > > > >> We need a callback to "dispatch" or "handle" a request in the context of > >> the client thread. It should redirect a request to a kernel service or > >> a user supplicant. In TEE subsystem such requirement should be implemented > >> in TEE back-end driver, independent from the TEE subsystem. > >> > >> 5. The UAPI provided by TEE subsystem is similar to the GPTEE Client > >> interface. This interface is not suitable for a capability system. > >> For instance, there is no session in a capability system which means > >> either its should not be used, or we should overload its definition. Not using the session field doesn't seem like such a big obstacle. Overloading it for something different might be messy. We can add a new IOCTL if needed as I mentioned above. > > > > General comment: maybe adding more detailed explanation of how the > > capabilities are aquired and how they can be used might make sense. > > > > BTW. It might be my imperfect English, but each time I see the word > > 'capability' I'm thinking that some is capable of doing something. I > > find it hard to use 'capability' for the reference to another object. > > > > Explained at the top :). > > >> > >> Can we use TEE subsystem? > >> ------------------------- > >> There are workarounds for some of the issues above. The question is if we > >> should define our own UAPI or try to use a hack-y way of fitting into > >> the TEE subsystem. I am using word hack-y, as most of the workaround > >> involves: Instead of hack-y workarounds, we should consider extending the TEE subsystem as needed. > >> > >> - "diverging from the definition". For instance, ignoring the session > >> open and close ioctl calls or use file descriptors for all remote > >> resources (as, fd is the closet to capability) which undermines the > >> isolation provided by the contexts, > >> > >> - "overloading the variables". For instance, passing object ID as file > >> descriptors in a place of session ID, or struct qcom_tee_object_invoke_arg and struct tee_ioctl_invoke_arg are quite similar, there are only a few more fields in the latter and we are missing a TEE_IOCTL_PARAM_ATTR_TYPE_OBJECT. Does it make sense to have a direction on objects? > >> > >> - "bypass TEE subsystem". For instance, extensively rely on meta > >> parameters or push everything (e.g. kernel services) to the back-end > >> driver, which means leaving almost all TEE subsystem unused. The TEE subsystem is largely "bypassed" by all backend drivers, with the exception of some SHM handling. I'm sure the TEE subsystem can be extended to handle the "common" part of SHM handling needed by QTEE. > >> > >> We cannot take the full benefits of TEE subsystem and may need to > >> implement most of the requirements in the back-end driver. Also, as > >> discussed above, the UAPI is not suitable for capability-based use cases. > >> We proposed a new set of ioctl calls for SMC-Invoke driver. > >> > >> In this series we posted three patches. We implemented a transport > >> driver that provides qcom_tee_object. Any object on secure side is > >> represented with an instance of qcom_tee_object and any struct exposed > >> to TEE should embed an instance of qcom_tee_object. Any, support for new > >> services, e.g. memory object, RPMB, userspace clients or supplicants are > >> implemented independently from the driver. > >> > >> We have a simple memory object and a user driver that uses > >> qcom_tee_object. > > > > Could you please point out any user for the uAPI? I'd like to understand > > how does it from from the userspace point of view. > > Sure :), I'll write up a test patch and send it in next series. > > Summary. > > TEE framework provides some nice facilities, including: > - uapi and ioctl interface, > - marshaling parameters and context management, > - memory mapping and sharing, and > - TEE bus and TA drivers. > > For, MinkIPC, we will not use any of them. The only usable piece, is uapi > interface which is not suitable for MinkIPC, as discussed above. I hope that we can change that. :-) For instance, extending the TEE subsystem with the memory-sharing QTEE needs could be useful for other TEE drivers. Cheers, Jens

4 months

2
1
0 0

[PATCH AUTOSEL 6.1 05/15] tee: optee: ffa: Fix missing-field-initializers warning

by Sasha Levin

From: Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> [ Upstream commit e0556255a53d6d3d406a28362dffd972018a997c ] The 'missing-field-initializers' warning was reported when building with W=2. This patch use designated initializers for 'struct ffa_send_direct_data' to suppress the warning and clarify the initialization intent. Signed-off-by: ming-jen.chang <ming-jen.chang(a)mediatek.com> Signed-off-by: Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> Signed-off-by: Jens Wiklander <jens.wiklander(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/tee/optee/ffa_abi.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/tee/optee/ffa_abi.c b/drivers/tee/optee/ffa_abi.c index 0828240f27e62..b8ba360e863ed 100644 --- a/drivers/tee/optee/ffa_abi.c +++ b/drivers/tee/optee/ffa_abi.c @@ -657,7 +657,9 @@ static bool optee_ffa_api_is_compatbile(struct ffa_device *ffa_dev, const struct ffa_ops *ops) { const struct ffa_msg_ops *msg_ops = ops->msg_ops; - struct ffa_send_direct_data data = { OPTEE_FFA_GET_API_VERSION }; + struct ffa_send_direct_data data = { + .data0 = OPTEE_FFA_GET_API_VERSION, + }; int rc; msg_ops->mode_32bit_set(ffa_dev); @@ -674,7 +676,9 @@ static bool optee_ffa_api_is_compatbile(struct ffa_device *ffa_dev, return false; } - data = (struct ffa_send_direct_data){ OPTEE_FFA_GET_OS_VERSION }; + data = (struct ffa_send_direct_data){ + .data0 = OPTEE_FFA_GET_OS_VERSION, + }; rc = msg_ops->sync_send_receive(ffa_dev, &data); if (rc) { pr_err("Unexpected error %d\n", rc); @@ -694,7 +698,9 @@ static bool optee_ffa_exchange_caps(struct ffa_device *ffa_dev, u32 *sec_caps, unsigned int *rpc_param_count) { - struct ffa_send_direct_data data = { OPTEE_FFA_EXCHANGE_CAPABILITIES }; + struct ffa_send_direct_data data = { + .data0 = OPTEE_FFA_EXCHANGE_CAPABILITIES, + }; int rc; rc = ops->msg_ops->sync_send_receive(ffa_dev, &data); -- 2.43.0

4 months, 1 week

1
0
0 0

2024

2023

2022

2021

2020

OP-TEE