- OP-TEE - lists.trustedfirmware.org

by 梅建强(禹夜)

Hi, expert Regarding the use of optee dynamic shared memory, we have encountered some problems that cannot be solved recently. Debug log is as follows: REE OS kenrel->TEE SPMC (FFA_MEM_SHARE) WARNING: SPM(5): 0x84000073 0x50 0x50 0x0 0x0 0x0 0x0 0x0 VERBOSE: hafnium ffa_handler func:0x84000073 VERBOSE: hafnium allow for one memory region to be shared to the TEE. VERBOSE: ffa_memory_send VERBOSE: share_states->memory_region->sender:0x0 VERBOSE: share_states->memory_region->attributes:0x2f VERBOSE: share_states->share_func:0x84000073 VERBOSE: share_states->fragment_count:0x1 VERBOSE: share_states->sending_complete:0x1 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: Marked sending complete. Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 WARNING: SPM(5): 0x84000061 0x0 0x1 0x0 0x0 0x0 0x0 0x0 ...... REE OS kenrel->TEE SP (OPTEE_FFA_YEILDING_CALL_WITH_ARG(cookie)) WARNING: SPM(5): 0x8400006f 0x8001 0x0 0x80000000 0x0 0x0 0x0 0x0 VERBOSE: hafnium ffa_handler func:0x8400006f D/TC:005 0 mobj_ffa_get_by_cookie:382 cookie 0 resurrecting E/TC:005 0 mobj_ffa_get_by_cookie:385 Populating mobj from rx buffer, cookie 0x1 TEE SPMC->TEE SPMC (FFA_MEM_RETRIEVE_REQ(cookie)) VERBOSE: hafnium ffa_handler func:0x84000074 Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x3 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 VERBOSE: hanfium fragment_count:1 VERBOSE: hanfium fragment_constituent_counts[i]:1 VERBOSE: hanfium max pa_range bits:0x30 VERBOSE: hanfium pa_begin:0x8a8474000, pa_end:0x8a8475000 Current share states: SHARE 0x0 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x1 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x2 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 1 retrieved, sender's original mode: 0x7 SHARE 0x3 (from VM 0x0, attributes 0x2f, flags 0x8, tag 0, to 1 recipients [VM 0x8001: 0x6 (offset 48)]): fully sent with 1 fragments, 0 retrieved, sender's original mode: 0x7 VERBOSE: hafnium ffa_handler func:0x84000065 ...... ERROR LOG I/TA: read_raw_object enter I/TA: obj_id_sz:0x8 I/TA: obj_id in tee va:0x40086348 I/TA: obj_id in ree va:0x400229f0 I/TA: TEE_MemMove:323 TEE_MemMove enter WARNING: Stage-2 page fault: pc=0x4007a3ce, vmid=0x8001, vcpu=5, vaddr=0x400229f0, ipaddr=0x8a84749f0, mode=0x81 0x63 NOTICE: Injecting Data Abort exception into VM 0x8001. D/TC:005 0 abort_handler:550 [abort] abort in User mode (TA will panic) E/TC:??? 0 E/TC:??? 0 User mode data-abort at address 0x400229f0 (translation fault) E/TC:??? 0 esr 0x94020007 ttbr0 0x20000f03180a0 ttbr1 0x00000000 cidr 0x0 E/TC:??? 0 cpu #5 <https://github.com/OP-TEE/optee_os/pull/5 > cpsr 0x00000130 E/TC:??? 0 x0 0000000040086348 x1 0000000040086349 E/TC:??? 0 x2 00000000400229f0 x3 0000000040086348 E/TC:??? 0 x4 000000004007e088 x5 0000000000000000 E/TC:??? 0 x6 0000000000000000 x7 000000004001fe60 E/TC:??? 0 x8 0000000000000000 x9 0000000000000000 E/TC:??? 0 x10 0000000000000000 x11 0000000000000000 E/TC:??? 0 x12 0000000000000000 x13 000000004001fe60 E/TC:??? 0 x14 00000000400695ad x15 0000000000000000 E/TC:??? 0 x16 00000000f0240370 x17 0000000000000000 E/TC:??? 0 x18 0000000000000000 x19 0000000000000000 E/TC:??? 0 x20 0000000000000000 x21 0000000000000000 E/TC:??? 0 x22 0000000000000000 x23 0000000000000000 E/TC:??? 0 x24 0000000000000000 x25 0000000000000000 E/TC:??? 0 x26 0000000000000000 x27 0000000000000000 E/TC:??? 0 x28 0000000000000000 x29 0000000000000000 E/TC:??? 0 x30 0000000000000000 elr 000000004007a3ce E/TC:??? 0 sp_el0 000000004001ff80 E/LD: Status of TA f4e750bb-1437-4fbf-8785-8d3580c34994 E/LD: arch: arm E/LD: region 0: va 0x40006000 pa 0xf0404000 size 0x002000 flags rw-s (ldelf) E/LD: region 1: va 0x40008000 pa 0xf0406000 size 0x011000 flags r-xs (ldelf) E/LD: region 2: va 0x40019000 pa 0xf0417000 size 0x001000 flags rw-s (ldelf) E/LD: region 3: va 0x4001a000 pa 0xf0418000 size 0x004000 flags rw-s (ldelf) E/LD: region 4: va 0x4001e000 pa 0xf041c000 size 0x001000 flags r--s E/LD: region 5: va 0x4001f000 pa 0xf0440000 size 0x001000 flags rw-s (stack) E/LD: region 6: va 0x40020000 pa 0x8a1262340 size 0x002000 flags rw-- (param) E/LD: region 7: va 0x40022000 pa 0x8a84749f0 size 0x001000 flags rw-- (param) E/LD: region 8: va 0x40067000 pa 0x00001000 size 0x017000 flags r-xs [0] E/LD: region 9: va 0x4007e000 pa 0x00018000 size 0x00c000 flags rw-s [0] E/LD: [0] f4e750bb-1437-4fbf-8785-8d3580c34994 @ 0x40067000 ERROR CODE "optee_examples/secure_storage/ta/secure_storage_ta.c" static TEE_Result read_raw_object(uint32_t param_types, TEE_Param params[4]) { const uint32_t exp_param_types = TEE_PARAM_TYPES(TEE_PARAM_TYPE_MEMREF_INPUT, TEE_PARAM_TYPE_MEMREF_OUTPUT, TEE_PARAM_TYPE_NONE, TEE_PARAM_TYPE_NONE); char *obj_id; size_t obj_id_sz; IMSG("read_raw_object enter\n"); \/* * Safely get the invocation parameters *\/ if (param_types != exp_param_types) return TEE_ERROR_BAD_PARAMETERS; obj_id_sz = params[0].memref.size; obj_id = TEE_Malloc(obj_id_sz, 0); IMSG("obj_id_sz:%#x\n",obj_id_sz); IMSG("obj_id in tee va:%p\n",obj_id); IMSG("obj_id in ree va:%p\n",params[0].memref.buffer); if (!obj_id) return TEE_ERROR_OUT_OF_MEMORY; TEE_MemMove(obj_id, params[0].memref.buffer, obj_id_sz); //<-- ERROR OCCURED TEE_Free(obj_id); return TEE_SUCCESS; } It seems that OP-TEE tries to use an IPA which isn't mapped by Hafnium. Can anyone figure out what the problem is and give some debugging directions? Thanks! regards, yuye

2 years, 2 months

3
2
0 0

State of logging to REE

by Jeffrey Kardatzke

What's the current state of being able to log to the REE using components that already exist in OP-TEE today? I've seen various issues relating to it in GitHub: https://github.com/OP-TEE/optee_os/issues/4230 and https://github.com/OP-TEE/optee_os/pull/810, but both ended up being closed before I can see anything relating to logging to integrated. Did something like this end up getting implemented yet? Cheers, -- Jeffrey Kardatzke jkardatzke(a)google.com Google, Inc.

2 years, 2 months

2
2
0 0

OPTEE TA Crash

by 梅建强(禹夜)

Hi, Does anyone have a good solution to this problem？ https://github.com/OP-TEE/optee_os/issues/5803 <https://github.com/OP-TEE/optee_os/issues/5803 > regards, yuye

2 years, 2 months

1
1
0 0

OP-TEE S-EL1 SPMC broken

by Balint Dobszay

Hi All, A recent patch in optee_os [1] changed the boot ABI, which causes the "S-EL1 SPMC + Secure Partitions" config fail to boot. We are currently investigating the issue. Regards, Balint [1]: https://github.com/OP-TEE/optee_os/commit/f1f431c7a92671b4fa397976d381cc5ad…

2 years, 2 months

1
0
0 0

[PATCH] ta: avb: fix object leakage at lock state write

by Ivan Khoronzhuk

From: Ivan Khoronzhuk <ivan.khoronzhuk(a)globallogic.com> Should close object created for reading, so better use seek and then close the object. Fixes: b29b41950 ("ta: add AVB TA") Signed-off-by: Ivan Khoronzhuk <ivan.khoronzhuk(a)globallogic.com> --- ta/avb/entry.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ta/avb/entry.c b/ta/avb/entry.c index 4e57003e..a6e01035 100644 --- a/ta/avb/entry.c +++ b/ta/avb/entry.c @@ -239,7 +239,11 @@ static TEE_Result write_lock_state(uint32_t pt, if (count == sizeof(lock_state) && lock_state == wlock_state) goto out; - res = create_rb_state(wlock_state, &h); + res = TEE_SeekObjectData(h, 0, TEE_DATA_SEEK_SET); + if (res) + goto out; + + res = TEE_WriteObjectData(h, &wlock_state, sizeof(wlock_state)); out: TEE_CloseObject(h); return res; -- 2.34.1

2 years, 2 months

2
1
0 0

Linaro OP-TEE Contribution (LOC) monthly meeting January 24

by Jens Wiklander

Hi, It's soon time for another LOC monthly meeting. For time and connection details see the calendar at https://www.trustedfirmware.org/meetings/ I have one topic to discuss: OP-TEE 3.20.0 is just released and a PR [1] to upgrade from TEE Internal Core API version 1.1 to 1.3.1 is soon to be merged. This may bump the major OP-TEE version in the next release. There's in particular the define TEE_ALG_SM2_PKE which is tricky to keep compatible when upgrading. We have some time until the next release to determine if this is reason enough to bump the major version. Any other topics? [1] https://github.com/OP-TEE/optee_os/pull/5688 Thanks, Jens

2 years, 2 months

1
0
0 0

OP-TEE 3.20.0 has been released

by Jens Wiklander

Hi, I'm pleased to announce that OP-TEE version 3.20.0 is now available. The list of changes can be found in the changelog [1]. A blog post will be published soon on trustedfirmware.org [2]. A big thank you to everyone who participated with contributions and helping out with testing the release [3]. [1] https://github.com/OP-TEE/optee_os/blob/master/CHANGELOG.md [2] https://www.trustedfirmware.org/blog/ [3] https://github.com/OP-TEE/optee_os/commit/8e74d47616a20eaa23ca692f4bbbf917a… Regards, Jens

2 years, 2 months

1
0
0 0

[PATCH 0/3] optee: async notif with PPI + interrupt provider

by Etienne Carriere

Dear all, This small series aggregates 2 change proposals related to OP-TEE async notif. I've made a single series since the 2 patches hit the same portions of optee driver source file and I think this will help the review. If you prefer having independent post and deal with the conflicts afterward, please tell me. Patch "optee: add per cpu asynchronous notification" aims at allowing optee to use a per-cpu interrupt (PPI on Arm CPUs) for async notif instead of a shared peripheral interrupt. The 2 next patches implement a new feature in OP-TEE, based on optee async notif. The allow optee driver to behave as an interrupt controller, for when a secure OP-TEE event is to be delivered to the Linux kernel as a interrupt event. Regards, Etienne Etienne Carriere (3): optee: add per cpu asynchronous notification dt-bindings: arm: optee: add interrupt controller properties optee core: add irq chip using optee async notification .../arm/firmware/linaro,optee-tz.yaml | 19 +- drivers/tee/optee/optee_private.h | 24 ++ drivers/tee/optee/optee_smc.h | 78 +++++- drivers/tee/optee/smc_abi.c | 249 +++++++++++++++++- 4 files changed, 358 insertions(+), 12 deletions(-) -- 2.25.1

2 years, 3 months

4
10
0 0

Preparing for OP-TEE 3.20.0

by Jens Wiklander

[BCC all OP-TEE maintainers] Hi OP-TEE maintainers & contributors, OP-TEE v3.20.0 is scheduled to be released on 2023-01-20. So, now is a good time to start testing the master branch on the various platforms and report/fix any bugs. The GitHub pull request for collecting Tested-by tags or any other comments is https://github.com/OP-TEE/optee_os/pull/5751 As usual, we will create a release candidate tag one week before the release date for final testing. In addition to that you can find some additional information related to releases here: https://optee.readthedocs.io/en/latest/general/releases.html Thanks, Jens

2 years, 3 months

1
1
0 0

optee device tree and tee driver

by 梅建强(禹夜)

Hello expert, I have a few questions about the optee device tree and tee driver. In our environment, optee uses version 3.19 vexpress-fvp and runs on top of hafnium as SPMC. Here's my question. 1. Does the current optee version support adding ACPI table iterm for optee to enable REE to identify the installed optee driver so that TA and CA can establish communication? (I raise this question because I cannot find the corresponding optee node in "/sys/devices/platform" in the current linux environment. While in the QEMU runtime environment, the corresponding optee node is in "/proc/device-tree/firmware", i.e. "linaro,optee-tz".) 2. If I want to transfer dtb file which includes a device tree node written by optee to linux, How to configure CFG_DT, CFG_DT_ADDR, and CFG_EXTERNAL_DTB_OVERLAY? (I understand that this method should be independent from the method in question 1. If it is not, look forward your explain.) Looking forward to your reply. Thanks. regards, yuye

2 years, 3 months

2
4
0 0

2025

2024

2023

2022

2021

2020

OP-TEE